feat: server thumbnail (#818)

* feat: add get_group_member_user_id api * feat: add SendBusinessNotification api * feat: add GetFriendIDs api * update pkg * feat: cos oss thumbnail * feat: cos video snapshot * feat: oss video snapshot * feat: minio video snapshot * feat: minio video snapshot * feat: minio * feat: minio * feat: minio * feat: s3 AccessURL * feat: s3 AccessURL * fix: Minio AccessURL * fix: Minio AccessURL * fix: optimize thumbnails * fix: optimize thumbnails * fix: cos option * fix: cos option * fix: cos option * docs: config * docs: config * minio: preview image cache * minio: preview image cache * minio: preview image cache * go mod tidy * cicd: robot automated Change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: withchao <withchao@users.noreply.github.com>
1 year ago · e706620f12
parent bd518365ea
commit e706620f12
18 changed files with 500 additions and 225 deletions
--- a/config/config.yaml
+++ b/config/config.yaml
@ -24,10 +24,10 @@
 # Zookeeper username
 # Zookeeper password
 zookeeper:
-  schema: openim                          
-  address: [ 127.0.0.1:2181 ]            
-  username:                               
-  password:   
+  schema: openim
+  address: [ 127.0.0.1:2181 ]
+  username:
+  password:

 ###################### Mysql ######################
 # MySQL configuration
@ -42,12 +42,12 @@ mysql:
  address: [ 127.0.0.1:13306 ]
  username: root
  password: openIM123
-  database: openIM_v3                     
-  maxOpenConn: 1000                       
-  maxIdleConn: 100                        
-  maxLifeTime: 60                         
-  logLevel: 4                             
-  slowThreshold: 500    
+  database: openIM_v3
+  maxOpenConn: 1000
+  maxIdleConn: 100
+  maxLifeTime: 60
+  logLevel: 4
+  slowThreshold: 500

 ###################### Mongo ######################
 # MongoDB configuration
@ -62,7 +62,7 @@ mongo:
  database: openIM_v3
  username: root
  password: openIM123
-  maxPoolSize: 100  
+  maxPoolSize: 100

 ###################### Redis ######################
 # Redis configuration
@ -70,7 +70,7 @@ mongo:
 # Username is required only for Redis version 6.0+
 redis:
  address: [ 127.0.0.1:16379 ]
-  username:                               
+  username:
  password: openIM123

 ###################### Kafka ######################
@ -81,13 +81,13 @@ redis:
 # It's not recommended to modify this topic name
 # Consumer group ID, it's not recommended to modify
 kafka:
-  username:                               
-  password:                               
+  username:
+  password:
  addr: [ 127.0.0.1:9092 ]
  latestMsgToRedis:
-    topic: "latestMsgToRedis"             
+    topic: "latestMsgToRedis"
  offlineMsgToMongo:
-    topic: "offlineMsgToMongoMysql"       
+    topic: "offlineMsgToMongoMysql"
  msgToPush:
    topic: "msgToPush"
  consumerGroupID:
@ -111,8 +111,8 @@ rpc:
 # API service port
 # Default listen IP is 0.0.0.0
 api:
-  openImApiPort: [ 10002 ]                
-  listenIP: 0.0.0.0    
+  openImApiPort: [ 10002 ]
+  listenIP: 0.0.0.0

 ###################### Gateway ######################
 # Object storage configuration
@ -124,25 +124,29 @@ api:
 # Session token
 # Configuration for Tencent COS
 # Configuration for Aliyun OSS
+# apiURL is the address of the api, the access address of the app, use s3 must be configured
+# minio.endpoint can be configured as an intranet address,
+# minio.signEndpoint is minio public network address
 object:
-  enable: "minio"                         
-  apiURL: http://127.0.0.1:10002/object/
+  enable: "minio"
+  apiURL: "http://127.0.0.1:10002"
  minio:
-    bucket: "openim"                      
-    endpoint: http://127.0.0.1:10005
-    accessKeyID: root
-    secretAccessKey: openIM123
-    sessionToken: ""                      
-  cos:                                    
+    bucket: "openim"
+    endpoint: "http://127.0.0.1:10005"
+    accessKeyID: "root"
+    secretAccessKey: "openIM123"
+    sessionToken: ""
+    signEndpoint: "http://127.0.0.1:10005"
+  cos:
    bucketURL: "https://temp-1252357374.cos.ap-chengdu.myqcloud.com"
    secretID: ""
    secretKey: ""
    sessionToken: ""
-  oss:                                    
+  oss:
    endpoint: "https://oss-cn-chengdu.aliyuncs.com"
    bucket: "demo-9999999"
    bucketURL: "https://demo-9999999.oss-cn-chengdu.aliyuncs.com"
-    accessKeyID: root
+    accessKeyID: ""
    accessKeySecret: ""
    sessionToken: ""

@ -150,7 +154,7 @@ object:
 # These ports are passed into the program by the script and are not recommended to modify
 # For launching multiple programs, just fill in multiple ports separated by commas
 # For example, [10110, 10111]
-rpcPort: 
+rpcPort:
  openImUserPort: [ 10110 ]
  openImFriendPort: [ 10120 ]
  openImMessagePort: [ 10130 ]
@ -183,12 +187,12 @@ rpcRegisterName:
 # Whether to output in json format
 # Whether to include stack trace in logs
 log:
-  storageLocation: ../../../../../logs/  
-  rotationTime: 24                        
-  remainRotationCount: 2                  
-  remainLogLevel: 6                       
-  isStdout: false                         
-  isJson: false                           
+  storageLocation: ../../../../../logs/
+  rotationTime: 24
+  remainRotationCount: 2
+  remainLogLevel: 6
+  isStdout: false
+  isJson: false
  withStack: false

