nginx+php 对静态文件进行鉴权

假设静态文件路径为 127.0.0.1/ueditor/upload/image/202007/1596088338482109.png

建立ueditor的软链接

ln -s ueditor ln_ueditor

nginx配置

server{

        #...
        
        # 设置ln_ueditor 目录只能内部访问
        location ^~ /ln_ueditor {
                internal;
        }
 
        # 对 /ueditor下的文件进行拦截,如果文件存在,跳转到php脚本进行鉴权 fileAuth.php 与 入口文件同级
        location ~* ^\/(ueditor)\/.*\..+ {
                if ( -f $request_filename ) {
                        rewrite ^/.*$ /fileAuth.php;
                }
        }
    
}    

fileAuth.php

<?php

class fileAuth
{

    public function __construct()
    {
        // 禁止直接访问fileAuth.php
        if (substr($_SERVER['REQUEST_URI'], 0, 13) == '/fileAuth.php') {
            header("Status: 404 Not Found");
            die();
        }
    }

    public function auth()
    {
        // 开启session
        if (session_status() !== PHP_SESSION_ACTIVE) {
            session_start();
        }

        // 未登录用户重定向登录
        if (empty($_SESSION['userinfo']['id'])) {
            echo "Please log in and visit, you will be redirected to the login page in 3 seconds";
　　　　　　　header("Refresh:3;url=/login");
            die();
        }
　　　　　// 访问文件
        $this->_accessFile();
    }

    private function _accessFile()
    {
        $relative_path = ltrim($_SERVER['REQUEST_URI'], '/');
        $index         = strpos($relative_path, '?');
        if ($index !== false) {
            $relative_path = substr($relative_path, 0, $index);
        }

        // 获取文件类型
        $mimetype = mime_content_type($relative_path);
        $new_url  = str_replace('/ueditor', '/ln_ueditor', $_SERVER['REQUEST_URI']);
        // 设置文件类型
        header("Content-Type: {$mimetype}");
        // 内部重定向到ln_ueditor
        header("X-Accel-Redirect: {$new_url}");
    }

}

$obj = new fileAuth();
$obj->auth();