Skip to content

aamarques/lua-resty-google-signature

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
lib/resty
lib/resty
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dist.ini
dist.ini
 
 

Repository files navigation

lua-resty-google-signature

This library is based on the work of Ludovic Vielle (lukkor) at https://github.com/jobteaser/lua-resty-aws. It is basically forked from his repository and I have "translated" from AWS to GOOGLE format. This can help people find this signature process faster.

The signature, algoritms, etc is the same used for Signature V4 (SigV4), and GCS cam use it without modification, but here the aim is helping people to use the GCS syntax.

Overview

This library implements request signing using the Google Signature Version 4 specification. This signature scheme is used in GCS acesse or in GCS migrations.

GCS documentation

Usage

This library uses GCS environment variables as credentials to generate GCS Signature Version 4.

export GCS_ACCESS_KEY=GOOGEXAMPLE
export GCS_SECRET_KEY=EXAMPLE_KEY

To be accessible in your nginx configuration, these variables should be declared in nginx.conf file.

I have opt to include the host and bucket name inside the nginx.conf but I will improve this in future (or you can do this). Example:

worker_processes 1;
error_log stderr notice;
daemon off;

env GCS_ACCESS_KEY;
env GCS_SECRET_KEY;


events {
    worker_connections  1024;
}


http {
    include /usr/local/openresty/nginx/conf/mime.types;
    variables_hash_max_size 1024;
    real_ip_header X-Real-IP;
    charset utf-8;

    access_log  /dev/stdout;
    sendfile        on;
    keepalive_timeout  65;


    lua_package_path "$prefix/resty_modules/lualib/?.lua;;";
    lua_package_cpath "$prefix/resty_modules/lualib/?.so;;";

    resolver 8.8.8.8;

    server {
       listen 8080;
       set $gcs_host YOUR-BUCKET_NAME.storage.googleapis.com;
       set $gcs_bucketname YOUR-BUCKET_NAME

       location / {
            default_type  application/octet-stream;
            access_by_lua_block {
                require("resty.google-signature").gcs_set_headers(ngx.var.gcs_host, ngx.var.uri)
            }
            proxy_pass https://$gcs_host;
        }
     }

}

If you install this module into a local dir, you should put this in nginx.conf file. Openresty Local Installation

    lua_package_path "$prefix/resty_modules/lualib/?.lua;;";
    lua_package_cpath "$prefix/resty_modules/lualib/?.so;;";

resolver 8.8.8.8 is here to prevent DNS resolve problems into the Docker.

Note: It's not necessary to set either <LOCATION> or <SERVICE>. will be set automatically to autovalue as this parameter exists to maintain compatibility with Amazon S3. will be set automatically to storage` because we will be access GCP resources.

For example, a typical credential scope looks like:

20211025/auto/storage/goog4_request

Contributing

Check CONTRIBUTING.md for more information.

License

Copyright 2021 Antonio Marques (aamarques)

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

AWS signature V4 library for OpenResty + Lua

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Lua 100.0%