local upload = require "resty.upload" local uuid = require "resty.jit-uuid" local cjson = require "cjson" --# https://github.com/SkyLothar/lua-resty-jwt --$ opm get SkyLothar/lua-resty-jwt local jwt = require "resty.jwt" local chunk_size = 4096 local form = upload:new(chunk_size) uuid.seed() local TaskTypes = { NOOP = 'NOOP', UPLOAD_PICTURE = 'UPLOAD_PICTURE' } local task_server = ngx.var.task_server local htyuc = ngx.var.htyuc local host = ngx.var.host ngx.log(ngx.INFO, "TASK_SERVER -> ", task_server) ngx.log(ngx.INFO, "HTYUC -> ", htyuc) ngx.log(ngx.INFO, "HOST -> ", host) local file_dir = ngx.var.tmp_file_dir local file local file_name local files = {} local http = require "resty.http" local httpc = http.new() local function cleanupString(str, remove) local lcSubStrTab = {} while true do local lcPos = string.find(str, remove) if not lcPos then lcSubStrTab[#lcSubStrTab + 1] = str break end local lcSubStr = string.sub(str, 1, lcPos - 1) lcSubStrTab[#lcSubStrTab + 1] = lcSubStr str = string.sub(str, lcPos + 1, #str) end local lcMergeStr = "" local lci = 1 while true do if lcSubStrTab[lci] then lcMergeStr = lcMergeStr .. lcSubStrTab[lci] lci = lci + 1 else break end end return lcMergeStr end local function verifyJwtToken(token) local http = require "resty.http" local httpc = http.new() local verify_jwt_url = string.format("%s/api/v1/uc/verify_jwt_token", htyuc) ngx.log(ngx.INFO, 'HTYUC VERIFY_JWT_TOKEN_URL -> ' .. verify_jwt_url) local res, err = httpc:request_uri( verify_jwt_url, { ssl_verify = false, -- 设置参数 ssl_verify 为false 不校验ssl证书 method = "POST", headers = { ["Host"] = host, ["Authorization"] = token, }, } ) if not res then ngx.status = ngx.HTTP_UNAUTHORIZED ngx.header.content_type = "application/json; charset=utf-8" ngx.log(ngx.ERR, "CAN'T VERIFY JWT TOKEN -> ", err) ngx.exit(ngx.HTTP_UNAUTHORIZED) else if 200 ~= res.status then ngx.log(ngx.ERR, "JWT TOKEN VERIFICATION *ERROR* -> ", err) ngx.exit(res.status) end end ngx.log(ngx.INFO, "JWT TOKEN VERIFICATION *PASSED*.") end local function decodeJwtClaim(jwtClaim) local jwtKey = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE" local jwtObj = jwt:verify(jwtKey, jwtClaim) if jwtObj.verified == false then ngx.log(ngx.WARN, "INVALID TOKEN -> " .. jwtObj.reason) ngx.status = ngx.HTTP_UNAUTHORIZED ngx.header.content_type = "application/json; charset=utf-8" ngx.say(cjson.encode(jwtObj)) ngx.exit(ngx.HTTP_UNAUTHORIZED) end ngx.log(ngx.INFO, "DECODED JWT CLAIM -> " .. cjson.encode(jwtObj)) local htyToken = cjson.decode(jwtObj.payload.sub) ngx.log(ngx.INFO, "DECODED JWT TOKEN -> " .. cjson.encode(htyToken)) return htyToken end local authHeader = ngx.req.get_headers().Authorization local sudoerToken = ngx.req.get_headers().HtySudoerToken if authHeader then ngx.log(ngx.INFO, 'CHECK_AUTH_HEADER -> ', authHeader) local token = decodeJwtClaim(authHeader) verifyJwtToken(token) elseif sudoerToken then ngx.log(ngx.INFO, 'CHECK_SUDOER_HEADER -> ', sudoerToken) local token = decodeJwtClaim(sudoerToken) verifyJwtToken(token) else ngx.log(ngx.ERR, 'NO AUTH/SUDOER HEADERS!') ngx.status = 500 ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) end while true do local type, res, err = form:read() if not type then ngx.say("FAILED TO READ *UPLOAD IMAGE* -> ", err) return end if type == "header" then --"Content-Disposition","form-data; name=\"files[]\"; filename=\"Song-of-joy.png\"" --"Content-Type","image\/png" local key = res[1] local val = res[2] if key == "Content-Type" then local ext = ngx.re.match(val, [[(\w+)\/(\w+)]], "jo")[2] file_name = uuid() .. "." .. ext end if file_name then file = io.open(file_dir .. "/" .. file_name, "w+") ngx.log(ngx.INFO, "FILENAME -> ", file_name) if not file then ngx.say("failed to open file ", file_name) return end end elseif type == "body" then if file then file:write(res) -- sha1:update(res) end elseif type == "part_end" then if file then file:close() table.insert(files, file_name) end -- 这里要重置一下file_name,否则后面的文件保存时会导致前面已保存的文件变成空文件 -- file:flush() 和 io.flush() 都没效果 file_name = nil file = nil elseif type == "eof" then local remote_url = string.format("%s/api/v1/ts/create_task", task_server) ngx.log(ngx.INFO, 'remote_url -> ', remote_url) ngx.log(ngx.INFO, 'Authorization -> ', authHeader) ngx.log(ngx.INFO, 'HtySudoerToken -> ', sudoerToken) local body_text = cjson.encode({ task_type = TaskTypes.UPLOAD_PICTURE, data = { images = files } }) ngx.log(ngx.INFO, 'UPLOAD_PICTURE *body_text* ->', body_text) local res, err = httpc:request_uri( remote_url, { ssl_verify = false, -- 设置参数 ssl_verify 为false 不校验ssl证书 method = "POST", headers = { ["Content-Type"] = "application/json", ["Authorization"] = authHeader, ["HtySudoerToken"] = sudoerToken, }, body = body_text, } ) if res == nil then ngx.log(ngx.ERR, "FAILED TO CONNECT TO *TASK_SERVER*", err) end if 201 ~= res.status then ngx.log(ngx.ERR, "TASK CREATE *FAILED*", err) ngx.say(err) ngx.exit(res.status) end ngx.say(res.body) break else -- do nothing end end