hehele/hyperf_service
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat : sts

Browse Source
This commit is contained in:
ctexthuang
2024-10-30 16:31:13 +08:00
parent 6c44cd2825
commit d572ca9539
10 changed files with 208 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
app/Service/Admin/Third/AliStsService.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
/**
* This service file is part of item.
*
* @author ctexthuang
* @contact ctexthuang@qq.com
*/
declare(strict_types=1);
namespace App\Service\Admin\Third;
use App\Service\Admin\BaseService;
use App\Service\ServiceTrait\Common\AliStsTrait;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;
use function Hyperf\Config\config;
class AliStsService extends BaseService
{
use AliStsTrait;
/**
* 过期时间
* @var int
*/
private int $seconds = 3600;
/**
* bucket
* @var string
*/
private string $bucket;
/**
* 角色
* @var string
*/
private string $roleArn;
public function __construct()
{
parent::__construct();
$this->bucket = config('ali.bucket');
$this->roleArn = config('ali.role_arn'); //acs:ram::1987853712163999:role/video-access
}
/**
* @return array
* @throws ContainerExceptionInterface
* @throws NotFoundExceptionInterface
*/
public function handle(): array
{
$payload = [
'durationSeconds' => $this->seconds,
'roleArn' => $this->roleArn,
'roleSessionName' => 'adminUpload',
'policy' => [
'Version' => '1',
'Statement' => [
[
'Effect' => 'Allow',
'Action' => [
'oss:*'
],
'Resource' => [
sprintf('acs:oss:*:*:%s', $this->bucket),
sprintf('acs:oss:*:*:%s/*', $this->bucket),
]
],
[
'Effect' => 'Deny',
'Action' => [
'oss:DeleteBucket'
],
'Resource' => [
sprintf('acs:oss:*:*:%s', $this->bucket),
]
],
[
'Effect' => 'Allow',
'Action' => [
'oss:DeleteObject'
],
'Resource' => [
sprintf('acs:oss:*:*:%s/*', $this->bucket),
]
],
],
]
];
$res = $this->getAliStsControls($payload);
$this->log->info(__CLASS__.__FUNCTION__.':'.json_encode($res));
return $this->return->success();
}
}

2
app/Service/ServiceTrait/AdminRoleMenuTrait.php → app/Service/ServiceTrait/Admin/AdminRoleMenuTrait.php
View File

@@ -8,7 +8,7 @@
declare(strict_types=1);
namespace App\Service\ServiceTrait;
namespace App\Service\ServiceTrait\Admin;
use App\Constants\Admin\AuthCode;

66
app/Service/ServiceTrait/Common/AliStsTrait.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
/**
* This service file is part of item.
*
* @author ctexthuang
* @contact ctexthuang@qq.com
*/
declare(strict_types=1);
namespace App\Service\ServiceTrait\Common;
use AlibabaCloud\SDK\Sts\V20150401\Models\AssumeRoleRequest;
use AlibabaCloud\SDK\Sts\V20150401\Sts;
use AlibabaCloud\Tea\Utils\Utils\RuntimeOptions;
use App\Lib\Log;
use Darabonba\OpenApi\Models\Config;
use Exception;
use Hyperf\Di\Annotation\Inject;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;
use function Hyperf\Config\config;
trait AliStsTrait
{
/**
* @var Log
*/
#[Inject]
protected Log $log;
/**
* 创建客户端
* @return Sts
*/
protected function createClient(): Sts
{
$config = new Config([
"accessKeyId" => config('ali.accessKeyId'),
"accessKeySecret" => config('ali.accessKeySecret')
]);
$config->endpoint = config('ali.sts_endpoint');
return new Sts($config);
}
/**
* 获取 ali sts 控制器
* @param $payload
* @return Sts|void
* @throws ContainerExceptionInterface
* @throws NotFoundExceptionInterface
*/
public function getAliStsControls($payload){
$client = self::createClient();
$assumeRoleRequest = new AssumeRoleRequest($payload);
$runtime = new RuntimeOptions([]);
try {
$client->assumeRoleWithOptions($assumeRoleRequest, $runtime);
return $client;
} catch (Exception $error) {
$this->log->error(__CLASS__.__FUNCTION__.'-'.__LINE__, [$error->getMessage()]);
}
}
}