You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
214 lines
6.9 KiB
214 lines
6.9 KiB
3 months ago
|
<?php
|
||
|
/**
|
||
|
* +----------------------------------------------------------------------
|
||
|
* | CRMEB [ CRMEB赋能开发者,助力企业发展 ]
|
||
|
* +----------------------------------------------------------------------
|
||
|
* | Copyright (c) 2016~2022 https://www.crmeb.com All rights reserved.
|
||
|
* +----------------------------------------------------------------------
|
||
|
* | Licensed CRMEB并不是自由软件,未经许可不能去掉CRMEB相关版权
|
||
|
* +----------------------------------------------------------------------
|
||
|
* | Author: CRMEB Team <admin@crmeb.com>
|
||
|
* +----------------------------------------------------------------------
|
||
|
*/
|
||
|
|
||
|
namespace crmeb\services\upload\extend\cos;
|
||
|
|
||
|
/**
|
||
|
* Class 生成签名
|
||
|
* @author 等风来
|
||
|
* @email 136327134@qq.com
|
||
|
* @date 2022/9/26
|
||
|
* @package crmeb\services\upload\extend\cos
|
||
|
*/
|
||
|
class Signature
|
||
|
{
|
||
|
/**
|
||
|
* @var string
|
||
|
*/
|
||
|
private $accessKey;
|
||
|
|
||
|
/**
|
||
|
* @var string
|
||
|
*/
|
||
|
private $secretKey;
|
||
|
|
||
|
/**
|
||
|
* @var array
|
||
|
*/
|
||
|
private $options;
|
||
|
|
||
|
/**
|
||
|
* Signature constructor.
|
||
|
* @param string $accessKey
|
||
|
* @param string $secretKey
|
||
|
* @param array $options
|
||
|
* @param string $token
|
||
|
*/
|
||
|
public function __construct(string $accessKey, string $secretKey, array $options = [], string $token = '')
|
||
|
{
|
||
|
$this->accessKey = $accessKey;
|
||
|
$this->secretKey = $secretKey;
|
||
|
$this->options = $options;
|
||
|
$this->token = $token;
|
||
|
$this->signHeader = [
|
||
|
'cache-control',
|
||
|
'content-disposition',
|
||
|
'content-encoding',
|
||
|
'content-length',
|
||
|
'content-md5',
|
||
|
'content-type',
|
||
|
'expect',
|
||
|
'expires',
|
||
|
'host',
|
||
|
'if-match',
|
||
|
'if-modified-since',
|
||
|
'if-none-match',
|
||
|
'if-unmodified-since',
|
||
|
'origin',
|
||
|
'range',
|
||
|
'response-cache-control',
|
||
|
'response-content-disposition',
|
||
|
'response-content-encoding',
|
||
|
'response-content-language',
|
||
|
'response-content-type',
|
||
|
'response-expires',
|
||
|
'transfer-encoding',
|
||
|
'versionid',
|
||
|
];
|
||
|
date_default_timezone_set('PRC');
|
||
|
}
|
||
|
|
||
|
public function needCheckHeader($header)
|
||
|
{
|
||
|
if ($this->startWith($header, 'x-cos-')) {
|
||
|
return true;
|
||
|
}
|
||
|
if (in_array($header, $this->signHeader)) {
|
||
|
return true;
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @author 等风来
|
||
|
* @email 136327134@qq.com
|
||
|
* @date 2022/9/29
|
||
|
* @param $haystack
|
||
|
* @param $needle
|
||
|
* @return bool
|
||
|
*/
|
||
|
protected function startWith($haystack, $needle)
|
||
|
{
|
||
|
$length = strlen($needle);
|
||
|
if ($length == 0) {
|
||
|
return true;
|
||
|
}
|
||
|
return (substr($haystack, 0, $length) === $needle);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @param string $method
|
||
|
* @param string $urlPath
|
||
|
* @param array $querys
|
||
|
* @param array $headers
|
||
|
* @return string[]
|
||
|
* @author 等风来
|
||
|
* @email 136327134@qq.com
|
||
|
* @date 2022/9/26
|
||
|
*/
|
||
|
public function signRequest(string $method, string $urlPath, array $querys = [], array $headers = [])
|
||
|
{
|
||
|
$authorization = $this->createAuthorization($method, $urlPath, $querys, $headers);
