oss 权限修改
parent
a47f2fd496
commit
1ac336220e
|
|
@ -21,6 +21,10 @@ using IRaCIS.Core.Domain.Models;
|
||||||
using IRaCIS.Core.Infrastructure;
|
using IRaCIS.Core.Infrastructure;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
|
using Aliyun.Acs.Core;
|
||||||
|
using Aliyun.Acs.Core.Profile;
|
||||||
|
using Aliyun.Acs.Sts.Model.V20150401;
|
||||||
|
using Microsoft.AspNetCore.Hosting;
|
||||||
|
|
||||||
namespace IRaCIS.Api.Controllers
|
namespace IRaCIS.Api.Controllers
|
||||||
{
|
{
|
||||||
|
|
@ -32,7 +36,7 @@ namespace IRaCIS.Api.Controllers
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -43,7 +47,7 @@ namespace IRaCIS.Api.Controllers
|
||||||
/// <summary> 系统用户登录接口[New] </summary>
|
/// <summary> 系统用户登录接口[New] </summary>
|
||||||
[HttpPost, Route("user/login")]
|
[HttpPost, Route("user/login")]
|
||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
public async Task<IResponseOutput<LoginReturnDTO>> Login(UserLoginDTO loginUser, [FromServices] IEasyCachingProvider provider, [FromServices] IUserService _userService,
|
public async Task<IResponseOutput<LoginReturnDTO>> Login(UserLoginDTO loginUser, [FromServices] IEasyCachingProvider provider, [FromServices] IUserService _userService,
|
||||||
[FromServices] ITokenService _tokenService, [FromServices] IConfiguration configuration)
|
[FromServices] ITokenService _tokenService, [FromServices] IConfiguration configuration)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
@ -118,7 +122,7 @@ namespace IRaCIS.Api.Controllers
|
||||||
// 创建一个 CookieOptions 对象,用于设置 Cookie 的属性
|
// 创建一个 CookieOptions 对象,用于设置 Cookie 的属性
|
||||||
var option = new CookieOptions
|
var option = new CookieOptions
|
||||||
{
|
{
|
||||||
Expires = DateTime.Now.AddMonths(1),
|
Expires = DateTime.Now.AddMonths(1),
|
||||||
HttpOnly = true, // 确保 cookie 只能通过 HTTP 访问
|
HttpOnly = true, // 确保 cookie 只能通过 HTTP 访问
|
||||||
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None, // 设置 SameSite 属性
|
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None, // 设置 SameSite 属性
|
||||||
Secure = true // 确保 cookie 只能通过 HTTPS 访问
|
Secure = true // 确保 cookie 只能通过 HTTPS 访问
|
||||||
|
|
@ -136,6 +140,46 @@ namespace IRaCIS.Api.Controllers
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
[HttpGet("user/GenerateSTS")]
|
||||||
|
public IResponseOutput GenerateSTS( [FromServices] IWebHostEnvironment webHostEnvironment)
|
||||||
|
{
|
||||||
|
|
||||||
|
|
||||||
|
var configuration = new ConfigurationBuilder()
|
||||||
|
.AddJsonFile($"appsettings.{webHostEnvironment.EnvironmentName}.json")
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
//configuration["AliyunOSS:region"]
|
||||||
|
|
||||||
|
IClientProfile profile = DefaultProfile.GetProfile("cn-shanghai", configuration["AliyunOSS:accessKeyId"], configuration["AliyunOSS:accessKeySecret"]);
|
||||||
|
DefaultAcsClient client = new DefaultAcsClient(profile);
|
||||||
|
|
||||||
|
// 创建一个STS请求
|
||||||
|
AssumeRoleRequest request = new AssumeRoleRequest
|
||||||
|
{
|
||||||
|
RoleArn = "acs:ram::1899121822495495:role/oss-upload", // 角色ARN,需要替换为你的角色ARN
|
||||||
|
RoleSessionName = "session-name", // 角色会话名称,可自定义
|
||||||
|
DurationSeconds = 3600, // 令牌有效期(单位:秒),这里设置为1小时
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
AssumeRoleResponse response = client.GetAcsResponse(request);
|
||||||
|
|
||||||
|
// 返回STS令牌信息给前端
|
||||||
|
var stsToken = new
|
||||||
|
{
|
||||||
|
AccessKeyId = response.Credentials.AccessKeyId,
|
||||||
|
AccessKeySecret = response.Credentials.AccessKeySecret,
|
||||||
|
SecurityToken = response.Credentials.SecurityToken,
|
||||||
|
Expiration = response.Credentials.Expiration
|
||||||
|
};
|
||||||
|
|
||||||
|
return ResponseOutput.Ok(stsToken);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[HttpGet, Route("imageShare/ShareImage")]
|
[HttpGet, Route("imageShare/ShareImage")]
|
||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
