<?php
/**
 * This service file is part of item.
 *
 * @author   ctexthuang
 * @contact  ctexthuang@qq.com
 */

declare(strict_types=1);

namespace App\Service\Admin\Third;

use App\Exception\ErrException;
use App\Service\Admin\BaseService;
use App\Service\ServiceTrait\Common\AliStsTrait;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;
use function Hyperf\Config\config;

class AliStsService extends BaseService
{
    use AliStsTrait;

    /**
     * 过期时间
     * @var int
     */
    private int $seconds = 3600;

    /**
     * bucket
     * @var string
     */
    private string $bucket;

    /**
     * 角色
     * @var string
     */
    private string $roleArn;

    public function __construct()
    {
        parent::__construct();
        $this->bucket = config('ali.bucket');
        $this->roleArn = config('ali.role_arn'); //acs:ram::1987853712163999:role/video-access
    }

    /**
     * @return array
     * @throws ContainerExceptionInterface
     * @throws NotFoundExceptionInterface
     */
    public function handle(): array
    {
        $payload = [
            'durationSeconds' => $this->seconds,
            'roleArn' => $this->roleArn,
            'roleSessionName' => 'adminUpload',
            'policy' => [
                'Version' => '1',
                'Statement' => [
                    [
                        'Effect' => 'Allow',
                        'Action' => [
                            'oss:*'
                        ],
                        'Resource' => [
                            sprintf('acs:oss:*:*:%s', $this->bucket),
                            sprintf('acs:oss:*:*:%s/*', $this->bucket),
                        ]
                    ],
                    [
                        'Effect' => 'Deny',
                        'Action' => [
                            'oss:DeleteBucket'
                        ],
                        'Resource' => [
                            sprintf('acs:oss:*:*:%s', $this->bucket),
                        ]
                    ],
                    [
                        'Effect' => 'Allow',
                        'Action' => [
                            'oss:DeleteObject'
                        ],
                        'Resource' => [
                            sprintf('acs:oss:*:*:%s/*', $this->bucket),
                        ]
                    ],

                ],
            ]
        ];

        $res = $this->getAliStsControls($payload);
        $this->log->info(__CLASS__.':'.__FUNCTION__.':授权oss信息:'.json_encode($res));

        if (empty($res) || empty($res->body->credentials)) throw new ErrException('授权失败');
        $aliResponse = $res->body->credentials;

        return $this->return->success('success',[
            'access_key_id' => $aliResponse->accessKeyId,
            'access_key_secret' => $aliResponse->accessKeySecret,
            'expiration' => date('Y-m-d H:i:s',strtotime($aliResponse->expiration)),//UTC时间转为北京时间
            'security_token' => $aliResponse->securityToken,
            'callback_url' => config('ali.callback_url'),
            'bucket' => $this->bucket,
            'region' => config('ali.region'),
        ]);
    }
}