项目图片存储为对象存储,一般为oss,或者自己部署的分布式文件存储,这些存储方式都自带有文件查看方式。这种查看方式都带有签名,当需要代理的时候,访问就比较麻烦了。现在需要解决oss文件访问!
要求:
1.访问不暴露oss自带域名地址
2. 能通过拼接直接访问图片资源
3. 访问需要鉴权
不解释了,直接上内容,懂得都懂!!
此处oss 权限要公共读
upstream aged-upstr{
server 127.0.0.1:11000;
}
server {
listen 8360;
client_max_body_size 200M;
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 100 128k;
#charset koi8-r;
server_name localhost;
# 代理阿里云地址 ,auth_request: nginx端鉴权控制 proxy_pass : 代理oss
location /aged-oss {
auth_request /auth-images;
proxy_pass https://oss域名.aliyuncs.com/;
}
#nignx 鉴权 proxy_pass 请求到后端接口鉴权 拼接的为定义的鉴权参数
location /auth-images {
set $query '';
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
}
proxy_pass http://aged-upstr/aged-admin/userCheck;
proxy_set_header X-Original-URI $request_uri;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header Auth-Ticket $query;
}
}
package com.physicalpoint.aged.admin.controller;
import com.physicalpoint.aged.admin.service.sys.LoginService;
import com.physicalpoint.aged.vo.LoginUserInfo;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@RestController
public class AuthController {
@Resource
private LoginService loginService;
//鉴权接口 返回true false
@RequestMapping("/userCheck")
public ResponseEntity<Boolean> authImages(HttpServletRequest request, HttpServletResponse response) {
boolean isValid = false;
//获取请求头部
String header = request.getHeader("x-original-uri");
try {
//截取鉴权参数,我这边为ticket 验证用户登录,可自行定义鉴权
String ticket = header.split("=")[1];
if (StringUtils.isNotBlank(ticket)) {
LoginUserInfo loginUser = loginService.get(ticket);
// LoginUserInfo loginUser = ssoOAuth2Request.getLoginUserFromCache(loginCache, ticket);
//todo 细致权限区分
isValid = loginUser != null;
}
if (!isValid) {
response.setHeader("WWW-authenticate", "Basic realm=\"没有权限\"");
return ResponseEntity.status(HttpStatus.FORBIDDEN).body(false);
}
return ResponseEntity.ok(true);
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body(false);
}
}
}
效果:
不带鉴权的
带鉴权的
注:不需要鉴权的去掉 auth_request /auth-images; 即可
图片还有一种访问方式,就是将图片先下载流 ,流的方式返回前端,这个问题就是io比较大,图片页面多的 会体验差