moicen
207 lines
6.2 KiB
Lua
207 lines
6.2 KiB
Lua
local upload = require "resty.upload"
|
|
local uuid = require "resty.jit-uuid"
|
|
local cjson = require "cjson"
|
|
--# https://github.com/SkyLothar/lua-resty-jwt
|
|
--$ opm get SkyLothar/lua-resty-jwt
|
|
local jwt = require "resty.jwt"
|
|
|
|
local chunk_size = 4096
|
|
local form = upload:new(chunk_size)
|
|
uuid.seed()
|
|
|
|
local TaskTypes = {
|
|
NOOP = 'NOOP',
|
|
UPLOAD_PICTURE = 'UPLOAD_PICTURE'
|
|
}
|
|
|
|
local task_server = ngx.var.task_server
|
|
local htyuc = ngx.var.htyuc
|
|
local htyhost = ngx.req.get_headers().HtyHost
|
|
|
|
ngx.log(ngx.INFO, "TASK_SERVER -> ", task_server)
|
|
ngx.log(ngx.INFO, "HTYUC -> ", htyuc)
|
|
ngx.log(ngx.INFO, "HTY HOST -> ", htyhost)
|
|
|
|
local file_dir = ngx.var.tmp_file_dir
|
|
local file
|
|
local file_name
|
|
local files = {}
|
|
|
|
local http = require "resty.http"
|
|
local httpc = http.new()
|
|
|
|
local function cleanupString(str, remove)
|
|
local lcSubStrTab = {}
|
|
while true do
|
|
local lcPos = string.find(str, remove)
|
|
if not lcPos then
|
|
lcSubStrTab[#lcSubStrTab + 1] = str
|
|
break
|
|
end
|
|
local lcSubStr = string.sub(str, 1, lcPos - 1)
|
|
lcSubStrTab[#lcSubStrTab + 1] = lcSubStr
|
|
str = string.sub(str, lcPos + 1, #str)
|
|
end
|
|
local lcMergeStr = ""
|
|
local lci = 1
|
|
while true do
|
|
if lcSubStrTab[lci] then
|
|
lcMergeStr = lcMergeStr .. lcSubStrTab[lci]
|
|
lci = lci + 1
|
|
else
|
|
break
|
|
end
|
|
end
|
|
return lcMergeStr
|
|
end
|
|
|
|
local function verifyJwtToken(token)
|
|
local http = require "resty.http"
|
|
local httpc = http.new()
|
|
local verify_jwt_url = string.format("%s/api/v1/uc/verify_jwt_token", htyuc)
|
|
|
|
ngx.log(ngx.INFO, 'HTYUC VERIFY_JWT_TOKEN_URL -> ' .. verify_jwt_url)
|
|
|
|
local res, err = httpc:request_uri(
|
|
verify_jwt_url,
|
|
{
|
|
ssl_verify = false, -- 设置参数 ssl_verify 为false 不校验ssl证书
|
|
method = "POST",
|
|
headers = {
|
|
['HtyHost'] = htyhost,
|
|
["Authorization"] = token,
|
|
},
|
|
}
|
|
)
|
|
|
|
if not res then
|
|
ngx.log(ngx.ERR, "CAN'T VERIFY JWT TOKEN -> ", err)
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
else
|
|
if 200 ~= res.status then
|
|
ngx.log(ngx.ERR, "JWT TOKEN VERIFICATION *ERROR* -> ", err)
|
|
ngx.say(res.body)
|
|
ngx.exit(res.status)
|
|
end
|
|
end
|
|
|
|
ngx.log(ngx.INFO, "JWT TOKEN VERIFICATION *PASSED*.")
