Home Explore Help
Register Sign In
lizhen
/
xiaoshan
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c44bd13d9a
Branches Tags
xiaoshan
/
application
/
utils
/
Service
/
Tencent
/
CosService.php

CosService.php 9.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 
  1. <?php
    2. 

  2. 

  3. namespace app\utils\Service\Tencent;
    4. 

  4. 

  5. 

  6. use Qcloud\Cos\Client;
    7. 

  7. use QCloud\COSSTS\Sts;
    8. 

  8. 

  9. class CosService
    10. 

  10. {
    11. 

  11.     private $config;
    12. 

  12. 

  13.     public function __construct()
    14. 

  14.     {
    15. 

  15.         $this->config = get_addon_config('cos');
    16. 

  16.     }
    17. 

  17. 

  18.     public function getToken()
    19. 

  19.     {
    20. 

  20.         $config = $this->stsToken();
    21. 

  21.         $uploadUrl = $this->config['uploadurl'];//上传域名因存储区域不同而节点不同
    22. 

  22.         $cdnUrl    = $this->config['cdnurl'];//上传域名因存储区域不同而节点不同
    23. 

  23.         $appId     = $this->config['appId'] ?? '';
    24. 

  24.         $bucket    = $this->config['bucket'] ?? '';//存储桶,格式:BucketName-APPID
    25. 

  25.         $region    = $this->config['region'] ?? '';
    26. 

  26.         $key       = str_replace('-'.$appId,'',$bucket);//对象在存储桶中的位置,即对象键
    27. 

  27. 

  28.         $tmpSecretId = $config['credentials']['tmpSecretId']; //使用临时密钥需要填入,临时密钥生成和使用指引参见https://cloud.tencent.com/document/product/436/14048
    29. 

  29.         $tmpSecretKey = $config['credentials']['tmpSecretKey']; //使用临时密钥需要填入,临时密钥生成和使用指引参见https://cloud.tencent.com/document/product/436/14048
    30. 

  30.         $tmpToken = $config['credentials']['sessionToken']; //使用临时密钥需要填入,临时密钥生成和使用指引参见https://cloud.tencent.com/document/product/436/14048
    31. 

  31.         $cosClient = new Client(
    32. 

  32.             array(
    33. 

  33.                 'region' => $region,
    34. 

  34.                 'scheme' => 'https', //协议头部,默认为 http
    35. 

  35.                 'signHost' => true, //默认签入Header Host;您也可以选择不签入Header Host,但可能导致请求失败或安全漏洞,若不签入host则填false
    36. 

  36.                 'credentials'=> array(
    37. 

  37.                     'secretId'  => $tmpSecretId,
    38. 

  38.                     'secretKey' => $tmpSecretKey,
    39. 

  39.                     'token' => $tmpToken)));
    40. 

  40. 

  41. 

  42.         ### 简单上传预签名
    43. 

  43.         try {
    44. 

  44.             $signedUrl = $cosClient->getPreSignedUrl('putObject', array(
    45. 

  45.                 'Bucket' => $bucket, //存储桶,格式:BucketName-APPID
    46. 

  46.                 'Key' => $key, //对象在存储桶中的位置,即对象键
    47. 

  47.                 'Body' => 'string',
    48. 

  48.                 'Params'=> array(), //http 请求参数,传入的请求参数需与实际请求相同,能够防止用户篡改此HTTP请求的参数,默认为空
    49. 

  49.                 'Headers'=> array(), //http 请求头部,传入的请求头部需包含在实际请求中,能够防止用户篡改签入此处的HTTP请求头部,默认已签入host
    50. 

  50.             ), '+10 minutes'); //签名的有效时间
    51. 

  51.             // 请求成功
    52. 

  52.             // 请求成功
    53. 

  53.             return [true,[
    54. 

  54.                 'bucket' => $bucket,
    55. 

  55.                 'region' => $region,
    56. 

  56.                 'uploadUrl' => $uploadUrl,
    57. 

  57.                 'cdnUrl' => $cdnUrl,
    58. 

  58.                 'signUrl' => $signedUrl,
    59. 

  59.             ]];
    60. 

  60.         } catch (\Exception $e) {
    61. 

  61.             // 请求失败
    62. 

  62.             return [false,$e->getMessage()];
    63. 

  63.         }
    64. 

  64.     }
    65. 

  65. 

  66.     /**
    67. 

  67.      * 腾讯云预签名URL
    68. 

  68.      */
    69. 

  69.     public function getSignedUrl($dir = 'uploads/')
    70. 

  70.     {
    71. 

