You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

214 lines
6.9 KiB

10 months ago
<?php
/**
* +----------------------------------------------------------------------
* | CRMEB [ CRMEB赋能开发者,助力企业发展 ]
* +----------------------------------------------------------------------
* | Copyright (c) 2016~2022 https://www.crmeb.com All rights reserved.
* +----------------------------------------------------------------------
* | Licensed CRMEB并不是自由软件,未经许可不能去掉CRMEB相关版权
* +----------------------------------------------------------------------
* | Author: CRMEB Team <admin@crmeb.com>
* +----------------------------------------------------------------------
*/
namespace crmeb\services\upload\extend\cos;
/**
* Class 生成签名
* @author 等风来
* @email 136327134@qq.com
* @date 2022/9/26
* @package crmeb\services\upload\extend\cos
*/
class Signature
{
/**
* @var string
*/
private $accessKey;
/**
* @var string
*/
private $secretKey;
/**
* @var array
*/
private $options;
/**
* Signature constructor.
* @param string $accessKey
* @param string $secretKey
* @param array $options
* @param string $token
*/
public function __construct(string $accessKey, string $secretKey, array $options = [], string $token = '')
{
$this->accessKey = $accessKey;
$this->secretKey = $secretKey;
$this->options = $options;
$this->token = $token;
$this->signHeader = [
'cache-control',
'content-disposition',
'content-encoding',
'content-length',
'content-md5',
'content-type',
'expect',
'expires',
'host',
'if-match',
'if-modified-since',
'if-none-match',
'if-unmodified-since',
'origin',
'range',
'response-cache-control',
'response-content-disposition',
'response-content-encoding',
'response-content-language',
'response-content-type',
'response-expires',
'transfer-encoding',
'versionid',
];
date_default_timezone_set('PRC');
}
public function needCheckHeader($header)
{
if ($this->startWith($header, 'x-cos-')) {
return true;
}
if (in_array($header, $this->signHeader)) {
return true;
}
return false;
}
/**
* @author 等风来
* @email 136327134@qq.com
* @date 2022/9/29
* @param $haystack
* @param $needle
* @return bool
*/
protected function startWith($haystack, $needle)
{
$length = strlen($needle);
if ($length == 0) {
return true;
}
return (substr($haystack, 0, $length) === $needle);
}
/**
* @param string $method
* @param string $urlPath
* @param array $querys
* @param array $headers
* @return string[]
* @author 等风来
* @email 136327134@qq.com
* @date 2022/9/26
*/
public function signRequest(string $method, string $urlPath, array $querys = [], array $headers = [])
{
$authorization = $this->createAuthorization($method, $urlPath, $querys, $headers);
return ['Authorization' => $authorization];
}
/**
* @param string $method
* @param string $urlPath
* @param array $querys
* @param array $headers
* @param string $expires
* @return string
* @author 等风来
* @email 136327134@qq.com
* @date 2022/9/26
*/
public function createAuthorization(string $method, string $urlPath, array $querys = [], array $headers = [], $expires = '+30 minutes')
{
if (is_null($expires) || !strtotime($expires)) {
$expires = '+30 minutes';
}
$signTime = ( string )(time() - 60) . ';' . ( string )(strtotime($expires));
$urlParamListArray = [];
foreach ($querys as $query) {
if (!empty($query)) {
$tmpquery = explode('=', $query);
//为了保证CI的key中有=号的情况也能正常通过,ci在这层之前已经encode了,这里需要拆开重新encode,防止上方explode拆错
$key = strtolower(rawurlencode(urldecode($tmpquery[0])));
if (count($tmpquery) >= 2) {
$value = $tmpquery[1];
} else {
$value = "";
}
//host开关
if (!$this->options['signHost'] && $key == 'host') {
continue;
}
$urlParamListArray[$key] = $key . '=' . $value;
}
}
ksort($urlParamListArray);
$urlParamList = join(';', array_keys($urlParamListArray));
$httpParameters = join('&', array_values($urlParamListArray));
$headerListArray = [];
foreach ($headers as $key => $value) {
$key = strtolower(urlencode($key));
$value = rawurlencode($value);
if (!$this->options['signHost'] && $key == 'host') {
continue;
}
if ($this->needCheckHeader($key)) {
$headerListArray[$key] = $key . '=' . $value;
}
}
ksort($headerListArray);
$headerList = join(';', array_keys($headerListArray));
$httpHeaders = join('&', array_values($headerListArray));
$httpString = strtolower($method) . "\n" . urldecode($urlPath) . "\n" . $httpParameters .
"\n" . $httpHeaders . "\n";
$sha1edHttpString = sha1($httpString);
$stringToSign = "sha1\n$signTime\n$sha1edHttpString\n";
$signKey = hash_hmac('sha1', $signTime, trim($this->secretKey));
$signature = hash_hmac('sha1', $stringToSign, $signKey);
$authorization = 'q-sign-algorithm=sha1&q-ak=' . trim($this->accessKey) .
"&q-sign-time=$signTime&q-key-time=$signTime&q-header-list=$headerList&q-url-param-list=$urlParamList&" .
"q-signature=$signature";
return $authorization;
}
/**
* @param string $url
* @param string $method
* @param string $urlPath
* @param array $querys
* @param array $headers
* @param string $expires
* @return string[]
* @author 等风来
* @email 136327134@qq.com
* @date 2022/9/26
*/
public function createPresignedUrl(string $url, string $method, string $urlPath, array $querys = [], array $headers = [], string $expires = '+30 minutes')
{
$authorization = $this->createAuthorization($method, $urlPath, $querys, $headers, $expires);
$uri = $url;
$query = 'sign=' . urlencode($authorization) . '&' . implode('&', $querys);
if ($this->token != null) {
$query = $query . '&x-cos-security-token=' . $this->token;
}
return [$uri, $query];
}
}