|
|
@ -162,12 +206,12 @@ namespace IRaCIS.Api.Controllers
|
||||||
|
|
||||||
[HttpGet("User/UserRedirect")]
|
[HttpGet("User/UserRedirect")]
|
||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
public async Task<IActionResult> UserRedirect([FromServices] IRepository<User> _userRepository, string url ,[FromServices]ILogger<ExtraController> _logger)
|
public async Task<IActionResult> UserRedirect([FromServices] IRepository<User> _userRepository, string url, [FromServices] ILogger<ExtraController> _logger)
|
||||||
{
|
{
|
||||||
|
|
||||||
var decodeUrl = System.Web.HttpUtility.UrlDecode(url);
|
var decodeUrl = System.Web.HttpUtility.UrlDecode(url);
|
||||||
|
|
||||||
var userId = decodeUrl.Substring(decodeUrl.IndexOf("UserId=") + "UserId=".Length , 36) ;
|
var userId = decodeUrl.Substring(decodeUrl.IndexOf("UserId=") + "UserId=".Length, 36);
|
||||||
|
|
||||||
var token = decodeUrl.Substring(decodeUrl.IndexOf("access_token=") + "access_token=".Length);
|
var token = decodeUrl.Substring(decodeUrl.IndexOf("access_token=") + "access_token=".Length);
|
||||||
|
|
||||||
|
|
@ -175,12 +219,12 @@ namespace IRaCIS.Api.Controllers
|
||||||
|
|
||||||
var domainStrList = decodeUrl.Split("/").ToList().Take(3).ToList();
|
var domainStrList = decodeUrl.Split("/").ToList().Take(3).ToList();
|
||||||
|
|
||||||
var errorUrl = domainStrList[0]+"//"+ domainStrList[2]+ "/error";
|
var errorUrl = domainStrList[0] + "//" + domainStrList[2] + "/error";
|
||||||
|
|
||||||
|
|
||||||
if (!await _userRepository.AnyAsync(t => t.Id == Guid.Parse(userId) && t.EmailToken == token && t.IsFirstAdd))
|
if (!await _userRepository.AnyAsync(t => t.Id == Guid.Parse(userId) && t.EmailToken == token && t.IsFirstAdd))
|
||||||
{
|
{
|
||||||
decodeUrl = errorUrl+ $"?lang={lang}&ErrorMessage={System.Web.HttpUtility.UrlEncode(lang=="zh"? "您的初始化链接已过期": "Error!The initialization link has expired. Return")} ";
|
decodeUrl = errorUrl + $"?lang={lang}&ErrorMessage={System.Web.HttpUtility.UrlEncode(lang == "zh" ? "您的初始化链接已过期" : "Error!The initialization link has expired. Return")} ";
|
||||||
}
|
}
|
||||||
|
|
||||||
return Redirect(decodeUrl);
|
return Redirect(decodeUrl);
|
||||||
|
|
|
||||||
|
|
@ -66,6 +66,7 @@
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
<PackageReference Include="aliyun-net-sdk-sts" Version="3.1.1" />
|
||||||
<PackageReference Include="AspNetCoreRateLimit" Version="4.0.2" />
|
<PackageReference Include="AspNetCoreRateLimit" Version="4.0.2" />
|
||||||
<PackageReference Include="Autofac.Extensions.DependencyInjection" Version="8.0.0" />
|
<PackageReference Include="Autofac.Extensions.DependencyInjection" Version="8.0.0" />
|
||||||
<PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.0" />
|
<PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.0" />
|
||||||
|
|
|
||||||
|
|
@ -9,10 +9,10 @@
|
||||||
"AliyunOSS": {
|
"AliyunOSS": {
|
||||||
"endpoint": "https://oss-cn-shanghai.aliyuncs.com",
|
"endpoint": "https://oss-cn-shanghai.aliyuncs.com",
|
||||||
"region": "oss-cn-shanghai",
|
"region": "oss-cn-shanghai",
|
||||||
"accessKeyId": "mpXG7Nu6zTpsDrI1",
|
"accessKeyId": "LTAI5tKvzs7ed3UfSpNk3xwQ",
|
||||||
"accessKeySecret": "yNINcEb099SkNfF6vYKaoP8TZNI3xZ",
|
"accessKeySecret": "zTIceGEShlZDGnLrCFfIGFE7TXVRio",
|
||||||
"bucketName": "zyypacs",
|
"bucketName": "zyypacs",
|
||||||
"viewEndpoint": "https://zy-irc-cache.oss-cn-shanghai.aliyuncs.com"
|
"viewEndpoint": "https://zyypacs.oss-cn-shanghai.aliyuncs.com"
|
||||||
},
|
},
|
||||||
"ConnectionStrings": {
|
"ConnectionStrings": {
|
||||||
"RemoteNew": "Server=123.56.94.154,1433\\MSSQLSERVER;Database=Test.Study;User ID=sa;Password=dev123456DEV;TrustServerCertificate=true",
|
"RemoteNew": "Server=123.56.94.154,1433\\MSSQLSERVER;Database=Test.Study;User ID=sa;Password=dev123456DEV;TrustServerCertificate=true",
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue