Feat: file uploading token sign for remote policy

5 years ago · cf8b5f4d1e
parent 132c7a8fcb
commit cf8b5f4d1e
15 changed files with 377 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -21,4 +21,4 @@ version.lock
 # Config file
 *.ini
-/conf/conf.ini
+conf/conf.ini
--- a/models/migration.go
+++ b/models/migration.go
@ -103,6 +103,8 @@ solid #e9e9e9;"bgcolor="#fff"><tbody><tr style="font-family: 'Helvetica Neue',He
 		{Name: "archive_timeout", Value: `30`, Type: "timeout"},
 		{Name: "download_timeout", Value: `30`, Type: "timeout"},
 		{Name: "doc_preview_timeout", Value: `60`, Type: "timeout"},
 		{Name: "upload_credential_timeout", Value: `1800`, Type: "timeout"},
 		{Name: "upload_session_timeout", Value: `86400`, Type: "timeout"},
 		{Name: "allowdVisitorDownload", Value: `false`, Type: "share"},
 		{Name: "login_captcha", Value: `0`, Type: "login"},
 		{Name: "qq_login", Value: `0`, Type: "login"},
--- a/pkg/filesystem/filesystem.go
+++ b/pkg/filesystem/filesystem.go
@ -5,7 +5,9 @@ import (
 	"github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/conf"
 	"github.com/HFO4/cloudreve/pkg/filesystem/local"
 	"github.com/HFO4/cloudreve/pkg/filesystem/remote"
 	"github.com/HFO4/cloudreve/pkg/filesystem/response"
 	"github.com/HFO4/cloudreve/pkg/serializer"
 	"github.com/gin-gonic/gin"
 	"io"
 	"net/url"
@ -39,6 +41,9 @@ type Handler interface {
 	// url - 站点本身地址,
 	// isDownload - 是否直接下载
 	Source(ctx context.Context, path string, url url.URL, ttl int64, isDownload bool) (string, error)
 	// Token 获取有效期为ttl的上传凭证和签名，同时回调会话有效期为sessionTTL
 	Token(ctx context.Context, ttl int64, callbackKey string) (serializer.UploadCredential, error)
 }
 // FileSystem 管理文件的文件系统
@ -124,6 +129,11 @@ func (fs *FileSystem) dispatchHandler() error {
 			Policy: currentPolicy,
 		}
 		return nil
 	case "remote":
 		fs.Handler = remote.Handler{
 			Policy: currentPolicy,
 		}
 		return nil
 	default:
 		return ErrUnknownPolicyType
 	}
--- a/pkg/filesystem/filesystem_test.go
+++ b/pkg/filesystem/filesystem_test.go
@ -4,6 +4,7 @@ import (
 	"github.com/DATA-DOG/go-sqlmock"
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/filesystem/local"
 	"github.com/HFO4/cloudreve/pkg/filesystem/remote"
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/assert"
 	"net/http/httptest"
@ -19,9 +20,17 @@ func TestNewFileSystem(t *testing.T) {
 		},
 	}
 	// 本地 成功
 	fs, err := NewFileSystem(&user)
 	asserts.NoError(err)
 	asserts.NotNil(fs.Handler)
 	asserts.IsType(local.Handler{}, fs.Handler)
 	// 远程
 	user.Policy.Type = "remote"
 	fs, err = NewFileSystem(&user)
 	asserts.NoError(err)
 	asserts.NotNil(fs.Handler)
 	asserts.IsType(remote.Handler{}, fs.Handler)
 	user.Policy.Type = "unknown"
 	fs, err = NewFileSystem(&user)
--- a/pkg/filesystem/local/handler.go
+++ b/pkg/filesystem/local/handler.go
@ -160,3 +160,9 @@ func (handler Handler) Source(
 	finalURL := baseURL.ResolveReference(signedURI).String()
 	return finalURL, nil
 }
 // Token 获取上传策略和认证Token，本地策略直接返回空值
 // TODO 测试
 func (handler Handler) Token(ctx context.Context, ttl int64, key string) (serializer.UploadCredential, error) {
