Merge branch 'Test_IRC_Net8' of https://gitea.frp.extimaging.com/XCKJ/irc-netcore-api into Test_IRC_Net8

IRaCIS.Core.API/Controllers/ExtraController.cs

@@ -33,6 +33,10 @@ using ZiggyCreatures.Caching.Fusion;
 using AlibabaCloud.SDK.Sts20150401;
 using AlibabaCloud.SDK.Sts20150401.Models;
 using Org.BouncyCastle.Tls;
+using Amazon.SecurityToken.Model;
+using Amazon.SecurityToken;
+using Amazon;
+using AssumeRoleRequest = Amazon.SecurityToken.Model.AssumeRoleRequest;
 
 namespace IRaCIS.Api.Controllers
 {
@@ -102,10 +106,10 @@ namespace IRaCIS.Api.Controllers
         public async Task<IResponseOutput> Login(UserLoginDTO loginUser,
             [FromServices] IFusionCache _fusionCache,
             [FromServices] IUserService _userService,
-             [FromServices] ITokenService _tokenService,
-             [FromServices] IReadingImageTaskService readingImageTaskService,
-              [FromServices] IOptionsMonitor<ServiceVerifyConfigOption> _verifyConfig,
-              [FromServices] IMailVerificationService _mailVerificationService)
+            [FromServices] ITokenService _tokenService,
+            [FromServices] IReadingImageTaskService readingImageTaskService,
+            [FromServices] IOptionsMonitor<ServiceVerifyConfigOption> _verifyConfig,
+            [FromServices] IMailVerificationService _mailVerificationService)
         {
 
             //MFA 邮箱验证  前端传递用户Id  和MFACode
@@ -293,7 +297,7 @@ namespace IRaCIS.Api.Controllers
         }
 
         [HttpGet("user/GetObjectStoreToken")]
-        public IResponseOutput GetObjectStoreToken([FromServices] IOptionsMonitor<ObjectStoreServiceOptions> options)
+        public async Task<IResponseOutput> GetObjectStoreTokenAsync([FromServices] IOptionsMonitor<ObjectStoreServiceOptions> options)
         {
             var serviceOption = options.CurrentValue;
 
@@ -338,22 +342,95 @@ namespace IRaCIS.Api.Controllers
 
                 };
 
-                return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse,  AliyunOSS = tempToken });
+                var awstempToken = await GetAWSTemToken(serviceOption);
+
+                return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse,  AliyunOSS = tempToken,AWS= awstempToken });
 
 
             }
             else if (Enum.TryParse<ObjectStoreUse>(serviceOption.ObjectStoreUse, out var parsedValue) && parsedValue == ObjectStoreUse.MinIO)
             {
-                return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO, AWS = serviceOption.AWS });
+                return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO});
             }
             else
             {
-                return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO, AWS = serviceOption.AWS });
+                var awsOptions = serviceOption.AWS;
+
+                //aws 临时凭证
+                // 创建 STS 客户端
+                var stsClient = new AmazonSecurityTokenServiceClient(awsOptions.AccessKeyId, awsOptions.SecretAccessKey);
+
+                // 使用 AssumeRole 请求临时凭证
+                var assumeRoleRequest = new AssumeRoleRequest
+                {
+                    
+                    RoleArn = awsOptions.RoleArn, // 角色 ARN
+                    RoleSessionName = $"session-name-{NewId.NextGuid()}", 
+                    DurationSeconds = awsOptions.DurationSeconds          // 临时凭证有效期
+                };
+
+                var assumeRoleResponse = await stsClient.AssumeRoleAsync(assumeRoleRequest);
+
+                var credentials = assumeRoleResponse.Credentials;
+
+                var tempToken = new AWSTempToken()
+                {
+                    AccessKeyId = credentials.AccessKeyId,
+                    SecretAccessKey = credentials.SecretAccessKey,
+                    SessionToken= credentials.SessionToken,
+                    Expiration=credentials.Expiration,
+
+                    BucketName = awsOptions.BucketName,
+                    EndPoint = awsOptions.EndPoint,
+                    ViewEndpoint = awsOptions.ViewEndpoint,
+
+                };
+
+
+
+                return ResponseOutput.Ok(new ObjectStoreDTO() { ObjectStoreUse = serviceOption.ObjectStoreUse, MinIO = serviceOption.MinIO, AWS = tempToken });
             }
 
