cos直传

application/api/controller/Upload.php

@@ -30,7 +30,7 @@ class Upload extends Api
             'secretKey'       => $cos_config['secretKey'], // 固定密钥
             'bucket'          => $cos_config['bucket'], // 换成你的 bucket
             'region'          => $cos_config['region'], // 换成 bucket 所在园区
-            'durationSeconds' => $cos_config['expire'], // 密钥有效期
+            'durationSeconds' => 1800, // 密钥有效期
             'allowPrefix'     => '*', // 这里改成允许的路径前缀，可以根据自己网站的用户登录态判断允许上传的具体路径，例子： a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
             // 密钥的权限列表。简单上传和分片需要以下的权限，其他权限列表请看 https://cloud.tencent.com/document/product/436/31923
             'allowActions' => array (

application/common/library/Auth.php

@@ -26,7 +26,7 @@ class Auth
     //默认配置
     protected $config = [];
     protected $options = [];
-    protected $allowFields = ['id', 'username', 'nickname', 'mobile', 'avatar', 'gender', 'createtime'];
+    protected $allowFields = ['id', 'username', 'nickname', 'mobile', 'avatar', 'gender', 'createtime' ,'idcard_status'];
 
     public function __construct($options = [])
     {

application/config.php

@@ -329,7 +329,7 @@ return [
     ],
 
     //腾讯cos
-    'cos'                  => [
+    /*'cos'                  => [
         'appid' => '',
         // 链接
         'url'         => '',
@@ -346,7 +346,7 @@ return [
         // 允许的路径前缀，可以根据自己网站的用户登录态判断允许上传的具体路径，例子： a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
         'allowPrefix'      => '*',
 
-    ],
+    ],*/
 
     //开放平台的
     'wechat_app_login' => [

vendor/qcloud/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 腾讯云
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendor/qcloud/README.md

@@ -0,0 +1,61 @@
+## 获取 SDK
+
+- composer 安装
+```
+创建composer.json的文件，内容如下：
+{
+    "require":{
+        "qcloud_sts/qcloud-sts-sdk": "3.0.*"
+    }
+}
+```
+
+## 查看示例
+
+请查看 [demo 示例](https://github.com/tencentyun/qcloud-cos-sts-sdk/tree/master/php/demo)，里面描述了如何调用SDK。
+
+## 接口说明
+
+### getTempKeys
+
+获取临时密钥接口
+
+### 参数说明
+
+|字段|类型|描述|
+| ---- | ---- | ---- |
+|secretId|string| 云 API 密钥 Id|
+|secretKey|string| 云 API 密钥 key|
+|durationSeconds|long| 要申请的临时密钥最长有效时间，单位秒，默认 1800，最大可设置 7200 |
+|bucket|string| 存储桶名称：bucketName-appid, 如 test-125000000|
+|region|string| 存储桶所属地域，如 ap-guangzhou|
+|allowPrefix|string|资源的前缀，如授予操作所有资源，则为`*`；如授予操作某个路径a下的所有资源,则为 `a/*`，如授予只能操作特定的文件a/test.jpg, 则为`a/test.jpg`|
+|allowActions|array| 授予 COS API 权限集合, 如简单上传操作：name/cos:PutObject|
+|policy|array| 策略：由 allowActions、bucket、region、allowPrefix字段组成的描述授权的具体信息|
+
+### 返回值说明
+
+|字段|类型|描述|
+| ---- | ---- | ---- |
+|credentials | string | 临时密钥信息 |
+|tmpSecretId | string | 临时密钥 Id，可用于计算签名 |
+|tmpSecretKey | string | 临时密钥 Key，可用于计算签名 |
+|sessionToken | string | 请求时需要用的 token 字符串，最终请求 COS API 时，需要放在 Header 的 x-cos-security-token 字段 |
+|startTime | string | 密钥的起止时间，是 UNIX 时间戳 |
+|expiredTime | string | 密钥的失效时间，是 UNIX 时间戳 |
+
+### 返回数据示例
+
+```
+{
+	"expiredTime": 1589258683,
+	"expiration": "2020-05-12T04:44:43Z",
+	"credentials": {
+		"sessionToken": "Biypn6exa48PpMe7wFerEnNMpBKKPQo180c57e0a5275ebae506d7851a85f36a4P0TV5UFR3FYJjsoZA1tk6uRKoDRzc6-60BmwLqdS75OhjHEa7GlVYpL_ofKQJTpPKziKX7FnI10D_6qtLdjzf2NdsyUtQEd5kPpDCOQJZn9-BpleqWQe8oyH_2u7xi2f0FtjCYaoGIZ_lUqlILXQwr0B0t3hLfL4xNE-EmVjUlUXa16HxVCn4_hJetqo9LmI0AgLOjCbYx9aVrsV10eDsRta-TQSIXmJNP3aJ6oz8d8GBTgTE1I2qSFDnv9pjtQKW8HZWI_glPIfmHXCCwAESxEFL_owGz839Va0qYhF6LkfVmsuoU1zNcvJR1w3cIE6izV3SKHaOtWaew3IOervuOPoN3S2oYGNwv2EavtDAWyUBIeI7X6nMVzlpnyJ-3bkIhOq9QVIQAs8wh5A0u9mvKWugT5t6qgyEgvEZSj9k6p-JjwxMgLC6s5uK1i_nnf4fN7ZQ6I-JAfHnH4jEDiVtJgXqfuWPX_vnzskyR2Co6E",
+		"tmpSecretId": "AKIDTRPc-oe6c_avPSRwFVsPDyy3IoAr3szMajlOGuoEXY1232YLy6j4f-xZ5zL-NBMG",
+		"tmpSecretKey": "2v29SZztGYk6SGwHYm\/chJXdD3zPRFasmPoJiCmlR\/I="
+	},
+	"requestId": "69ef6295-b981-464d-9816-9c2ef92189d1",
+	"startTime": 1589256883
+}
+```

