授權訪問 - SDK參考

使用STS服務臨時授權

OSS可以通過阿里雲STS服務，臨時進行授權訪問。使用STS時請按以下步驟進行：

在官網控制台建立子帳號，參考OSS STS
在官網控制台建立STS角色並賦予子帳號扮演角色的許可權，參考OSS STS
使用子帳號的AccessKeyId/AccessKeySecret向STS申請臨時token
使用臨時token中的認證資訊建立OSS的Client
使用OSS的Client訪問OSS服務

使用STS憑證建構簽章請求

使用者的client端拿到STS臨時憑證後，通過其中安全性權杖(SecurityToken)以及臨時存取金鑰(AccessKeyId, AccessKeySecret)生成oss_request_options。以上傳檔案為例：

aos_pool_t *p;
oss_request_options_t *options;
aos_status_t *s;
aos_table_t *headers;
aos_table_t *resp_headers;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
aos_string_t bucket;
aos_string_t object;
char *data = "<object content>";
aos_list_t buffer;
aos_buf_t *content;
aos_pool_create(&p, NULL);
// init_oss_request_options using sts_token
/* 建立並用STS token初始化options */
options = oss_request_options_create(p);
options->config = oss_config_create(options->pool);
aos_str_set(&options->config->endpoint, "<您的Endpoint>");
aos_str_set(&options->config->access_key_id, "<您的臨時AccessKeyId>");
aos_str_set(&options->config->access_key_secret, "<您的臨時AccessKeySecret>");
aos_str_set(&options->config->sts_token, "<您的sts_token>");
options->config->is_cname = 0;
options->ctl = aos_http_controller_create(options->pool, 0);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
headers = aos_table_make(p, 0);
aos_list_init(&buffer);
content = aos_buf_pack(options->pool, data, strlen(data));
aos_list_add_tail(&content->node, &buffer);
/* 上傳檔案 */
s = oss_put_object_from_buffer_s(options, &bucket, &object, &buffer, headers, &resp_headers);
if (aos_status_is_ok(s)) {
    printf("put object succeeded\n");
} else {
    printf("put object failed\n");
}
aos_pool_destroy(p);

URL簽名授權

可以通過生成簽名URL的形式提供給使用者一個臨時的訪問URL。在生成URL時，可以指定URL過期的時間，從而限制使用者長時間訪問。

生成簽名url

通過oss_gen_signed_url介面生成請求url簽名。

生成下載請求的url簽名

aos_pool_t *p;
oss_request_options_t *options;
aos_http_request_t *req;
char *url_str;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
aos_string_t bucket;
aos_string_t object;
apr_time_t now;
int64_t expire_time; 
int one_hour = 3600; /* 單位：秒*/
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
req = aos_http_request_create(p);
req->method = HTTP_GET;
now = apr_time_now(); //millisecond
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
printf("臨時下載url:%s\n", url_str);
aos_pool_destroy(p);

生成上傳檔案請求的url簽名：

aos_pool_t *p;
oss_request_options_t *options;
aos_http_request_t *req;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
aos_string_t bucket;
aos_string_t object;
apr_time_t now;
int64_t expire_time; 
int one_hour = 3600;
char *url_str = NULL;
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
req = aos_http_request_create(p);
req->method = HTTP_PUT;
now = apr_time_now(); //millisecond
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url((options, &bucket, &object, expire_time, req);
printf("臨時上傳url:%s\n", url_str);
aos_pool_destroy(p);

使用簽名URL下載檔案

aos_pool_t *p;
oss_request_options_t *options;
aos_http_request_t *req;
aos_table_t *headers;
aos_table_t *resp_headers;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
char *filepath = "<本地檔案路徑>";
aos_string_t bucket;
aos_string_t object;
aos_string_t file;
char *url_str;
apr_time_t now;
int64_t expire_time; 
int one_hour = 3600;
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
aos_str_set(&file, filepath);
headers = aos_table_make(p, 0);
req = aos_http_request_create(p);
req->method = HTTP_GET;
now = apr_time_now();  /* 單位：微秒 */
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
/* 使用簽名url下載檔案 */
s = oss_get_object_to_file_by_url(options, url_str, headers, &file, &resp_headers);
if (aos_status_is_ok(s)) {
    printf("get object succeeded\n");
} else {
    printf("get object failed\n");
}
aos_pool_destroy(p);

使用URL簽名的方式上傳檔案

aos_pool_t *p;
int is_oss_domain = 1;//是否使用第三層網域名
oss_request_options_t *options;
aos_http_request_t *req;
aos_table_t *headers;
aos_table_t *resp_headers;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
char *filepath = "<本地檔案路徑>";
aos_string_t bucket;
aos_string_t object;
aos_string_t file;
char *url_str;
apr_time_t now;
int64_t expire_time; 
int one_hour = 3600;
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
aos_str_set(&file, filepath);
headers = aos_table_make(p, 0);
req = aos_http_request_create(p);
req->method = HTTP_PUT;
now = apr_time_now(); /* 單位：微秒*/
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
/* 使用簽名url上傳檔案 */
s = oss_put_object_from_file_by_url(options, url_str, &file, headers, &resp_headers);
if (aos_status_is_ok(s)) {
    printf("put objects by signed url succeeded\n");
} else {
    printf("put objects by signed url failed\n");
}
aos_pool_destroy(p);