使用STS服務臨時授權
OSS可以通過阿里雲STS服務,臨時進行授權訪問。使用STS時請按以下步驟進行:
- 在官網控制台建立子帳號,參考OSS STS
- 在官網控制台建立STS角色並賦予子帳號扮演角色的許可權,參考OSS STS
- 使用子帳號的AccessKeyId/AccessKeySecret向STS申請臨時token
- 使用臨時token中的認證資訊建立OSS的Client
- 使用OSS的Client訪問OSS服務
使用STS憑證建構簽章請求
使用者的client端拿到STS臨時憑證後,通過其中安全性權杖(SecurityToken)以及臨時存取金鑰(AccessKeyId, AccessKeySecret)生成oss_request_options。以上傳檔案為例:
aos_pool_t *p;
oss_request_options_t *options;
aos_status_t *s;
aos_table_t *headers;
aos_table_t *resp_headers;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
aos_string_t bucket;
aos_string_t object;
char *data = "<object content>";
aos_list_t buffer;
aos_buf_t *content;
aos_pool_create(&p, NULL);
// init_oss_request_options using sts_token
/* 建立並用STS token初始化options */
options = oss_request_options_create(p);
options->config = oss_config_create(options->pool);
aos_str_set(&options->config->endpoint, "<您的Endpoint>");
aos_str_set(&options->config->access_key_id, "<您的臨時AccessKeyId>");
aos_str_set(&options->config->access_key_secret, "<您的臨時AccessKeySecret>");
aos_str_set(&options->config->sts_token, "<您的sts_token>");
options->config->is_cname = 0;
options->ctl = aos_http_controller_create(options->pool, 0);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
headers = aos_table_make(p, 0);
aos_list_init(&buffer);
content = aos_buf_pack(options->pool, data, strlen(data));
aos_list_add_tail(&content->node, &buffer);
/* 上傳檔案 */
s = oss_put_object_from_buffer_s(options, &bucket, &object, &buffer, headers, &resp_headers);
if (aos_status_is_ok(s)) {
printf("put object succeeded\n");
} else {
printf("put object failed\n");
}
aos_pool_destroy(p);
URL簽名授權
可以通過生成簽名URL的形式提供給使用者一個臨時的訪問URL。在生成URL時,可以指定URL過期的時間,從而限制使用者長時間訪問。
生成簽名url
通過oss_gen_signed_url
介面生成請求url簽名。
生成下載請求的url簽名
aos_pool_t *p;
oss_request_options_t *options;
aos_http_request_t *req;
char *url_str;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
aos_string_t bucket;
aos_string_t object;
apr_time_t now;
int64_t expire_time;
int one_hour = 3600; /* 單位:秒*/
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
req = aos_http_request_create(p);
req->method = HTTP_GET;
now = apr_time_now(); //millisecond
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
printf("臨時下載url:%s\n", url_str);
aos_pool_destroy(p);
生成上傳檔案請求的url簽名:
aos_pool_t *p;
oss_request_options_t *options;
aos_http_request_t *req;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
aos_string_t bucket;
aos_string_t object;
apr_time_t now;
int64_t expire_time;
int one_hour = 3600;
char *url_str = NULL;
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
req = aos_http_request_create(p);
req->method = HTTP_PUT;
now = apr_time_now(); //millisecond
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url((options, &bucket, &object, expire_time, req);
printf("臨時上傳url:%s\n", url_str);
aos_pool_destroy(p);
使用簽名URL下載檔案
aos_pool_t *p;
oss_request_options_t *options;
aos_http_request_t *req;
aos_table_t *headers;
aos_table_t *resp_headers;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
char *filepath = "<本地檔案路徑>";
aos_string_t bucket;
aos_string_t object;
aos_string_t file;
char *url_str;
apr_time_t now;
int64_t expire_time;
int one_hour = 3600;
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
aos_str_set(&file, filepath);
headers = aos_table_make(p, 0);
req = aos_http_request_create(p);
req->method = HTTP_GET;
now = apr_time_now(); /* 單位:微秒 */
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
/* 使用簽名url下載檔案 */
s = oss_get_object_to_file_by_url(options, url_str, headers, &file, &resp_headers);
if (aos_status_is_ok(s)) {
printf("get object succeeded\n");
} else {
printf("get object failed\n");
}
aos_pool_destroy(p);
使用URL簽名的方式上傳檔案
aos_pool_t *p;
int is_oss_domain = 1;//是否使用第三層網域名
oss_request_options_t *options;
aos_http_request_t *req;
aos_table_t *headers;
aos_table_t *resp_headers;
char *bucket_name = "<您的bucket名字>";
char *object_name = "<您的object名字>";
char *filepath = "<本地檔案路徑>";
aos_string_t bucket;
aos_string_t object;
aos_string_t file;
char *url_str;
apr_time_t now;
int64_t expire_time;
int one_hour = 3600;
aos_pool_create(&p, NULL);
/* 建立並初始化options */
options = oss_request_options_create(p);
init_options(options);
/* 初始化參數 */
aos_str_set(&bucket, bucket_name);
aos_str_set(&object, object_name);
aos_str_set(&file, filepath);
headers = aos_table_make(p, 0);
req = aos_http_request_create(p);
req->method = HTTP_PUT;
now = apr_time_now(); /* 單位:微秒*/
expire_time = now / 1000000 + one_hour;
/* 生成簽名url */
url_str = oss_gen_signed_url(options, &bucket, &object, expire_time, req);
/* 使用簽名url上傳檔案 */
s = oss_put_object_from_file_by_url(options, url_str, &file, headers, &resp_headers);
if (aos_status_is_ok(s)) {
printf("put objects by signed url succeeded\n");
} else {
printf("put objects by signed url failed\n");
}
aos_pool_destroy(p);