 # Long connection server configuration
@ -198,10 +202,10 @@ log:
 # Maximum length of websocket request package
 # Websocket connection handshake timeout
 longConnSvr:
-  openImWsPort: [ 10001 ]                 
-  websocketMaxConnNum: 100000             
-  websocketMaxMsgLen: 4096                
-  websocketTimeout: 10  
+  openImWsPort: [ 10001 ]
+  websocketMaxConnNum: 100000
+  websocketMaxMsgLen: 4096
+  websocketTimeout: 10

 # Push notification service configuration
 #
--- a/go.mod
+++ b/go.mod
@ -25,7 +25,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/stretchr/testify v1.8.4
 	go.mongodb.org/mongo-driver v1.12.1
-	golang.org/x/image v0.9.0 // indirect
+	golang.org/x/image v0.9.0
 	google.golang.org/api v0.135.0
 	google.golang.org/grpc v1.57.0
 	google.golang.org/protobuf v1.31.0
--- a/internal/api/third.go
+++ b/internal/api/third.go
@ -83,7 +83,14 @@ func (o *ThirdApi) ObjectRedirect(c *gin.Context) {
 		operationID = strconv.Itoa(rand.Int())
 	}
 	ctx := mcontext.SetOperationID(c, operationID)
-	resp, err := o.Client.AccessURL(ctx, &third.AccessURLReq{Name: name})
+	query := make(map[string]string)
+	for key, values := range c.Request.URL.Query() {
+		if len(values) == 0 {
+			continue
+		}
+		query[key] = values[0]
+	}
+	resp, err := o.Client.AccessURL(ctx, &third.AccessURLReq{Name: name, Query: query})
 	if err != nil {
 		if errs.ErrArgs.Is(err) {
 			c.String(http.StatusBadRequest, err.Error())
--- a/internal/rpc/third/s3.go
+++ b/internal/rpc/third/s3.go
@ -16,8 +16,11 @@ package third

 import (
 	"context"
+	"strconv"
 	"time"

+	"github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/s3"
+
 	"github.com/OpenIMSDK/protocol/third"
 	"github.com/OpenIMSDK/tools/errs"
 	"github.com/OpenIMSDK/tools/log"
@ -152,7 +155,21 @@ func (t *thirdServer) CompleteMultipartUpload(ctx context.Context, req *third.Co
 }

 func (t *thirdServer) AccessURL(ctx context.Context, req *third.AccessURLReq) (*third.AccessURLResp, error) {
-	expireTime, rawURL, err := t.s3dataBase.AccessURL(ctx, req.Name, t.defaultExpire)
+	opt := &s3.AccessURLOption{}
+	if len(req.Query) > 0 {
+		switch req.Query["type"] {
+		case "":
+		case "image":
+			opt.Image = &s3.Image{}
+			opt.Image.Format = req.Query["format"]
+			opt.Image.Width, _ = strconv.Atoi(req.Query["width"])
+			opt.Image.Height, _ = strconv.Atoi(req.Query["height"])
+			log.ZDebug(ctx, "AccessURL image", "name", req.Name, "option", opt.Image)
+		default:
+			return nil, errs.ErrArgs.Wrap("invalid query type")
+		}
+	}
+	expireTime, rawURL, err := t.s3dataBase.AccessURL(ctx, req.Name, t.defaultExpire, opt)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/third/third.go
+++ b/internal/rpc/third/third.go
@ -49,6 +49,7 @@ func Start(client discoveryregistry.SvcDiscoveryRegistry, server *grpc.Server) e
 	if apiURL[len(apiURL)-1] != '/' {
 		apiURL += "/"
 	}
+	apiURL += "object/"
 	rdb, err := cache.NewRedis()
 	if err != nil {
 		return err
--- a/pkg/common/config/config.go
+++ b/pkg/common/config/config.go
@ -120,6 +120,7 @@ type configStruct struct {
 			AccessKeyID     string `yaml:"accessKeyID"`
 			SecretAccessKey string `yaml:"secretAccessKey"`
 			SessionToken    string `yaml:"sessionToken"`
+			SignEndpoint    string `yaml:"signEndpoint"`
 		} `yaml:"minio"`
 		Cos struct {
 			BucketURL    string `yaml:"bucketURL"`
--- a/pkg/common/db/controller/s3.go
+++ b/pkg/common/db/controller/s3.go
@ -30,7 +30,7 @@ type S3Database interface {
 	AuthSign(ctx context.Context, uploadID string, partNumbers []int) (*s3.AuthSignResult, error)
 	InitiateMultipartUpload(ctx context.Context, hash string, size int64, expire time.Duration, maxParts int) (*cont.InitiateUploadResult, error)
 	CompleteMultipartUpload(ctx context.Context, uploadID string, parts []string) (*cont.UploadResult, error)
-	AccessURL(ctx context.Context, name string, expire time.Duration) (time.Time, string, error)
+	AccessURL(ctx context.Context, name string, expire time.Duration, opt *s3.AccessURLOption) (time.Time, string, error)
 	SetObject(ctx context.Context, info *relation.ObjectModel) error
 }

