-
-
Notifications
You must be signed in to change notification settings - Fork 26
/
sessionToken.go
98 lines (86 loc) · 2.81 KB
/
sessionToken.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package main
import (
"context"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"os"
"regexp"
"strings"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
sts "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813"
"github.com/mozillazg/go-cos"
"github.com/mozillazg/go-cos/debug"
)
type TmpAuth struct {
SecretID string
SecretKey string
SessionToken string
}
// https://cloud.tencent.com/document/product/598/33416
// https://console.cloud.tencent.com/api/explorer?Product=sts&Version=2018-08-13&Action=GetFederationToken&SignVersion=
// https://cloud.tencent.com/document/product/436/31923
func getTmpAuth() TmpAuth {
u, _ := url.Parse(os.Getenv("COS_BUCKET_URL"))
parts := strings.Split(u.Host, ".")
// bucketName := parts[0]
// bucketParts := strings.Split(bucketName, "-")
// appID := bucketParts[len(bucketParts)-1]
region := parts[2]
regex := regexp.MustCompile("-\\d")
region = regex.ReplaceAllString(region, "")
credential := common.NewCredential(
os.Getenv("COS_SECRETID"),
os.Getenv("COS_SECRETKEY"),
)
cpf := profile.NewClientProfile()
cpf.HttpProfile.Endpoint = "sts.tencentcloudapi.com"
client, _ := sts.NewClient(credential, region, cpf)
request := sts.NewGetFederationTokenRequest()
// 没搞明白怎么为单个文件或目录设置 Policy,按照文档的示例尝试总是不对,所以这里 resource 的值设置为 * 以便可以顺利验证程序功能。
params := "{\"Name\":\"test\",\"Policy\":\"{ \\\"version\\\": \\\"2.0\\\", \\\"statement\\\": [ { \\\"action\\\": [ \\\"name/cos:GetObject\\\" ], \\\"effect\\\": \\\"allow\\\", \\\"resource\\\": [ \\\"*\\\" ] } ] }\"}"
err := request.FromJsonString(params)
if err != nil {
panic(err)
}
response, err := client.GetFederationToken(request)
if err != nil {
panic(err)
}
cres := response.Response.Credentials
return TmpAuth{
SecretID: *cres.TmpSecretId,
SecretKey: *cres.TmpSecretKey,
SessionToken: *cres.Token,
}
}
func main() {
tmpAuth := getTmpAuth()
fmt.Printf("%#v\n\n", tmpAuth)
u, _ := url.Parse(os.Getenv("COS_BUCKET_URL"))
b := &cos.BaseURL{BucketURL: u}
c := cos.NewClient(b, &http.Client{
Transport: &cos.AuthorizationTransport{
// 使用临时密钥
SecretID: tmpAuth.SecretID,
SecretKey: tmpAuth.SecretKey,
SessionToken: tmpAuth.SessionToken,
Transport: &debug.DebugRequestTransport{
RequestHeader: true,
RequestBody: true,
ResponseHeader: true,
ResponseBody: true,
},
},
})
name := "test/hello.txt"
resp, err := c.Object.Get(context.Background(), name, nil)
if err != nil {
panic(err)
}
bs, _ := ioutil.ReadAll(resp.Body)
defer resp.Body.Close()
fmt.Printf("%s\n", string(bs))
}