FastDFS扩展模块内置了通过token来实现防盗链的功能。开启防盗链后,访问文件是需要在url中加两个参数:token和ts。ts为时间戳,token为系统根据时间戳和密码生成的信物。为了系统的安全,下面一起来开启防盗链吧!
1. 配置http访问
1.1 开启防盗链检查
vim /etc/fdfs/http.conf
# HTTP default content type http.default_content_type = application/octet-stream # MIME types mapping filename # MIME types file format: MIME_type extensions # such as: image/jpeg jpeg jpg jpe # you can use apache's MIME file: mime.types http.mime_types_filename=mime.types # if use token to anti-steal # default value is false (0) http.anti_steal.check_token=true # 修改1,开启防盗链检查 # token TTL (time to live), seconds # default value is 600 http.anti_steal.token_ttl=900 # 选择性修改token的过期时间 # secret key to generate anti-steal token # this parameter must be set when http.anti_steal.check_token set to true· # the length of the secret key should not exceed 128 bytes http.anti_steal.secret_key=123456 # 修改2,防盗链密码 # return the content of the file when check token fail # default value is empty (no file sepecified) http.anti_steal.token_check_fail=/root/error.jpg # 修改3,配置拒绝访问后显示的图片,需要是个有效可访问的图片 # if support multi regions for HTTP Range # default value is true http.multi_range.enabed = true
1.2 重启nginx
service nginx restart # 或 nginx -s reload
1.3 验证
-
没有开启防盗链,文件可以正常访问:
-
成功开启防盗链后,访问文件时携带了错误的token,文件不能访问并且显示访问出错的图片
-
携带正确的token,效果已经达到,只要保证密码不被泄露,我们的文件就是相对安全的
2. 开发服务端代码修改
2.1 fdfs_client.conf配置
http.anti_steal_token = true # 启动防盗链 http.secret_key = 123456 # 防盗链密码 tracker_server=192.168.56.10:22122 tracker_server=192.168.56.11:22122
2.2 服务器端
服务器端为文件访问生成token
remoteFilename:不能加group1(group name)
package com.aixin.tuna.fdfs; import org.csource.common.MyException; import org.csource.fastdfs.ProtoCommon; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; /** * Created by dailin on 2018/6/12. */ public class FdfsFDL { public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException { String fileName = "M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png"; String host = "http://192.168.56.10:8888"; String secretKey = "123456"; String sourceUrl = getSourceUrl(fileName, host, secretKey); System.out.println(sourceUrl); } /** * 生成防盗链token * @param remoteFilename 文件路径,不带group:M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png * @param httpHost 文件服务器web访问地址 * @param secretKey 密码 * @return * @throws UnsupportedEncodingException * @throws NoSuchAlgorithmException * @throws MyException */ public static String getSourceUrl(String remoteFilename, String httpHost,String secretKey) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException { int lts = (int)(System.currentTimeMillis() / 1000); String token = ProtoCommon.getToken(remoteFilename, lts, secretKey); //初始化secret_key return httpHost + "/" + remoteFilename + "?token=" + token + "&ts=" + lts; } }
得到
http://192.168.56.10:8888/M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png?token=2fd428c6acc14126239e3a7d7d1d872b&ts=153