新增

tangxvhui
go.mod
services/oss/config.go
services/oss/policy.go
services/oss/sts.go
--- a/go.mod
查看文件 @cb57ef8
+++ b/go.mod
查看文件 @cb57ef8
@@ -4,8 +4,10 @@ go 1.12
 
 require (
 	github.com/aliyun/alibaba-cloud-sdk-go v1.60.348
+ 	github.com/aliyun/aliyun-sts-go-sdk v0.0.0-20171106034748-98d3903a2309
 	github.com/astaxie/beego v1.10.0
 	github.com/klauspost/cpuid v1.2.3 // indirect
+ 	github.com/satori/go.uuid v1.2.0
 	gitlab.fjmaimaimai.com/mmm-go/gocomm v0.0.1
 )
 
--- a/services/oss/config.go
查看文件 @cb57ef8
+++ b/services/oss/config.go
查看文件 @cb57ef8
 package oss
+ 
+ type OssConfig struct {
+ 	accessID    string
+ 	accessKey   string
+ 	roleAcs     string
+ 	endPoint    string
+ 	bucketName  string
+ 	callbackUrl string
+ 	sessionName string
+ }
+ 
+ func NewOssConfig() *OssConfig {
+ 	return &OssConfig{
+ 		accessID:    "",
+ 		accessKey:   "",
+ 		roleAcs:     "",
+ 		bucketName:  "",
+ 		callbackUrl: "",
+ 		endPoint:    "",
+ 		sessionName: "",
+ 	}
+ }
+ 
+ func (config *OssConfig) SetBucketName(name string) {
+ 	config.bucketName = name
+ }
+ 
+ func (config *OssConfig) SetCallbackUrl(url string) {
+ 	config.callbackUrl = url
+ }
+ 
+ func (config *OssConfig) SetSessionName(name string) {
+ 	config.sessionName = name
+ }
--- a/services/oss/policy.go
查看文件 @cb57ef8
+++ b/services/oss/policy.go
查看文件 @cb57ef8
 package oss
+ 
+ type PolicyToken struct {
+ 	AccessKeyId string `json:"accessid"`
+ 	Host        string `json:"host"`
+ 	Expire      int64  `json:"expire"`
+ 	Signature   string `json:"signature"`
+ 	Policy      string `json:"policy"`
+ 	Directory   string `json:"dir"`
+ 	Callback    string `json:"callback"`
+ }
+ 
+ type CallbackParam struct {
+ 	CallbackUrl      string `json:"callbackUrl"`
+ 	CallbackBody     string `json:"callbackBody"`
+ 	CallbackBodyType string `json:"callbackBodyType"`
+ }
+ 
+ // func get_policy_token() string {
+ //     now := time.Now().Unix()
+ //     expire_end := now + expire_time
+ //     var tokenExpire = get_gmt_iso8601(expire_end)
+ 
+ //     //create post policy json
+ //     var config ConfigStruct
+ //     config.Expiration = tokenExpire
+ //     var condition []string
+ //     condition = append(condition, "starts-with")
+ //     condition = append(condition, "$key")
+ //     condition = append(condition, upload_dir)
+ //     config.Conditions = append(config.Conditions, condition)
+ 
+ //     //calucate signature
+ //     result,err:=json.Marshal(config)
+ //     debyte := base64.StdEncoding.EncodeToString(result)
+ //     h := hmac.New(func() hash.Hash { return sha1.New() }, []byte(accessKeySecret))
+ //     io.WriteString(h, debyte)
+ //     signedStr := base64.StdEncoding.EncodeToString(h.Sum(nil))
+ 
+ //     var callbackParam CallbackParam
+ //     callbackParam.CallbackUrl = callbackUrl
+ //     callbackParam.CallbackBody = "filename=${object}&size=${size}&mimeType=${mimeType}&height=${imageInfo.height}&width=${imageInfo.width}"
+ //     callbackParam.CallbackBodyType = "application/x-www-form-urlencoded"
+ //     callback_str,err:=json.Marshal(callbackParam)
+ //     if err != nil {
+ //         fmt.Println("callback json err:", err)
+ //     }
+ //     callbackBase64 := base64.StdEncoding.EncodeToString(callback_str)
+ 
+ //     var policyToken PolicyToken
+ //     policyToken.AccessKeyId = accessKeyId
+ //     policyToken.Host = host
+ //     policyToken.Expire = expire_end
+ //     policyToken.Signature = string(signedStr)
+ //     policyToken.Directory = upload_dir
+ //     policyToken.Policy = string(debyte)
+ //     policyToken.Callback = string(callbackBase64)
+ //     response,err:=json.Marshal(policyToken)
+ //     if err != nil {
+ //         fmt.Println("json err:", err)
+ //     }
+ //     return string(response)
+ // }
--- a/services/oss/sts.go
查看文件 @cb57ef8
+++ b/services/oss/sts.go
查看文件 @cb57ef8
 package oss
 
 import (
- 	"crypto/hmac"
- 	"crypto/sha1"
- 	"crypto/tls"
- 	"encoding/base64"
- 	"io/ioutil"
- 	"net/http"
- 	"net/url"
- 	"time"
+ 	"github.com/aliyun/aliyun-sts-go-sdk/sts"
 )
 
