Open-IM-Server/internal/api/third/ali_oss_credential.go

package apiThird

import (
	api "Open_IM/pkg/base_info"
	"Open_IM/pkg/common/config"
	"Open_IM/pkg/common/constant"
	"Open_IM/pkg/common/log"
	"Open_IM/pkg/common/token_verify"
	"fmt"
	openapi "github.com/alibabacloud-go/darabonba-openapi/client"
	sts20150401 "github.com/alibabacloud-go/sts-20150401/client"
	"github.com/alibabacloud-go/tea/tea"
	"github.com/fatih/structs"

	//"github.com/fatih/structs"
	"github.com/gin-gonic/gin"
	"net/http"
	"time"
)

var stsClient *sts20150401.Client

/**
 * 使用AK&SK初始化账号Client
 * @param accessKeyId
 * @param accessKeySecret
 * @return Client
 * @throws Exception
 */
func getStsClient() *sts20150401.Client {
	if stsClient != nil {
		return stsClient
	}
	conf := &openapi.Config{
		// 您的AccessKey ID
		AccessKeyId: tea.String(config.Config.Credential.Ali.AccessKeyID),
		// 您的AccessKey Secret
		AccessKeySecret: tea.String(config.Config.Credential.Ali.AccessKeySecret),
		// Endpoint
		Endpoint: tea.String(config.Config.Credential.Ali.StsEndpoint),
	}
	result, err := sts20150401.NewClient(conf)
	if err != nil {
		log.NewError("", "alists client初始化失败 ", err)
	}
	stsClient = result
	return stsClient
}

func AliOSSCredential(c *gin.Context) {
	req := api.OSSCredentialReq{}
	if err := c.BindJSON(&req); err != nil {
		log.NewError("0", "BindJSON failed ", err.Error())
		c.JSON(http.StatusBadRequest, gin.H{"errCode": 400, "errMsg": err.Error()})
		return
	}

	var ok bool
	var userID string
	var errInfo string
	ok, userID, errInfo = token_verify.GetUserIDFromToken(c.Request.Header.Get("token"), req.OperationID)
	if !ok {
		errMsg := req.OperationID + " " + "GetUserIDFromToken failed " + errInfo + " token:" + c.Request.Header.Get("token")
		log.NewError(req.OperationID, errMsg)
		c.JSON(http.StatusInternalServerError, gin.H{"errCode": 500, "errMsg": errMsg})
		return
	}

	log.NewInfo(req.OperationID, "AliOSSCredential args ", userID)

	stsResp, err := getStsClient().AssumeRole(&sts20150401.AssumeRoleRequest{
		DurationSeconds: tea.Int64(config.Config.Credential.Ali.StsDurationSeconds),
		Policy:          nil,
		RoleArn:         tea.String(config.Config.Credential.Ali.OssRoleArn),
		RoleSessionName: tea.String(fmt.Sprintf("%s-%d", userID, time.Now().Unix())),
	})

	resp := api.OSSCredentialResp{}
	if err != nil {
		resp.ErrCode = constant.ErrTencentCredential.ErrCode
		resp.ErrMsg = err.Error()
	} else {
		resp = api.OSSCredentialResp{
			CommResp: api.CommResp{},
			OssData: api.OSSCredentialRespData{
				Endpoint:        config.Config.Credential.Ali.OssEndpoint,
				AccessKeyId:     *stsResp.Body.Credentials.AccessKeyId,
				AccessKeySecret: *stsResp.Body.Credentials.AccessKeySecret,
				Token:           *stsResp.Body.Credentials.SecurityToken,
				Bucket:          config.Config.Credential.Ali.Bucket,
				FinalHost:       config.Config.Credential.Ali.FinalHost,
			},
			Data: nil,
		}
	}

	resp.Data = structs.Map(&resp.OssData)
	log.NewInfo(req.OperationID, "AliOSSCredential return ", resp)

	c.JSON(http.StatusOK, resp)
}