         }
 
 
+        private async Task<AWSTempToken> GetAWSTemToken(ObjectStoreServiceOptions serviceOption)
+        {
+            var awsOptions = serviceOption.AWS;
+
+            //aws 临时凭证
+            // 创建 STS 客户端
+            var stsClient = new AmazonSecurityTokenServiceClient(awsOptions.AccessKeyId, awsOptions.SecretAccessKey);
+
+            // 使用 AssumeRole 请求临时凭证
+            var assumeRoleRequest = new AssumeRoleRequest
+            {
+
+                RoleArn = awsOptions.RoleArn, // 角色 ARN
+                RoleSessionName = $"session-name-{NewId.NextGuid()}",
+                DurationSeconds = awsOptions.DurationSeconds          // 临时凭证有效期
+            };
+
+            var assumeRoleResponse = await stsClient.AssumeRoleAsync(assumeRoleRequest);
+
+            var credentials = assumeRoleResponse.Credentials;
+
+            var tempToken = new AWSTempToken()
+            {
+                AccessKeyId = credentials.AccessKeyId,
+                SecretAccessKey = credentials.SecretAccessKey,
+                SessionToken = credentials.SessionToken,
+                Expiration = credentials.Expiration,
+
+                BucketName = awsOptions.BucketName,
+                EndPoint = awsOptions.EndPoint,
+                ViewEndpoint = awsOptions.ViewEndpoint,
+
+            };
+
+            return tempToken;
+        }
+
 
         #region aliyun-net-sdk-sts  之前
         //[HttpGet("user/GenerateSTS")]

IRaCIS.Core.API/IRaCIS.Core.API.csproj

@@ -64,6 +64,7 @@
     <PackageReference Include="AlibabaCloud.SDK.Sts20150401" Version="1.1.4" />
     <PackageReference Include="AspNetCoreRateLimit" Version="5.0.0" />
     <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="9.0.0" />
+    <PackageReference Include="AWSSDK.SecurityToken" Version="3.7.400.13" />
     <PackageReference Include="ConfigMapFileProvider" Version="2.0.1" />
 	  <PackageReference Include="Hangfire.AspNetCore" Version="1.8.14" />
 	  <PackageReference Include="Hangfire.Dashboard.BasicAuthorization" Version="1.0.2" />

IRaCIS.Core.API/appsettings.Test_IRC.json

@@ -39,10 +39,12 @@
     "AWS": {
       "EndPoint": "s3.us-east-1.amazonaws.com",
       "UseSSL": true,
-      "AccessKey": "AKIAZQ3DRSOHFPJJ6FEU",
-      "SecretKey": "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",
-      "BucketName": "ei-irc-test-store",
-      "ViewEndpoint": "https://ei-irc-test-store.s3.amazonaws.com/"
+      "RoleArn": "arn:aws:iam::471112624751:role/sts_s3_upload",
+      "AccessKeyId": "AKIAW3MEAFJXWRCGSX5Z",
+      "SecretAccessKey": "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",
+      "BucketName": "ei-med-s3-lili-uat-store",
+      "ViewEndpoint": "https://ei-med-s3-lili-uat-store.s3.amazonaws.com/",
+      "DurationSeconds": 7200
     }
   },
 

