和其他主流云的OSS一样,联通云也支持签名上传。相比来说联通云网上的样例不是很多。但是使用签名的原理是一样的。
1、首先在联通云创建访问秘钥,需要注意的是联通云的访问秘钥不在OSS管理页面。具体菜单:访问控制->用户->新增访问秘钥
2、后端通过访问秘钥的AccessKeySecret部分生成policy和签名(Signature)
<?php
namespace App\Http\Controllers;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Validation\Rule;
use Illuminate\Http\Request;
use Laravel\Lumen\Routing\Controller;
class CucloudController extends Controller
{
/**
* 获取联通云签名
* @param Request $request
* @param Guard $guard
* @return array
* @throws \Illuminate\Validation\ValidationException
*/
public function policy(Request $request, Guard $guard): array
{
$validate = [
'field' => ['required', Rule::in(["avatar"])],
'type' => ['nullable', Rule::in(['image/png','image/jpeg','image/gif','image/webp','image/apng','image/svg', 'video/mp4', 'audio/mp3'])],
];
$this->validate($request, $validate);
$params = $request->only(array_keys($validate));
$path = sprintf("%s/%d", $params['field'], $guard->user()->id);
$key = md5($guard->user()->id . microtime(true));
if (!empty($params['type'])) {
$key .= "." . preg_replace("/[a-z]+\//", "", $params['type']);
}
$date = date("Y-m-d H:i:s", time() + 12000);
//这里的过期时间格式必须是2023-02-20T08:00:00.000Z这种,否则会报错
$data['expiration'] = str_replace(" ", "T", $date) . ".000Z";
//上传表单中除了AWSAccessKeyId、Signature、file、policy以外,其他的字段必须都在conditions中
$data['conditions']= [
["eq", "\$bucket", env("CUCLOUD_BUCKET")],//CUCLOUD_BUCKET是bucket名字
["starts-with", "\$key", $path],
["content-length-range", 0, 104857600],
["eq", "\$Content-Type", $request->type],
['eq', "\$acl", "public-read"]
];
$policy = base64_encode(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));
$signature = self::getBodySignature($policy);
return [
'key' => $path . '/' . $key,
'Content-Type' => $request->type,
'AWSAccessKeyId' => env("CUCLOUD_AWS_ACCESS_ID"),//CUCLOUD_AWS_ACCESS_ID是申请到的AccessKeyID。这里返回给前端,这样前端直接添加上file文件字段,就可以直接提交了
'policy' => $policy,
'Signature' => $signature,
'acl' => 'public-read'
];
}
/**
* 计算联通云签名
* @param $method
* @param $uri
* @param null $date
* @param null $policy
* @param null $md5
* @return string
*/
protected static function getBodySignature($policy = null): string
{
//CUCLOUD_PWD就是申请到的AccessKeySecret
$signature = base64_encode(hash_hmac('sha1', $policy, env("CUCLOUD_PWD"), true));
return $signature;
}
}
3、前端提交文件
post地址:'http://{{bucket_name}}.obs-helf.cucloud.cn/'
post字段:上面后端返回的字段在最后添加上file字段即可。