@ -70,14 +70,19 @@ func (s *s3Database) SetObject(ctx context.Context, info *relation.ObjectModel)
 	return s.obj.SetObject(ctx, info)
 }

-func (s *s3Database) AccessURL(ctx context.Context, name string, expire time.Duration) (time.Time, string, error) {
+func (s *s3Database) AccessURL(ctx context.Context, name string, expire time.Duration, opt *s3.AccessURLOption) (time.Time, string, error) {
 	obj, err := s.obj.Take(ctx, name)
 	if err != nil {
 		return time.Time{}, "", err
 	}
-	opt := &s3.AccessURLOption{
-		ContentType: obj.ContentType,
-		Filename:    filepath.Base(obj.Name),
+	if opt == nil {
+		opt = &s3.AccessURLOption{}
+	}
+	if opt.ContentType == "" {
+		opt.ContentType = obj.ContentType
+	}
+	if opt.Filename == "" {
+		opt.Filename = filepath.Base(obj.Name)
 	}
 	expireTime := time.Now().Add(expire)
 	rawURL, err := s.s3.AccessURL(ctx, obj.Key, expire, opt)
--- a/pkg/common/db/controller/user.go
+++ b/pkg/common/db/controller/user.go
@ -18,9 +18,10 @@ import (
 	"context"
 	"time"

-	unRelationTb "github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/table/unrelation"
 	"github.com/OpenIMSDK/protocol/user"

+	unRelationTb "github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/table/unrelation"
+
 	"github.com/OpenIMSDK/tools/errs"
 	"github.com/OpenIMSDK/tools/tx"
 	"github.com/OpenIMSDK/tools/utils"
--- a/pkg/common/db/s3/cont/controller.go
+++ b/pkg/common/db/s3/cont/controller.go
@ -257,5 +257,9 @@ func (c *Controller) IsNotFound(err error) bool {
 }

 func (c *Controller) AccessURL(ctx context.Context, name string, expire time.Duration, opt *s3.AccessURLOption) (string, error) {
+	if opt.Image != nil {
+		opt.Filename = ""
+		opt.ContentType = ""
+	}
 	return c.impl.AccessURL(ctx, name, expire, opt)
 }
--- a/pkg/common/db/s3/cos/cos.go
+++ b/pkg/common/db/s3/cos/cos.go
@ -36,6 +36,19 @@ const (
 	maxNumSize  = 1000
 )

+const (
+	imagePng  = "png"
+	imageJpg  = "jpg"
+	imageJpeg = "jpeg"
+	imageGif  = "gif"
+	imageWebp = "webp"
+)
+
+const (
+	videoSnapshotImagePng = "png"
+	videoSnapshotImageJpg = "jpg"
+)
+
 func NewCos() (s3.Interface, error) {
 	conf := config.Config.Object.Cos
 	u, err := url.Parse(conf.BucketURL)
@ -248,19 +261,44 @@ func (c *Cos) ListUploadedParts(ctx context.Context, uploadID string, name strin
 }

