How to generate a nginx secure link in python

2020-03-31 08:55发布

站内问答 / Python
748 3 6

How do i make the link for the secure link module in nginx using python? I'm looking to use nginx to serve secured files that have expiring links. Link to Nginx Wiki

标签: python nginx
举报
3条回答
forever°为你锁心
2楼-- · 2020-03-31 09:06

The accepted answer is incorrect because it only hashes the secret, not the combination of secret, url, and expiration time.

import base64
import hashlib
import calendar
import datetime

secret = "itsaSSEEECRET"
url = "/secure/email-from-your-mom.txt"

future = datetime.datetime.utcnow() + datetime.timedelta(minutes=5)
expiry = calendar.timegm(future.timetuple())

secure_link = "{key}{url}{expiry}".format(key=secret,
                                          url=url,
                                          expiry=expiry)
hash = hashlib.md5(secure_link).digest()
encoded_hash = base64.urlsafe_b64encode(hash).rstrip('=')

print url + "?st=" + encoded_hash + "&e=" + str(expiry)

Corresponding section of a nginx.conf

location /secure {

    # set connection secure link
    secure_link $arg_st,$arg_e;
    secure_link_md5 "itsaSSEEECRET$uri$secure_link_expires";

    # bad hash
    if ($secure_link = "") {
        return 403;
    }

    # link expired
    if ($secure_link = "0") {
        return 410;
    }

    # do something useful here
}
查看更多
0人赞 添加讨论(0) 举报
贼婆χ
3楼-- · 2020-03-31 09:13

The code from shadfc's answer works. For Python 3, some modifications are necessary:

import base64
import hashlib
import calendar
import datetime

secret = "itsaSSEEECRET"
url = "/secure/email-from-your-mom.txt"

future = datetime.datetime.utcnow() + datetime.timedelta(minutes=5)
expiry = calendar.timegm(future.timetuple())

secure_link = f"{secret}{url}{expiry}".encode('utf-8')

hash = hashlib.md5(secure_link).digest()
base64_hash = base64.urlsafe_b64encode(hash)
str_hash = base64_hash.decode('utf-8').rstrip('=')

print(f"{url}?st={str_hash}&e={expiry}")
查看更多
0人赞 添加讨论(0) 举报
我只想做你的唯一
4楼-- · 2020-03-31 09:16 
import base64
import hashlib

future = datetime.datetime.now() + datetime.timedelta(minutes=5)
url = "/securedir/file.txt"
timestamp = str(time.mktime(future.timetuple()))
security = base64.b64encode(hashlib.md5( secret ).digest()).replace('+', '-').replace('/', '_').replace("=", "")
data = str(url) + "?st=" + str(security) + "&e=" + str(timestamp)

data is your generated url of the form:

/securedir/file.txt?st=PIrEk4JX5gJPTGmvqJG41g&e=1324527723
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)