<?php /** * 公共方法 */ defined(‘DYMall‘) or exit(‘Access Invalid!‘); use OSS\OssClient; use OSS\Core\OssUtil; use OSS\Core\OssException; use OSS\Http\RequestCore; use OSS\Http\ResponseCore; require_once(BASE_ROOT_PATH.‘/library/smartphp/libraries/OSS/autoload.php‘); class osssecurityCtl{ const OSS_URL_KEY = ‘ossSecurityUrl‘; const OSS_TIME = 3600; const OSS_STS_URL = ‘https://sts.aliyuncs.com‘; const FORMAT = ‘JSON‘; const VERSION = ‘2015-04-01‘; const SIGN_ATURE_METHOD = ‘HMAC-SHA1‘; const SIGN_ATURE_VERSION = ‘1.0‘; const ROLE_SESSION_NAME = ‘web****ss‘; const OSS_STS_TOKEN = ‘images:oss:sts:token‘; const OSS_ARN = ‘acs:ram::136*******:role/w*****s‘; //格式说明oss官网上有说明 const OSS_STS_ACCESS_ID = ‘LTAI4****9u3h‘; const OSS_ACCESE_SECRET = ‘bv*******3B‘; /** * The name and signature of the console command. * @var string */ protected $signature = ‘get:OssStsToken‘; /** * The console command description. * * @var string */ protected $description = ‘[OSS]定期更新OSS Sts Token‘; public function __construct() { $this->redis = caching::getInstance(); } public function index(){ //生成token $token = $this->handle(); $endpoint = $GLOBALS[‘setting_config‘][‘oss_url‘]; $bucket = $GLOBALS[‘setting_config‘][‘oss_pre‘]; $object = ‘data/upload/mobile/share/poster‘; $ossClient = new \OSS\OssClient(self::OSS_STS_ACCESS_ID, self::OSS_ACCESE_SECRET, $endpoint, false, $token[‘SecurityToken‘]); try{ $is_keys = $this->redis->exists(self::OSS_URL_KEY); if($is_keys) { $signedUrl = $this->redis->get(self::OSS_URL_KEY); }else{ // 生成PutObject的签名URL。 $signedUrl = $ossClient->signUrl($bucket, $object, self::OSS_TIME); $this->redis->set(self::OSS_URL_KEY, $signedUrl, self::OSS_TIME); } }catch (OssException $e){ output_error($e->getMessage()); } $signedUrl = $signedUrl.‘&AccessKeySecret=‘.self::OSS_ACCESE_SECRET.‘&bucketName=‘.$bucket.‘&endpoint=‘.$endpoint; $arr = parse_url($signedUrl); $arrQeury = $arr[‘query‘]; $explarr = explode(‘&‘, $arrQeury); $urlarr = []; foreach($explarr as $k =>$v){ $arr1=explode(‘=‘,$v); $urlarr[$arr1[0]] = $arr1[1]; } output_data($urlarr); } /** * 定期更新Oss Sts token * * @return mixed */ private function handle() { if($this->redis->exists(self::OSS_STS_TOKEN)) { return $this->redis->get(self::OSS_STS_TOKEN); } date_default_timezone_set("GMT"); $params = [ // 获取公共参数 ‘Format‘ => self::FORMAT, ‘Version‘ => self::VERSION, ‘AccessKeyId‘ => self::OSS_STS_ACCESS_ID, ‘SignatureMethod‘ => self::SIGN_ATURE_METHOD, ‘SignatureVersion‘ => self::SIGN_ATURE_VERSION, ‘SignatureNonce‘ => uniqid(), ‘Timestamp‘ => date(‘Y-m-d\TH:i:s\Z‘), // 获取接口参数 ‘Action‘ => ‘AssumeRole‘, ‘RoleArn‘ => self::OSS_ARN, ‘RoleSessionName‘ => self::ROLE_SESSION_NAME, ]; ksort($params); $oss_access_key = self::OSS_ACCESE_SECRET; $sign = ‘‘; $items = []; foreach($params as $key => $value){ $items[] = rawurlencode($key) . ‘=‘ . rawurlencode($value); $sign .= ‘&‘ . $this->percentEncode($key). ‘=‘ . $this->percentEncode($value); } $sign = ‘GET&%2F&‘ . $this->percentencode(substr($sign, 1)); $signature = base64_encode(hash_hmac(‘sha1‘, $sign, $oss_access_key . "&", true)); $url = self::OSS_STS_URL . ‘?‘ . implode(‘&‘, $items) . ‘&Signature=‘ . rawurlencode($signature); $token = $this->getApi($url); $time = date(‘Y-m-d H:i:s‘, time()); if (!empty($token)) { $this->redis->set(self::OSS_STS_TOKEN, $token, self::OSS_TIME); return $token; } } private function percentEncode($str) { $res = urlencode($str); $res = preg_replace(‘/\+/‘, ‘%20‘, $res); $res = preg_replace(‘/\*/‘, ‘%2A‘, $res); $res = preg_replace(‘/%7E/‘, ‘~‘, $res); return $res; } private function getApi($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $output = curl_exec($ch); curl_close($ch); $output = json_decode($output,true); if(!isset($output[‘Credentials‘])){ return false; }else{ return $output[‘Credentials‘]; } } }