From 51f1172ef2159f92b31ba030d30c8b03ba926250 Mon Sep 17 00:00:00 2001 From: toranger <18004535090@163.com> Date: Thu, 17 May 2018 20:26:42 +0800 Subject: [PATCH] add sts demo (#8) * add sts example demo * add sts demo --- _example/sts/sts.go | 95 +++++++++++++++++++++++++++++++++++++++++++++ auth.go | 8 +++- 2 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 _example/sts/sts.go diff --git a/_example/sts/sts.go b/_example/sts/sts.go new file mode 100644 index 0000000..b285d69 --- /dev/null +++ b/_example/sts/sts.go @@ -0,0 +1,95 @@ +package main + +import ( + "fmt" + "context" + "net/url" + "strings" + "net/http" + "encoding/json" + "github.com/lewzylu/go-cos" + "github.com/lewzylu/go-cos/debug" + "github.com/QcloudApi/qcloud_sign_golang" + +) +type Credent struct{ + SessionToken string `json:"sessionToken"` + TmpSecretId string `json:"tmpSecretId"` + TmpSecretKey string `json:"tmpSecretKey"` +} +type Data struct{ + Credentials Credent `json:"credentials` + +} +type Response struct{ + Dat Data `json:"data"` +} +func main() { + // 替换实际的 SecretId 和 SecretKey + secretId := "" + secretKey := "" + + // 配置 + config := map[string]interface{} {"secretId" : secretId, "secretKey" : secretKey, "debug" : false} + + // 请求参数 + params := map[string]interface{} {"Region" : "gz", "Action" : "GetFederationToken","name":"alantong","policy":"{\"statement\": [{\"action\": [\"name/cos:GetObject\",\"name/cos:PutObject\"],\"effect\": \"allow\",\"resource\":[\"qcs::cos:ap-guangzhou:uid/1251668577:prefix//1251668577/alantest/*\"]}],\"version\": \"2.0\"}" } + + // 发送请求 + retData, err := QcloudApi.SendRequest("sts", params, config) + if err != nil{ + fmt.Print("Error.", err) + return + } + r := &Response{} + err = json.Unmarshal([]byte(retData), r) + if err != nil { + fmt.Println(err); + return + } + //获取临时ak、sk、token + tmp_secId := r.Dat.Credentials.TmpSecretId + tmp_secKey := r.Dat.Credentials.TmpSecretKey + token := r.Dat.Credentials.SessionToken + + //fmt.Println("token:", token) + u, _ := url.Parse("https://alangz-1251668577.cos.ap-guangzhou.myqcloud.com") + b := &cos.BaseURL{BucketURL: u} + c := cos.NewClient(b, &http.Client{ + Transport: &cos.AuthorizationTransport{ + SecretID: tmp_secId, + SecretKey: tmp_secKey, + SessionToken: token, + Transport: &debug.DebugRequestTransport{ + RequestHeader: true, + RequestBody: true, + ResponseHeader: true, + ResponseBody: true, + }, + }, + }) + + name := "test/objectPut.go" + f := strings.NewReader("test") + + _, err = c.Object.Put(context.Background(), name, f, nil) + if err != nil { + panic(err) + } + + name = "test/put_option.go" + f = strings.NewReader("test xxx") + opt := &cos.ObjectPutOptions{ + ObjectPutHeaderOptions: &cos.ObjectPutHeaderOptions{ + ContentType: "text/html", + }, + ACLHeaderOptions: &cos.ACLHeaderOptions{ + //XCosACL: "public-read", + XCosACL: "private", + }, + } + _, err = c.Object.Put(context.Background(), name, f, opt) + if err != nil { + panic(err) + } +} diff --git a/auth.go b/auth.go index c6d3a33..8fa253b 100644 --- a/auth.go +++ b/auth.go @@ -103,10 +103,13 @@ func newAuthorization(secretID, secretKey string, req *http.Request, authTime *A } // AddAuthorizationHeader 给 req 增加签名信息 -func AddAuthorizationHeader(secretID, secretKey string, req *http.Request, authTime *AuthTime) { +func AddAuthorizationHeader(secretID, secretKey string, sessionToken string, req *http.Request, authTime *AuthTime) { auth := newAuthorization(secretID, secretKey, req, authTime, ) + if len(sessionToken) > 0 { + req.Header.Set("x-cos-security-token", sessionToken) + } req.Header.Set("Authorization", auth) } @@ -213,6 +216,7 @@ func isSignHeader(key string) bool { type AuthorizationTransport struct { SecretID string SecretKey string + SessionToken string // 签名多久过期 Expire time.Duration @@ -228,7 +232,7 @@ func (t *AuthorizationTransport) RoundTrip(req *http.Request) (*http.Response, e // 增加 Authorization header authTime := NewAuthTime(t.Expire) - AddAuthorizationHeader(t.SecretID, t.SecretKey, req, authTime) + AddAuthorizationHeader(t.SecretID, t.SecretKey, t.SessionToken, req, authTime) resp, err := t.transport().RoundTrip(req) return resp, err