 func (c *Cos) AccessURL(ctx context.Context, name string, expire time.Duration, opt *s3.AccessURLOption) (string, error) {
-	var option *cos.PresignedURLOptions
+	var imageMogr string
+	var option cos.PresignedURLOptions
 	if opt != nil {
 		query := make(url.Values)
+		if opt.Image != nil {
+			// https://cloud.tencent.com/document/product/436/44880
+			style := make([]string, 0, 2)
+			wh := make([]string, 2)
+			if opt.Image.Width > 0 {
+				wh[0] = strconv.Itoa(opt.Image.Width)
+			}
+			if opt.Image.Height > 0 {
+				wh[1] = strconv.Itoa(opt.Image.Height)
+			}
+			if opt.Image.Width > 0 || opt.Image.Height > 0 {
+				style = append(style, strings.Join(wh, "x"))
+			}
+			switch opt.Image.Format {
+			case
+				imagePng,
+				imageJpg,
+				imageJpeg,
+				imageGif,
+				imageWebp:
+				style = append(style, "format/"+opt.Image.Format)
+			}
+			if len(style) > 0 {
+				imageMogr = "&imageMogr2/thumbnail/" + strings.Join(style, "/") + "/ignore-error/1"
+			}
+		}
 		if opt.ContentType != "" {
 			query.Set("response-content-type", opt.ContentType)
 		}
 		if opt.Filename != "" {
-			query.Set("response-content-disposition", `attachment; filename="`+opt.Filename+`"`)
+			query.Set("response-content-disposition", `attachment; filename=`+strconv.Quote(opt.Filename))
 		}
 		if len(query) > 0 {
-			option = &cos.PresignedURLOptions{
-				Query: &query,
-			}
+			option.Query = &query
 		}
 	}
 	if expire <= 0 {
@ -268,9 +306,13 @@ func (c *Cos) AccessURL(ctx context.Context, name string, expire time.Duration,
 	} else if expire < time.Second {
 		expire = time.Second
 	}
-	rawURL, err := c.client.Object.GetPresignedURL(ctx, http.MethodGet, name, c.credential.SecretID, c.credential.SecretKey, expire, option)
+	rawURL, err := c.client.Object.GetPresignedURL(ctx, http.MethodGet, name, c.credential.SecretID, c.credential.SecretKey, expire, &option)
 	if err != nil {
 		return "", err
 	}
-	return rawURL.String(), nil
+	urlStr := rawURL.String()
+	if imageMogr != "" {
+		urlStr += imageMogr
+	}
+	return urlStr, nil
 }
--- a/pkg/common/db/s3/minio/image.go
+++ b/pkg/common/db/s3/minio/image.go
@ -0,0 +1,106 @@
+package minio
+
+import (
+	"image"
+	_ "image/gif"
+	_ "image/jpeg"
+	_ "image/png"
+	"io"
+
+	_ "golang.org/x/image/bmp"
+	_ "golang.org/x/image/tiff"
+	_ "golang.org/x/image/webp"
+)
+
+const (
+	formatPng  = "png"
+	formatJpeg = "jpeg"
+	formatJpg  = "jpg"
+	formatGif  = "gif"
+)
+
+func ImageStat(reader io.Reader) (image.Image, string, error) {
+	return image.Decode(reader)
+}
+
+func ImageWidthHeight(img image.Image) (int, int) {
+	bounds := img.Bounds().Max
+	return bounds.X, bounds.Y
+}
+
+func resizeImage(img image.Image, maxWidth, maxHeight int) image.Image {
+	bounds := img.Bounds()
+	imgWidth := bounds.Max.X
+	imgHeight := bounds.Max.Y
+
+	// 计算缩放比例
+	scaleWidth := float64(maxWidth) / float64(imgWidth)
+	scaleHeight := float64(maxHeight) / float64(imgHeight)
+
+	// 如果都为0，则不缩放，返回原始图片
+	if maxWidth == 0 && maxHeight == 0 {
+		return img
+	}
+
+	// 如果宽度和高度都大于0，则选择较小的缩放比例，以保持宽高比
+	if maxWidth > 0 && maxHeight > 0 {
+		scale := scaleWidth
+		if scaleHeight < scaleWidth {
+			scale = scaleHeight
+		}
+
+		// 计算缩略图尺寸
+		thumbnailWidth := int(float64(imgWidth) * scale)
+		thumbnailHeight := int(float64(imgHeight) * scale)
+
+		// 使用"image"库的Resample方法生成缩略图
+		thumbnail := image.NewRGBA(image.Rect(0, 0, thumbnailWidth, thumbnailHeight))
+		for y := 0; y < thumbnailHeight; y++ {
+			for x := 0; x < thumbnailWidth; x++ {
+				srcX := int(float64(x) / scale)
+				srcY := int(float64(y) / scale)
+				thumbnail.Set(x, y, img.At(srcX, srcY))
+			}
+		}
+
+		return thumbnail
+	}
+
+	// 如果只指定了宽度或高度，则根据最大不超过的规则生成缩略图
+	if maxWidth > 0 {
+		thumbnailWidth := maxWidth
+		thumbnailHeight := int(float64(imgHeight) * scaleWidth)
+
+		// 使用"image"库的Resample方法生成缩略图
+		thumbnail := image.NewRGBA(image.Rect(0, 0, thumbnailWidth, thumbnailHeight))
+		for y := 0; y < thumbnailHeight; y++ {
+			for x := 0; x < thumbnailWidth; x++ {
+				srcX := int(float64(x) / scaleWidth)
+				srcY := int(float64(y) / scaleWidth)
+				thumbnail.Set(x, y, img.At(srcX, srcY))
+			}
+		}
+
+		return thumbnail
+	}
+
+	if maxHeight > 0 {
+		thumbnailWidth := int(float64(imgWidth) * scaleHeight)
+		thumbnailHeight := maxHeight
+
+		// 使用"image"库的Resample方法生成缩略图
+		thumbnail := image.NewRGBA(image.Rect(0, 0, thumbnailWidth, thumbnailHeight))
+		for y := 0; y < thumbnailHeight; y++ {
+			for x := 0; x < thumbnailWidth; x++ {
+				srcX := int(float64(x) / scaleHeight)
+				srcY := int(float64(y) / scaleHeight)
+				thumbnail.Set(x, y, img.At(srcX, srcY))
+			}
+		}
+
+		return thumbnail
+	}
+
+	// 默认情况下，返回原始图片
+	return img
+}
--- a/pkg/common/db/s3/minio/minio.go
+++ b/pkg/common/db/s3/minio/minio.go
@ -15,16 +15,28 @@
 package minio

 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"image"
+	"image/gif"
+	"image/jpeg"
+	"image/png"
+	"io"
 	"net/http"
 	"net/url"
+	"path"
+	"path/filepath"
+	"reflect"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
+	"unsafe"

+	"github.com/OpenIMSDK/tools/log"
 	"github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/credentials"
 	"github.com/minio/minio-go/v7/pkg/signer"
@ -43,6 +55,13 @@ const (
 	maxNumSize  = 10000
 )

