před 5 roky · 2c6634a302
--- a/app/Http/Controllers/OssController.php
+++ b/app/Http/Controllers/OssController.php
@@ -0,0 +1,58 @@
 
				+<?php
			
 
				+
			
 
				+namespace App\Http\Controllers;
			
 
				+use AliCloud\Core\Profile\DefaultProfile;
			
 
				+use AliCloud\Core\DefaultAcsClient;
			
 
				+use AliCloud\Core\Exception\ServerException;
			
 
				+use AliCloud\Core\Exception\ClientException;
			
 
				+use AliCloud\STS\AssumeRoleRequest;
			
 
				+
			
 
				+class OssController extends Controller
			
 
				+{
			
 
				+    public function getSts()
			
 
				+    {
			
 
				+        $regionID = "cn-zhangjiakou";
			
 
				+        $endpoint = "sts.cn-zhangjiakou.aliyuncs.com";
			
 
				+        DefaultProfile::addEndpoint($regionID, $regionID, "Sts", $endpoint);
			
 
				+        $iClientProfile = DefaultProfile::getProfile($regionID, 'LTAIG3B3vMgxdnGg', 'EJY6vwMje1npqZYmIwrmUWlVTiVW18');
			
 
				+        $client = new DefaultAcsClient($iClientProfile);
			
 
				+        // 指定角色ARN
			
 
				+        $roleArn = "acs:ram::1211062998797452:role/ramoss-sts";
			
 
				+        // 在扮演角色时，添加一个权限策略，进一步限制角色的权限
			
 
				+        // 以下权限策略表示拥有可以读取所有OSS的只读权限
			
 
				+$policy = <<<POLICY
			
 
				+        {
			
 
				+          "Statement": [
			
 
				+            {
			
 
				+              "Action": [
			
 
				+                "oss:Get*",
			
 
				+                "oss:List*"
			
 
				+              ],
			
 
				+              "Effect": "Allow",
			
 
				+              "Resource": "*"
			
 
				+            }
			
 
				+          ],
			
 
				+          "Version": "1"
			
 
				+        }
			
 
				+POLICY;
			
 
				+        $request = new AssumeRoleRequest();
			
 
				+        // RoleSessionName即临时身份的会话名称，用于区分不同的临时身份
			
 
				+        $request->setRoleSessionName("alice");
			
 
				+        $request->setRoleArn($roleArn);
			
 
				+        $request->setPolicy($policy);
			
 
				+        $request->setDurationSeconds(3600);
			
 
				+        try {
			
 
				+            $response = $client->getAcsResponse($request);
			
 
				+            $result['region'] = $regionID;
			
 
				+            $result['accessKeyId'] = $response->Credentials->AccessKeyId;
			
 
				+            $result['accessKeySecret'] = $response->Credentials->AccessKeySecret;
			
 
				+            $result['stsToken'] = $response->Credentials->SecurityToken;
			
 
				+            $result['bucket'] = 'uptoyo';
			
 
				+            return $result;
			
 
				+        } catch (ServerException $e) {
			
 
				+            return $this->response->error($e->getMessage(), 500);
			
 
				+        } catch (ClientException $e) {
			
 
				+            return $this->response->error($e->getMessage(), 500);
			
 
				+        }
			
 
				+    }
			
 
				+}
			
--- a/composer.json
+++ b/composer.json
@@ -6,6 +6,7 @@
 
				     "type": "project",
			
 
				     "require": {
			
 
				         "php": ">=7.1.3",
			
 
				+        "jiajialu/aliyun-sdk-sts": "^3.0",
			
 
				         "dingo/api": "^2.2",
			
 
				         "doctrine/dbal": "^2.9",
			
 
				         "guzzlehttp/guzzle": "^6.3",
			
--- a/routes/api.php
+++ b/routes/api.php
@@ -30,6 +30,8 @@ $api->version('v1', [
 
				 
			
 
				         //已隐藏规则消息
			
 
				         $api->get('message/hide', 'MessageRuleController@hide');
			
 
				+        //ali oss sts
			
 
				+        $api->get('oss/sts', 'OssController@getSts');
			
 
				     });
			
 
				     //登录+验签
			
 
				     $api->group(['middleware' => ['chxq_jwt_auth', 'chxq_sign']], function ($api) {