|
|
|
|
end
|
|
|
|
local function decodeJwtClaim(jwtClaim)
|
|
local jwtKey = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE"
|
|
local jwtObj = jwt:verify(jwtKey, jwtClaim)
|
|
|
|
if jwtObj.verified == false then
|
|
ngx.log(ngx.WARN, "INVALID TOKEN -> " .. jwtObj.reason)
|
|
ngx.status = ngx.HTTP_UNAUTHORIZED
|
|
ngx.header.content_type = "application/json; charset=utf-8"
|
|
ngx.say(cjson.encode(jwtObj))
|
|
ngx.exit(ngx.HTTP_UNAUTHORIZED)
|
|
end
|
|
|
|
ngx.log(ngx.INFO, "DECODED JWT CLAIM -> " .. cjson.encode(jwtObj))
|
|
|
|
local htyToken = cjson.decode(jwtObj.payload.sub)
|
|
ngx.log(ngx.INFO, "DECODED JWT TOKEN -> " .. cjson.encode(htyToken))
|
|
return htyToken
|
|
end
|
|
|
|
local authHeader = ngx.req.get_headers().Authorization
|
|
local sudoerToken = ngx.req.get_headers().HtySudoerToken
|
|
|
|
if authHeader then
|
|
ngx.log(ngx.INFO, 'CHECK_AUTH_HEADER -> ', authHeader)
|
|
-- local token = decodeJwtClaim(authHeader)
|
|
verifyJwtToken(authHeader)
|
|
elseif sudoerToken then
|
|
ngx.log(ngx.INFO, 'CHECK_SUDOER_HEADER -> ', sudoerToken)
|
|
-- local token = decodeJwtClaim(sudoerToken)
|
|
verifyJwtToken(sudoerToken)
|
|
else
|
|
ngx.log(ngx.ERR, 'NO AUTH/SUDOER HEADERS!')
|
|
ngx.status = 500
|
|
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
|
|
end
|
|
|
|
while true do
|
|
local type, res, err = form:read()
|
|
|
|
if not type then
|
|
ngx.say("FAILED TO READ *UPLOAD IMAGE* -> ", err)
|
|
return
|
|
end
|
|
|
|
if type == "header" then
|
|
--"Content-Disposition","form-data; name=\"files[]\"; filename=\"Song-of-joy.png\""
|
|
--"Content-Type","image\/png"
|
|
local key = res[1]
|
|
local val = res[2]
|
|
if key == "Content-Type" then
|
|
local ext = ngx.re.match(val, [[(\w+)\/(\w+)]], "jo")[2]
|
|
file_name = uuid() .. "." .. ext
|
|
end
|
|
|
|
if file_name then
|
|
file = io.open(file_dir .. "/" .. file_name, "w+")
|
|
ngx.log(ngx.INFO, "FILENAME -> ", file_name)
|
|
if not file then
|
|
ngx.say("failed to open file ", file_name)
|
|
return
|
|
end
|
|
end
|
|
|
|
elseif type == "body" then
|
|
if file then
|
|
file:write(res)
|
|
-- sha1:update(res)
|
|
end
|
|
elseif type == "part_end" then
|
|
if file then
|
|
file:close()
|
|
table.insert(files, file_name)
|
|
end
|
|
-- 这里要重置一下file_name,否则后面的文件保存时会导致前面已保存的文件变成空文件
|
|
-- file:flush() 和 io.flush() 都没效果
|
|
file_name = nil
|
|
file = nil
|
|
elseif type == "eof" then
|
|
local remote_url = string.format("%s/api/v1/ts/create_task", task_server)
|
|
ngx.log(ngx.INFO, 'remote_url -> ', remote_url)
|
|
ngx.log(ngx.INFO, 'Authorization -> ', authHeader)
|
|
ngx.log(ngx.INFO, 'HtySudoerToken -> ', sudoerToken)
|
|
|
|
local body_text = cjson.encode({ task_type = TaskTypes.UPLOAD_PICTURE, payload = { images = files } })
|
|
|
|
ngx.log(ngx.INFO, 'UPLOAD_PICTURE *body_text* ->', body_text)
|
|
local res, err = httpc:request_uri(
|
|
remote_url,
|
|
{
|
|
ssl_verify = false, -- 设置参数 ssl_verify 为false 不校验ssl证书
|
|
method = "POST",
|
|
headers = {
|
|
["Content-Type"] = "application/json",
|
|
["Authorization"] = authHeader,
|
|
["HtySudoerToken"] = sudoerToken,
|
|
['HtyHost'] = htyhost
|
|
},
|
|
body = body_text,
|
|
}
|
|
)
|
|
if res == nil then
|
|
ngx.log(ngx.ERR, "FAILED TO CONNECT TO *TASK_SERVER*", err)
|
|
end
|
|
|
|
if 201 ~= res.status then
|
|
ngx.log(ngx.ERR, "TASK CREATE *FAILED*", res.body)
|
|
|
|
end
|
|
ngx.say(res.body)
|
|
ngx.exit(res.status)
|
|
break
|
|
else
|
|
-- do nothing
|
|
end
|
|
end
|