前端直传阿里云oss，php临时授权STS，与后端协传 小记

背景：前端上传图片，一是可以直传oss，但前端的sdk中需要阿里云的OSS_KEY_ID 和 OSS_KEY_SECRET，并不安全。二是先传给后端，再由后端来上传，返回给前端oss地址。

用laravel的话，实现二方案其实很简单。一方案在上传视频这种大文件时不合理，可以用临时授权方案，即STS，

方案一

//composer 依赖
//"alibabacloud/sdk": "^1.7",
//"aliyuncs/oss-sdk-php": "^2.3",

use OSS\OssClient;
use OSS\Core\OssException;

public function uplaodImg(Request $request){

        $this->validateRequest($request, [
            'file' => 'required|image',
        ]);

        $file = $request->file('file');
        $accessKeyId = config('filesystems.disks.oss.accessKeyId');
        $accessKeySecret = config('filesystems.disks.oss.accessKeySecret');
        $endpoint = config('filesystems.disks.oss.endpoint');
        $bucket= config('filesystems.disks.oss.bucket');
        // 文件名称
        $object = $file->getClientOriginalName();;
        $filePath = $file->getRealPath();//路径

        $ossClient = new OssClient($accessKeyId, $accessKeySecret, $endpoint);
        $info= $ossClient->uploadFile($bucket, $object, $filePath);
           var_dump($info)

    }

 

方案二

接口返回临时的id和key，其中'RoleArn' => "acs:ram::164******4:role/***news-sts", 需要去阿里云配置accessKeyId对应的用户，并添加权限

//依赖同上

use AlibabaCloud\Client\AlibabaCloud;
use AlibabaCloud\Client\Exception\ClientException;
use AlibabaCloud\Client\Exception\ServerException;

public function getTempOssToken(){

            //$uid = Auth::user()->id;//用户id,例如1234
            $uid = 1198;
            //构建一个阿里云客户端，用于发起请求。
            //设置调用者（RAM用户或RAM角色）的AccessKey ID和AccessKey Secret。
            AlibabaCloud::accessKeyClient(config('filesystems.disks.oss.accessKeyId'), config('filesystems.disks.oss.accessKeySecret'))
                ->regionId('oss-cn-beijing')
                ->asDefaultClient();
            //设置参数，发起请求。
            try {
                $result = AlibabaCloud::rpc()
                    ->product('Sts')
                    ->scheme('https') // https | http
                    ->version('2015-04-01')
                    ->action('AssumeRole')
                    ->method('POST')
                    ->host('sts.aliyuncs.com')
                    ->options([
                        'query' => [
                            'RegionId' => "oss-cn-beijing",
                            'RoleArn' => "acs:ram::164******4:role/***news-sts",
                            'RoleSessionName' => $uid,  // 自定义，这里用用户id,例如1234
                        ],
                    ])
                    ->request();
                $r_arr = $result->toArray();
                //只返回$r_arr['Credentials']
            } catch (ClientException $e) {
                echo $e->getErrorMessage() . PHP_EOL;
            } catch (ServerException $e) {
                echo $e->getErrorMessage() . PHP_EOL;
            }
    }