最近有个想法,想做类似下面的视频URL防盗验证;
1、URL Tag Validation
2、Special format of URL for preventing unauthorized usage and access、
sample
Original: http://www.baidu.com/2016/0704/8025915_HD-60i_7198.mp4
Using UTV:http://www.baidu.com/2016/0704/8025915_HD-60i_7198.mp4?px-time=1467685158&px-hash=a08a3c149514aae2aea14755a45a29c2
px-time : current time or expire time
px-hash : hash(secret + url_path +expire_time)
下面是我的想法,按照想法先搞一下;
1. 一个简单流媒体测试服务器。
2. 搞清楚页面防盗链接所需要的知识,比如打开视频链接继而验证referer,还有添加校验的args等。
3. 优化,添加功能。
4. 验证这些是否符合需求。
搭建流媒体使用tengine 新版自带的mp4模块
下载源码:http://tenine.taobao.org/download.html
./configure --prefix=/web --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_v2_module --with-http_ssl_module --with-http_image_filter_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_mp4_module && make && make install
Nginx配置文件:
#### server { listen 80; server_name xxxxxx; access_log logs/vhost/xxxxxx_access.log main; #access_log "pipe:rollback logs/vhost/xxxxxx.access_log interval=1d baknum=7 maxsize=2G" main; location / { root xxxxxx; index index.html index.htm; mp4; #mp4配置,没有做优化 } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
播放器选用Jwplayer
https://www.jwplayer.com PS:注册☑️勾选了开发者就可以获取JS链接;jdk等用来测试嗯嗯免费^ ^。
编辑测试页面:
index.html
<!DOCTYPE heml>
<html>
<head>
<!-- 在这里替换自己的JW Player id -->
<script type="text/javascript" src="https://cdn.jwplayer.com/libraries/xxxx.js"></script>
<script type="text/javascript" src="getParam.js"></script>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
</head>
<body bgcolor="#000000">
<div id="myElement">Loading the page...</div>
<script type="text/javascript">
var file_name=getParam('id');
console.log(file_name);
jwplayer("myElement").setup({
file: "http://x.x.x.x:8081/" + file_name,
// image: "data/myposter.jpg",
title: file_name,
});
</script>
</body>
</html>
获取文件getParam.js
function getParam(paramName) {
paramValue = "", isFound = !1;
if (this.location.search.indexOf("?") == 0 && this.location.search.indexOf("=") > 1) {
arrSource = unescape(this.location.search).substring(1, this.location.search.length).split("&"), i = 0;
while (i < arrSource.length && !isFound) arrSource[i].indexOf("=") > 0 && arrSource[i].split("=")[0].toLowerCase() == paramName.toLowerCase() && (paramValue = arrSource[i].split("=")[1], isFound = !0), i++;
}
return paramValue == "" && (paramValue = null), paramValue;
}
流媒体测试服务器就基本搭建ok了,测试如下:
PS: 个人的VPS已升级,流媒体测试防盗链学习将使用 referer+nginx 验证token来打造。token: md5(appId+appKey) 敬请期待;
参考资料:
https://www.xiaohulu.com/video/user_detail?plat=201&roomid=61936357840
https://www.cnblogs.com/nopnog/p/7452405.html
https://www.cnblogs.com/vinyuan/p/3556218.html
https://leefige.github.io/2019/03/05/%E5%9F%BA%E4%BA%8ENginx%E9%85%8D%E7%BD%AEWeb%E8%A7%86%E9%A2%91%E6%B5%81%E5%AA%92%E4%BD%93%E6%9C%8D%E5%8A%A1%E5%99%A8/