The previous verification file upload mechanism has poor scalability. change to get the upload directory from redis to verify better extension.
Signed-off-by: cuiyili 2268260388@qq.com --- container/result-webdav/nginx.conf | 76 ++++++++++++++++-------------- 1 file changed, 41 insertions(+), 35 deletions(-)
diff --git a/container/result-webdav/nginx.conf b/container/result-webdav/nginx.conf index 1ccaa92..af27653 100644 --- a/container/result-webdav/nginx.conf +++ b/container/result-webdav/nginx.conf @@ -4,6 +4,8 @@ user lkp; worker_processes auto; pid /run/nginx.pid; +env REDIS_HOST; +env REDIS_PORT;
events {}
@@ -16,7 +18,7 @@ http { access_log /tmp/access.log; error_log /tmp/error.log;
- location /result { + location / { allow all; root /srv/;
@@ -26,49 +28,53 @@ http { dav_access user:rw group:rw all:rw;
access_by_lua_block { - accesskey = ngx.var.cookie_ACCESSKEY - job_id = string.sub(accesskey, string.find(accesskey,"-") - string.len(accesskey)) - uri = ngx.var.request_uri - path = string.match(uri,"%g*/") - root_path = string.sub(path, 1, string.find(path, job_id) - 1)..job_id.."/" + function split(str, reps) + local resultstrlist = {} + string.gsub(str,'[^'..reps..']+',function (w) + if w ~= nil then + table.insert(resultstrlist,w) + end + end) + return resultstrlist + end
- accesskey_file = "/srv/"..root_path.."."..accesskey + redis_host = os.getenv("REDIS_HOST") + redis_port = os.getenv("REDIS_PORT")
- local f = io.open(accesskey_file) - if not f then + local redis = require "resty.redis" + local red = redis:new() + red:set_timeout(1000) + local ok, err = red:connect(redis_host, redis_port) + if not ok then + ngx.log(ngx.ERR, "connect redis: ", err) ngx.exit(ngx.HTTP_FORBIDDEN) - end - io.close(f) - } - } - location /initrd { - allow all; - root /srv/; - autoindex on; - create_full_put_path on; - dav_methods PUT MKCOL; - dav_access user:rw group:rw all:rw; + end
- access_by_lua_block { + job_id = ngx.var.cookie_JOBID uri = ngx.var.request_uri + path = string.match(uri, "%g*/") + upload_file = string.match(uri, "([^/]+)$")
- path = string.match(uri,"%g*/") - upload_file = string.match(uri, ".+/([^/]*%.%w+)$") - second_dir = string.match(uri, "/*%w+/(.-)/.+") + local res, err = red:hget("sched/id2upload_dirs", job_id) + if not res or res == ngx.null then + ngx.log(ngx.ERR, "failed to hget: ", err) + ngx.exit(ngx.HTTP_FORBIDDEN) + end
- if (second_dir == "pkg" or second_dir == "build-pkg") - then - link_name = "latest" - else - link_name = string.match(upload_file, "(.*)_%d+%.cgz") + if string.find(res, ",") then + table = split(res,",") + for i = 1, #table do + if string.find(path, table[i]) then + return + end end - - if (link_name ~= '') - then - link_name = link_name..".cgz" - root_patch = "/srv/"..path - io.popen("cd "..root_patch.."&& ln -sf "..upload_file.." "..link_name) + else + if string.find(path, res, 1, true) then + return + end end + + ngx.exit(ngx.HTTP_FORBIDDEN) } }