|
||
|
return ['Authorization' => $authorization];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @param string $method
|
||
|
* @param string $urlPath
|
||
|
* @param array $querys
|
||
|
* @param array $headers
|
||
|
* @param string $expires
|
||
|
* @return string
|
||
|
* @author 等风来
|
||
|
* @email 136327134@qq.com
|
||
|
* @date 2022/9/26
|
||
|
*/
|
||
|
public function createAuthorization(string $method, string $urlPath, array $querys = [], array $headers = [], $expires = '+30 minutes')
|
||
|
{
|
||
|
if (is_null($expires) || !strtotime($expires)) {
|
||
|
$expires = '+30 minutes';
|
||
|
}
|
||
|
$signTime = ( string )(time() - 60) . ';' . ( string )(strtotime($expires));
|
||
|
$urlParamListArray = [];
|
||
|
foreach ($querys as $query) {
|
||
|
if (!empty($query)) {
|
||
|
$tmpquery = explode('=', $query);
|
||
|
//为了保证CI的key中有=号的情况也能正常通过,ci在这层之前已经encode了,这里需要拆开重新encode,防止上方explode拆错
|
||
|
$key = strtolower(rawurlencode(urldecode($tmpquery[0])));
|
||
|
if (count($tmpquery) >= 2) {
|
||
|
$value = $tmpquery[1];
|
||
|
} else {
|
||
|
$value = "";
|
||
|
}
|
||
|
//host开关
|
||
|
if (!$this->options['signHost'] && $key == 'host') {
|
||
|
continue;
|
||
|
}
|
||
|
$urlParamListArray[$key] = $key . '=' . $value;
|
||
|
}
|
||
|
}
|
||
|
ksort($urlParamListArray);
|
||
|
$urlParamList = join(';', array_keys($urlParamListArray));
|
||
|
$httpParameters = join('&', array_values($urlParamListArray));
|
||
|
|
||
|
$headerListArray = [];
|
||
|
foreach ($headers as $key => $value) {
|
||
|
$key = strtolower(urlencode($key));
|
||
|
$value = rawurlencode($value);
|
||
|
if (!$this->options['signHost'] && $key == 'host') {
|
||
|
continue;
|
||
|
}
|
||
|
if ($this->needCheckHeader($key)) {
|
||
|
$headerListArray[$key] = $key . '=' . $value;
|
||
|
}
|
||
|
}
|
||
|
ksort($headerListArray);
|
||
|
$headerList = join(';', array_keys($headerListArray));
|
||
|
$httpHeaders = join('&', array_values($headerListArray));
|
||
|
$httpString = strtolower($method) . "\n" . urldecode($urlPath) . "\n" . $httpParameters .
|
||
|
"\n" . $httpHeaders . "\n";
|
||
|
|
||
|
$sha1edHttpString = sha1($httpString);
|
||
|
$stringToSign = "sha1\n$signTime\n$sha1edHttpString\n";
|
||
|
$signKey = hash_hmac('sha1', $signTime, trim($this->secretKey));
|
||
|
$signature = hash_hmac('sha1', $stringToSign, $signKey);
|
||
|
$authorization = 'q-sign-algorithm=sha1&q-ak=' . trim($this->accessKey) .
|
||
|
"&q-sign-time=$signTime&q-key-time=$signTime&q-header-list=$headerList&q-url-param-list=$urlParamList&" .
|
||
|
"q-signature=$signature";
|
||
|
return $authorization;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @param string $url
|
||
|
* @param string $method
|
||
|
* @param string $urlPath
|
||
|
* @param array $querys
|
||
|
* @param array $headers
|
||
|
* @param string $expires
|
||
|
* @return string[]
|
||
|
* @author 等风来
|
||
|
* @email 136327134@qq.com
|
||
|
* @date 2022/9/26
|
||
|
*/
|
||
|
public function createPresignedUrl(string $url, string $method, string $urlPath, array $querys = [], array $headers = [], string $expires = '+30 minutes')
|
||
|
{
|
||
|
$authorization = $this->createAuthorization($method, $urlPath, $querys, $headers, $expires);
|
||
|
$uri = $url;
|
||
|
$query = 'sign=' . urlencode($authorization) . '&' . implode('&', $querys);
|
||
|
if ($this->token != null) {
|
||
|
$query = $query . '&x-cos-security-token=' . $this->token;
|
||
|
}
|
||
|
return [$uri, $query];
|
||
|
}
|
||
|
}
|