Home Explore Help
Sign In
hlm
/
hlm_pl_mall_store
9
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ef85d5634b
Branches Tags
hlm_pl_mall_...
/
node_modules
/
cos-js-sdk-v5
/
csp
/
auth-json.php

auth-json.php 5.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * php 签名样例
    5. 

  5.  */
    6. 

  6. 

  7. function isActionAllow($method, $pathname, $query, $headers)
    8. 

  8. {
    9. 

  9. 

  10.     $allow = true;
    11. 

  11. 

  12.     // // TODO 这里判断自己网站的登录态
    13. 

  13.     // if ($!logined) {
    14. 

  14.     //     $allow = false;
    15. 

  15.     //     return $allow;
    16. 

  16.     // }
    17. 

  17. 

  18.     // 请求可能带有点所有 action
    19. 

  19.     // acl,cors,policy,location,tagging,lifecycle,versioning,replication,versions,delete,restore,uploads
    20. 

  20. 

  21.     // 请求跟路径,只允许获取 UploadId
    22. 

  22.     if ($pathname === '/' && !($method === 'get' && isset($query['uploads']))) {
    23. 

  23.         $allow = false;
    24. 

  24.     }
    25. 

  25. 

  26.     // 不允许前端获取和修改文件权限
    27. 

  27.     if ($pathname !== '/' && isset($query['acl'])) {
    28. 

  28.         $allow = false;
    29. 

  29.     }
    30. 

  30. 

  31.     // 这里应该根据需要,限制当前站点的用户只允许操作什么样的路径
    32. 

  32.     if ($method === 'delete' && $pathname !== '/') { // 这里控制是否允许删除文件
    33. 

  33.         // TODO 这里控制是否允许删除文件
    34. 

  34.     }
    35. 

  35.     if ($method === 'put' && $pathname !== '/') { // 这里控制是否允许上传和修改文件
    36. 

  36.         // TODO 这里控制是否允许上传和修改文件
    37. 

  37.     }
    38. 

  38.     if ($method === 'get' && $pathname !== '/') { // 这里控制是否获取文件和文件相关信息
    39. 

  39.         // TODO 这里控制是否允许获取文件和文件相关信息
    40. 

  40.     }
    41. 

  41. 

  42.     return $allow;
    43. 

  43. 

  44. }
    45. 

  45. 

  46. /*
    47. 

  47.  * 获取签名
    48. 

  48.  * @param string $method 请求类型 method
    49. 

  49.  * @param string $pathname 文件名称
    50. 

  50.  * @param array $query query参数
    51. 

  51.  * @param array $headers headers
    52. 

  52.  * @return string 签名字符串
    53. 

  53.  */
    54. 

  54. function getAuthorization($method, $pathname, $query, $headers)
    55. 

  55. {
    56. 

  56. 

  57.     // 获取个人 API 密钥 https://console.qcloud.com/capi
    58. 

  58.     $SecretId = 'AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
    59. 

  59.     $SecretKey = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
    60. 

  60. 

  61.     // 整理参数
    62. 

  62.     !$query && ($query = array());
    63. 

  63.     !$headers && ($headers = array());
    64. 

  64.     $method = strtolower($method ? $method : 'get');
    65. 

  65.     $pathname = $pathname ? $pathname : '/';
    66. 

  66.     substr($pathname, 0, 1) != '/' && ($pathname = '/' . $pathname);
    67. 

  67. 

  68.     // 注意这里要过滤好允许什么样的操作
    69. 

  69.     if (!isActionAllow($method, $pathname, $query, $headers)) {
    70. 

  70.         return 'action deny';
    71. 

  71.     }
    72. 

  72. 

  73.     // 工具方法
    74. 

  74.     function getObjectKeys($obj)
    75. 

  75.     {
    76. 

  76.         $list = array_keys($obj);
    77. 

  77.         sort($list);
    78. 

  78.         return $list;
    79. 

  79.     }
    80. 

  80. 

  81.     function obj2str($obj)
    82. 

  82.     {
    83. 

  83.         $list = array();
    84. 

  84.         $keyList = getObjectKeys($obj);
    85. 

  85.         $len = count($keyList);
    86. 

  86.         for ($i = 0; $i < $len; $i++) {
    87. 

  87.             $key = $keyList[$i];
    88. 