 	return serializer.UploadCredential{}, nil
 }
--- a/pkg/filesystem/local/handller_test.go
+++ b/pkg/filesystem/local/handller_test.go
@ -184,3 +184,11 @@ func TestHandler_GetDownloadURL(t *testing.T) {
 		asserts.Empty(downloadURL)
 	}
 }
 func TestHandler_Token(t *testing.T) {
 	asserts := assert.New(t)
 	handler := Handler{}
 	ctx := context.Background()
 	_, err := handler.Token(ctx, 10, "123")
 	asserts.NoError(err)
 }
--- a/pkg/filesystem/remote/handler.go
+++ b/pkg/filesystem/remote/handler.go
@ -0,0 +1,92 @@
 package remote
 // TODO 测试
 import (
 	"context"
 	"errors"
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/auth"
 	"github.com/HFO4/cloudreve/pkg/filesystem/response"
 	"github.com/HFO4/cloudreve/pkg/serializer"
 	"io"
 	"net/http"
 	"net/url"
 	"time"
 )
 // Handler 远程存储策略适配器
 type Handler struct {
 	Policy *model.Policy
 }
 // Get 获取文件内容
 func (handler Handler) Get(ctx context.Context, path string) (response.RSCloser, error) {
 	return nil, nil
 }
 // Put 将文件流保存到指定目录
 func (handler Handler) Put(ctx context.Context, file io.ReadCloser, dst string, size uint64) error {
 	return errors.New("远程策略不支持此上传方式")
 }
 // Delete 删除一个或多个文件，
 // 返回未删除的文件，及遇到的最后一个错误
 func (handler Handler) Delete(ctx context.Context, files []string) ([]string, error) {
 	return []string{}, nil
 }
 // Thumb 获取文件缩略图
 func (handler Handler) Thumb(ctx context.Context, path string) (*response.ContentResponse, error) {
 	return nil, nil
 }
 // Source 获取外链URL
 func (handler Handler) Source(
 	ctx context.Context,
 	path string,
 	baseURL url.URL,
 	ttl int64,
 	isDownload bool,
 ) (string, error) {
 	return "", errors.New("暂未实现")
 }
 // Token 获取上传策略和认证Token
 // TODO 测试
 func (handler Handler) Token(ctx context.Context, TTL int64, key string) (serializer.UploadCredential, error) {
 	// 生成回调地址
 	siteURL := model.GetSiteURL()
 	apiBaseURI, _ := url.Parse("/api/v3/callback/upload/" + key)
 	apiURL := siteURL.ResolveReference(apiBaseURI)
 	// 生成上传策略
 	policy := serializer.UploadPolicy{
 		SavePath:         handler.Policy.DirNameRule,
 		FileName:         handler.Policy.FileNameRule,
 		AutoRename:       handler.Policy.AutoRename,
 		MaxSize:          handler.Policy.MaxSize,
 		AllowedExtension: handler.Policy.OptionsSerialized.FileType,
 		CallbackURL:      apiURL.String(),
 	}
 	policyEncoded, err := policy.EncodeUploadPolicy()
 	if err != nil {
 		return serializer.UploadCredential{}, err
 	}
 	// 签名上传策略
 	uploadRequest, _ := http.NewRequest("POST", "/api/v3/slave/upload", nil)
 	uploadRequest.Header = map[string][]string{
 		"X-Policy": {policyEncoded},
 	}
 	auth.SignRequest(uploadRequest, time.Now().Unix()+TTL)
 	if credential, ok := uploadRequest.Header["Authorization"]; ok && len(credential) == 1 {
 		return serializer.UploadCredential{
 			Token:  credential[0],
 			Policy: policyEncoded,
 		}, nil
 	}
 	return serializer.UploadCredential{}, errors.New("无法签名上传策略")
 }
--- a/pkg/filesystem/remote/handler_test.go
+++ b/pkg/filesystem/remote/handler_test.go
@ -0,0 +1,43 @@
 package remote