+const (
+	maxImageWidth  = 1024
+	maxImageHeight = 1024
+	maxImageSize   = 1024 * 1024 * 50
+	pathInfo       = "openim/thumbnail"
+)
+
 func NewMinio() (s3.Interface, error) {
 	conf := config.Config.Object.Minio
 	u, err := url.Parse(conf.Endpoint)
@ -60,11 +79,26 @@ func NewMinio() (s3.Interface, error) {
 	m := &Minio{
 		bucket:    conf.Bucket,
 		bucketURL: conf.Endpoint + "/" + conf.Bucket + "/",
-		opts:      opts,
 		core:      &minio.Core{Client: client},
 		lock:      &sync.Mutex{},
 		init:      false,
 	}
+	if conf.SignEndpoint == "" || conf.SignEndpoint == conf.Endpoint {
+		m.sign = m.core.Client
+	} else {
+		su, err := url.Parse(conf.SignEndpoint)
+		if err != nil {
+			return nil, err
+		}
+		m.opts = &minio.Options{
+			Creds:  credentials.NewStaticV4(conf.AccessKeyID, conf.SecretAccessKey, conf.SessionToken),
+			Secure: su.Scheme == "https",
+		}
+		m.sign, err = minio.New(su.Host, m.opts)
+		if err != nil {
+			return nil, err
+		}
+	}
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 	if err := m.initMinio(ctx); err != nil {
@ -76,8 +110,10 @@ func NewMinio() (s3.Interface, error) {
 type Minio struct {
 	bucket    string
 	bucketURL string
+	location  string
 	opts      *minio.Options
 	core      *minio.Core
+	sign      *minio.Client
 	lock      sync.Locker
 	init      bool
 }
@ -91,15 +127,43 @@ func (m *Minio) initMinio(ctx context.Context) error {
 	if m.init {
 		return nil
 	}
-	exists, err := m.core.Client.BucketExists(ctx, config.Config.Object.Minio.Bucket)
+	conf := config.Config.Object.Minio
+	exists, err := m.core.Client.BucketExists(ctx, conf.Bucket)
 	if err != nil {
 		return fmt.Errorf("check bucket exists error: %w", err)
 	}
 	if !exists {
-		if err := m.core.Client.MakeBucket(ctx, config.Config.Object.Minio.Bucket, minio.MakeBucketOptions{}); err != nil {
+		if err := m.core.Client.MakeBucket(ctx, conf.Bucket, minio.MakeBucketOptions{}); err != nil {
 			return fmt.Errorf("make bucket error: %w", err)
 		}
 	}
+	m.location, err = m.core.Client.GetBucketLocation(ctx, conf.Bucket)
+	if err != nil {
+		return err
+	}
+	func() {
+		if conf.SignEndpoint == "" || conf.SignEndpoint == conf.Endpoint {
+			return
+		}
+		defer func() {
+			if r := recover(); r != nil {
+				m.sign = m.core.Client
+				log.ZWarn(
+					context.Background(),
+					"set sign bucket location cache panic",
+					errors.New("failed to get private field value"),
+					"recover",
+					fmt.Sprintf("%+v", r),
+					"development version",
+					"github.com/minio/minio-go/v7 v7.0.61",
+				)
+			}
+		}()
+		blc := reflect.ValueOf(m.sign).Elem().FieldByName("bucketLocCache")
+		vblc := reflect.New(reflect.PtrTo(blc.Type()))
+		*(*unsafe.Pointer)(vblc.UnsafePointer()) = unsafe.Pointer(blc.UnsafeAddr())
+		vblc.Elem().Elem().Interface().(interface{ Set(string, string) }).Set(conf.Bucket, m.location)
+	}()
 	m.init = true
 	return nil
 }
@ -191,7 +255,7 @@ func (m *Minio) AuthSign(ctx context.Context, uploadID string, name string, expi
 			return nil, err
 		}
 		request.Header.Set("X-Amz-Content-Sha256", unsignedPayload)
-		request = signer.SignV4Trailer(*request, creds.AccessKeyID, creds.SecretAccessKey, creds.SessionToken, "us-east-1", nil)
+		request = signer.SignV4Trailer(*request, creds.AccessKeyID, creds.SecretAccessKey, creds.SessionToken, m.location, nil)
 		result.Parts[i] = s3.SignPart{
 			PartNumber: partNumber,
 			URL:        request.URL.String(),
@ -206,7 +270,7 @@ func (m *Minio) PresignedPutObject(ctx context.Context, name string, expire time
 	if err := m.initMinio(ctx); err != nil {
 		return "", err
 	}
-	rawURL, err := m.core.Client.PresignedPutObject(ctx, m.bucket, name, expire)
+	rawURL, err := m.sign.PresignedPutObject(ctx, m.bucket, name, expire)
 	if err != nil {
 		return "", err
 	}
@ -303,6 +367,19 @@ func (m *Minio) ListUploadedParts(ctx context.Context, uploadID string, name str
 	return res, nil
 }

