123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211 |
- <?php
- namespace Qiniu;
- use Qiniu\Zone;
- final class Auth
- {
- private $accessKey;
- private $secretKey;
- public function __construct($accessKey, $secretKey)
- {
- $this->accessKey = $accessKey;
- $this->secretKey = $secretKey;
- }
- public function getAccessKey()
- {
- return $this->accessKey;
- }
- public function sign($data)
- {
- $hmac = hash_hmac('sha1', $data, $this->secretKey, true);
- return $this->accessKey . ':' . \Qiniu\base64_urlSafeEncode($hmac);
- }
- public function signWithData($data)
- {
- $encodedData = \Qiniu\base64_urlSafeEncode($data);
- return $this->sign($encodedData) . ':' . $encodedData;
- }
- public function signRequest($urlString, $body, $contentType = null)
- {
- $url = parse_url($urlString);
- $data = '';
- if (array_key_exists('path', $url)) {
- $data = $url['path'];
- }
- if (array_key_exists('query', $url)) {
- $data .= '?' . $url['query'];
- }
- $data .= "\n";
- if ($body !== null && $contentType === 'application/x-www-form-urlencoded') {
- $data .= $body;
- }
- return $this->sign($data);
- }
- public function verifyCallback($contentType, $originAuthorization, $url, $body)
- {
- $authorization = 'QBox ' . $this->signRequest($url, $body, $contentType);
- return $originAuthorization === $authorization;
- }
- public function privateDownloadUrl($baseUrl, $expires = 3600)
- {
- $deadline = time() + $expires;
- $pos = strpos($baseUrl, '?');
- if ($pos !== false) {
- $baseUrl .= '&e=';
- } else {
- $baseUrl .= '?e=';
- }
- $baseUrl .= $deadline;
- $token = $this->sign($baseUrl);
- return "$baseUrl&token=$token";
- }
- public function uploadToken($bucket, $key = null, $expires = 3600, $policy = null, $strictPolicy = true)
- {
- $deadline = time() + $expires;
- $scope = $bucket;
- if ($key !== null) {
- $scope .= ':' . $key;
- }
- $args = self::copyPolicy($args, $policy, $strictPolicy);
- $args['scope'] = $scope;
- $args['deadline'] = $deadline;
- $b = json_encode($args);
- return $this->signWithData($b);
- }
- /**
- *上传策略,参数规格详见
- *http://developer.qiniu.com/docs/v6/api/reference/security/put-policy.html
- */
- private static $policyFields = array(
- 'callbackUrl',
- 'callbackBody',
- 'callbackHost',
- 'callbackBodyType',
- 'callbackFetchKey',
- 'returnUrl',
- 'returnBody',
- 'endUser',
- 'saveKey',
- 'insertOnly',
- 'detectMime',
- 'mimeLimit',
- 'fsizeMin',
- 'fsizeLimit',
- 'persistentOps',
- 'persistentNotifyUrl',
- 'persistentPipeline',
- 'deleteAfterDays',
- 'fileType',
- 'isPrefixalScope',
- );
- private static function copyPolicy(&$policy, $originPolicy, $strictPolicy)
- {
- if ($originPolicy === null) {
- return array();
- }
- foreach ($originPolicy as $key => $value) {
- if (!$strictPolicy || in_array((string)$key, self::$policyFields, true)) {
- $policy[$key] = $value;
- }
- }
- return $policy;
- }
- public function authorization($url, $body = null, $contentType = null)
- {
- $authorization = 'QBox ' . $this->signRequest($url, $body, $contentType);
- return array('Authorization' => $authorization);
- }
- public function authorizationV2($url, $method, $body = null, $contentType = null)
- {
- $urlItems = parse_url($url);
- $host = $urlItems['host'];
- if (isset($urlItems['port'])) {
- $port = $urlItems['port'];
- } else {
- $port = '';
- }
- $path = $urlItems['path'];
- if (isset($urlItems['query'])) {
- $query = $urlItems['query'];
- } else {
- $query = '';
- }
- //write request uri
- $toSignStr = $method . ' ' . $path;
- if (!empty($query)) {
- $toSignStr .= '?' . $query;
- }
- //write host and port
- $toSignStr .= "\nHost: " . $host;
- if (!empty($port)) {
- $toSignStr .= ":" . $port;
- }
- //write content type
- if (!empty($contentType)) {
- $toSignStr .= "\nContent-Type: " . $contentType;
- }
- $toSignStr .= "\n\n";
- //write body
- if (!empty($body)) {
- $toSignStr .= $body;
- }
- $sign = $this->sign($toSignStr);
- $auth = 'Qiniu ' . $sign;
- return array('Authorization' => $auth);
- }
- public static function isModuleAllow()
- {
- $config = get_addon_config('qiniu');
- $module = \addons\bos\library\request()->module();
- $module = $module ? strtolower($module) : 'index';
- $noNeedLogin = array_filter(explode(',', $config['noneedlogin'] ?? ''));
- $isModuleLogin = false;
- $tagName = 'upload_config_checklogin';
- foreach (\think\Hook::get($tagName) as $index => $name) {
- if (\think\Hook::exec($name, $tagName)) {
- $isModuleLogin = true;
- break;
- }
- }
- if (in_array($module, $noNeedLogin)
- || ($module == 'admin' && \app\admin\library\Auth::instance()->id)
- || ($module != 'admin' && \app\common\library\Auth::instance()->id)
- || $isModuleLogin) {
- return true;
- } else {
- return false;
- }
- }
- }
|