diff --git a/IRC.Core.SCP/IRC.Core.SCP.csproj b/IRC.Core.SCP/IRC.Core.SCP.csproj index 0413c62d6..5db7866bd 100644 --- a/IRC.Core.SCP/IRC.Core.SCP.csproj +++ b/IRC.Core.SCP/IRC.Core.SCP.csproj @@ -7,8 +7,12 @@ + + + + diff --git a/IRC.Core.SCP/Service/OSSService.cs b/IRC.Core.SCP/Service/OSSService.cs index eb34ec64f..897a62386 100644 --- a/IRC.Core.SCP/Service/OSSService.cs +++ b/IRC.Core.SCP/Service/OSSService.cs @@ -14,48 +14,75 @@ using System.Security.AccessControl; using System.Text; using System.Threading.Tasks; using System.Runtime.InteropServices; +using System.Text.Json.Serialization; +using Minio.ApiEndpoints; +using System.Reactive.Linq; +using IRaCIS.Core.Domain.Share; +using IRaCIS.Core.Infrastructure.NewtonsoftJson; +using Amazon.Runtime; +using Amazon.SecurityToken; +using Amazon.SecurityToken.Model; +using Amazon; +using Amazon.S3; +using Amazon.S3.Model; +using MassTransit; +using AlibabaCloud.SDK.Sts20150401; namespace IRaCIS.Core.SCP { + #region 绑定和返回模型 + + [LowerCamelCaseJson] public class MinIOOptions : AWSOptions { - public int port { get; set; } + public int Port { get; set; } } + public class AWSOptions { - public string endPoint { get; set; } - public bool useSSL { get; set; } - public string accessKey { get; set; } - public string secretKey { get; set; } - public string bucketName { get; set; } - public string viewEndpoint { get; set; } + public string EndPoint { get; set; } + public bool UseSSL { get; set; } + public string AccessKeyId { get; set; } + public string RoleArn { get; set; } + public string SecretAccessKey { get; set; } + public string BucketName { get; set; } + public string ViewEndpoint { get; set; } + public int DurationSeconds { get; set; } + public string Region { get; set; } } public class AliyunOSSOptions { - public string regionId { get; set; } - public string accessKeyId { get; set; } - public string accessKeySecret { get; set; } + public string RegionId { get; set; } + public string AccessKeyId { get; set; } + public string AccessKeySecret { get; set; } - public string internalEndpoint { get; set; } + public string InternalEndpoint { get; set; } - public string endPoint { get; set; } - public string bucketName { get; set; } + public string EndPoint { get; set; } + public string BucketName { get; set; } - public string roleArn { get; set; } + public string RoleArn { get; set; } + + public string Region { get; set; } + + public string ViewEndpoint { get; set; } + + public int DurationSeconds { get; set; } - public string region { get; set; } - public string viewEndpoint { get; set; } } public class ObjectStoreServiceOptions { public string ObjectStoreUse { get; set; } + public AliyunOSSOptions AliyunOSS { get; set; } + + public MinIOOptions MinIO { get; set; } public AWSOptions AWS { get; set; } @@ -66,27 +93,46 @@ namespace IRaCIS.Core.SCP { public string ObjectStoreUse { get; set; } - public AliyunOSSOptions AliyunOSS { get; set; } + + public AliyunOSSTempToken AliyunOSS { get; set; } public MinIOOptions MinIO { get; set; } - public AWSOptions AWS { get; set; } + public AWSTempToken AWS { get; set; } } + [LowerCamelCaseJson] public class AliyunOSSTempToken { public string AccessKeyId { get; set; } public string AccessKeySecret { get; set; } - public string SecurityToken { get; set; } - public string Expiration { get; set; } + + public string EndPoint { get; set; } + public string BucketName { get; set; } public string Region { get; set; } - public string BucketName { get; set; } + public string ViewEndpoint { get; set; } + + public string SecurityToken { get; set; } + public DateTime Expiration { get; set; } + + } - + [LowerCamelCaseJson] + public class AWSTempToken + { + public string Region { get; set; } + public string SessionToken { get; set; } + public string EndPoint { get; set; } + public string AccessKeyId { get; set; } + public string SecretAccessKey { get; set; } + public string BucketName { get; set; } + public string ViewEndpoint { get; set; } + public DateTime Expiration { get; set; } + } public enum ObjectStoreUse { @@ -95,6 +141,10 @@ namespace IRaCIS.Core.SCP AWS = 2, } + #endregion + + // aws 参考链接 https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/S3/S3_Basics + public interface IOSSService { public Task UploadToOSSAsync(Stream fileStream, string oosFolderPath, string fileRealName, bool isFileNameAddGuid = true); @@ -106,6 +156,9 @@ namespace IRaCIS.Core.SCP public Task GetSignedUrl(string ossRelativePath); + public Task DeleteFromPrefix(string prefix); + + public Task GetObjectStoreTempToken(); } @@ -113,10 +166,16 @@ namespace IRaCIS.Core.SCP { public ObjectStoreServiceOptions ObjectStoreServiceOptions { get; set; } + private AliyunOSSTempToken AliyunOSSTempToken { get; set; } + + private AWSTempToken AWSTempToken { get; set; } + public OSSService(IOptionsMonitor options) { ObjectStoreServiceOptions = options.CurrentValue; + + GetObjectStoreTempToken().GetAwaiter().GetResult(); } /// @@ -130,8 +189,6 @@ namespace IRaCIS.Core.SCP public async Task UploadToOSSAsync(Stream fileStream, string oosFolderPath, string fileRealName, bool isFileNameAddGuid = true) { var ossRelativePath = isFileNameAddGuid ? $"{oosFolderPath}/{Guid.NewGuid()}_{fileRealName}" : $"{oosFolderPath}/{fileRealName}"; - //var ossRelativePath = $"{oosFolderPath}/{Guid.NewGuid()}_{fileRealName}"; - //var ossRelativePath = oosFolderPath + "/" + fileRealName; try { @@ -148,12 +205,12 @@ namespace IRaCIS.Core.SCP { var aliConfig = ObjectStoreServiceOptions.AliyunOSS; - var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.endPoint : aliConfig.internalEndpoint, aliConfig.accessKeyId, aliConfig.accessKeySecret); + var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.EndPoint : aliConfig.InternalEndpoint, AliyunOSSTempToken.AccessKeyId, AliyunOSSTempToken.AccessKeySecret, AliyunOSSTempToken.SecurityToken); // 上传文件 - var result = _ossClient.PutObject(aliConfig.bucketName, ossRelativePath, memoryStream); + var result = _ossClient.PutObject(aliConfig.BucketName, ossRelativePath, memoryStream); } else if (ObjectStoreServiceOptions.ObjectStoreUse == "MinIO") @@ -161,12 +218,12 @@ namespace IRaCIS.Core.SCP var minIOConfig = ObjectStoreServiceOptions.MinIO; - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}:{minIOConfig.port}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) + var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var putObjectArgs = new PutObjectArgs() - .WithBucket(minIOConfig.bucketName) + .WithBucket(minIOConfig.BucketName) .WithObject(ossRelativePath) .WithStreamData(memoryStream) .WithObjectSize(memoryStream.Length); @@ -175,20 +232,29 @@ namespace IRaCIS.Core.SCP } else if (ObjectStoreServiceOptions.ObjectStoreUse == "AWS") { - var minIOConfig = ObjectStoreServiceOptions.AWS; + var awsConfig = ObjectStoreServiceOptions.AWS; + + var credentials = new SessionAWSCredentials(AWSTempToken.AccessKeyId, AWSTempToken.SecretAccessKey, AWSTempToken.SessionToken); - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) - .Build(); - var