FastDFS防盜鏈

FastDFS擴展模塊內置了通過token來實現防盜鏈的功能。開啟防盜鏈后，訪問文件是需要在url中加兩個參數：token和ts。ts為時間戳，token為系統根據時間戳和密碼生成的信物。為了系統的安全，下面一起來開啟防盜鏈吧！

1. 配置http訪問

1.1 開啟防盜鏈檢查

vim /etc/fdfs/http.conf

# HTTP default content type
http.default_content_type = application/octet-stream

# MIME types mapping filename
# MIME types file format: MIME_type  extensions
# such as:  image/jpeg  jpeg jpg jpe
# you can use apache's MIME file: mime.types
http.mime_types_filename=mime.types

# if use token to anti-steal
# default value is false (0)
http.anti_steal.check_token=true       # 修改1，開啟防盜鏈檢查

# token TTL (time to live), seconds
# default value is 600
http.anti_steal.token_ttl=900  # 選擇性修改token的過期時間

# secret key to generate anti-steal token
# this parameter must be set when http.anti_steal.check_token set to true·
# the length of the secret key should not exceed 128 bytes
http.anti_steal.secret_key=123456    # 修改2，防盜鏈密碼

# return the content of the file when check token fail
# default value is empty (no file sepecified)
http.anti_steal.token_check_fail=/root/error.jpg    # 修改3，配置拒絕訪問后顯示的圖片，需要是個有效可訪問的圖片

# if support multi regions for HTTP Range
# default value is true
http.multi_range.enabed = true

 

1.2 重啟nginx

service nginx restart 
# 或
nginx -s reload

 

1.3 驗證

1. 沒有開啟防盜鏈，文件可以正常訪問：

   

2. 成功開啟防盜鏈后，訪問文件時攜帶了錯誤的token，文件不能訪問並且顯示訪問出錯的圖片

   

3. 攜帶正確的token，效果已經達到，只要保證密碼不被泄露，我們的文件就是相對安全的

   

2. 開發服務端代碼修改

2.1 fdfs_client.conf配置

http.anti_steal_token = true  # 啟動防盜鏈
http.secret_key = 123456   # 防盜鏈密碼

tracker_server=192.168.56.10:22122
tracker_server=192.168.56.11:22122

 

 

2.2 服務器端

服務器端為文件訪問生成token
remoteFilename:不能加group1（group name）

package com.aixin.tuna.fdfs;

import org.csource.common.MyException;
import org.csource.fastdfs.ProtoCommon;

import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;

/**
 * Created by dailin on 2018/6/12.
 */
public class FdfsFDL {
    public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException {
        String fileName = "M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png";
        String host = "http://192.168.56.10:8888";
        String secretKey = "123456";
        String sourceUrl = getSourceUrl(fileName, host, secretKey);
        System.out.println(sourceUrl);
    }

    /**
     * 生成防盜鏈token
     * @param remoteFilename 文件路徑，不帶group：M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png
     * @param httpHost         文件服務器web訪問地址
     * @param secretKey         密碼
     * @return
     * @throws UnsupportedEncodingException
     * @throws NoSuchAlgorithmException
     * @throws MyException
     */
    public static String getSourceUrl(String remoteFilename, String httpHost,String secretKey) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException {
        int lts = (int)(System.currentTimeMillis() / 1000);
        String token = ProtoCommon.getToken(remoteFilename, lts, secretKey); //初始化secret_key
        return httpHost + "/" + remoteFilename + "?token=" + token + "&ts=" + lts;
    }
}

 

得到

http://192.168.56.10:8888/M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png?token=2fd428c6acc14126239e3a7d7d1d872b&ts=153