+func (m *Minio) presignedGetObject(ctx context.Context, name string, expire time.Duration, query url.Values) (string, error) {
+	if expire <= 0 {
+		expire = time.Hour * 24 * 365 * 99 // 99 years
+	} else if expire < time.Second {
+		expire = time.Second
+	}
+	rawURL, err := m.sign.PresignedGetObject(ctx, m.bucket, name, expire, query)
+	if err != nil {
+		return "", err
+	}
+	return rawURL.String(), nil
+}
+
 func (m *Minio) AccessURL(ctx context.Context, name string, expire time.Duration, opt *s3.AccessURLOption) (string, error) {
 	if err := m.initMinio(ctx); err != nil {
 		return "", err
@ -313,17 +390,123 @@ func (m *Minio) AccessURL(ctx context.Context, name string, expire time.Duration
 			reqParams.Set("response-content-type", opt.ContentType)
 		}
 		if opt.Filename != "" {
-			reqParams.Set("response-content-disposition", `attachment; filename="`+opt.Filename+`"`)
+			reqParams.Set("response-content-disposition", `attachment; filename=`+strconv.Quote(opt.Filename))
 		}
 	}
-	if expire <= 0 {
-		expire = time.Hour * 24 * 365 * 99 // 99 years
-	} else if expire < time.Second {
-		expire = time.Second
+	if opt.Image == nil || (opt.Image.Width < 0 && opt.Image.Height < 0 && opt.Image.Format == "") || (opt.Image.Width > maxImageWidth || opt.Image.Height > maxImageHeight) {
+		return m.presignedGetObject(ctx, name, expire, reqParams)
 	}
-	u, err := m.core.Client.PresignedGetObject(ctx, m.bucket, name, expire, reqParams)
+	fileInfo, err := m.StatObject(ctx, name)
 	if err != nil {
 		return "", err
 	}
-	return u.String(), nil
+	if fileInfo.Size > maxImageSize {
+		return "", errors.New("file size too large")
+	}
+	objectInfoPath := path.Join(pathInfo, fileInfo.ETag, "image.json")
+	var (
+		img  image.Image
+		info minioImageInfo
+	)
+	data, err := m.getObjectData(ctx, objectInfoPath, 1024)
+	if err == nil {
+		if err := json.Unmarshal(data, &info); err != nil {
+			return "", fmt.Errorf("unmarshal minio image info.json error: %w", err)
+		}
+		if info.NotImage {
+			return "", errors.New("not image")
+		}
+	} else if m.IsNotFound(err) {
+		reader, err := m.core.Client.GetObject(ctx, m.bucket, name, minio.GetObjectOptions{})
+		if err != nil {
+			return "", err
+		}
+		defer reader.Close()
+		imageInfo, format, err := ImageStat(reader)
+		if err == nil {
+			info.NotImage = false
+			info.Format = format
+			info.Width, info.Height = ImageWidthHeight(imageInfo)
+			img = imageInfo
+		} else {
+			info.NotImage = true
+		}
+		data, err := json.Marshal(&info)
+		if err != nil {
+			return "", err
+		}
+		if _, err := m.core.Client.PutObject(ctx, m.bucket, objectInfoPath, bytes.NewReader(data), int64(len(data)), minio.PutObjectOptions{}); err != nil {
+			return "", err
+		}
+	} else {
+		return "", err
+	}
+	if opt.Image.Width > info.Width || opt.Image.Width <= 0 {
+		opt.Image.Width = info.Width
+	}
+	if opt.Image.Height > info.Height || opt.Image.Height <= 0 {
+		opt.Image.Height = info.Height
+	}
+	opt.Image.Format = strings.ToLower(opt.Image.Format)
+	if opt.Image.Format == formatJpg {
+		opt.Image.Format = formatJpeg
+	}
+	switch opt.Image.Format {
+	case formatPng:
+	case formatJpeg:
+	case formatGif:
+	default:
+		if info.Format == formatGif {
+			opt.Image.Format = formatGif
+		} else {
+			opt.Image.Format = formatJpeg
+		}
+	}
+	reqParams.Set("response-content-type", "image/"+opt.Image.Format)
+	if opt.Image.Width == info.Width && opt.Image.Height == info.Height && opt.Image.Format == info.Format {
+		return m.presignedGetObject(ctx, name, expire, reqParams)
+	}
+	cacheKey := filepath.Join(pathInfo, fileInfo.ETag, fmt.Sprintf("image_w%d_h%d.%s", opt.Image.Width, opt.Image.Height, opt.Image.Format))
+	if _, err := m.core.Client.StatObject(ctx, m.bucket, cacheKey, minio.StatObjectOptions{}); err == nil {
+		return m.presignedGetObject(ctx, cacheKey, expire, reqParams)
+	} else if !m.IsNotFound(err) {
+		return "", err
+	}
+	if img == nil {
+		reader, err := m.core.Client.GetObject(ctx, m.bucket, name, minio.GetObjectOptions{})
+		if err != nil {
+			return "", err
+		}
+		defer reader.Close()
+		img, _, err = ImageStat(reader)
+		if err != nil {
+			return "", err
+		}
+	}
+	thumbnail := resizeImage(img, opt.Image.Width, opt.Image.Height)
+	buf := bytes.NewBuffer(nil)
+	switch opt.Image.Format {
+	case formatPng:
+		err = png.Encode(buf, thumbnail)
+	case formatJpeg:
+		err = jpeg.Encode(buf, thumbnail, nil)
+	case formatGif:
+		err = gif.Encode(buf, thumbnail, nil)
+	}
+	if _, err := m.core.Client.PutObject(ctx, m.bucket, cacheKey, buf, int64(buf.Len()), minio.PutObjectOptions{}); err != nil {
+		return "", err
+	}
+	return m.presignedGetObject(ctx, cacheKey, expire, reqParams)
+}
+
+func (m *Minio) getObjectData(ctx context.Context, name string, limit int64) ([]byte, error) {
+	object, err := m.core.Client.GetObject(ctx, m.bucket, name, minio.GetObjectOptions{})
+	if err != nil {
+		return nil, err
+	}
+	defer object.Close()
+	if limit < 0 {
+		return io.ReadAll(object)
+	}
+	return io.ReadAll(io.LimitReader(object, 1024))
 }
--- a/pkg/common/db/s3/minio/struct.go
+++ b/pkg/common/db/s3/minio/struct.go
@ -0,0 +1,8 @@
+package minio
+
+type minioImageInfo struct {
+	NotImage bool   `json:"notImage,omitempty"`
+	Width    int    `json:"width,omitempty"`
+	Height   int    `json:"height,omitempty"`
+	Format   string `json:"format,omitempty"`
+}
--- a/pkg/common/db/s3/oss/oss.go
+++ b/pkg/common/db/s3/oss/oss.go
@ -36,6 +36,19 @@ const (
 	maxNumSize  = 10000
 )