putObjectArgs = new PutObjectArgs() - .WithBucket(minIOConfig.bucketName) - .WithObject(ossRelativePath) - .WithStreamData(memoryStream) - .WithObjectSize(memoryStream.Length); + //提供awsEndPoint(域名)进行访问配置 + var clientConfig = new AmazonS3Config + { + RegionEndpoint = RegionEndpoint.USEast1, + UseHttp = true, + }; - await minioClient.PutObjectAsync(putObjectArgs); + var amazonS3Client = new AmazonS3Client(credentials, clientConfig); + + var putObjectRequest = new Amazon.S3.Model.PutObjectRequest() + { + BucketName = awsConfig.BucketName, + InputStream = memoryStream, + Key = ossRelativePath, + }; + + await amazonS3Client.PutObjectAsync(putObjectRequest); } else { @@ -216,6 +282,7 @@ namespace IRaCIS.Core.SCP /// /// /// + /// /// /// public async Task UploadToOSSAsync(string localFilePath, string oosFolderPath, bool isFileNameAddGuid = true) @@ -225,17 +292,14 @@ namespace IRaCIS.Core.SCP var ossRelativePath = isFileNameAddGuid ? $"{oosFolderPath}/{Guid.NewGuid()}_{localFileName}" : $"{oosFolderPath}/{localFileName}"; - //var ossRelativePath = oosFolderPath + "/" + localFileName; - - if (ObjectStoreServiceOptions.ObjectStoreUse == "AliyunOSS") { var aliConfig = ObjectStoreServiceOptions.AliyunOSS; - var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.endPoint : aliConfig.internalEndpoint, aliConfig.accessKeyId, aliConfig.accessKeySecret); + var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.EndPoint : aliConfig.InternalEndpoint, AliyunOSSTempToken.AccessKeyId, AliyunOSSTempToken.AccessKeySecret, AliyunOSSTempToken.SecurityToken); // 上传文件 - var result = _ossClient.PutObject(aliConfig.bucketName, ossRelativePath, localFilePath); + var result = _ossClient.PutObject(aliConfig.BucketName, ossRelativePath, localFilePath); } else if (ObjectStoreServiceOptions.ObjectStoreUse == "MinIO") @@ -243,12 +307,12 @@ namespace IRaCIS.Core.SCP var minIOConfig = ObjectStoreServiceOptions.MinIO; - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}:{minIOConfig.port}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) + var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var putObjectArgs = new PutObjectArgs() - .WithBucket(minIOConfig.bucketName) + .WithBucket(minIOConfig.BucketName) .WithObject(ossRelativePath) .WithFileName(localFilePath); @@ -256,19 +320,28 @@ namespace IRaCIS.Core.SCP } else if (ObjectStoreServiceOptions.ObjectStoreUse == "AWS") { - var minIOConfig = ObjectStoreServiceOptions.AWS; + var awsConfig = ObjectStoreServiceOptions.AWS; + // 提供awsAccessKeyId和awsSecretAccessKey构造凭证 + var credentials = new BasicAWSCredentials(AWSTempToken.AccessKeyId, AWSTempToken.SecretAccessKey); - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) - .Build(); + //提供awsEndPoint(域名)进行访问配置 + var clientConfig = new AmazonS3Config + { + ServiceURL = awsConfig.EndPoint + }; - var putObjectArgs = new PutObjectArgs() - .WithBucket(minIOConfig.bucketName) - .WithObject(ossRelativePath) - .WithFileName(localFilePath); + var amazonS3Client = new AmazonS3Client(credentials, clientConfig); + + var putObjectRequest = new Amazon.S3.Model.PutObjectRequest() + { + BucketName = awsConfig.BucketName, + FilePath = localFilePath, + Key = ossRelativePath, + }; + + await amazonS3Client.PutObjectAsync(putObjectRequest); - await minioClient.PutObjectAsync(putObjectArgs); } else { @@ -291,10 +364,10 @@ namespace IRaCIS.Core.SCP { var aliConfig = ObjectStoreServiceOptions.AliyunOSS; - var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.endPoint : aliConfig.internalEndpoint, aliConfig.accessKeyId, aliConfig.accessKeySecret); + var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.EndPoint : aliConfig.InternalEndpoint, AliyunOSSTempToken.AccessKeyId, AliyunOSSTempToken.AccessKeySecret, AliyunOSSTempToken.SecurityToken); // 上传文件 - var result = _ossClient.GetObject(aliConfig.bucketName, ossRelativePath); + var result = _ossClient.GetObject(aliConfig.BucketName, ossRelativePath); // 将下载的文件流保存到本地文件 using (var fs = File.OpenWrite(localFilePath)) @@ -308,12 +381,12 @@ namespace IRaCIS.Core.SCP { var minIOConfig = ObjectStoreServiceOptions.MinIO; - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}:{minIOConfig.port}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) + var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var getObjectArgs = new GetObjectArgs() - .WithBucket(minIOConfig.bucketName) + .WithBucket(minIOConfig.BucketName) .WithObject(ossRelativePath) .WithFile(localFilePath); @@ -322,18 +395,29 @@ namespace IRaCIS.Core.SCP } else if (ObjectStoreServiceOptions.ObjectStoreUse == "AWS") { - var minIOConfig = ObjectStoreServiceOptions.AWS; + var awsConfig = ObjectStoreServiceOptions.AWS; - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) - .Build(); + // 提供awsAccessKeyId和awsSecretAccessKey构造凭证 + var credentials = new BasicAWSCredentials(AWSTempToken.AccessKeyId, AWSTempToken.SecretAccessKey); + + //提供awsEndPoint(域名)进行访问配置 + var clientConfig = new AmazonS3Config + { + ServiceURL = awsConfig.EndPoint + }; + + var amazonS3Client = new AmazonS3Client(credentials, clientConfig); + + var getObjectArgs = new Amazon.S3.Model.GetObjectRequest() + { + BucketName = awsConfig.BucketName, + Key = ossRelativePath, + }; + + + await (await amazonS3Client.GetObjectAsync(getObjectArgs)).WriteResponseStreamToFileAsync(localFilePath, true, CancellationToken.None); - var getObjectArgs = new GetObjectArgs() - .WithBucket(minIOConfig.bucketName) - .WithObject(ossRelativePath) - .WithFile(localFilePath); - await minioClient.GetObjectAsync(getObjectArgs); } else { @@ -363,10 +447,10 @@ namespace IRaCIS.Core.SCP { var aliConfig = ObjectStoreServiceOptions.AliyunOSS; - var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.endPoint : aliConfig.internalEndpoint, aliConfig.accessKeyId, aliConfig.accessKeySecret); + var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.EndPoint : aliConfig.InternalEndpoint, AliyunOSSTempToken.AccessKeyId, AliyunOSSTempToken.AccessKeySecret, AliyunOSSTempToken.SecurityToken); // 生成签名URL。 - var req = new GeneratePresignedUriRequest(aliConfig.bucketName, ossRelativePath, SignHttpMethod.Get) + var req = new GeneratePresignedUriRequest(aliConfig.BucketName, ossRelativePath, SignHttpMethod.Get) { // 设置签名URL过期时间,默认值为3600秒。 Expiration = DateTime.Now.AddHours(1), @@ -380,13 +464,13 @@ namespace IRaCIS.Core.SCP { var minIOConfig = ObjectStoreServiceOptions.MinIO; - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}:{minIOConfig.port}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) + var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) .Build(); var args = new PresignedGetObjectArgs() - .WithBucket(minIOConfig.bucketName) + .WithBucket(minIOConfig.BucketName) .WithObject(ossRelativePath) .WithExpiry(3600) /*.WithHeaders(reqParams)*/; @@ -403,18 +487,26 @@ namespace IRaCIS.Core.SCP } else if (ObjectStoreServiceOptions.ObjectStoreUse == "AWS") { - var minIOConfig = ObjectStoreServiceOptions.AWS; + var