0

我正在尝试匿名化电子邮件地址(将其替换为 UUID)以避免将它们作为明文保存在我的 nginx 访问日志中。目前,我只能*****通过覆盖 OpenResty 的 nginx.conf来替换它:

http {
    include       mime.types;
    default_type  application/octet-stream;


    log_format  main  '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

     ....

    map $request $anonymized_request {
        default $request;
        ~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "$1?$2emailAddress=*****$4$5$6"; # $email_address;
    }

    include /etc/nginx/conf.d/*.conf;
}

当前结果:

# curl http://localhost:8080/?emailAddress=dat@mail.de&attr=hello

127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=*****&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"

预期的:

127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"

请问,是否可以将email_address变量传递给将其转换为 UUID 的脚本?或者,我们如何使用 a 来获得相同的日志格式log_by_lua_block

4

1 回答 1

1

可能这不是一个完全确定的方法,但这我通过 google 找到的第一个 Lua UUID 生成函数(所有学分都归于 Jacob Rus)。我稍微修改了这个函数,使它使用随机种子,所以它总是会为同一个电子邮件地址生成相同的 UUID。您可以将其重写为更适合您需要的任何内容,这只是想法:

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format    main  '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';

    access_log    logs/access.log  main;

    ...

    map $request $anonymized_request {
        default $request;
        ~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "$1?$2emailAddress=$uuid$4$5$6"; # $email_address;
    }

    ...

    server {

        ...

        set $uuid '';
        log_by_lua_block {
            local function uuid(seed)
                math.randomseed(seed)
                local template ='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
                return string.gsub(template, '[xy]', function (c)
                    local v = (c == 'x') and math.random(0, 0xf) or math.random(8, 0xb)
                    return string.format('%x', v)
                end)
            end
            local email = ngx.var.arg_emailAddress
            if email == nil then email = '' end
            -- get CRC32 of 'email' query parameter for using it as a seed for lua randomizer
            -- using https://github.com/openresty/lua-nginx-module#ngxcrc32_short
            -- this will allow to always generate the same UUID for each unique email address
            local seed = ngx.crc32_short(email)
            ngx.var.uuid = uuid(seed)
        }
    }

}
于 2020-01-25T00:49:57.937 回答