IRaCIS.Core.Application/Helper/OSSService.cs

@@ -30,15 +30,17 @@ namespace IRaCIS.Core.Application.Helper
 
     }
 
-    [LowerCamelCaseJson]
+    
     public class AWSOptions
     {
         public string EndPoint { get; set; }
         public bool UseSSL { get; set; }
-        public string AccessKey { get; set; }
-        public string SecretKey { get; set; }
+        public string AccessKeyId { get; set; }
+        public string RoleArn { get; set; }
+        public string SecretAccessKey { get; set; }
         public string BucketName { get; set; }
         public string ViewEndpoint { get; set; }
+        public int DurationSeconds { get; set; }
     }
 
     public class AliyunOSSOptions
@@ -60,7 +62,7 @@ namespace IRaCIS.Core.Application.Helper
 
         public int DurationSeconds { get; set; }
 
-        
+
 
     }
 
@@ -86,7 +88,7 @@ namespace IRaCIS.Core.Application.Helper
 
         public MinIOOptions MinIO { get; set; }
 
-        public AWSOptions AWS { get; set; }
+        public AWSTempToken AWS { get; set; }
 
     }
 
@@ -106,14 +108,24 @@ namespace IRaCIS.Core.Application.Helper
         public string ViewEndpoint { get; set; }
 
 
-      
+
         public string SecurityToken { get; set; }
         public string Expiration { get; set; }
 
 
     }
 
-
+    [LowerCamelCaseJson]
+    public class AWSTempToken
+    {
+        public string SessionToken { get; set; }
+        public string EndPoint { get; set; }
+        public string AccessKeyId { get; set; }
+        public string SecretAccessKey { get; set; }
+        public string BucketName { get; set; }
+        public string ViewEndpoint { get; set; }
+        public DateTime Expiration { get; set; }
+    }
 
     public enum ObjectStoreUse
     {
@@ -190,7 +202,7 @@ namespace IRaCIS.Core.Application.Helper
 
 
                         var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}")
-                            .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                            .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                             .Build();
 
                         var putObjectArgs = new PutObjectArgs()
@@ -207,7 +219,7 @@ namespace IRaCIS.Core.Application.Helper
 
 
                         var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}")
-                            .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                            .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                             .Build();
 
                         var putObjectArgs = new PutObjectArgs()
@@ -272,7 +284,7 @@ namespace IRaCIS.Core.Application.Helper
 
 
                 var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}")
-                    .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                    .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                     .Build();
 
                 var putObjectArgs = new PutObjectArgs()
@@ -288,7 +300,7 @@ namespace IRaCIS.Core.Application.Helper
 
 
                 var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}")
-                    .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                    .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                     .Build();
 
                 var putObjectArgs = new PutObjectArgs()
@@ -337,7 +349,7 @@ namespace IRaCIS.Core.Application.Helper
                     var minIOConfig = ObjectStoreServiceOptions.MinIO;
 
                     var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}")
-                        .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                        .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                         .Build();
 
                     var getObjectArgs = new GetObjectArgs()
@@ -353,7 +365,7 @@ namespace IRaCIS.Core.Application.Helper
                     var minIOConfig = ObjectStoreServiceOptions.AWS;
 
                     var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}")
-                        .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                        .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                         .Build();
 
                     var getObjectArgs = new GetObjectArgs()
@@ -409,7 +421,7 @@ namespace IRaCIS.Core.Application.Helper
                     var minIOConfig = ObjectStoreServiceOptions.MinIO;
 
                     var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}")
-                        .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                        .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                         .Build();
 
 
@@ -434,7 +446,7 @@ namespace IRaCIS.Core.Application.Helper
                     var minIOConfig = ObjectStoreServiceOptions.AWS;
 
                     var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}")
-                        .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                        .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                         .Build();
 
                     var args = new PresignedGetObjectArgs()
@@ -518,7 +530,7 @@ namespace IRaCIS.Core.Application.Helper
 
 
                 var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}")
-                    .WithCredentials(minIOConfig.AccessKey, minIOConfig.SecretKey).WithSSL(minIOConfig.UseSSL)
+                    .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL)
                     .Build();