awsConfig = ObjectStoreServiceOptions.AWS; - var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.endPoint}") - .WithCredentials(minIOConfig.accessKey, minIOConfig.secretKey).WithSSL(minIOConfig.useSSL) - .Build(); - var args = new PresignedGetObjectArgs() - .WithBucket(minIOConfig.bucketName) - .WithObject(ossRelativePath) - .WithExpiry(3600); + // 提供awsAccessKeyId和awsSecretAccessKey构造凭证 + var credentials = new BasicAWSCredentials(AWSTempToken.AccessKeyId, AWSTempToken.SecretAccessKey); - var presignedUrl = await minioClient.PresignedGetObjectAsync(args); + //提供awsEndPoint(域名)进行访问配置 + var clientConfig = new AmazonS3Config + { + ServiceURL = awsConfig.EndPoint + }; + + var amazonS3Client = new AmazonS3Client(credentials, clientConfig); + + var presignedUrl = await amazonS3Client.GetPreSignedURLAsync(new GetPreSignedUrlRequest() + { + BucketName = awsConfig.BucketName, + Key = ossRelativePath, + Expires = DateTime.UtcNow.AddMinutes(120) + }); Uri uri = new Uri(presignedUrl); @@ -435,8 +527,247 @@ namespace IRaCIS.Core.SCP } } + + /// + /// 删除某个目录的文件 + /// + /// + /// + public async Task DeleteFromPrefix(string prefix) + { + if (ObjectStoreServiceOptions.ObjectStoreUse == "AliyunOSS") + { + var aliConfig = ObjectStoreServiceOptions.AliyunOSS; + + var _ossClient = new OssClient(RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? aliConfig.EndPoint : aliConfig.InternalEndpoint, AliyunOSSTempToken.AccessKeyId, AliyunOSSTempToken.AccessKeySecret, AliyunOSSTempToken.SecurityToken); + + + try + { + ObjectListing objectListing = null; + string nextMarker = null; + do + { + // 使用 prefix 模拟目录结构,设置 MaxKeys 和 NextMarker + objectListing = _ossClient.ListObjects(new Aliyun.OSS.ListObjectsRequest(aliConfig.BucketName) + { + Prefix = prefix, + MaxKeys = 1000, + Marker = nextMarker + }); + + List keys = objectListing.ObjectSummaries.Select(t => t.Key).ToList(); + + // 删除获取到的文件 + if (keys.Count > 0) + { + _ossClient.DeleteObjects(new Aliyun.OSS.DeleteObjectsRequest(aliConfig.BucketName, keys, false)); + } + + // 设置 NextMarker 以获取下一页的数据 + nextMarker = objectListing.NextMarker; + + } while (objectListing.IsTruncated); + } + catch (Exception ex) + { + Console.WriteLine($"Error: {ex.Message}"); + } + + + } + else if (ObjectStoreServiceOptions.ObjectStoreUse == "MinIO") + { + var minIOConfig = ObjectStoreServiceOptions.MinIO; + + + var minioClient = new MinioClient().WithEndpoint($"{minIOConfig.EndPoint}:{minIOConfig.Port}") + .WithCredentials(minIOConfig.AccessKeyId, minIOConfig.SecretAccessKey).WithSSL(minIOConfig.UseSSL) + .Build(); + + + var listArgs = new ListObjectsArgs().WithBucket(minIOConfig.BucketName).WithPrefix(prefix).WithRecursive(true); + + + + // 创建一个空列表用于存储对象键 + var objects = new List(); + + // 使用 await foreach 来异步迭代对象列表 + await foreach (var item in minioClient.ListObjectsEnumAsync(listArgs)) + { + objects.Add(item.Key); + } + + + if (objects.Count > 0) + { + var objArgs = new RemoveObjectsArgs() + .WithBucket(minIOConfig.BucketName) + .WithObjects(objects); + + // 删除对象 + await minioClient.RemoveObjectsAsync(objArgs); + } + + + + } + else if (ObjectStoreServiceOptions.ObjectStoreUse == "AWS") + { + + var awsConfig = ObjectStoreServiceOptions.AWS; + + + // 提供awsAccessKeyId和awsSecretAccessKey构造凭证 + var credentials = new BasicAWSCredentials(AWSTempToken.AccessKeyId, AWSTempToken.SecretAccessKey); + + //提供awsEndPoint(域名)进行访问配置 + var clientConfig = new AmazonS3Config + { + ServiceURL = awsConfig.EndPoint + }; + + var