Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help with getting secure token module to work with secure_link #66

Open
super23n opened this issue Sep 7, 2018 · 1 comment
Open

Help with getting secure token module to work with secure_link #66

super23n opened this issue Sep 7, 2018 · 1 comment

Comments

@super23n
Copy link

super23n commented Sep 7, 2018
edited
Loading

Hi, I am trying to get this to work with Nginx's secure_link module because in addition to the encrypted URI's, I want to have expired time and client IP verification.

But I cannot get it to work, this is my config:

location ~ /r/([a-zA-Z0-9_\-]+)/video.mp4$ {  
     rewrite ^/r/([a-zA-Z0-9_\-]+)/video.mp4$ /videos/$1 last;
}

location /videos/ {
     secure_token_encrypt_uri on;
     secure_token_encrypt_uri_key <...mykey...>;
     secure_token_encrypt_uri_iv 0000....s;
     secure_token_types application/vnd.apple.mpegurl;
 
     secure_link $arg_md5;
     secure_link_md5 '$uri test';
     if ($secure_link = "") { 
         return 404;
     }
     if ($secure_link = "0") {
         return 410;
     }
 }

I am always getting the 404 response. How can this be configured? Thanks.
@erankor
Copy link
Contributor

erankor commented Sep 16, 2018

Sorry for the late reply.
Is it possible that you don't have any content handler on your location? (what you pasted doesn't have one...)
I took your configuration and made a couple of small changes -

  1. Used 32 0's for key and 16 0's for iv
  2. Added proxy_pass so that there will be some content handler (at first I thought of using return 200 "test", but return behaves differently since nginx treats it like rewrite)

This is the updated conf section -

location ~ /r/([a-zA-Z0-9_\-]+)/video.mp4$ {
     rewrite ^/r/([a-zA-Z0-9_\-]+)/video.mp4$ /videos/$1 last;
}

location /videos/ {
     secure_token_encrypt_uri on;
     secure_token_encrypt_uri_key 0000000000000000000000000000000000000000000000000000000000000000;
     secure_token_encrypt_uri_iv 00000000000000000000000000000000;
     secure_token_types application/vnd.apple.mpegurl;

     secure_link $arg_md5;
     secure_link_md5 '$uri test';
     if ($secure_link = "") {
         return 404 "secure link error";
     }
     if ($secure_link = "0") {
         return 410;
     }

     proxy_pass http://127.0.0.1$uri;
}

Then created test URLs and got the expected response (pasted a sample with the /r/ rewrite and one without it) -

# python encryptUrl.py /videos/ test 0000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000
/videos/YB7BjoDYMzm9t0_UCOzt4g
# echo "localhost:8001/r/YB7BjoDYMzm9t0_UCOzt4g/video.mp4?md5=`echo -n /videos/YB7BjoDYMzm9t0_UCOzt4g test | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =`"
localhost:8001/r/YB7BjoDYMzm9t0_UCOzt4g/video.mp4?md5=kWFeNBjSuKooqR5Km0AEsw
# echo "localhost:8001/videos/YB7BjoDYMzm9t0_UCOzt4g?md5=`echo -n /videos/YB7BjoDYMzm9t0_UCOzt4g test | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =`"
localhost:8001/videos/YB7BjoDYMzm9t0_UCOzt4g?md5=kWFeNBjSuKooqR5Km0AEsw
# curl -s localhost:8001/r/YB7BjoDYMzm9t0_UCOzt4g/video.mp4?md5=kWFeNBjSuKooqR5Km0AEsw | grep URL
<p>The requested URL /videos/test was not found on this server.</p>
# curl -s localhost:8001/videos/YB7BjoDYMzm9t0_UCOzt4g?md5=kWFeNBjSuKooqR5Km0AEsw | grep URL
<p>The requested URL /videos/test was not found on this server.</p>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erankor @super23n