前端直传阿里云oss,php临时授权STS,与后端协传 小记
背景:前端上传图片,一是可以直传oss,但前端的sdk中需要阿里云的OSS_KEY_ID 和 OSS_KEY_SECRET,并不安全。二是先传给后端,再由后端来上传,返回给前端oss地址。
用laravel的话,实现二方案其实很简单。一方案在上传视频这种大文件时不合理,可以用临时授权方案,即STS,
方案一
//composer 依赖 //"alibabacloud/sdk": "^1.7", //"aliyuncs/oss-sdk-php": "^2.3", use OSS\OssClient; use OSS\Core\OssException; public function uplaodImg(Request $request){ $this->validateRequest($request, [ 'file' => 'required|image', ]); $file = $request->file('file'); $accessKeyId = config('filesystems.disks.oss.accessKeyId'); $accessKeySecret = config('filesystems.disks.oss.accessKeySecret'); $endpoint = config('filesystems.disks.oss.endpoint'); $bucket= config('filesystems.disks.oss.bucket'); // 文件名称 $object = $file->getClientOriginalName();; $filePath = $file->getRealPath();//路径 $ossClient = new OssClient($accessKeyId, $accessKeySecret, $endpoint); $info= $ossClient->uploadFile($bucket, $object, $filePath); var_dump($info) }
方案二
接口返回临时的id和key,其中'RoleArn' => "acs:ram::164******4:role/***news-sts", 需要去阿里云配置accessKeyId对应的用户,并添加权限
//依赖同上 use AlibabaCloud\Client\AlibabaCloud; use AlibabaCloud\Client\Exception\ClientException; use AlibabaCloud\Client\Exception\ServerException; public function getTempOssToken(){ //$uid = Auth::user()->id;//用户id,例如1234 $uid = 1198; //构建一个阿里云客户端,用于发起请求。 //设置调用者(RAM用户或RAM角色)的AccessKey ID和AccessKey Secret。 AlibabaCloud::accessKeyClient(config('filesystems.disks.oss.accessKeyId'), config('filesystems.disks.oss.accessKeySecret')) ->regionId('oss-cn-beijing') ->asDefaultClient(); //设置参数,发起请求。 try { $result = AlibabaCloud::rpc() ->product('Sts') ->scheme('https') // https | http ->version('2015-04-01') ->action('AssumeRole') ->method('POST') ->host('sts.aliyuncs.com') ->options([ 'query' => [ 'RegionId' => "oss-cn-beijing", 'RoleArn' => "acs:ram::164******4:role/***news-sts", 'RoleSessionName' => $uid, // 自定义,这里用用户id,例如1234 ], ]) ->request(); $r_arr = $result->toArray(); //只返回$r_arr['Credentials'] } catch (ClientException $e) { echo $e->getErrorMessage() . PHP_EOL; } catch (ServerException $e) { echo $e->getErrorMessage() . PHP_EOL; } }