The previous verification file upload mechanism has poor scalability.
change to get the upload directory from redis to verify better
extension.
Signed-off-by: cuiyili <2268260388(a)qq.com>
---
container/result-webdav/nginx.conf | 76 ++++++++++++++++--------------
1 file changed, 41 insertions(+), 35 deletions(-)
diff --git a/container/result-webdav/nginx.conf b/container/result-webdav/nginx.conf
index 1ccaa92..af27653 100644
--- a/container/result-webdav/nginx.conf
+++ b/container/result-webdav/nginx.conf
@@ -4,6 +4,8 @@
user lkp;
worker_processes auto;
pid /run/nginx.pid;
+env REDIS_HOST;
+env REDIS_PORT;
events {}
@@ -16,7 +18,7 @@ http {
access_log /tmp/access.log;
error_log /tmp/error.log;
- location /result {
+ location / {
allow all;
root /srv/;
@@ -26,49 +28,53 @@ http {
dav_access user:rw group:rw all:rw;
access_by_lua_block {
- accesskey = ngx.var.cookie_ACCESSKEY
- job_id = string.sub(accesskey, string.find(accesskey,"-") - string.len(accesskey))
- uri = ngx.var.request_uri
- path = string.match(uri,"%g*/")
- root_path = string.sub(path, 1, string.find(path, job_id) - 1)..job_id.."/"
+ function split(str, reps)
+ local resultstrlist = {}
+ string.gsub(str,'[^'..reps..']+',function (w)
+ if w ~= nil then
+ table.insert(resultstrlist,w)
+ end
+ end)
+ return resultstrlist
+ end
- accesskey_file = "/srv/"..root_path.."."..accesskey
+ redis_host = os.getenv("REDIS_HOST")
+ redis_port = os.getenv("REDIS_PORT")
- local f = io.open(accesskey_file)
- if not f then
+ local redis = require "resty.redis"
+ local red = redis:new()
+ red:set_timeout(1000)
+ local ok, err = red:connect(redis_host, redis_port)
+ if not ok then
+ ngx.log(ngx.ERR, "connect redis: ", err)
ngx.exit(ngx.HTTP_FORBIDDEN)
- end
- io.close(f)
- }
- }
- location /initrd {
- allow all;
- root /srv/;
- autoindex on;
- create_full_put_path on;
- dav_methods PUT MKCOL;
- dav_access user:rw group:rw all:rw;
+ end
- access_by_lua_block {
+ job_id = ngx.var.cookie_JOBID
uri = ngx.var.request_uri
+ path = string.match(uri, "%g*/")
+ upload_file = string.match(uri, "([^/]+)$")
- path = string.match(uri,"%g*/")
- upload_file = string.match(uri, ".+/([^/]*%.%w+)$")
- second_dir = string.match(uri, "/*%w+/(.-)/.+")
+ local res, err = red:hget("sched/id2upload_dirs", job_id)
+ if not res or res == ngx.null then
+ ngx.log(ngx.ERR, "failed to hget: ", err)
+ ngx.exit(ngx.HTTP_FORBIDDEN)
+ end
- if (second_dir == "pkg" or second_dir == "build-pkg")
- then
- link_name = "latest"
- else
- link_name = string.match(upload_file, "(.*)_%d+%.cgz")
+ if string.find(res, ",") then
+ table = split(res,",")
+ for i = 1, #table do
+ if string.find(path, table[i]) then
+ return
+ end
end
-
- if (link_name ~= '')
- then
- link_name = link_name..".cgz"
- root_patch = "/srv/"..path
- io.popen("cd "..root_patch.."&& ln -sf "..upload_file.." "..link_name)
+ else
+ if string.find(path, res, 1, true) then
+ return
+ end
end
+
+ ngx.exit(ngx.HTTP_FORBIDDEN)
}
}
--
2.23.0