 import (
 	"context"
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/auth"
 	"github.com/HFO4/cloudreve/pkg/cache"
 	"github.com/HFO4/cloudreve/pkg/serializer"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
 func TestHandler_Token(t *testing.T) {
 	asserts := assert.New(t)
 	handler := Handler{
 		Policy: &model.Policy{
 			MaxSize:      10,
 			AutoRename:   true,
 			DirNameRule:  "dir",
 			FileNameRule: "file",
 			OptionsSerialized: model.PolicyOption{
 				FileType: []string{"txt"},
 			},
 		},
 	}
 	ctx := context.Background()
 	auth.General = auth.HMACAuth{SecretKey: []byte("test")}
 	// 成功
 	{
 		cache.Set("setting_siteURL", "http://test.cloudreve.org", 0)
 		credential, err := handler.Token(ctx, 10, "123")
 		asserts.NoError(err)
 		policy, err := serializer.DecodeUploadPolicy(credential.Policy)
 		asserts.NoError(err)
 		asserts.Equal(uint64(10), policy.MaxSize)
 		asserts.Equal(true, policy.AutoRename)
 		asserts.Equal("dir", policy.SavePath)
 		asserts.Equal("file", policy.FileName)
 		asserts.Equal([]string{"txt"}, policy.AllowedExtension)
 	}
 }
--- a/pkg/filesystem/upload.go
+++ b/pkg/filesystem/upload.go
@ -3,11 +3,13 @@ package filesystem
 import (
 	"context"
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/cache"
 	"github.com/HFO4/cloudreve/pkg/filesystem/fsctx"
 	"github.com/HFO4/cloudreve/pkg/serializer"
 	"github.com/HFO4/cloudreve/pkg/util"
 	"github.com/gin-gonic/gin"
 	"path/filepath"
 	"strconv"
 )
 /* ================
@ -135,3 +137,52 @@ func (fs *FileSystem) CancelUpload(ctx context.Context, path string, file FileHe
 	}
 }
 // GetUploadToken 生成新的上传凭证
 func (fs *FileSystem) GetUploadToken(ctx context.Context, path string, size uint64) (*serializer.UploadCredential, error) {
 	// 获取相关有效期设置
 	ttls := model.GetSettingByNames([]string{"upload_credential_timeout", "upload_session_timeout"})
 	var (
 		err                error
 		credentialTTL      int64 = 3600
 		callBackSessionTTL int64 = 86400
 	)
 	// 获取上传凭证的有效期
 	if ttlStr, ok := ttls["upload_credential_timeout"]; ok {
 		credentialTTL, err = strconv.ParseInt(ttlStr, 10, 64)
 		if err != nil {
 			return nil, serializer.NewError(serializer.CodeInternalSetting, "上传凭证有效期设置无效", err)
 		}
 	}
 	// 获取回调会话的有效期
 	if ttlStr, ok := ttls["upload_session_timeout"]; ok {
 		callBackSessionTTL, err = strconv.ParseInt(ttlStr, 10, 64)
 		if err != nil {
 			return nil, serializer.NewError(serializer.CodeInternalSetting, "上传会话有效期设置无效", err)
 		}
 	}
 	// 获取上传凭证
 	callbackKey := util.RandStringRunes(32)
 	credential, err := fs.Handler.Token(ctx, credentialTTL, callbackKey)
 	if err != nil {
 		return nil, serializer.NewError(serializer.CodeEncryptError, "无法获取上传凭证", err)
 	}
 	// 创建回调会话
 	err = cache.Set(
 		"callback_"+callbackKey,
 		serializer.UploadSession{
 			UID:         fs.User.ID,
 			VirtualPath: path,
 		},
 		int(callBackSessionTTL),
 	)
 	if err != nil {
 		return nil, err
 	}
 	return &credential, nil
 }
--- a/pkg/filesystem/upload_test.go
+++ b/pkg/filesystem/upload_test.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	model "github.com/HFO4/cloudreve/models"