  71.         $uploadUrl = $this->config['uploadurl'];//上传域名因存储区域不同而节点不同
    72. 

  72.         $cdnUrl    = $this->config['cdnurl'];//上传域名因存储区域不同而节点不同
    73. 

  73.         $secretId  = $this->config['secretId'] ?? '';
    74. 

  74.         $secretKey = $this->config['secretKey'] ?? '';
    75. 

  75.         $bucket    = $this->config['bucket'] ?? '';
    76. 

  76.         $region    = $this->config['region'] ?? '';
    77. 

  77.         $time      = time();
    78. 

  78. //        $cosClient = new Client([
    79. 

  79. //            'region'      => $region,
    80. 

  80. //            'schema'      => $ssl, //协议头部,默认为http
    81. 

  81. //            'signHost'    => true, //默认签入Header Host;您也可以选择不签入Header Host,但可能导致请求失败或安全漏洞,若不签入host则填false
    82. 

  82. //            'credentials' => [
    83. 

  83. //                'secretId'  => $secretId,
    84. 

  84. //                'secretKey' => $secretKey
    85. 

  85. //            ]
    86. 

  86. //        ]);
    87. 

  87.         try {
    88. 

  88. //            $signedUrl = $cosClient->getPreSignedUrl('putObject', [
    89. 

  89. //                'Bucket'  => $bucket, //存储桶,格式:BucketName-APPID
    90. 

  90. //                'Key'     => $dir, //对象在存储桶中的位置,即对象键
    91. 

  91. //                'Body'    => 'string',
    92. 

  92. //                'Params'  => [], //http 请求参数,传入的请求参数需与实际请求相同,能够防止用户篡改此HTTP请求的参数,默认为空
    93. 

  93. //                'Headers' => [], //http 请求头部,传入的请求头部需包含在实际请求中,能够防止用户篡改签入此处的HTTP请求头部,默认已签入host
    94. 

  94. //            ], '+10 minutes'); //签名的有效时间
    95. 

  95. 

  96.             //设置该policy超时时间是10s. 即这个policy过了这个有效时间,将不能访问。
    97. 

  97.             $addTime = 30 * 60;//三十分钟
    98. 

  98.             $expiration = $this->gmt_iso8601($time + $addTime);
    99. 

  99. 

  100.             $StartTimestamp = $time;
    101. 

  101.             $EndTimestamp = $StartTimestamp + $addTime;
    102. 

  102.             $KeyTime = "$StartTimestamp;$EndTimestamp";
    103. 

  103. 

  104.             $conditions = [
    105. 

  105.                 ['content-length-range', 0, 1048576000],//最大文件大小.用户可以自己设置
    106. 

  106.                 ["bucket" => $bucket],
    107. 

  107.                 ["starts-with", '$key', $dir],// 表示用户上传的数据,必须是以$dir开始,不然上传会失败,这一步不是必须项,只是为了安全起见,防止用户通过policy上传到别人的目录。
    108. 

  108.                 ["q-sign-algorithm" => "sha1"],
    109. 

  109.                 ["q-ak" => $secretId],
    110. 

  110.                 ["q-sign-time" => $KeyTime]
    111. 

  111.             ];
    112. 

  112.             $arr    = ['expiration' => $expiration, 'conditions' => $conditions];
    113. 

  113.             $policy = json_encode($arr);
    114. 

  114.             $policyBase64 = base64_encode($policy);
    115. 

  115. 

  116.             // 签名
    117. 

  117.             $SignKey = hash_hmac('sha1', $KeyTime, $secretKey);
    118. 

  118.             $StringToSign = sha1($policy);
    119. 

  119.             $Signature = hash_hmac('sha1', $StringToSign, $SignKey);
    120. 

  120. 

  121.             // 请求成功
    122. 

  122.             return [true, [
    123. 

  123.                 'upload_url' => $uploadUrl,
    124. 

  124.                 'cdn_url' => $cdnUrl,
    125. 

  125.                 'region' => $region,
    126. 

  126.                 'policy' => $policyBase64,
    127. 

  127.                 'q_sign_algorithm' => 'sha1',
    128. 

  128.                 'q_ak' => $secretId,
    129. 

  129.                 'q_key_time' => $KeyTime,
    130. 

  130.                 'q_signature' => $Signature,
    131. 

  131.             ]];
    132. 

  132.         } catch (\Exception $e) {
    133. 

  133.             return [false, $e->getMessage()];
    134. 

  134.         }
    135. 

  135.     }
    136. 

  136. 

  137.     public function stsToken()
    138. 

  138.     {
    139. 

