You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Open-IM-Server/internal/api/third/ali_oss_credential.go

96 lines
2.9 KiB

package apiThird
import (
api "Open_IM/pkg/base_info"
"Open_IM/pkg/common/config"
"Open_IM/pkg/common/constant"
"Open_IM/pkg/common/log"
"Open_IM/pkg/common/token_verify"
"fmt"
openapi "github.com/alibabacloud-go/darabonba-openapi/client"
sts20150401 "github.com/alibabacloud-go/sts-20150401/client"
"github.com/alibabacloud-go/tea/tea"
"github.com/fatih/structs"
//"github.com/fatih/structs"
"github.com/gin-gonic/gin"
"net/http"
"time"
)
var stsClient *sts20150401.Client
/**
* 使AK&SKClient
* @param accessKeyId
* @param accessKeySecret
* @return Client
* @throws Exception
*/
func getStsClient() *sts20150401.Client {
if stsClient != nil {
return stsClient
}
conf := &openapi.Config{
// 您的AccessKey ID
AccessKeyId: tea.String(config.Config.Credential.Ali.AccessKeyID),
// 您的AccessKey Secret
AccessKeySecret: tea.String(config.Config.Credential.Ali.AccessKeySecret),
// Endpoint
Endpoint: tea.String(config.Config.Credential.Ali.StsEndpoint),
}
result, err := sts20150401.NewClient(conf)
if err != nil {
log.NewError("", "alists client初始化失败 ", err)
}
stsClient = result
return stsClient
}
func AliOSSCredential(c *gin.Context) {
req := api.OSSCredentialReq{}
if err := c.BindJSON(&req); err != nil {
log.NewError("0", "BindJSON failed ", err.Error())
c.JSON(http.StatusBadRequest, gin.H{"errCode": 400, "errMsg": err.Error()})
return
}
ok, userID := token_verify.GetUserIDFromToken(c.Request.Header.Get("token"), req.OperationID)
if !ok {
log.NewError(req.OperationID, "GetUserIDFromToken false ", c.Request.Header.Get("token"))
c.JSON(http.StatusInternalServerError, gin.H{"errCode": 500, "errMsg": "GetUserIDFromToken failed"})
return
}
log.NewInfo(req.OperationID, "AliOSSCredential args ", userID)
stsResp, err := getStsClient().AssumeRole(&sts20150401.AssumeRoleRequest{
DurationSeconds: tea.Int64(config.Config.Credential.Ali.StsDurationSeconds),
Policy: nil,
RoleArn: tea.String(config.Config.Credential.Ali.OssRoleArn),
RoleSessionName: tea.String(fmt.Sprintf("%s-%d", userID, time.Now().Unix())),
})
resp := api.OSSCredentialResp{}
if err != nil {
resp.ErrCode = constant.ErrTencentCredential.ErrCode
resp.ErrMsg = err.Error()
} else {
resp = api.OSSCredentialResp{
CommResp: api.CommResp{},
OssData: api.OSSCredentialRespData{
Endpoint: config.Config.Credential.Ali.OssEndpoint,
AccessKeyId: *stsResp.Body.Credentials.AccessKeyId,
AccessKeySecret: *stsResp.Body.Credentials.AccessKeySecret,
Token: *stsResp.Body.Credentials.SecurityToken,
Bucket: config.Config.Credential.Ali.Bucket,
FinalHost: config.Config.Credential.Ali.FinalHost,
},
Data: nil,
}
}
resp.Data = structs.Map(&resp.OssData)
log.NewInfo(req.OperationID, "AliOSSCredential return ", resp)
c.JSON(http.StatusOK, resp)
}