탐색 도움말
가입하기 로그인
zmcoding
/
catch_nbfd_admin
Watch 1
Star 0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: cc547c9a06
브랜치 태그
catch_nbfd_a...
/
extend
/
web2oss
/
WebUploadToOss.php

WebUploadToOss.php 5.4 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace web2oss;
    6. 

  6. use think\facade\Cache;
    7. 

  7. 

  8. class WebUploadToOss
    9. 

  9. {
    10. 

  10. 

  11. 	public static function getPolicy($config)
    12. 

  12. 	{
    13. 

  13. 		// var_dump($config);
    14. 

  14. 		// 从缓存中获取
    15. 

  15. 		$catch_name = md5($_SERVER['PATH_INFO']);
    16. 

  16. 		$response = Cache::get('ALIYUN_OSS_POLICY_'. $catch_name);
    17. 

  17. 

  18. 		if ($response) {
    19. 

  19. 			return array('success' => true, 'message' => 'ok', 'data' => $response);
    20. 

  20. 		}
    21. 

  21. 		// 请求阿里云OSS
    22. 

  22. 		if (!$config['id'] || !$config['key'] || !$config['host'] || !$config['dir']) {
    23. 

  23. 			return array('success' => false, 'message' => 'failed,missing required argument!', 'data' => '');
    24. 

  24. 		}
    25. 

  25. 		$id = $config['id'];  // AccessKeyId。
    26. 

  26. 		$key = $config['key']; // AccessKeySecret。
    27. 

  27. 		$host = $config['host']; // $host的格式为 bucketname.endpoint 
    28. 

  28. 		$callbackUrl = $config['callbackUrl'] ?: ''; // $callbackUrl为上传回调服务器的URL
    29. 

  29. 		$callbackBody = isset($config['callbackBody']) ? $config['callbackBody'] : 'path=' . $host . '/${object}&size=${size}&mimeType=${mimeType}&height=${imageInfo.height}&width=${imageInfo.width}';
    30. 

  30. 		$callbackBodyType = isset($config['callbackBodyType']) ? $config['callbackBodyType'] : "application/x-www-form-urlencoded";
    31. 

  31. 		$dir = $config['dir'];  // 用户上传文件时指定的前缀(目录)
    32. 

  32. 		$callback_param = array(
    33. 

  33. 			'callbackUrl' => $callbackUrl,
    34. 

  34. 			'callbackBody' => $callbackBody,
    35. 

  35. 			'callbackBodyType' => $callbackBodyType
    36. 

  36. 		);
    37. 

  37. 		$callback_string = json_encode($callback_param);
    38. 

  38. 		$base64_callback_body = base64_encode($callback_string);
    39. 

  39. 		$now = time();
    40. 

  40. 		$expire = isset($config['expire']) && $config['expire'] > 30 ? (int)$config['expire'] : 60;  //设置该policy超时时间(单位:秒). 即这个policy过了这个有效时间,将不能访问。
    41. 

  41. 		$end = $now + $expire;
    42. 

  42. 		$expiration = self::gmtIso8601($end);
    43. 

  43. 

  44. 		//最大文件大小.用户可以自己设置
    45. 

  45. 		$condition = array(0 => 'content-length-range', 1 => 0, 2 => isset($config['fileSize']) ? $config['fileSize'] : 83886080);
    46. 

  46. 		$conditions[] = $condition;
    47. 

  47. 

  48. 		// 表示用户上传的数据,必须是以$dir开始,不然上传会失败,这一步不是必须项,只是为了安全起见,防止用户通过policy上传到别人的目录。
    49. 

  49. 		$start = array(0 => 'starts-with', 1 => '$key', 2 => $dir);
    50. 

  50. 		$conditions[] = $start;
    51. 

  51. 

  52. 		$arr = array('expiration' => $expiration, 'conditions' => $conditions);
    53. 

  53. 		$policy = json_encode($arr);
    54. 

  54. 		$base64_policy = base64_encode($policy);
    55. 

  55. 		$string_to_sign = $base64_policy;
    56. 

  56. 		$signature = base64_encode(hash_hmac('sha1', $string_to_sign, $key, true));
    57. 

  57. 

  58. 		$response = array();
    59. 

  59. 		$response['accessid'] = $id;
    60. 

  60. 		$response['host'] = $host;
    61. 

  61. 		$response['policy'] = $base64_policy;
    62. 

  62. 		$response['signature'] = $signature;
    63. 

  63. 		$response['expire'] = $end;
    64. 

  64. 		$response['callback'] = $base64_callback_body;
    65. 

  65. 		$response['dir'] = $dir;  // 这个参数是设置用户上传文件时指定的前缀。
    66. 

  66. 		// 设置缓存
    67. 

