oss 权限修改

2023-09-05 10:45:01 +08:00 · 2023-09-05 10:45:01 +08:00 · 1ac336220e
parent a47f2fd496
commit 1ac336220e
3 changed files with 56 additions and 11 deletions
--- a/IRaCIS.Core.API/Controllers/ExtraController.cs
+++ b/IRaCIS.Core.API/Controllers/ExtraController.cs
@ -21,6 +21,10 @@ using IRaCIS.Core.Domain.Models;
 using IRaCIS.Core.Infrastructure;
 using System.Linq;
 using Microsoft.Extensions.Logging;
+using Aliyun.Acs.Core;
+using Aliyun.Acs.Core.Profile;
+using Aliyun.Acs.Sts.Model.V20150401;
+using Microsoft.AspNetCore.Hosting;

 namespace IRaCIS.Api.Controllers
 {
@ -43,7 +47,7 @@ namespace IRaCIS.Api.Controllers
        /// <summary>  系统用户登录接口[New] </summary>
        [HttpPost, Route("user/login")]
        [AllowAnonymous]
-        public  async Task<IResponseOutput<LoginReturnDTO>>  Login(UserLoginDTO loginUser, [FromServices] IEasyCachingProvider provider, [FromServices] IUserService _userService,
+        public async Task<IResponseOutput<LoginReturnDTO>> Login(UserLoginDTO loginUser, [FromServices] IEasyCachingProvider provider, [FromServices] IUserService _userService,
            [FromServices] ITokenService _tokenService, [FromServices] IConfiguration configuration)
        {

@ -136,6 +140,46 @@ namespace IRaCIS.Api.Controllers
        }


+        [HttpGet("user/GenerateSTS")]
+        public IResponseOutput GenerateSTS( [FromServices] IWebHostEnvironment webHostEnvironment)
+        {
+           
+
+            var configuration = new ConfigurationBuilder()
+              .AddJsonFile($"appsettings.{webHostEnvironment.EnvironmentName}.json")
+              .Build();
+
+            //configuration["AliyunOSS:region"]
+
+            IClientProfile profile = DefaultProfile.GetProfile("cn-shanghai", configuration["AliyunOSS:accessKeyId"], configuration["AliyunOSS:accessKeySecret"]);
+            DefaultAcsClient client = new DefaultAcsClient(profile);
+
+            // 创建一个STS请求
+            AssumeRoleRequest request = new AssumeRoleRequest
+            {
+                RoleArn = "acs:ram::1899121822495495:role/oss-upload", // 角色ARN，需要替换为你的角色ARN
+                RoleSessionName = "session-name", // 角色会话名称，可自定义
+                DurationSeconds = 3600, // 令牌有效期（单位：秒），这里设置为1小时
+            };
+
+
+            AssumeRoleResponse response = client.GetAcsResponse(request);
+
+            // 返回STS令牌信息给前端
+            var stsToken = new
+            {
+                AccessKeyId = response.Credentials.AccessKeyId,
+                AccessKeySecret = response.Credentials.AccessKeySecret,
+                SecurityToken = response.Credentials.SecurityToken,
+                Expiration = response.Credentials.Expiration
+            };
+
+            return ResponseOutput.Ok(stsToken);
+
+        }
+
+
+

        [HttpGet, Route("imageShare/ShareImage")]
        [AllowAnonymous]
@ -162,12 +206,12 @@ namespace IRaCIS.Api.Controllers

        [HttpGet("User/UserRedirect")]
        [AllowAnonymous]
-        public async Task<IActionResult> UserRedirect([FromServices] IRepository<User> _userRepository,  string url ,[FromServices]ILogger<ExtraController> _logger)
+        public async Task<IActionResult> UserRedirect([FromServices] IRepository<User> _userRepository, string url, [FromServices] ILogger<ExtraController> _logger)
        {

            var decodeUrl = System.Web.HttpUtility.UrlDecode(url);

-            var userId = decodeUrl.Substring(decodeUrl.IndexOf("UserId=") + "UserId=".Length , 36) ;
+            var userId = decodeUrl.Substring(decodeUrl.IndexOf("UserId=") + "UserId=".Length, 36);

            var token = decodeUrl.Substring(decodeUrl.IndexOf("access_token=") + "access_token=".Length);

@ -175,12 +219,12 @@ namespace IRaCIS.Api.Controllers

            var domainStrList = decodeUrl.Split("/").ToList().Take(3).ToList();

-            var errorUrl = domainStrList[0]+"//"+ domainStrList[2]+ "/error";
+            var errorUrl = domainStrList[0] + "//" + domainStrList[2] + "/error";


-            if (!await _userRepository.AnyAsync(t => t.Id == Guid.Parse(userId)  && t.EmailToken == token && t.IsFirstAdd))
+            if (!await _userRepository.AnyAsync(t => t.Id == Guid.Parse(userId) && t.EmailToken == token && t.IsFirstAdd))
            {
-                decodeUrl = errorUrl+ $"?lang={lang}&ErrorMessage={System.Web.HttpUtility.UrlEncode(lang=="zh"? "您的初始化链接已过期": "Error！The initialization link has expired.    Return")} ";
+                decodeUrl = errorUrl + $"?lang={lang}&ErrorMessage={System.Web.HttpUtility.UrlEncode(lang == "zh" ? "您的初始化链接已过期" : "Error！The initialization link has expired.    Return")} ";
            }

            return Redirect(decodeUrl);
--- a/IRaCIS.Core.API/IRaCIS.Core.API.csproj
+++ b/IRaCIS.Core.API/IRaCIS.Core.API.csproj
@ -66,6 +66,7 @@
  </ItemGroup>

  <ItemGroup>
+    <PackageReference Include="aliyun-net-sdk-sts" Version="3.1.1" />
    <PackageReference Include="AspNetCoreRateLimit" Version="4.0.2" />
    <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="8.0.0" />
    <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.0" />
--- a/IRaCIS.Core.API/appsettings.Test_Study.json
+++ b/IRaCIS.Core.API/appsettings.Test_Study.json
@ -9,10 +9,10 @@
  "AliyunOSS": {
    "endpoint": "https://oss-cn-shanghai.aliyuncs.com",
    "region": "oss-cn-shanghai",
-    "accessKeyId": "mpXG7Nu6zTpsDrI1",
-    "accessKeySecret": "yNINcEb099SkNfF6vYKaoP8TZNI3xZ",
+    "accessKeyId": "LTAI5tKvzs7ed3UfSpNk3xwQ",
+    "accessKeySecret": "zTIceGEShlZDGnLrCFfIGFE7TXVRio",
    "bucketName": "zyypacs",
-    "viewEndpoint": "https://zy-irc-cache.oss-cn-shanghai.aliyuncs.com"
+    "viewEndpoint": "https://zyypacs.oss-cn-shanghai.aliyuncs.com"
  },
  "ConnectionStrings": {
    "RemoteNew": "Server=123.56.94.154,1433\\MSSQLSERVER;Database=Test.Study;User ID=sa;Password=dev123456DEV;TrustServerCertificate=true",