+const (
+	imagePng  = "png"
+	imageJpg  = "jpg"
+	imageJpeg = "jpeg"
+	imageGif  = "gif"
+	imageWebp = "webp"
+)
+
+const (
+	videoSnapshotImagePng = "png"
+	videoSnapshotImageJpg = "jpg"
+)
+
 func NewOSS() (s3.Interface, error) {
 	conf := config.Config.Object.Oss
 	if conf.BucketURL == "" {
@ -139,7 +152,7 @@ func (o *OSS) AuthSign(ctx context.Context, uploadID string, name string, expire
 	}
 	for i, partNumber := range partNumbers {
 		rawURL := fmt.Sprintf(`%s%s?partNumber=%d&uploadId=%s`, o.bucketURL, name, partNumber, uploadID)
-		request, err := http.NewRequestWithContext(ctx, http.MethodPut, rawURL, nil)
+		request, err := http.NewRequest(http.MethodPut, rawURL, nil)
 		if err != nil {
 			return nil, err
 		}
@ -150,12 +163,7 @@ func (o *OSS) AuthSign(ctx context.Context, uploadID string, name string, expire
 		request.Header.Set(oss.HTTPHeaderHost, request.Host)
 		request.Header.Set(oss.HTTPHeaderDate, now)
 		request.Header.Set(oss.HttpHeaderOssDate, now)
-		authorization := fmt.Sprintf(
-			`OSS %s:%s`,
-			o.credentials.GetAccessKeyID(),
-			o.getSignedStr(request, fmt.Sprintf(`/%s/%s?partNumber=%d&uploadId=%s`, o.bucket.BucketName, name, partNumber, uploadID), o.credentials.GetAccessKeySecret()),
-		)
-		request.Header.Set(oss.HTTPHeaderAuthorization, authorization)
+		ossSignHeader(o.bucket.Client.Conn, request, fmt.Sprintf(`/%s/%s?partNumber=%d&uploadId=%s`, o.bucket.BucketName, name, partNumber, uploadID))
 		delete(request.Header, oss.HTTPHeaderDate)
 		result.Parts[i] = s3.SignPart{
 			PartNumber: partNumber,
@ -266,11 +274,36 @@ func (o *OSS) ListUploadedParts(ctx context.Context, uploadID string, name strin
 func (o *OSS) AccessURL(ctx context.Context, name string, expire time.Duration, opt *s3.AccessURLOption) (string, error) {
 	var opts []oss.Option
 	if opt != nil {
+		if opt.Image != nil {
+			// 文档地址: https://help.aliyun.com/zh/oss/user-guide/resize-images-4?spm=a2c4g.11186623.0.0.4b3b1e4fWW6yji
+			var format string
+			switch opt.Image.Format {
+			case
+				imagePng,
+				imageJpg,
+				imageJpeg,
+				imageGif,
+				imageWebp:
+				format = opt.Image.Format
+			default:
+				opt.Image.Format = imageJpg
+			}
+			// https://oss-console-img-demo-cn-hangzhou.oss-cn-hangzhou.aliyuncs.com/example.jpg?x-oss-process=image/resize,h_100,m_lfit
+			process := "image/resize,m_lfit"
+			if opt.Image.Width > 0 {
+				process += ",w_" + strconv.Itoa(opt.Image.Width)
+			}
+			if opt.Image.Height > 0 {
+				process += ",h_" + strconv.Itoa(opt.Image.Height)
+			}
+			process += ",format," + format
+			opts = append(opts, oss.Process(process))
+		}
 		if opt.ContentType != "" {
 			opts = append(opts, oss.ResponseContentType(opt.ContentType))
 		}
 		if opt.Filename != "" {
-			opts = append(opts, oss.ResponseContentDisposition(`attachment; filename="`+opt.Filename+`"`))
+			opts = append(opts, oss.ResponseContentDisposition(`attachment; filename=`+strconv.Quote(opt.Filename)))
 		}
 	}
 	if expire <= 0 {
--- a/pkg/common/db/s3/oss/sign.go
+++ b/pkg/common/db/s3/oss/sign.go
@ -1,96 +1,11 @@
-// Copyright © 2023 OpenIM. All rights reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 package oss

 import (
-	"crypto/hmac"
-	"crypto/sha1"
-	"crypto/sha256"
-	"encoding/base64"
-	"hash"
-	"io"
 	"net/http"
-	"sort"
-	"strings"
+	_ "unsafe"

 	"github.com/aliyun/aliyun-oss-go-sdk/oss"
 )