  139.         $uploadUrl = $this->config['uploadurl'];//上传域名因存储区域不同而节点不同
    140. 

  140.         $cdnUrl    = $this->config['cdnurl'];//上传域名因存储区域不同而节点不同
    141. 

  141.         $secretId  = $this->config['secretId'] ?? '';
    142. 

  142.         $secretKey = $this->config['secretKey'] ?? '';
    143. 

  143.         $bucket    = $this->config['bucket'] ?? '';
    144. 

  144.         $region    = $this->config['region'] ?? '';
    145. 

  145. 

  146.         $sts = new Sts();
    147. 

  147.         $config = array(
    148. 

  148.             'url' => 'https://sts.tencentcloudapi.com/', // url和domain保持一致
    149. 

  149.             'domain' => 'sts.tencentcloudapi.com', // 域名,非必须,默认为 sts.tencentcloudapi.com
    150. 

  150.             'proxy' => '',
    151. 

  151.             'secretId' => $secretId, // 固定密钥,若为明文密钥,请直接以'xxx'形式填入,不要填写到getenv()函数中
    152. 

  152.             'secretKey' => $secretKey, // 固定密钥,若为明文密钥,请直接以'xxx'形式填入,不要填写到getenv()函数中
    153. 

  153.             'bucket' => $bucket,//'test-1253653367', // 换成你的 bucket
    154. 

  154.             'region' => $region,//'ap-guangzhou', // 换成 bucket 所在园区
    155. 

  155.             'durationSeconds' => 1800, // 密钥有效期
    156. 

  156.             'allowPrefix' => array('exampleobject.jpg','exampleobject.png','exampleobject/*'), // 这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
    157. 

  157.             // 密钥的权限列表。简单上传和分片需要以下的权限,其他权限列表请看 https://cloud.tencent.com/document/product/436/31923
    158. 

  158.             'allowActions' => array (
    159. 

  159.                 // 简单上传
    160. 

  160.                 'name/cos:PutObject',
    161. 

  161.                 'name/cos:PostObject',
    162. 

  162.                 // 分片上传
    163. 

  163.                 'name/cos:InitiateMultipartUpload',
    164. 

  164.                 'name/cos:ListMultipartUploads',
    165. 

  165.                 'name/cos:ListParts',
    166. 

  166.                 'name/cos:UploadPart',
    167. 

  167.                 'name/cos:CompleteMultipartUpload'
    168. 

  168.             ),
    169. 

  169.             // 临时密钥生效条件,关于condition的详细设置规则和COS支持的condition类型可以参考 https://cloud.tencent.com/document/product/436/71306
    170. 

  170. //            "condition" => array(
    171. 

  171. //                "ip_equal" => array(
    172. 

  172. //                    "qcs:ip" => array(
    173. 

  173. //                        "10.217.182.3/24",
    174. 

  174. //                        "111.21.33.72/24",
    175. 

  175. //                    )
    176. 

  176. //                )
    177. 

  177. //            )
    178. 

  178.         );
    179. 

  179. 

  180. // 获取临时密钥,计算签名
    181. 

  181.         $tempKeys = $sts->getTempKeys($config);
    182. 

  182.         return $tempKeys;
    183. 

  183.     }
    184. 

  184. 

  185.     private function xml_parser($str)
    186. 

  186.     {
    187. 

  187.         $xml_parser = xml_parser_create();
    188. 

  188.         if (!xml_parse($xml_parser, $str, true)) {
    189. 

  189.             xml_parser_free($xml_parser);
    190. 

  190.             return $str;
    191. 

  191.         } else {
    192. 

  192.             $res = json_decode(json_encode(simplexml_load_string($str, 'SimpleXMLElement', LIBXML_NOCDATA)), true);
    193. 

  193.             return $res['Message'] ?? '请求错误';
    194. 

  194.         }
    195. 

  195.     }
    196. 

  196. 

  197. 

  198.     /**
    199. 

  199.      * @param $time
    200. 

  200.      * @return string
    201. 

  201.      * @throws \Exception
    202. 

  202.      */
    203. 

  203.     private function gmt_iso8601($time)
    204. 

  204.     {
    205. 

  205.         $dtStr      = date("c", $time);
    206. 

  206.         $dateTime   = new \DateTime($dtStr);
    207. 

  207.         $expiration = $dateTime->format(\DateTime::ISO8601);
    208. 

  208.         $pos        = strpos($expiration, '+');
    209. 

  209.         $expiration = substr($expiration, 0, $pos);
    210. 

  210.         return $expiration . "Z";
    211. 

  211.     }
    212. 

  212. }
    213.