vendor/qcloud/composer.json

@@ -0,0 +1,23 @@
+{
+    "name": "tencent/qcloud-sts-sdk",
+    "description": "PHP SDK for QCloud STS",
+    "keywords": [
+        "qcloud", "sts", "cos", "php"
+    ],
+	"homepage": "https://github.com/tencentyun/qcloud-cos-sts-sdk",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "qcloudterminal",
+            "email": "qcloudterminal@gmail.com"
+        }
+    ],
+    "autoload": {
+      "psr-4": {
+        "QCloud\\COSSTS\\": "src"
+      }
+    },
+    "require": {
+        "php": ">=5.3.0"
+    }
+}

vendor/qcloud/src/Scope.php

@@ -0,0 +1,54 @@
+<?php
+
+class Scope{
+	var $action;
+	var $bucket;
+	var $region;
+	var $resourcePrefix;
+	var $effect = 'allow';
+	function __construct($action, $bucket, $region, $resourcePrefix){
+		$this->action = $action;
+		$this->bucket = $bucket;
+		$this->region = $region;
+		$this->resourcePrefix = $resourcePrefix;
+	}
+	
+	function set_effect($isAllow){
+		if($isAllow){
+			$this->effect = 'allow';
+		}else{
+			$this->effect = 'deny';
+		}
+	}
+	
+	function get_action(){
+		if($this->action == null){
+			throw new \Exception("action == null");
+		}
+		return $this->action;
+	}
+	
+	function get_resource(){
+		if($this->bucket == null){
+			throw new \Exception("bucket == null");
+		}
+		if($this->resourcePrefix == null){
+			throw new \Exception("resourcePrefix == null");
+		}
+		$index = strripos($this->bucket, '-');
+		if($index < 0){
+			throw new Exception("bucket is invalid: " + $this->bucket);
+		}
+		$appid = substr($this->bucket, $index + 1);
+		if(!(strpos($this->resourcePrefix, '/') === 0)){
+			$this->resourcePrefix = '/' . $this->resourcePrefix;
+		}
+		return 'qcs::cos:' . $this->region . ':uid/' . $appid . ':' . $this->bucket . $this->resourcePrefix;
+	}
+	
+	function get_effect(){
+		return $this->effect;
+	}
+}
+
+?>

