<?php

namespace App\Http\Controllers;
use AliCloud\Core\Profile\DefaultProfile;
use AliCloud\Core\DefaultAcsClient;
use AliCloud\Core\Exception\ServerException;
use AliCloud\Core\Exception\ClientException;
use AliCloud\STS\AssumeRoleRequest;

class OssController extends Controller
{
    public function getSts()
    {
        $regionID = "cn-zhangjiakou";
        $endpoint = "sts.cn-zhangjiakou.aliyuncs.com";
        DefaultProfile::addEndpoint($regionID, $regionID, "Sts", $endpoint);
        $iClientProfile = DefaultProfile::getProfile($regionID, 'LTAIG3B3vMgxdnGg', 'EJY6vwMje1npqZYmIwrmUWlVTiVW18');
        $client = new DefaultAcsClient($iClientProfile);
        // 指定角色ARN
        $roleArn = "acs:ram::1211062998797452:role/ramoss-sts";
        // 在扮演角色时，添加一个权限策略，进一步限制角色的权限
        // 以下权限策略表示拥有可以读取所有OSS的只读权限
$policy = <<<POLICY
        {
          "Statement": [
            {
              "Action": [
                "oss:Get*",
                "oss:List*"
              ],
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "1"
        }
POLICY;
        $request = new AssumeRoleRequest();
        // RoleSessionName即临时身份的会话名称，用于区分不同的临时身份
        $request->setRoleSessionName("alice");
        $request->setRoleArn($roleArn);
        $request->setPolicy($policy);
        $request->setDurationSeconds(3600);
        try {
            $response = $client->getAcsResponse($request);
            $result['region'] = $regionID;
            $result['accessKeyId'] = $response->Credentials->AccessKeyId;
            $result['accessKeySecret'] = $response->Credentials->AccessKeySecret;
            $result['stsToken'] = $response->Credentials->SecurityToken;
            $result['bucket'] = 'uptoyo';
            return $this->jsonSuccess($result);
        } catch (ServerException $e) {
            return jsonError($e->getMessage());
        } catch (ClientException $e) {
            return jsonError($e->getMessage());
        }
    }
}