OpenResty:匿名查询参数

OpenResty: Anonymise query parameter

我正在尝试匿名化电子邮件地址(用 UUID 替换它)以避免将它们作为明文保存在我的 nginx 访问日志中。现在,我只能通过覆盖 OpenResty's nginx.conf 将其替换为 ***** :

http {
    include       mime.types;
    default_type  application/octet-stream;


    log_format  main  '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

     ....

    map $request $anonymized_request {
        default $request;
        ~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "?emailAddress=*****"; # $email_address;
    }

    include /etc/nginx/conf.d/*.conf;
}

当前结果:

# curl http://localhost:8080/?emailAddress=dat@mail.de&attr=hello

127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=*****&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"

预计:

127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"

请问,是否可以将 email_address 变量传递给将其转换为 UUID 的脚本?或者,我们如何使用 log_by_lua_block?

获得相同的日志格式

可能这不是一个完全确定的方法,但 this is the first Lua UUID generation function I found trough google (all credits goes to Jacob Rus)。我稍微修改了此函数以使其使用随机化器种子,因此它将始终为相同的电子邮件地址生成相同的 UUID。您可以将其重写为更适合您需要的任何内容,这只是想法:

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format    main  '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';

    access_log    logs/access.log  main;

    ...

    map $request $anonymized_request {
        default $request;
        ~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "?emailAddress=$uuid"; # $email_address;
    }

    ...

    server {

        ...

        set $uuid '';
        log_by_lua_block {
            local function uuid(seed)
                math.randomseed(seed)
                local template ='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
                return string.gsub(template, '[xy]', function (c)
                    local v = (c == 'x') and math.random(0, 0xf) or math.random(8, 0xb)
                    return string.format('%x', v)
                end)
            end
            local email = ngx.var.arg_emailAddress
            if email == nil then email = '' end
            -- get CRC32 of 'email' query parameter for using it as a seed for lua randomizer
            -- using https://github.com/openresty/lua-nginx-module#ngxcrc32_short
            -- this will allow to always generate the same UUID for each unique email address
            local seed = ngx.crc32_short(email)
            ngx.var.uuid = uuid(seed)
        }
    }

}