nginx接口安全验证模块ngx_http_secure_link_module

location配置

location ~ ^/v1/(apple|banana)/ {  #uri以v1/apple或者v1/banana开头的，走以下的逻辑，验证签名
            set $channel_name $cookie_channel_name;  # 设置channel_name变量为cookie中的channel_name的值
            secure_link $arg_sign,$arg_expire;  # arg中的签名和过期时间
            secure_link_md5 "$uri $arg_version_name $channel_name $arg_et  gohell";

            set $check_status "";

            # checksum
            if ($secure_link = "") {
                set $check_status 403;
            }
            if ($arg_nonce_str = "") {
                set $check_status 200;
            }
            # expire
            if ($secure_link = "0") {
                set $check_status 410;
            }
            if ($arg_sign = "") {  # arg中无签名的直接返回504
                set $check_status 504;
            }
            if ($arg_version_name = "1.1.4.7") {  # arg中有version_name参数值为1.1.4.7的不验证签名
                set $check_status 200;
            }
            if ($arg_mmmm != "") {  # arg中有mmmm参数的不验证签名
                set $check_status 200;
            }
            if ($check_status = 403) {
                return 403;
            }
            if ($check_status = 410) {
                return 410;
            }
            if ($check_status = 504) {
                return 504;
            }

            proxy_pass http://127.0.0.1:10001;
        }


        location / {
            proxy_pass http://127.0.0.1:10001;
        }