对称加密实现重要日志上报Openresty接口服务

记录后端接收日志的流程；

由于记录的是广告数据，单次计费数据都会上报，全国内约10几万终端上报。

 

终端上报：Android电视端Apk上报

接收终端：Openresty（Nginx+lua）利用nginx非阻塞io来缓解服务器压力

数据处理：为了提高处理效率避免队列写死，采用go语言分析数据并入库

 

贴代码：生成uuid参数,获取客户端访问接口获取uuid，带着uuid参数上报

getuuid.lua：

--获取body数据，含get,post数据
--获取body数据，含get,post数据
local GET = {}
local POST = {}
ngx.req.read_body()
local  args_get= ngx.req.get_uri_args()
local args_post = ngx.req.get_post_args()
for k,v in pairs(args_get) do
    GET[k]=v
end
for k,v in pairs(args_post) do
    POST[k]=v
end
--生成加密的密钥
function unlock_mac (mac,password)
    local  int_iv = 0
    local  mac_len = string.len(mac)
    for  i = 1,mac_len do
        int_iv = int_iv+string.byte(mac,i)
    end
    local mac_md5 = ngx.md5(mac)
    iv_byte = string.sub(mac_md5,1,1)..string.sub(mac_md5,3,5)..int_iv..ngx.md5(password)
    return string.sub(iv_byte,1,16)
end

--AES解密
function unaes(key,data)
   local aes = require "resty.aes"
   local str = require "resty.string"
   local hash = {
   iv = "fedcba9876543210",
   method = nil
}
local salt = "0123456789abcdef"
local aes_128_cbc, err = aes:new(key, salt, aes.cipher(128,"cbc"), hash)
return aes_128_cbc:decrypt(data)
end


--随机数
function CreateUUID()

    local template ="xxxxxxxxxxxx"
    d = io.open("/dev/urandom", "r"):read(4)
    math.randomseed(os.time() + d:byte(1) + (d:byte(2) * 256) + (d:byte(3) * 65536) + (d:byte(4) * 4294967296))
    return string.gsub(template, "x", function (c)
      local v = (c == "x") and math.random(0, 0xf) or math.random(8, 0xb)
      return string.format("%x", v)
      end)
end

--生成uuid
function guid()
    local seed={'e','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}
    local tb={}
    for i=1,32 do
        table.insert(tb,seed[math.random(1,16)])
    end
    local sid=table.concat(tb)
    return string.format('%s-%s-%s-%s-%s',
        string.sub(sid,1,8),
        string.sub(sid,9,12),
        string.sub(sid,13,16),
        string.sub(sid,17,20),
        string.sub(sid,21,32)
        )
end

--获取解密key
local  mac = GET["mac"]
local password = "(&*87-=KLJHuywe~s.,m-="
local key = unlock_mac(mac,password)
--获取post数据进行解析

local post_val = POST["data"]
local unaes_val,err = unaes(key,ngx.decode_base64(post_val))
if  unaes_val == nil then
 local json = require("cjson")
 json.encode_empty_table_as_object(false)
 local str = {code=10000,error_message="unaes err"}
 ngx.say(json.encode(str))
 ngx.log(ngx.ERR, " unaes_val:", unaes_val)
 return
end

if GET["type"] == "app" or GET["type"] == "cd"
    then
    uidmac = GET["type"].."_uuid_"..mac
else
    uidmac = "uuid_"..mac
end

local redis = require "resty.redis_iresty"
local red = redis:new()
redis:auth("password")
redis:del(uidmac)

uidtable = {}
local s=0
while s<50 do
    s=s+1
    print(CreateUUID())
    local uuid = guid()
    local ok, err = redis:hset(uidmac,uuid,"1")
    if not ok then
        local str = {code=10000,error_message="failed to set lbs"}
        ngx.say(json.encode(str))
        ngx.log(ngx.ERR,"setuidmac:",err)
        return
    end
    uidtable[s] = uuid
end
local json = require("cjson")
    --ngx.say(uidtable)
    datatable = {data = {list =uidtable},code = 20000}
    ngx.say(json.encode(datatable))
    ngx.exit(200)　　

 

 

接收日志，存入队列：

--获取body数据,get,post数据
local GET = {}
local POST = {}
ngx.req.read_body()
local  args_get= ngx.req.get_uri_args()
local args_post = ngx.req.get_post_args()
for k,v in pairs(args_get) do
    GET[k]=v
end
for k,v in pairs(args_post) do
    POST[k]=v
end

--生成加密的密钥
function unlock_mac (mac,password)
    local  int_iv = 0
    local  mac_len = string.len(mac)
    for  i = 1,mac_len do
        int_iv = int_iv+string.byte(mac,i)
    end
    local mac_md5 = ngx.md5(mac)
    iv_byte = string.sub(mac_md5,1,1)..string.sub(mac_md5,3,5)..int_iv..ngx.md5(password)
    return string.sub(iv_byte,1,16)
end

--AES解密
function unaes(key,data)
   local aes = require "resty.aes"
   local str = require "resty.string"
   local hash = {
   iv = "fedcba9876543210",
   method = nil
}
local salt = "0123456789abcdef"
local aes_128_cbc, err = aes:new(key, salt, aes.cipher(128,"cbc"), hash)
return aes_128_cbc:decrypt(data)
end

--获取mac并验证
if next(GET) ~=nil and string.len(GET["mac"]) == 12 then
    mac = GET["mac"]
else
    ngx.say("Mac illegal")
    return
end
local key = unlock_mac(mac,"(&*87-=KLJHuywe~s.,m-=")

--验证data数据
if next(POST) ~= nil then
    data = POST["data"]
else
    ngx.say("data is nil")
    return
end

-- ngx.say(key)
-- ngx.say(data)
local json = require("cjson")
local unaes_val,err = unaes(key,ngx.decode_base64(data))
--ngx.say(unaes_val)
if  unaes_val == nil then
   local json = require("cjson")
   json.encode_empty_table_as_object(false)
   errdata = {data = {list ={}},code = 10000}
   ngx.say (json.encode(errdata))
   return
else
    local dataObj = json.decode(unaes_val)
    local redis = require "resty.redis_iresty"
    local red = redis:new()
    redis:auth("password")
    uidmac = "uuid_"..mac
    uuid = dataObj.uuid
    local ok= redis:hget(uidmac,uuid)
    if not ok then
        ngx.say("failed to get uidmac: ", err)
        ngx.log(ngx.ERR,"getuidmac:",err)
        return
    else

        Strmd5 = ngx.md5(dataObj.data)
	if "lbs" ~= dataObj.type then
		return
	end
        --ngx.say(dataObj.data)
        if Strmd5 == dataObj.md5 then
            local ok, err = redis:lpush('lbs_data_queue',unaes_val)
            if not ok then
               ngx.say("failed to push lbs_data_queue: ", err)
               ngx.log(ngx.ERR,"lbs_data_queue:",err)
               return
           end
           ngx.say("ok")
       else
        ngx.say("md5 check err")
        ngx.log(ngx.ERR,"checkmd5","lbs_data_queue")
    end

end
end

　　

 

转载于:https://www.cnblogs.com/liuquan/p/10417231.html