feat : sts

2024-10-30 16:31:13 +08:00
parent 6c44cd2825
commit d572ca9539
10 changed files with 208 additions and 12 deletions
--- a/app/Service/Admin/Third/AliStsService.php
+++ b/app/Service/Admin/Third/AliStsService.php
@@ -0,0 +1,99 @@
+<?php
+/**
+ * This service file is part of item.
+ *
+ * @author   ctexthuang
+ * @contact  ctexthuang@qq.com
+ */
+
+declare(strict_types=1);
+
+namespace App\Service\Admin\Third;
+
+use App\Service\Admin\BaseService;
+use App\Service\ServiceTrait\Common\AliStsTrait;
+use Psr\Container\ContainerExceptionInterface;
+use Psr\Container\NotFoundExceptionInterface;
+use function Hyperf\Config\config;
+
+class AliStsService extends BaseService
+{
+    use AliStsTrait;
+
+    /**
+     * 过期时间
+     * @var int
+     */
+    private int $seconds = 3600;
+
+    /**
+     * bucket
+     * @var string
+     */
+    private string $bucket;
+
+    /**
+     * 角色
+     * @var string
+     */
+    private string $roleArn;
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->bucket = config('ali.bucket');
+        $this->roleArn = config('ali.role_arn'); //acs:ram::1987853712163999:role/video-access
+    }
+
+    /**
+     * @return array
+     * @throws ContainerExceptionInterface
+     * @throws NotFoundExceptionInterface
+     */
+    public function handle(): array
+    {
+        $payload = [
+            'durationSeconds' => $this->seconds,
+            'roleArn' => $this->roleArn,
+            'roleSessionName' => 'adminUpload',
+            'policy' => [
+                'Version' => '1',
+                'Statement' => [
+                    [
+                        'Effect' => 'Allow',
+                        'Action' => [
+                            'oss:*'
+                        ],
+                        'Resource' => [
+                            sprintf('acs:oss:*:*:%s', $this->bucket),
+                            sprintf('acs:oss:*:*:%s/*', $this->bucket),
+                        ]
+                    ],
+                    [
+                        'Effect' => 'Deny',
+                        'Action' => [
+                            'oss:DeleteBucket'
+                        ],
+                        'Resource' => [
+                            sprintf('acs:oss:*:*:%s', $this->bucket),
+                        ]
+                    ],
+                    [
+                        'Effect' => 'Allow',
+                        'Action' => [
+                            'oss:DeleteObject'
+                        ],
+                        'Resource' => [
+                            sprintf('acs:oss:*:*:%s/*', $this->bucket),
+                        ]
+                    ],
+
+                ],
+            ]
+        ];
+
+        $res = $this->getAliStsControls($payload);
+        $this->log->info(__CLASS__.__FUNCTION__.':'.json_encode($res));
+        return $this->return->success();
+    }
+}