FastDFS防盜鏈 · TUNA-daily

[TOC] FastDFS擴展模塊內置了通過token來實現防盜鏈的功能。開啟防盜鏈后，訪問文件是需要在url中加兩個參數：token和ts。ts為時間戳，token為系統根據時間戳和密碼生成的信物。為了系統的安全，下面一起來開啟防盜鏈吧！ ## 1. 配置http訪問 ### 1.1 開啟防盜鏈檢查 vim /etc/fdfs/http.conf ~~~ # HTTP default content type http.default_content_type = application/octet-stream # MIME types mapping filename # MIME types file format: MIME_type extensions # such as: image/jpeg jpeg jpg jpe # you can use apache's MIME file: mime.types http.mime_types_filename=mime.types # if use token to anti-steal # default value is false (0) http.anti_steal.check_token=true # 修改1，開啟防盜鏈檢查 # token TTL (time to live), seconds # default value is 600 http.anti_steal.token_ttl=900 # 選擇性修改token的過期時間 # secret key to generate anti-steal token # this parameter must be set when http.anti_steal.check_token set to true· # the length of the secret key should not exceed 128 bytes http.anti_steal.secret_key=123456 # 修改2，防盜鏈密碼 # return the content of the file when check token fail # default value is empty (no file sepecified) http.anti_steal.token_check_fail=/root/error.jpg # 修改3，配置拒絕訪問后顯示的圖片，需要是個有效可訪問的圖片 # if support multi regions for HTTP Range # default value is true http.multi_range.enabed = true ~~~ ### 1.2 重啟nginx ~~~ service nginx restart # 或 nginx -s reload ~~~ ### 1.3 驗證 1. 沒有開啟防盜鏈，文件可以正常訪問： ![](https://box.kancloud.cn/5f571a28b27e64174afe9c8163e67fa3_511x540.png) 2. 成功開啟防盜鏈后，訪問文件時攜帶了錯誤的token，文件不能訪問并且顯示訪問出錯的圖片 ![](https://box.kancloud.cn/c113f0bc3f39e32e7caf1f11c944ec53_535x742.png) 3. 攜帶正確的token，效果已經達到，只要保證密碼不被泄露，我們的文件就是相對安全的 ![](https://box.kancloud.cn/6430f76ad1b10c51e4280c018df3c5cc_535x742.png) ## 2. 開發服務端代碼修改 ### 2.1 fdfs_client.conf配置 ~~~ http.anti_steal_token = true # 啟動防盜鏈 http.secret_key = 123456 # 防盜鏈密碼 tracker_server=192.168.56.10:22122 tracker_server=192.168.56.11:22122 ~~~ ### 2.2 服務器端服務器端為文件訪問生成token **remoteFilename:不能加group1（group name）** ~~~ package com.aixin.tuna.fdfs; import org.csource.common.MyException; import org.csource.fastdfs.ProtoCommon; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; /** * Created by dailin on 2018/6/12. */ public class FdfsFDL { public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException { String fileName = "M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png"; String host = "http://192.168.56.10:8888"; String secretKey = "123456"; String sourceUrl = getSourceUrl(fileName, host, secretKey); System.out.println(sourceUrl); } /** * 生成防盜鏈token * @param remoteFilename 文件路徑，不帶group：M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png * @param httpHost 文件服務器web訪問地址 * @param secretKey 密碼 * @return * @throws UnsupportedEncodingException * @throws NoSuchAlgorithmException * @throws MyException */ public static String getSourceUrl(String remoteFilename, String httpHost,String secretKey) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException { int lts = (int)(System.currentTimeMillis() / 1000); String token = ProtoCommon.getToken(remoteFilename, lts, secretKey); //初始化secret_key return httpHost + "/" + remoteFilename + "?token=" + token + "&ts=" + lts; } } ~~~ 得到 ~~~ http://192.168.56.10:8888/M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png?token=2fd428c6acc14126239e3a7d7d1d872b&ts=1531440241 ~~~ 此時，可以用上面得到的url訪問文件