 	"github.com/HFO4/cloudreve/pkg/cache"
 	"github.com/HFO4/cloudreve/pkg/filesystem/fsctx"
 	"github.com/HFO4/cloudreve/pkg/filesystem/local"
 	"github.com/HFO4/cloudreve/pkg/filesystem/response"
@ -48,6 +49,11 @@ func (m FileHeaderMock) Source(ctx context.Context, path string, url url.URL, ex
 	return args.Get(0).(string), args.Error(1)
 }
 func (m FileHeaderMock) Token(ctx context.Context, expires int64, key string) (serializer.UploadCredential, error) {
 	args := m.Called(ctx, expires, key)
 	return args.Get(0).(serializer.UploadCredential), args.Error(1)
 }
 func TestFileSystem_Upload(t *testing.T) {
 	asserts := assert.New(t)
@ -159,3 +165,60 @@ func TestFileSystem_GenerateSavePath_Anonymous(t *testing.T) {
 	asserts.Len(savePath, 26)
 	asserts.Contains(savePath, "test.test")
 }
 func TestFileSystem_GetUploadToken(t *testing.T) {
 	asserts := assert.New(t)
 	fs := FileSystem{User: &model.User{Model: gorm.Model{ID: 1}}}
 	ctx := context.Background()
 	// 成功
 	{
 		cache.SetSettings(map[string]string{
 			"upload_credential_timeout": "10",
 			"upload_session_timeout":    "10",
 		}, "setting_")
 		testHandller := new(FileHeaderMock)
 		testHandller.On("Token", testMock.Anything, int64(10), testMock.Anything).Return(serializer.UploadCredential{Token: "test"}, nil)
 		fs.Handler = testHandller
 		res, err := fs.GetUploadToken(ctx, "/", 10)
 		testHandller.AssertExpectations(t)
 		asserts.NoError(err)
 		asserts.Equal("test", res.Token)
 	}
 	// 无法获取上传凭证
 	{
 		cache.SetSettings(map[string]string{
 			"upload_credential_timeout": "10",
 			"upload_session_timeout":    "10",
 		}, "setting_")
 		testHandller := new(FileHeaderMock)
 		testHandller.On("Token", testMock.Anything, int64(10), testMock.Anything).Return(serializer.UploadCredential{}, errors.New("error"))
 		fs.Handler = testHandller
 		_, err := fs.GetUploadToken(ctx, "/", 10)
 		testHandller.AssertExpectations(t)
 		asserts.Error(err)
 	}
 	// 上传有效期错误
 	{
 		cache.SetSettings(map[string]string{
 			"upload_credential_timeout": "？10",
 			"upload_session_timeout":    "10",
 		}, "setting_")
 		_, err := fs.GetUploadToken(ctx, "/", 10)
 		asserts.Error(err)
 	}
 	// 上传会话有效期错误
 	{
 		cache.SetSettings(map[string]string{
 			"upload_credential_timeout": "10",
 			"upload_session_timeout":    "？10",
 		}, "setting_")
 		_, err := fs.GetUploadToken(ctx, "/", 10)
 		asserts.Error(err)
 	}
 }
--- a/pkg/serializer/upload.go
+++ b/pkg/serializer/upload.go
@ -2,6 +2,7 @@ package serializer
 import (
 	"encoding/base64"
 	"encoding/gob"
 	"encoding/json"
 )
@ -13,11 +14,25 @@ type UploadPolicy struct {
 	MaxSize          uint64   `json:"max_size"`
 	AllowedExtension []string `json:"allowed_extension"`
 	CallbackURL      string   `json:"callback_url"`
-	CallbackKey      string   `json:"callback_key"`
+}
 // UploadCredential 返回给客户端的上传凭证
 type UploadCredential struct {
 	Token  string `json:"token"`
 	Policy string `json:"policy"`
 }
 // UploadSession 上传会话
 type UploadSession struct {
 	UID         uint
 	VirtualPath string
 }