  67. 		Cache::set('ALIYUN_OSS_POLICY_'. $catch_name, $response, 59);
    68. 

  68. 

  69. 		return array('success' => true, 'message' => 'ok', 'data' => $response);
    70. 

  70. 	}
    71. 

  71. 

  72. 

  73. 	public static function gmtIso8601($time)
    74. 

  74. 	{
    75. 

  75. 		$dtStr = date("c", $time);
    76. 

  76. 		//$mydatetime = new DateTime($dtStr);
    77. 

  77. 		//$expiration = $mydatetime->format(DateTime::ISO8601);
    78. 

  78. 		$pos = strpos($dtStr, '+');
    79. 

  79. 		$expiration = substr($dtStr, 0, $pos);
    80. 

  80. 		return $expiration . "Z";
    81. 

  81. 	}
    82. 

  82. 

  83. 

  84. 	public static function callback()
    85. 

  85. 	{
    86. 

  86. 		// 1.获取OSS的签名header和公钥url header
    87. 

  87. 		$authorizationBase64 = "";
    88. 

  88. 		$pubKeyUrlBase64 = "";
    89. 

  89. 		/*
    90. 

  90. 		 * 注意:如果要使用HTTP_AUTHORIZATION头,你需要先在apache或者nginx中设置rewrite,以apache为例,修改
    91. 

  91. 		 * 配置文件/etc/httpd/conf/httpd.conf(以你的apache安装路径为准),在DirectoryIndex index.php这行下面增加以下两行
    92. 

  92. 		    RewriteEngine On
    93. 

  93. 		    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
    94. 

  94. 		 * */
    95. 

  95. 		if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
    96. 

  96. 			$authorizationBase64 = $_SERVER['HTTP_AUTHORIZATION'];
    97. 

  97. 		}
    98. 

  98. 		if (isset($_SERVER['HTTP_X_OSS_PUB_KEY_URL'])) {
    99. 

  99. 			$pubKeyUrlBase64 = $_SERVER['HTTP_X_OSS_PUB_KEY_URL'];
    100. 

  100. 		}
    101. 

  101. 

  102. 		if ($authorizationBase64 == '' || $pubKeyUrlBase64 == '') {
    103. 

  103. 			// header("http/1.1 403 Forbidden");
    104. 

  104. 			// exit();
    105. 

  105. 			return array('success' => false, 'message' => 'Forbidden,auth failed');
    106. 

  106. 		}
    107. 

  107. 

  108. 		// 2.获取OSS的签名
    109. 

  109. 		$authorization = base64_decode($authorizationBase64);
    110. 

  110. 

  111. 		// 3.获取公钥
    112. 

  112. 		$pubKeyUrl = base64_decode($pubKeyUrlBase64);
    113. 

  113. 		$ch = curl_init();
    114. 

  114. 		curl_setopt($ch, CURLOPT_URL, $pubKeyUrl);
    115. 

  115. 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    116. 

  116. 		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
    117. 

  117. 		$pubKey = curl_exec($ch);
    118. 

  118. 		if ($pubKey == "") {
    119. 

  119. 			//header("http/1.1 403 Forbidden");
    120. 

  120. 			//exit();
    121. 

  121. 			return array('success' => false, 'message' => 'Forbidden,pubKey is empty');
    122. 

  122. 		}
    123. 

  123. 

  124. 		// 4.获取回调body
    125. 

  125. 		$body = file_get_contents('php://input');
    126. 

  126. 

  127. 		// 5.拼接待签名字符串
    128. 

  128. 		$authStr = '';
    129. 

  129. 		$path = $_SERVER['REQUEST_URI'];
    130. 

  130. 		$pos = strpos($path, '?');
    131. 

  131. 		if ($pos === false) {
    132. 

  132. 			$authStr = urldecode($path) . "\n" . $body;
    133. 

  133. 		} else {
    134. 

  134. 			$authStr = urldecode(substr($path, 0, $pos)) . substr($path, $pos, strlen($path) - $pos) . "\n" . $body;
    135. 

  135. 		}
    136. 

  136. 

  137. 		// 6.验证签名
    138. 

  138. 		$ok = openssl_verify($authStr, $authorization, $pubKey, OPENSSL_ALGO_MD5);
    139. 

  139. 		if ($ok == 1) {
    140. 

  140. 			$file_path = array('path' => $_POST['path']);
    141. 

  141. 			return array('success' => true, 'message' => 'verify success', 'data' => $file_path);
    142. 

  142. 		} else {
    143. 

  143. 			// header("http/1.1 403 Forbidden");
    144. 

  144. 			// exit();
    145. 

  145. 			return array('success' => false, 'message' => 'verify failed');
    146. 

  146. 		}
    147. 

  147. 	}
    148. 

  148. }
    149. 

  149.