Good morning programmers, I'm trying to protect a file, and for that I have a custom nginx module, on that module I can load nginx variables (ServerSide) on JavaScript/HTML files (ClientSide).
So I can create on nginx the HTML or Javascript file, a function to open a file, let me give you a small and reduced example:
On nginx:
set $teste thisisatest;
On HTML File:
<script>src = "/file_to_protect.js?d=$teste;</script>
So, I created on the HTML a small function to open the file with a nginx variable, then I set on nginx if the request uri doesn't match with that variable, the user gets 403, that works fine
I can call the $teste variable and It will pick up the serverside variable, and its fine.
My question is: How can I set random variables at server side and sync on client side?
Lets say that I set a random variable with lua
set_by_lua_block $teste { return string.format('%03d', math.random(1, 999)) }
So I'm saving a random number at the variable $teste, and now one, when we open the HTML code on the browser it will replace the $teste with a random variable, its fine it does replace, the issue here its that it can't load the file, since when I set a random variable, it will be different on serverside and clientside, let me give you another example:
On nginx:
set_by_lua_block $teste { return string.format('%03d', math.random(1, 999)) }
if ($request_uri ~* "[?&]d=([^&]*)") { set $d $1; }
if ($d != $teste) {
set $fileblock 1;
}
On HTML File:
<script>src = "/file_to_protect.js?d=$teste;</script>
The if ($d != $teste) will not be sync with src = "/file_to_protect.js?d=$teste; it would be for example: if ($d != 4365) src = "/file_to_protect.js?d=5678;, of course it does that I set on serverside to be a random variable, but there is any way to make it sync on serverside & clientside, and change on every F5? So the file is fully protected?
P.S: I tried nginx NJS module also, but it doesn't sync anyway.
Aucun commentaire:
Enregistrer un commentaire