110 lines
3.0 KiB
PHP
110 lines
3.0 KiB
PHP
<?php
|
|
/**
|
|
* This service file is part of item.
|
|
*
|
|
* @author ctexthuang
|
|
* @contact ctexthuang@qq.com
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Service\Admin\Third;
|
|
|
|
use App\Exception\AdminException;
|
|
use App\Service\Admin\BaseService;
|
|
use App\Service\ServiceTrait\Common\AliStsTrait;
|
|
use Psr\Container\ContainerExceptionInterface;
|
|
use Psr\Container\NotFoundExceptionInterface;
|
|
use function Hyperf\Config\config;
|
|
|
|
class AliStsService extends BaseService
|
|
{
|
|
use AliStsTrait;
|
|
|
|
/**
|
|
* 过期时间
|
|
* @var int
|
|
*/
|
|
private int $seconds = 3600;
|
|
|
|
/**
|
|
* bucket
|
|
* @var string
|
|
*/
|
|
private string $bucket;
|
|
|
|
/**
|
|
* 角色
|
|
* @var string
|
|
*/
|
|
private string $roleArn;
|
|
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
$this->bucket = config('ali.bucket');
|
|
$this->roleArn = config('ali.role_arn'); //acs:ram::1987853712163999:role/video-access
|
|
}
|
|
|
|
/**
|
|
* @return array
|
|
* @throws ContainerExceptionInterface
|
|
* @throws NotFoundExceptionInterface
|
|
*/
|
|
public function handle(): array
|
|
{
|
|
$payload = [
|
|
'durationSeconds' => $this->seconds,
|
|
'roleArn' => $this->roleArn,
|
|
'roleSessionName' => 'adminUpload',
|
|
'policy' => [
|
|
'Version' => '1',
|
|
'Statement' => [
|
|
[
|
|
'Effect' => 'Allow',
|
|
'Action' => [
|
|
'oss:*'
|
|
],
|
|
'Resource' => [
|
|
sprintf('acs:oss:*:*:%s', $this->bucket),
|
|
sprintf('acs:oss:*:*:%s/*', $this->bucket),
|
|
]
|
|
],
|
|
[
|
|
'Effect' => 'Deny',
|
|
'Action' => [
|
|
'oss:DeleteBucket'
|
|
],
|
|
'Resource' => [
|
|
sprintf('acs:oss:*:*:%s', $this->bucket),
|
|
]
|
|
],
|
|
[
|
|
'Effect' => 'Allow',
|
|
'Action' => [
|
|
'oss:DeleteObject'
|
|
],
|
|
'Resource' => [
|
|
sprintf('acs:oss:*:*:%s/*', $this->bucket),
|
|
]
|
|
],
|
|
|
|
],
|
|
]
|
|
];
|
|
|
|
$res = $this->getAliStsControls($payload);
|
|
$this->log->info(__CLASS__.':'.__FUNCTION__.':授权oss信息:'.json_encode($res));
|
|
|
|
$aliResponse = $res->body->credentials;
|
|
if (empty($aliResponse)) throw new AdminException('授权失败');
|
|
|
|
return $this->return->success('success',[
|
|
'access_key_id' => $aliResponse->accessKeyId,
|
|
'access_key_secret' => $aliResponse->accessKeySecret,
|
|
'expiration' => $aliResponse->expiration,
|
|
'security_token' => $aliResponse->securityToken,
|
|
'callback_url' => config('ali.callback_url')
|
|
]);
|
|
}
|
|
} |