  88.             $val = isset($obj[$key]) ? $obj[$key] : '';
    89. 

  89.             $key = strtolower($key);
    90. 

  90.             $list[] = rawurlencode($key) . '=' . rawurlencode($val);
    91. 

  91.         }
    92. 

  92.         return implode('&', $list);
    93. 

  93.     }
    94. 

  94. 

  95.     // 签名有效起止时间
    96. 

  96.     $now = time() - 1;
    97. 

  97.     $expired = $now + 600; // 签名过期时刻,600 秒后
    98. 

  98. 

  99.     // 要用到的 Authorization 参数列表
    100. 

  100.     $qSignAlgorithm = 'sha1';
    101. 

  101.     $qAk = $SecretId;
    102. 

  102.     $qSignTime = $now . ';' . $expired;
    103. 

  103.     $qKeyTime = $now . ';' . $expired;
    104. 

  104.     $qHeaderList = strtolower(implode(';', getObjectKeys($headers)));
    105. 

  105.     $qUrlParamList = strtolower(implode(';', getObjectKeys($query)));
    106. 

  106. 

  107.     // 签名算法说明文档:https://www.qcloud.com/document/product/436/7778
    108. 

  108.     // 步骤一:计算 SignKey
    109. 

  109.     $signKey = hash_hmac("sha1", $qKeyTime, $SecretKey);
    110. 

  110. 

  111.     // 步骤二:构成 FormatString
    112. 

  112.     $formatString = implode("\n", array(strtolower($method), $pathname, obj2str($query), obj2str($headers), ''));
    113. 

  113. 

  114.     // 步骤三:计算 StringToSign
    115. 

  115.     $stringToSign = implode("\n", array('sha1', $qSignTime, sha1($formatString), ''));
    116. 

  116. 

  117.     // 步骤四:计算 Signature
    118. 

  118.     $qSignature = hash_hmac('sha1', $stringToSign, $signKey);
    119. 

  119. 

  120.     // 步骤五:构造 Authorization
    121. 

  121.     $authorization = implode('&', array(
    122. 

  122.         'q-sign-algorithm=' . $qSignAlgorithm,
    123. 

  123.         'q-ak=' . $qAk,
    124. 

  124.         'q-sign-time=' . $qSignTime,
    125. 

  125.         'q-key-time=' . $qKeyTime,
    126. 

  126.         'q-header-list=' . $qHeaderList,
    127. 

  127.         'q-url-param-list=' . $qUrlParamList,
    128. 

  128.         'q-signature=' . $qSignature
    129. 

  129.     ));
    130. 

  130. 

  131.     return $authorization;
    132. 

  132. }
    133. 

  133. 

  134. 

  135. // 获取前端过来的参数
    136. 

  136. $inputBody = file_get_contents("php://input");
    137. 

  137. if ($_SERVER['REQUEST_METHOD'] === 'POST' && $inputBody){
    138. 

  138.     $params = json_decode($inputBody, 1);
    139. 

  139.     $pathname = isset($params['pathname']) ? $params['pathname'] : '/';
    140. 

  140.     $method = isset($params['method']) ? $params['method'] : 'get';
    141. 

  141.     $query = isset($params['query']) ? $params['query'] : array();
    142. 

  142.     $headers = isset($params['headers']) ? $params['headers'] : array();
    143. 

  143. } else {
    144. 

  144.     $pathname = isset($_GET['pathname']) ? $_GET['pathname'] : '/';
    145. 

  145.     $method = isset($_GET['method']) ? $_GET['method'] : 'get';
    146. 

  146.     $query = isset($_GET['query']) && $_GET['query'] ? json_decode($_GET['query'], 1) : array();
    147. 

  147.     $headers = isset($_GET['headers']) && $_GET['headers'] ? json_decode($_GET['headers'], 1) : array();
    148. 

  148. }
    149. 

  149. 

  150. // 返回数据给前端
    151. 

  151. header('Content-Type: text/plain');
    152. 

  152. header('Allow-Control-Allow-Origin: http://127.0.0.1'); // 这里修改允许跨域访问的网站
    153. 

  153. header('Allow-Control-Allow-Headers: origin,accept,content-type');
    154. 

  154. $sign = getAuthorization($method, $pathname, $query, $headers);
    155. 

  155. 

  156. echo '{"sign":"' . $sign .'"}';
    157.