vendor/qcloud/src/Sts.php

@@ -0,0 +1,169 @@
+<?php
+
+class Sts{
+    // 临时密钥计算样例
+
+    function _hex2bin($data) {
+        $len = strlen($data);
+        return pack("H" . $len, $data);
+    }
+    // obj 转 query string
+    function json2str($obj, $notEncode = false) {
+        ksort($obj);
+        $arr = array();
+        if(!is_array($obj)){
+            throw new \Exception('$obj must be an array, the actual value is:' . json_encode($obj));
+        }
+        foreach ($obj as $key => $val) {
+            array_push($arr, $key . '=' . ($notEncode ? $val : rawurlencode($val)));
+        }
+        return join('&', $arr);
+    }
+    // 计算临时密钥用的签名
+    function getSignature($opt, $key, $method, $config) {
+        $formatString = $method . $config['domain'] . '/?' . $this->json2str($opt, 1);
+        $sign = hash_hmac('sha1', $formatString, $key);
+        $sign = base64_encode($this->_hex2bin($sign));
+        return $sign;
+    }
+    // v2接口的key首字母小写，v3改成大写，此处做了向下兼容
+    function backwardCompat($result) {
+        if(!is_array($result)){
+            throw new \Exception('$result must be an array, the actual value is:' . json_encode($result));
+        }
+        $compat = array();
+        foreach ($result as $key => $value) {
+            if(is_array($value)) {
+                $compat[lcfirst($key)] = $this->backwardCompat($value);
+            } elseif ($key == 'Token') {
+                $compat['sessionToken'] = $value;
+            } else {
+                $compat[lcfirst($key)] = $value;
+            }
+        }
+        return $compat;
+    }
+    // 获取临时密钥
+    function getTempKeys($config) {
+        $result = null;
+        try{
+            if(array_key_exists('policy', $config)){
+                $policy = $config['policy'];
+            }else{
+                if(array_key_exists('bucket', $config)){
+                    $ShortBucketName = substr($config['bucket'],0, strripos($config['bucket'], '-'));
+                    $AppId = substr($config['bucket'], 1 + strripos($config['bucket'], '-'));
+                }else{
+                    throw new \Exception("bucket== null");
+                }
+                if(array_key_exists('allowPrefix', $config)){
+                    if(!(strpos($config['allowPrefix'], '/') === 0)){
+                        $config['allowPrefix'] = '/' . $config['allowPrefix'];
+                    }
+                }else{
+                    throw new \Exception("allowPrefix == null");
+                }
+                if(!array_key_exists('region', $config)) {
+                    throw new \Exception("region == null");
+                }
+                $policy = array(
+                    'version'=> '2.0',
+                    'statement'=> array(
+                        array(
+                            'action'=> $config['allowActions'],
+                            'effect'=> 'allow',
+                            'principal'=> array('qcs'=> array('*')),
+                            'resource'=> array(
+                                'qcs::cos:' . $config['region'] . ':uid/' . $AppId . ':' . $config['bucket'] . $config['allowPrefix']
+                            )
+                        )
+                    )
+                );
+            }
+            $policyStr = str_replace('\\/', '/', json_encode($policy));
+            $Action = 'GetFederationToken';
+            $Nonce = rand(10000, 20000);
+            $Timestamp = time();
+            $Method = 'POST';
+            if(array_key_exists('durationSeconds', $config)){
+                if(!(is_integer($config['durationSeconds']))){
+                    throw new \Exception("durationSeconds must be a int type");
+                }
+            }
+
+            $params = array(
+                'SecretId'=> $config['secretId'],
+                'Timestamp'=> $Timestamp,
+                'Nonce'=> $Nonce,
+                'Action'=> $Action,
+                'DurationSeconds'=> $config['durationSeconds'],
+                'Version'=>'2018-08-13',
+                'Name'=> 'cos',
+                'Region'=> $config['region'],
+                'Policy'=> urlencode($policyStr)
+            );
+            $params['Signature'] = $this->getSignature($params, $config['secretKey'], $Method, $config);
+            $url = $config['url'];
+
+            $ch = curl_init($url);
+            if(array_key_exists('proxy', $config)){
+                $config['proxy'] && curl_setopt($ch, CURLOPT_PROXY, $config['proxy']);
+            }
+            curl_setopt($ch, CURLOPT_HEADER, 0);
+            curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
+            curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+            curl_setopt($ch, CURLOPT_POST, 1);
+            curl_setopt($ch, CURLOPT_POSTFIELDS, $this->json2str($params));
+            $result = curl_exec($ch);
+            if(curl_errno($ch)) $result = curl_error($ch);
+            curl_close($ch);
+            $result = json_decode($result, 1);
+            if (isset($result['Response'])) {
+                $result = $result['Response'];
+                if(isset($result['Error'])){
+                    throw new \Exception("get cam failed");
+                }
+                $result['startTime'] = $result['ExpiredTime'] - $config['durationSeconds'];
+            }
+            $result = $this->backwardCompat($result);
+            return $result;
+        }catch(\Exception $e){
+            if($result == null){
+                $result = "error: " . $e->getMessage();
+            }else{
+                $result = json_encode($result);
+            }
+            throw new \Exception($result);
+        }
+    }
+
+    // get policy
+    function getPolicy($scopes){
+        if (!is_array($scopes)){
+            return null;
+        }
+        $statements = array();
+
+        for($i=0, $counts=count($scopes); $i < $counts; $i++){
+            $actions=array();
+            $resources = array();
+            array_push($actions, $scopes[$i]->get_action());
+            array_push($resources, $scopes[$i]->get_resource());
+
+            $statement = array(
+                'action' => $actions,
+                'effect' => $scopes[$i]->get_effect(),
+                'resource' => $resources
+            );
+            array_push($statements, $statement);
+        }
+
+        $policy = array(
+            'version' => '2.0',
+            'statement' => $statements
+        );
+        return $policy;
+    }
+}
+?>