Skip to content

Commit e9fd341

Browse files
carsonxucarsonxu
committed
update demo
1 parent 3d2ad98 commit e9fd341

File tree

6 files changed

+256
-44
lines changed

6 files changed

+256
-44
lines changed

csp/csp.html

+1-1
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ <h1>cos-js-sdk-v5</h1>
5151
ForcePathStyle: true, // 后缀式
5252
// Domain: 'http://{Bucket}.cos.{Region}.example.com', // 前缀式
5353
getAuthorization: function (options, callback) {
54-
var url = '../server/sts.php';
54+
var url = './sts.php';
5555
var xhr = new XMLHttpRequest();
5656
xhr.open('GET', url, true);
5757
xhr.onload = function (e) {

csp/sts.php

+168
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,168 @@
1+
<?php
2+
// 临时密钥计算样例
3+
4+
// 配置参数
5+
$config = array(
6+
'Url' => 'http://sts.api2.example.com/v2/index.php',
7+
'Domain' => 'sts.api2.example.com',
8+
'Proxy' => '',
9+
'SecretId' => 'AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', // 固定密钥
10+
'SecretKey' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', // 固定密钥
11+
'Bucket' => 'test-1250000000',
12+
'Region' => 'default',
13+
'AllowPrefix' => '_ALLOW_DIR_/*', // 必填,这里改成允许的路径前缀,这里可以根据自己网站的用户登录态判断允许上传的目录,例子:* 或者 a/* 或者 a.jpg
14+
);
15+
16+
// obj 转 query string
17+
function json2str($obj) {
18+
ksort($obj);
19+
$arr = array();
20+
foreach ($obj as $key => $val) {
21+
array_push($arr, $key . '=' . $val);
22+
}
23+
return join('&', $arr);
24+
}
25+
26+
// 计算临时密钥用的签名
27+
function getSignature($opt, $key, $method) {
28+
global $config;
29+
$formatString = $method . $config['Domain'] . '/v2/index.php?' . json2str($opt);
30+
$formatString = urldecode($formatString);
31+
$sign = hash_hmac('sha1', $formatString, $key);
32+
$sign = base64_encode(hex2bin($sign));
33+
return $sign;
34+
}
35+
36+
// 计算临时密钥用的签名
37+
function resourceUrlEncode($str) {
38+
$str = rawurlencode($str);
39+
//特殊处理字符 !()~
40+
$str = str_replace('%2F', '/', $str);
41+
$str = str_replace('%2A', '*', $str);
42+
$str = str_replace('%21', '!', $str);
43+
$str = str_replace('%28', '(', $str);
44+
$str = str_replace('%29', ')', $str);
45+
$str = str_replace('%7E', '~', $str);
46+
return $str;
47+
}
48+
49+
// 获取临时密钥
50+
function getTempKeys() {
51+
52+
global $config;
53+
54+
// 判断是否修改了 AllowPrefix
55+
if ($config['AllowPrefix'] === '_ALLOW_DIR_/*') {
56+
return array('error'=> '请修改 AllowPrefix 配置项,指定允许上传的路径前缀');
57+
}
58+
59+
$ShortBucketName = substr($config['Bucket'],0, strripos($config['Bucket'], '-'));
60+
$AppId = substr($config['Bucket'], 1 + strripos($config['Bucket'], '-'));
61+
$policy = array(
62+
'version'=> '2.0',
63+
'statement'=> array(
64+
array(
65+
'action'=> array(
66+
// // 这里可以从临时密钥的权限上控制前端允许的操作
67+
// 'name/cos:*', // 这样写可以包含下面所有权限
68+
69+
// // 列出所有允许的操作
70+
// // ACL 读写
71+
// 'name/cos:GetBucketACL',
72+
// 'name/cos:PutBucketACL',
73+
// 'name/cos:GetObjectACL',
74+
// 'name/cos:PutObjectACL',
75+
// // 简单 Bucket 操作
76+
// 'name/cos:PutBucket',
77+
// 'name/cos:HeadBucket',
78+
// 'name/cos:GetBucket',
79+
// 'name/cos:DeleteBucket',
80+
// 'name/cos:GetBucketLocation',
81+
// // Versioning
82+
// 'name/cos:PutBucketVersioning',
83+
// 'name/cos:GetBucketVersioning',
84+
// // CORS
85+
// 'name/cos:PutBucketCORS',
86+
// 'name/cos:GetBucketCORS',
87+
// 'name/cos:DeleteBucketCORS',
88+
// // Lifecycle
89+
// 'name/cos:PutBucketLifecycle',
90+
// 'name/cos:GetBucketLifecycle',
91+
// 'name/cos:DeleteBucketLifecycle',
92+
// // Replication
93+
// 'name/cos:PutBucketReplication',
94+
// 'name/cos:GetBucketReplication',
95+
// 'name/cos:DeleteBucketReplication',
96+
// // 删除文件
97+
// 'name/cos:DeleteMultipleObject',
98+
// 'name/cos:DeleteObject',
99+
// 简单文件操作
100+
'name/cos:PutObject',
101+
'name/cos:PostObject',
102+
'name/cos:AppendObject',
103+
'name/cos:GetObject',
104+
'name/cos:HeadObject',
105+
'name/cos:OptionsObject',
106+
'name/cos:PutObjectCopy',
107+
'name/cos:PostObjectRestore',
108+
// 分片上传操作
109+
'name/cos:InitiateMultipartUpload',
110+
'name/cos:ListMultipartUploads',
111+
'name/cos:ListParts',
112+
'name/cos:UploadPart',
113+
'name/cos:CompleteMultipartUpload',
114+
'name/cos:AbortMultipartUpload',
115+
),
116+
'effect'=> 'allow',
117+
'principal'=> array('qcs'=> array('*')),
118+
'resource'=> array(
119+
'qcs::cos:' . $config['Region'] . ':uid/' . $AppId . ':prefix//' . $AppId . '/' . $ShortBucketName . '/',
120+
'qcs::cos:' . $config['Region'] . ':uid/' . $AppId . ':prefix//' . $AppId . '/' . $ShortBucketName . '/' . resourceUrlEncode($config['AllowPrefix'])
121+
)
122+
)
123+
)
124+
);
125+
126+
$policyStr = str_replace('\\/', '/', json_encode($policy));
127+
$Action = 'GetFederationToken';
128+
$Nonce = rand(10000, 20000);
129+
$Timestamp = time() - 1;
130+
$Method = 'GET';
131+
132+
$params = array(
133+
'Action'=> $Action,
134+
'Nonce'=> $Nonce,
135+
'Region'=> '',
136+
'SecretId'=> $config['SecretId'],
137+
'Timestamp'=> $Timestamp,
138+
'durationSeconds'=> 7200,
139+
'name'=> 'cos',
140+
'policy'=> urlencode($policyStr)
141+
);
142+
$params['Signature'] = urlencode(getSignature($params, $config['SecretKey'], $Method));
143+
144+
$url = $config['Url'] . '?' . json2str($params);
145+
$ch = curl_init($url);
146+
$config['Proxy'] && curl_setopt($ch, CURLOPT_PROXY, $config['Proxy']);
147+
curl_setopt($ch, CURLOPT_HEADER, 0);
148+
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
149+
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
150+
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
151+
$result = curl_exec($ch);
152+
if(curl_errno($ch)) $result = curl_error($ch);
153+
curl_close($ch);
154+
155+
$result = json_decode($result, 1);
156+
if (isset($result['data'])) $result = $result['data'];
157+
158+
return $result;
159+
};
160+
161+
// 获取临时密钥,计算签名
162+
$tempKeys = getTempKeys();
163+
164+
// 返回数据给前端
165+
header('Content-Type: application/json');
166+
header('Access-Control-Allow-Origin: http://127.0.0.1'); // 这里修改允许跨域访问的网站
167+
header('Access-Control-Allow-Headers: origin,accept,content-type');
168+
echo json_encode($tempKeys);

