Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
eg
 
 
 
 
 
 
 
 

README

mod_access_token - Secure downloading module for Apache2
=============================================================

mod_access_token provides access token based secure downloading.

Your web application generates a download URI with signed query_string parameters.
mod_access_token will check signature, and limit the request by specifying an expiration time.

Usage
-----

http://example.com/protected/example.jpg?AccessKey=<AccessKey>&Expires=<Expires>&Signature=<Signature>

* AccessKey: pre-defined AccessKey. 
*   Expires: Expiration time. specified the number of seconds since the UNIX epoch.
* Signature: Base64 encoded HMAC-SHA1

Pseudo-Code
-----------

    PlainText = <HTTP_METHOD> + <URI> + <EXPIRES> + <ACCESS_KEY>
    Signature = Base64(HMAC_SHA1(PlainText, Secret))

Example (Perl)
--------------

    use strict;
    use URI;
    use Digest::HMAC_SHA1;
    
    my $access_key = 'XXX';
    my $exp = time + 300; # 5minutes
    my $url = 'http://example.com/protected/example.jpg';
    my $uri = URI->new( $url );
    my $plain = sprintf '%s%s%s%s', 'GET', $uri->path, $exp, $access_key;
    my $hmac = Digest::HMAC_SHA1->new( $secret );
    $hmac->add( $plain );
    my $sig = $hmac->b64digest;
    $uri->query_form({
        Signature => $sig,
        AccessKey => $access_key,
        Expires => $exp,
    });
    printf "%s\n", $uri->as_string;


Directives
----------

AccessTokenCheck On/Off
    Whether or not to use this module.

AccessTokenSecret <secret>
    Shared secret string.

AccessTokenAccessKey <access_key>
    public AccessKey string.




About

mod_access_token is an apache module which provides access token based secure downloading.

Resources

Releases

No releases published
You can’t perform that action at this time.