/FansubCMS-DDL-Module

A direct download module for FansubCMS and nginx with ngx_secure_link module

GNU General Public License v3.0GPL-3.0

= Usage and Examples

Possible placeholders for the url template are {PATH}, {HASH} and {TIMESTAMP}
Possible placeholders for the secret are {REMOTE_ADDR}, {PATH} and {TIMESTAMP}

{HASH} is the hash generated of the secure link module
{PATH} is the requested URI
{TIMESTAMP} is the timestamp until the link is valid
{REMOTE_ADDR} is the ip of the user for whom the link was generated

ddl.servers.x.urlTemplate The template for generating the url
ddl.servers.x.secret The template to generate the hash from (see: secure_link_md5)
ddl.servers.x.timeout Is the time the link is valid in seconds. 1800 seconds is a half hour.
ddl.servers.x.label Is a label for the server to be shown in the listing

Example:

ddl.servers.example.urlTemplate = "http://example.com[PATH}?st={HASH}&t={TIMESTAMP}"
ddl.servers.example.secret = "secdo{PATH}{TIMESTAMP}{REMOTE_ADDR}"
ddl.servers.example.timeout = 1800
ddl.servers.example.label = "Example server"

Now the filelist is an ini file in the module's data directory named x.ini where
x is the server's identifier and containes a section [files] and the content should
look like this:

ddl.files.x.group1[] = "/some/file.avi"
ddl.files.x.group2[] = "/other/file.avi"
ddl.files.x.group1[] = "/some/file.mkv"

Example:

ddl.files.example.avi[] = "/some/file.avi"
ddl.files.example.avi[] = "/other/file.avi"
ddl.files.example.mkv[] = "/some/file.mkv"

You may add group labels in the [settings] section of the module.ini like this:

ddl.groups.group1.label = "1st Group"
ddl.groups.group2.label = "2nd Group"

Example:

ddl.groups.avi.label = "AVI Releases"
ddl.groups.mkv.label = "MKV Releases"

= Configuration of nginx

server {

    listen   80; ## listen for ipv4;

    server_name  files.example.com;
    access_log  /var/log/nginx/files.example.com-access.log;

    location / {
       root /my/path/to/the/files;
       ## This must match the URI part related to the MD5 hash and expiration time.
       secure_link $arg_st,$arg_e; # this must match the URI part related

        ## This is how the MD5 hash is built from a secret token, an URI and an
        ## expiration time.
        secure_link_md5 segredo$uri$arg_e$remote_addr; # 'segredo' is the secret token
                                                       # '$remote_addr' binds the link
                                                       # to one user only


        ## If the hash is incorrect then $secure_link is a null string.
        if ($secure_link = "") {
            return 403; # 403 means Forbidden
        }

        ## The current local time is greater than the specified expiration time.
        if ($secure_link = "0") {
            return 403; # 403 means Forbidden
        }

        ## If everything is ok $secure_link is 1.
        ## This needs to be here otherwise you'll get a 404.
        rewrite ^/(.*)$ /$1 break;
     }
}