- type AliyunStsClient struct {
- 	ChildAccountKeyId  string
- 	ChildAccountSecret string
- 	RoleAcs            string
+ type StsCredentials struct {
+ 	AccessKeyId     string `json:"access_key_id"`
+ 	AccessKeySecret string `json:"access_key_secret"`
+ 	Expiration      int64  `json:"expiration"`
+ 	SecurityToken   string `json:"security_token"`
 }
 
- func NewStsClient(key, secret, roleAcs string) *AliyunStsClient {
- 	return &AliyunStsClient{
- 		ChildAccountKeyId:  key,
- 		ChildAccountSecret: secret,
- 		RoleAcs:            roleAcs,
- 	}
+ type AssumedRoleUser struct {
+ 	AssumedRoleId string `json:"assumed_role_id"`
+ 	Arn           string `json:"arn"`
 }
 
- func (cli *AliyunStsClient) GenerateSignatureUrl(sessionName, durationSeconds string) (string, error) {
- 	assumeUrl := "SignatureVersion=1.0"
- 	assumeUrl += "&Format=JSON"
- 	assumeUrl += "&Timestamp=" + url.QueryEscape(time.Now().UTC().Format("2006-01-02T15:04:05Z"))
- 	assumeUrl += "&RoleArn=" + url.QueryEscape(cli.RoleAcs)
- 	assumeUrl += "&RoleSessionName=" + sessionName
- 	assumeUrl += "&AccessKeyId=" + cli.ChildAccountKeyId
- 	assumeUrl += "&SignatureMethod=HMAC-SHA1"
- 	assumeUrl += "&Version=2015-04-01"
- 	assumeUrl += "&Action=AssumeRole"
- 	assumeUrl += "&SignatureNonce=" + "TODO"
- 	assumeUrl += "&DurationSeconds=" + durationSeconds
- 
- 	// 解析成V type
- 	signToString, err := url.ParseQuery(assumeUrl)
- 	if err != nil {
- 		return "", err
- 	}
- 
- 	// URL顺序化
- 	result := signToString.Encode()
- 
- 	// 拼接
- 	StringToSign := "GET" + "&" + "%2F" + "&" + url.QueryEscape(result)
- 
- 	// HMAC
- 	hashSign := hmac.New(sha1.New, []byte(cli.ChildAccountSecret+"&"))
- 	hashSign.Write([]byte(StringToSign))
- 
- 	// 生成signature
- 	signature := base64.StdEncoding.EncodeToString(hashSign.Sum(nil))
- 
- 	// Url 添加signature
- 	assumeUrl = "https://sts.aliyuncs.com/?" + assumeUrl + "&Signature=" + url.QueryEscape(signature)
- 
- 	return assumeUrl, nil
+ type StsData struct {
+ 	RequestId       string          `json:"request_id,omitempty"`
+ 	AssumedRoleUser AssumedRoleUser `json:"assumed_role_user,omitempty"`
+ 	Credentials     StsCredentials  `json:"credentials,omitempty"`
 }
 
- // 请求构造好的URL,获得授权信息
- // 安全认证 HTTPS
- func (cli *AliyunStsClient) GetStsResponse(url string) ([]byte, error) {
- 	tr := &http.Transport{
- 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- 	}
- 	client := &http.Client{Transport: tr}
- 
- 	resp, err := client.Get(url)
+ func GetStsCredentials() (*StsData, error) {
+ 	ossconfig := NewOssConfig()
+ 	stsClient := sts.NewClient(ossconfig.accessID, ossconfig.accessKey, ossconfig.roleAcs, ossconfig.sessionName)
+ 	resp, err := stsClient.AssumeRole(3600)
 	if err != nil {
 		return nil, err
 	}
- 	defer resp.Body.Close()
- 
- 	body, err := ioutil.ReadAll(resp.Body)
- 
- 	return body, err
+ 	c := StsCredentials{
+ 		AccessKeyId:     resp.Credentials.AccessKeyId,
+ 		AccessKeySecret: resp.Credentials.AccessKeySecret,
+ 		Expiration:      resp.Credentials.Expiration.Unix(),
+ 		SecurityToken:   resp.Credentials.SecurityToken,
+ 	}
+ 	ar := AssumedRoleUser{
+ 		AssumedRoleId: resp.AssumedRoleUser.AssumedRoleId,
+ 		Arn:           resp.AssumedRoleUser.Arn,
+ 	}
+ 	return &StsData{
+ 		RequestId:       resp.RequestId,
+ 		Credentials:     c,
+ 		AssumedRoleUser: ar,
+ 	}, nil
 }