server/sts-auth.js

+16-4
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,24 @@ var util = {
4040
// 计算签名
4141
getSignature: function (opt, key, method) {
4242
var formatString = method + config.Domain + '/v2/index.php?' + util.json2str(opt);
43+
formatString = decodeURIComponent(formatString);
4344
var hmac = crypto.createHmac('sha1', key);
4445
var sign = hmac.update(new Buffer(formatString, 'utf8')).digest('base64');
4546
return sign;
4647
},
4748
};
4849

50+
// 计算临时密钥用的签名
51+
function resourceUrlEncode(str) {
52+
str = encodeURIComponent(str);
53+
//特殊处理字符 !()~
54+
str = str.replace(/%2F/g, '/');
55+
str = str.replace(/%2A/g, '*');
56+
str = str.replace(/%28/g, '(');
57+
str = str.replace(/%29/g, ')');
58+
return str;
59+
}
60+
4961
// 拼接获取临时密钥的参数
5062
var getTempKeys = function (callback) {
5163

@@ -62,7 +74,7 @@ var getTempKeys = function (callback) {
6274
'version': '2.0',
6375
'statement': [{
6476
'action': [
65-
// 这里可以从临时密钥的权限上控制前端允许的操作
77+
// // 这里可以从临时密钥的权限上控制前端允许的操作
6678
// 'name/cos:*', // 这样写可以包含下面所有权限
6779

