VOD access control from 3 methods | 视频点播VOD的3种权限控制方法 (nginx/php/nginx+php)
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build/nginx
conf/nginx
images
sites
LICENSE
README.md
docker-compose.yml

README.md

Vod Authority Control Demo

(中文版)

Intro

show the vod authority control from 3 methods ( nginx/php/nginx+php )

Deploy

✔️ require Docker, Docker-compose

$ docker-compose up

Test

  1. add hosts 127.0.0.1 local.video-demo.com
  2. check url http://local.video-demo.com
  3. there're 3 methods u can choise (php/nginx/php+nginx)
  4. if u want to play,append ?token=anyWordYouWant to url, like local.video-demo.com/php-auth/?token=XXX

Core Intro

Nginx Method

With nginx-mod-http-lua module, lua language is used to verify the permissions of video files in the configuration file of nginx.

location ~ .*\.(mp4|flv|avi)$ {
        content_by_lua_block {
            -- # DEMO
			-- get args 
            local args, err = ngx.req.get_uri_args()

            -- check args
            local token = args.token
            local key = args.key

            if key == nil or token == nil 
            then
                ngx.exit(ngx.HTTP_FORBIDDEN)
            end

            -- comparison 
            if token ~= ngx.md5(key)
            then
                ngx.exit(ngx.HTTP_FORBIDDEN)
            end

            return ngx.exec("@ok")
        }
    }

    location @ok {
        default_type 'video/mp4';
    }

PHP Method

We can very simple to create a verify function in PHP.

function checkAuth()
{
    $token = $_GET['token'];
    if (!$token) {
        echo 'token is null';
        exit;
    }
}
checkAuth();

Then forward the video protocol

function GetMp4File($file)
{
    $size = filesize($file);
    header("Content-type: video/mp4");
    header("Accept-Ranges: bytes");
    if (isset($_SERVER['HTTP_RANGE'])) {
        header("HTTP/1.1 206 Partial Content");
        list($name, $range) = explode("=", $_SERVER['HTTP_RANGE']);
        list($begin, $end) =explode("-", $range);
        if ($end == 0) {
            $end = $size - 1;
        }
    } else {
        $begin = 0;
        $end = $size - 1;
    }
    header("Content-Length: " . ($end - $begin + 1));
    header("Content-Disposition: filename=".basename($file));
    header("Content-Range: bytes ".$begin."-".$end."/".$size);
    $fp = fopen($file, 'rb');
    fseek($fp, $begin);
    while (!feof($fp)) {
        $p = min(1024, $end - $begin + 1);
        $begin += $p;
        echo fread($fp, $p);
    }
    fclose($fp);
}
GetMp4File("../demo.mp4");

Nginx+PHP Method

We put the logic code into PHP, and let Nginx controll the resources which can use less CPU, memory.

We will use nginx-mod-http-lua` module to foward the token & key to PHP

location @nginx_verify_with_php {
        content_by_lua_block {
            -- set Verify URL
            local verify_url = "/nginx-auth-with-php/verify/"

            -- request verify API
            res = ngx.location.capture(verify_url, { args = ngx.req.get_uri_args()})

            -- check verification
            if res.status ~= 200 or res.body ~= "ok"
            then
                ngx.exit(ngx.HTTP_FORBIDDEN)
            end

            -- return the resource
            ngx.exec("@ok")
        }
    }

And make the verify code in PHP which can change the verification smooth and easily (no need to nginx -s reload anymore)

<?php 
function verify($args)
{
    // verify code
    if ($args['token']) {
        return 'ok';
    }
}

$check = verify($_REQUEST) ? 'ok' : 'failed';
echo $check;
exit;