-func (o *OSS) getAdditionalHeaderKeys(req *http.Request) ([]string, map[string]string) {
-	var keysList []string
-	keysMap := make(map[string]string)
-	srcKeys := make(map[string]string)
-
-	for k := range req.Header {
-		srcKeys[strings.ToLower(k)] = ""
-	}
-
-	for _, v := range o.bucket.Client.Config.AdditionalHeaders {
-		if _, ok := srcKeys[strings.ToLower(v)]; ok {
-			keysMap[strings.ToLower(v)] = ""
-		}
-	}
-
-	for k := range keysMap {
-		keysList = append(keysList, k)
-	}
-	sort.Strings(keysList)
-	return keysList, keysMap
-}
-
-func (o *OSS) getSignedStr(req *http.Request, canonicalizedResource string, keySecret string) string {
-	// Find out the "x-oss-"'s address in header of the request
-	ossHeadersMap := make(map[string]string)
-	additionalList, additionalMap := o.getAdditionalHeaderKeys(req)
-	for k, v := range req.Header {
-		if strings.HasPrefix(strings.ToLower(k), "x-oss-") {
-			ossHeadersMap[strings.ToLower(k)] = v[0]
-		} else if o.bucket.Client.Config.AuthVersion == oss.AuthV2 {
-			if _, ok := additionalMap[strings.ToLower(k)]; ok {
-				ossHeadersMap[strings.ToLower(k)] = v[0]
-			}
-		}
-	}
-	hs := newHeaderSorter(ossHeadersMap)
-
-	// Sort the ossHeadersMap by the ascending order
-	hs.Sort()
-
-	// Get the canonicalizedOSSHeaders
-	canonicalizedOSSHeaders := ""
-	for i := range hs.Keys {
-		canonicalizedOSSHeaders += hs.Keys[i] + ":" + hs.Vals[i] + "\n"
-	}
-
-	// Give other parameters values
-	// when sign URL, date is expires
-	date := req.Header.Get(oss.HTTPHeaderDate)
-	contentType := req.Header.Get(oss.HTTPHeaderContentType)
-	contentMd5 := req.Header.Get(oss.HTTPHeaderContentMD5)
-
-	// default is v1 signature
-	signStr := req.Method + "\n" + contentMd5 + "\n" + contentType + "\n" + date + "\n" + canonicalizedOSSHeaders + canonicalizedResource
-	h := hmac.New(func() hash.Hash { return sha1.New() }, []byte(keySecret))
-
-	// v2 signature
-	if o.bucket.Client.Config.AuthVersion == oss.AuthV2 {
-		signStr = req.Method + "\n" + contentMd5 + "\n" + contentType + "\n" + date + "\n" + canonicalizedOSSHeaders + strings.Join(additionalList, ";") + "\n" + canonicalizedResource
-		h = hmac.New(func() hash.Hash { return sha256.New() }, []byte(keySecret))
-	}
-	_, _ = io.WriteString(h, signStr)
-	signedStr := base64.StdEncoding.EncodeToString(h.Sum(nil))
-
-	return signedStr
-}
+//go:linkname ossSignHeader github.com/aliyun/aliyun-oss-go-sdk/oss.(*Conn).signHeader
+func ossSignHeader(c *oss.Conn, req *http.Request, canonicalizedResource string)
--- a/pkg/common/db/s3/oss/sort.go
+++ b/pkg/common/db/s3/oss/sort.go
@ -1,61 +0,0 @@
-// Copyright © 2023 OpenIM. All rights reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package oss
-
-import (
-	"bytes"
-	"sort"
-)
-
-// headerSorter defines the key-value structure for storing the sorted data in signHeader.
-type headerSorter struct {
-	Keys []string
-	Vals []string
-}
-
-// newHeaderSorter is an additional function for function SignHeader.
-func newHeaderSorter(m map[string]string) *headerSorter {
-	hs := &headerSorter{
-		Keys: make([]string, 0, len(m)),
-		Vals: make([]string, 0, len(m)),
-	}
-
-	for k, v := range m {
-		hs.Keys = append(hs.Keys, k)
-		hs.Vals = append(hs.Vals, v)
-	}
-	return hs
-}
-
-// Sort is an additional function for function SignHeader.
-func (hs *headerSorter) Sort() {
-	sort.Sort(hs)
-}
-
-// Len is an additional function for function SignHeader.
-func (hs *headerSorter) Len() int {
-	return len(hs.Vals)
-}
-
-// Less is an additional function for function SignHeader.
-func (hs *headerSorter) Less(i, j int) bool {
-	return bytes.Compare([]byte(hs.Keys[i]), []byte(hs.Keys[j])) < 0
-}
-
-// Swap is an additional function for function SignHeader.
-func (hs *headerSorter) Swap(i, j int) {
-	hs.Vals[i], hs.Vals[j] = hs.Vals[j], hs.Vals[i]
-	hs.Keys[i], hs.Keys[j] = hs.Keys[j], hs.Keys[i]
-}
--- a/pkg/common/db/s3/s3.go
+++ b/pkg/common/db/s3/s3.go
@ -116,9 +116,16 @@ type ListUploadedPartsResult struct {
 	UploadedParts        []UploadedPart `xml:"Part"`
 }

+type Image struct {
+	Format string `json:"format"`
+	Width  int    `json:"width"`
+	Height int    `json:"height"`
+}
+
 type AccessURLOption struct {
 	ContentType string `json:"contentType"`
 	Filename    string `json:"filename"`
+	Image       *Image `json:"image"`
 }

 type Interface interface {
--- a/pkg/common/db/unrelation/user.go
+++ b/pkg/common/db/unrelation/user.go
@ -16,12 +16,14 @@ package unrelation

 import (
 	"context"
-	"github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/table/unrelation"
+
 	"github.com/OpenIMSDK/tools/errs"
 	"github.com/OpenIMSDK/tools/utils"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
+
+	"github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/table/unrelation"
 )

 // prefixes and suffixes.