6880
// // 列出所有允许的操作
@@ -116,7 +128,7 @@ var getTempKeys = function (callback) {
116128
'principal': {'qcs': ['*']},
117129
'resource': [
118130
'qcs::cos:' + config.Region + ':uid/' + AppId + ':prefix//' + AppId + '/' + ShortBucketName + '/',
119-
'qcs::cos:' + config.Region + ':uid/' + AppId + ':prefix//' + AppId + '/' + ShortBucketName + '/' + config.AllowPrefix
131+
'qcs::cos:' + config.Region + ':uid/' + AppId + ':prefix//' + AppId + '/' + ShortBucketName + '/' + resourceUrlEncode(config.AllowPrefix)
120132
]
121133
}]
122134
};
@@ -141,8 +153,8 @@ var getTempKeys = function (callback) {
141153
SecretId: config.SecretId,
142154
Timestamp: Timestamp,
143155
durationSeconds: 7200,
144-
name: '',
145-
policy: policyStr,
156+
name: 'cos',
157+
policy: encodeURIComponent(policyStr),
146158
};
147159
params.Signature = encodeURIComponent(util.getSignature(params, config.SecretKey, Method));
148160

server/sts-auth.php

+20-14
Original file line numberDiff line numberDiff line change
@@ -36,11 +36,25 @@ function json2str($obj) {
3636
function getSignature($opt, $key, $method) {
3737
global $config;
3838
$formatString = $method . $config['Domain'] . '/v2/index.php?' . json2str($opt);
39+
$formatString = urldecode($formatString);
3940
$sign = hash_hmac('sha1', $formatString, $key);
4041
$sign = base64_encode(hex2bin($sign));
4142
return $sign;
4243
}
4344

45+
// 计算临时密钥用的签名
46+
function resourceUrlEncode($str) {
47+
$str = rawurlencode($str);
48+
//特殊处理字符 !()~
49+
$str = str_replace('%2F', '/', $str);
50+
$str = str_replace('%2A', '*', $str);
51+
$str = str_replace('%21', '!', $str);
52+
$str = str_replace('%28', '(', $str);
53+
$str = str_replace('%29', ')', $str);
54+
$str = str_replace('%7E', '~', $str);
55+
return $str;
56+
}
57+
4458
// 获取临时密钥
4559
function getTempKeys() {
4660

@@ -59,7 +73,7 @@ function getTempKeys() {
5973
array(
6074
'action'=> array(
6175
// // 这里可以从临时密钥的权限上控制前端允许的操作
62-
// 'name/cos:*', // 这样写可以包含下面所有权限
76+
// 'name/cos:*', // 这样写可以包含下面所有权限
6377

6478
// // 列出所有允许的操作
6579
// // ACL 读写
@@ -112,20 +126,13 @@ function getTempKeys() {
112126
'principal'=> array('qcs'=> array('*')),
113127
'resource'=> array(
114128
'qcs::cos:' . $config['Region'] . ':uid/' . $AppId . ':prefix//' . $AppId . '/' . $ShortBucketName . '/',
115-
'qcs::cos:' . $config['Region'] . ':uid/' . $AppId . ':prefix//' . $AppId . '/' . $ShortBucketName . '/' . $config['AllowPrefix']
129+
'qcs::cos:' . $config['Region'] . ':uid/' . $AppId . ':prefix//' . $AppId . '/' . $ShortBucketName . '/' . resourceUrlEncode($config['AllowPrefix'])
116130
)
117131
)
118132
)
119133
);
120134

121135
$policyStr = str_replace('\\/', '/', json_encode($policy));
122-
123-
// 有效时间小于 30 秒就重新获取临时密钥,否则使用缓存的临时密钥
124-
if (isset($_SESSION['tempKeysCache']) && isset($_SESSION['tempKeysCache']['expiredTime']) && isset($_SESSION['tempKeysCache']['policyStr']) &&
125-
$_SESSION['tempKeysCache']['expiredTime'] - time() > 30 && $_SESSION['tempKeysCache']['policyStr'] === $policyStr) {
126-
return $_SESSION['tempKeysCache'];
127-
}
128-
129136
$Action = 'GetFederationToken';
130137
$Nonce = rand(10000, 20000);
131138
$Timestamp = time() - 1;
@@ -138,8 +145,8 @@ function getTempKeys() {
138145
'SecretId'=> $config['SecretId'],
139146
'Timestamp'=> $Timestamp,
140147
'durationSeconds'=> 7200,
141-
'name'=> '',
142-
'policy'=> $policyStr
148+
'name'=> 'cos',
149+
'policy'=> urlencode($policyStr)
143150
);
144151
$params['Signature'] = urlencode(getSignature($params, $config['SecretKey'], $Method));
145152

@@ -148,18 +155,17 @@ function getTempKeys() {
148155
$config['Proxy'] && curl_setopt($ch, CURLOPT_PROXY, $config['Proxy']);
149156
curl_setopt($ch, CURLOPT_HEADER, 0);
150157
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
158+
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
151159
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
152160
$result = curl_exec($ch);
153161
if(curl_errno($ch)) $result = curl_error($ch);
154162
curl_close($ch);
155163

156164
$result = json_decode($result, 1);
157165
if (isset($result['data'])) $result = $result['data'];
158-
$_SESSION['tempKeysCache'] = $result;
159-
$_SESSION['tempKeysCache']['policyStr'] = $policyStr;
160166

161167
return $result;
162-
};
168+
}
163169

164170
// 计算 COS API 请求用的签名
165171
function getAuthorization($keys, $method, $pathname)

0 commit comments

Comments
 (0)