 func init() {
 	gob.Register(UploadSession{})
 }
 // DecodeUploadPolicy 反序列化Header中携带的上传策略
 // TODO 测试
 func DecodeUploadPolicy(raw string) (*UploadPolicy, error) {
 	var res UploadPolicy
@ -33,3 +48,16 @@ func DecodeUploadPolicy(raw string) (*UploadPolicy, error) {
 	return &res, err
 }
 // EncodeUploadPolicy 序列化Header中携带的上传策略
 // TODO 测试
 func (policy *UploadPolicy) EncodeUploadPolicy() (string, error) {
 	jsonRes, err := json.Marshal(policy)
 	if err != nil {
 		return "", err
 	}
 	res := base64.StdEncoding.EncodeToString(jsonRes)
 	return res, nil
 }
--- a/pkg/serializer/upload_test.go
+++ b/pkg/serializer/upload_test.go
@ -33,10 +33,10 @@ func TestDecodeUploadPolicy(t *testing.T) {
 			&UploadPolicy{},
 		},
 		{
-			"eyJjYWxsYmFja19rZXkiOiJ0ZXN0In0=",
+			"eyJjYWxsYmFja191cmwiOiJ0ZXN0In0=",
 			false,
 			false,
-			&UploadPolicy{CallbackKey: "test"},
+			&UploadPolicy{CallbackURL: "test"},
 		},
 	}
@ -53,3 +53,11 @@ func TestDecodeUploadPolicy(t *testing.T) {
 		}
 	}
 }
 func TestUploadPolicy_EncodeUploadPolicy(t *testing.T) {
 	asserts := assert.New(t)
 	testPolicy := UploadPolicy{}
 	res, err := testPolicy.EncodeUploadPolicy()
 	asserts.NoError(err)
 	asserts.NotEmpty(res)
 }
--- a/routers/controllers/file.go
+++ b/routers/controllers/file.go
@ -283,3 +283,18 @@ func FileUploadStream(c *gin.Context) {
 		Code: 0,
 	})
 }
 // GetUploadCredential 获取上传凭证
 func GetUploadCredential(c *gin.Context) {
 	// 创建上下文
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 	var service explorer.UploadCredentialService
 	if err := c.ShouldBindQuery(&service); err == nil {
 		res := service.Get(ctx, c)
 		c.JSON(200, res)
 	} else {
 		c.JSON(200, ErrorResponse(err))
 	}
 }
--- a/routers/router.go
+++ b/routers/router.go
@ -139,6 +139,8 @@ func InitMasterRouter() *gin.Engine {
 			{
 				// 文件上传
 				file.POST("upload", controllers.FileUploadStream)
 				// 获取上传凭证
 				file.GET("upload/credential", controllers.GetUploadCredential)
 				// 更新文件
 				file.PUT("update/*path", controllers.PutContent)
 				// 创建文件下载会话
--- a/service/explorer/upload.go
+++ b/service/explorer/upload.go
@ -0,0 +1,35 @@
 package explorer
 import (
 	"context"
 	"github.com/HFO4/cloudreve/pkg/filesystem"
 	"github.com/HFO4/cloudreve/pkg/filesystem/fsctx"
 	"github.com/HFO4/cloudreve/pkg/serializer"
 	"github.com/gin-gonic/gin"
 )
 // UploadCredentialService 获取上传凭证服务
 type UploadCredentialService struct {
 	Path string `form:"path" binding:"required"`
 	Size uint64 `form:"size" binding:"required,min=0"`
 }
 // Get 获取新的上传凭证
 func (service *UploadCredentialService) Get(ctx context.Context, c *gin.Context) serializer.Response {
 	// 创建文件系统
 	fs, err := filesystem.NewFileSystemFromContext(c)
 	if err != nil {
 		return serializer.Err(serializer.CodePolicyNotAllowed, err.Error(), err)
 	}
 	ctx = context.WithValue(ctx, fsctx.GinCtx, c)
 	credential, err := fs.GetUploadToken(ctx, service.Path, service.Size)
 	if err != nil {
 		return serializer.Err(serializer.CodeNotSet, err.Error(), err)
 	}
 	return serializer.Response{
 		Code: 0,
 		Data: credential,
 	}
 }