amazonS3Client = new AmazonS3Client(credentials, clientConfig); + + // 列出指定前缀下的所有对象 + var listObjectsRequest = new ListObjectsV2Request + { + BucketName = awsConfig.BucketName, + Prefix = prefix + }; + + var listObjectsResponse = await amazonS3Client.ListObjectsV2Async(listObjectsRequest); + + if (listObjectsResponse.S3Objects.Count > 0) + { + // 准备删除请求 + var deleteObjectsRequest = new Amazon.S3.Model.DeleteObjectsRequest + { + BucketName = awsConfig.BucketName, + Objects = new List() + }; + + foreach (var s3Object in listObjectsResponse.S3Objects) + { + deleteObjectsRequest.Objects.Add(new KeyVersion + { + Key = s3Object.Key + }); + } + + // 批量删除对象 + var deleteObjectsResponse = await amazonS3Client.DeleteObjectsAsync(deleteObjectsRequest); + } + + + + } + else + { + throw new BusinessValidationFailedException("未定义的存储介质类型"); + } + } + + + + + public async Task GetObjectStoreTempToken() + { + var ossOptions = ObjectStoreServiceOptions.AliyunOSS; + + if (ObjectStoreServiceOptions.ObjectStoreUse == "AliyunOSS") + { + var client = new Client(new AlibabaCloud.OpenApiClient.Models.Config() + { + AccessKeyId = ossOptions.AccessKeyId, + AccessKeySecret = ossOptions.AccessKeySecret, + //AccessKeyId = "LTAI5tJV76pYX5yPg1N9QVE8", + //AccessKeySecret = "roRNLa9YG1of4pYruJGCNKBXEWTAWa", + + Endpoint = "sts.cn-hangzhou.aliyuncs.com" + }); + + var assumeRoleRequest = new AlibabaCloud.SDK.Sts20150401.Models.AssumeRoleRequest(); + // 将设置为自定义的会话名称,例如oss-role-session。 + assumeRoleRequest.RoleSessionName = $"session-name-{NewId.NextGuid()}"; + // 将替换为拥有上传文件到指定OSS Bucket权限的RAM角色的ARN。 + assumeRoleRequest.RoleArn = ossOptions.RoleArn; + //assumeRoleRequest.RoleArn = "acs:ram::1899121822495495:role/webdirect"; + assumeRoleRequest.DurationSeconds = ossOptions.DurationSeconds; + var runtime = new AlibabaCloud.TeaUtil.Models.RuntimeOptions(); + var response = client.AssumeRoleWithOptions(assumeRoleRequest, runtime); + var credentials = response.Body.Credentials; + + var tempToken = new AliyunOSSTempToken() + { + AccessKeyId = credentials.AccessKeyId, + AccessKeySecret = credentials.AccessKeySecret, + + //转为服务器时区,最后统一转为客户端时区 + Expiration = TimeZoneInfo.ConvertTimeFromUtc(DateTime.Parse(credentials.Expiration), TimeZoneInfo.Local), + SecurityToken = credentials.SecurityToken, + + + Region = ossOptions.Region, + BucketName = ossOptions.BucketName, + EndPoint = ossOptions.EndPoint, + ViewEndpoint = ossOptions.ViewEndpoint, + + }; + + AliyunOSSTempToken = tempToken; + + return new ObjectStoreDTO() { ObjectStoreUse = ObjectStoreServiceOptions.ObjectStoreUse, AliyunOSS = tempToken }; + } + else if (ObjectStoreServiceOptions.ObjectStoreUse == "MinIO") + { + return new ObjectStoreDTO() { ObjectStoreUse = ObjectStoreServiceOptions.ObjectStoreUse, MinIO = ObjectStoreServiceOptions.MinIO }; + } + else if (ObjectStoreServiceOptions.ObjectStoreUse == "AWS") + { + var awsOptions = ObjectStoreServiceOptions.AWS; + + //aws 临时凭证 + // 创建 STS 客户端 + var stsClient = new AmazonSecurityTokenServiceClient(awsOptions.AccessKeyId, awsOptions.SecretAccessKey); + + // 使用 AssumeRole 请求临时凭证 + var assumeRoleRequest = new AssumeRoleRequest + { + + RoleArn = awsOptions.RoleArn, // 角色 ARN + RoleSessionName = $"session-name-{NewId.NextGuid()}", + DurationSeconds = awsOptions.DurationSeconds // 临时凭证有效期 + }; + + var assumeRoleResponse = await stsClient.AssumeRoleAsync(assumeRoleRequest); + + var credentials = assumeRoleResponse.Credentials; + + var tempToken = new AWSTempToken() + { + AccessKeyId = credentials.AccessKeyId, + SecretAccessKey = credentials.SecretAccessKey, + SessionToken = credentials.SessionToken, + Expiration = credentials.Expiration, + Region = awsOptions.Region, + BucketName = awsOptions.BucketName, + EndPoint = awsOptions.EndPoint, + ViewEndpoint = awsOptions.ViewEndpoint, + + }; + + AWSTempToken = tempToken; + return new ObjectStoreDTO() { ObjectStoreUse = ObjectStoreServiceOptions.ObjectStoreUse, AWS = tempToken }; + } + else + { + throw new BusinessValidationFailedException("未定义的存储介质类型"); + } + } + } - } diff --git a/IRC.Core.SCP/appsettings.Prod_IRC_SCP.json b/IRC.Core.SCP/appsettings.Prod_IRC_SCP.json index 218d5a2c8..9d7cf60ac 100644 --- a/IRC.Core.SCP/appsettings.Prod_IRC_SCP.json +++ b/IRC.Core.SCP/appsettings.Prod_IRC_SCP.json @@ -9,15 +9,16 @@ "ObjectStoreService": { "ObjectStoreUse": "AliyunOSS", "AliyunOSS": { - "regionId": "cn-shanghai", - "internalEndpoint": "https://oss-cn-shanghai-internal.aliyuncs.com", - "endpoint": "https://oss-cn-shanghai.aliyuncs.com", - "accessKeyId": "LTAI5tKvzs7ed3UfSpNk3xwQ", - "accessKeySecret": "zTIceGEShlZDGnLrCFfIGFE7TXVRio", - "bucketName": "zy-irc-store", - "roleArn": "acs:ram::1899121822495495:role/oss-upload", - "viewEndpoint": "https://zy-irc-cache.oss-cn-shanghai.aliyuncs.com", - "region": "oss-cn-shanghai" + "RegionId": "cn-shanghai", + "InternalEndpoint": "https://oss-cn-shanghai-internal.aliyuncs.com", + "EndPoint": "https://oss-cn-shanghai.aliyuncs.com", + "AccessKeyId": "LTAI5tNRTsqL6aWmHkDmTwoH", + "AccessKeySecret": "7mtGz3qrYWI6JMMBZiLeC119VWicZH", + "RoleArn": "acs:ram::1899121822495495:role/irc-oss-access", + "BucketName": "zy-irc-store", + "ViewEndpoint": "https://zy-irc-cache.oss-cn-shanghai.aliyuncs.com", + "Region": "oss-cn-shanghai", + "DurationSeconds": 7200 } }, diff --git a/IRC.Core.SCP/appsettings.Test_IRC_SCP.json b/IRC.Core.SCP/appsettings.Test_IRC_SCP.json index 077a9194a..022a47cd3 100644 --- a/IRC.Core.SCP/appsettings.Test_IRC_SCP.json +++ b/IRC.Core.SCP/appsettings.Test_IRC_SCP.json @@ -9,15 +9,16 @@ "ObjectStoreService": { "ObjectStoreUse": "AliyunOSS", "AliyunOSS": { - "regionId": "cn-shanghai", - "internalEndpoint": "https://oss-cn-shanghai-internal.aliyuncs.com", - "endPoint": "https://oss-cn-shanghai.aliyuncs.com", - "accessKeyId": "LTAI5tKvzs7ed3UfSpNk3xwQ", - "accessKeySecret": "zTIceGEShlZDGnLrCFfIGFE7TXVRio", - "bucketName": "zy-irc-test-store", - "roleArn": "acs:ram::1899121822495495:role/oss-upload", - "viewEndpoint": "https://zy-irc-test-store.oss-cn-shanghai.aliyuncs.com", - "region": "oss-cn-shanghai" + "RegionId": "cn-shanghai", + "InternalEndpoint": "https://oss-cn-shanghai-internal.aliyuncs.com", + "EndPoint": "https://oss-cn-shanghai.aliyuncs.com", + "AccessKeyId": "LTAI5tRRZehUp2V9pyTPtAJm", + "AccessKeySecret": "FLizxkHsMm4CGYHtkV8E3PNJJZU7oV", + "RoleArn": "acs:ram::1899121822495495:role/dev-oss-access", + "BucketName": "zy-irc-test-store", + "ViewEndpoint": "https://zy-irc-test-store.oss-cn-shanghai.aliyuncs.com", + "Region": "oss-cn-shanghai", + "DurationSeconds": 7200 }, "MinIO": { @@ -28,16 +29,8 @@ "secretKey": "TzgvyA3zGXMUnpilJNUlyMYHfosl1hBMl6lxPmjy", "bucketName": "hir-test", "viewEndpoint": "http://106.14.89.110:9001/hir-test/" - }, - - "AWS": { - "endPoint": "s3.us-east-1.amazonaws.com", - "useSSL": false, - "accessKey": "AKIAZQ3DRSOHFPJJ6FEU", - "secretKey": "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", - "bucketName": "ei-irc-test-store", - "viewEndpoint": "https://ei-irc-test-store.s3.amazonaws.com/" } + }, "ConnectionStrings": { diff --git a/IRC.Core.SCP/appsettings.US_Prod_SCP.json b/IRC.Core.SCP/appsettings.US_Prod_SCP.json index 3387edb1d..e56626eb7 100644 --- a/IRC.Core.SCP/appsettings.US_Prod_SCP.json +++ b/IRC.Core.SCP/appsettings.US_Prod_SCP.json @@ -9,12 +9,15 @@ "ObjectStoreService": { "ObjectStoreUse": "AWS", "AWS": { - "endPoint": "s3.us-east-1.amazonaws.com", - "useSSL": true, - "accessKey": "AKIAW3MEAFJX5P32P6NA", - "secretKey": "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", - "bucketName": "ei-med-s3-lili-store", - "viewEndpoint": "https://ei-med-s3-lili-store.s3.amazonaws.com/" + "Region": "us-east-1", + "EndPoint": "s3.us-east-1.amazonaws.com", + "UseSSL": true, + "RoleArn": "arn:aws:iam::471112624751:role/lili_s3_access", + "AccessKeyId": "AKIAW3MEAFJXZ2TZK7GM", + "SecretAccessKey": "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", + "BucketName": "ei-med-s3-lili-uat-store", + "ViewEndpoint": "https://ei-med-s3-lili-uat-store.s3.amazonaws.com/", + "DurationSeconds": 7200 } }, "ConnectionStrings": { diff --git a/IRC.Core.SCP/appsettings.US_Uat_SCP.json b/IRC.Core.SCP/appsettings.US_Uat_SCP.json index 1d15fadf7..78dcb50e7 100644 --- a/IRC.Core.SCP/appsettings.US_Uat_SCP.json +++ b/IRC.Core.SCP/appsettings.US_Uat_SCP.json @@ -9,12 +9,15 @@ "ObjectStoreService": { "ObjectStoreUse": "AWS", "AWS": { - "endPoint": "s3.us-east-1.amazonaws.com", - "useSSL": true, - "accessKey": "AKIAW3MEAFJXUO6XYFYN", - "secretKey": "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", - "bucketName": "ei-med-s3-lili-uat-store", - "viewEndpoint": "https://ei-med-s3-lili-uat-store.s3.amazonaws.com/" + "Region": "us-east-1", + "EndPoint": "s3.us-east-1.amazonaws.com", + "UseSSL": true, + "RoleArn": "arn:aws:iam::471112624751:role/uat_s3_access", + "AccessKeyId": "AKIAW3MEAFJX7IPXISP4", + "SecretAccessKey": "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", + "BucketName": "ei-med-s3-lili-uat-store", + "ViewEndpoint": "https://ei-med-s3-lili-uat-store.s3.amazonaws.com/", + "DurationSeconds": 7200 } }, "ConnectionStrings": { diff --git a/IRC.Core.SCP/appsettings.Uat_IRC_SCP.json b/IRC.Core.SCP/appsettings.Uat_IRC_SCP.json index 18a92a53b..2d2fa6c9e 100644 --- a/IRC.Core.SCP/appsettings.Uat_IRC_SCP.json +++ b/IRC.Core.SCP/appsettings.Uat_IRC_SCP.json @@ -9,15 +9,16 @@ "ObjectStoreService": { "ObjectStoreUse": "AliyunOSS", "AliyunOSS": { - "regionId": "cn-shanghai", - "internalEndpoint": "https://oss-cn-shanghai-internal.aliyuncs.com", - "endpoint": "https://oss-cn-shanghai.aliyuncs.com", - "accessKeyId": "LTAI5tKvzs7ed3UfSpNk3xwQ", - "accessKeySecret": "zTIceGEShlZDGnLrCFfIGFE7TXVRio", - "bucketName": "zy-irc-uat-store", - "roleArn": "acs:ram::1899121822495495:role/oss-upload", - "viewEndpoint": "https://zy-irc-uat-store.oss-cn-shanghai.aliyuncs.com", - "region": "oss-cn-shanghai" + "RegionId": "cn-shanghai", + "InternalEndpoint": "https://oss-cn-shanghai-internal.aliyuncs.com", + "EndPoint": "https://oss-cn-shanghai.aliyuncs.com", + "AccessKeyId": "LTAI5tRRZehUp2V9pyTPtAJm", + "AccessKeySecret": "FLizxkHsMm4CGYHtkV8E3PNJJZU7oV", + "RoleArn": "acs:ram::1899121822495495:role/dev-oss-access", + "BucketName": "zy-irc-uat-store", + "ViewEndpoint": "https://zy-irc-uat-store.oss-cn-shanghai.aliyuncs.com", + "Region": "oss-cn-shanghai", + "DurationSeconds": 7200 } }, "ConnectionStrings": { diff --git a/IRaCIS.Core.API/appsettings.US_Prod_IRC.json b/IRaCIS.Core.API/appsettings.US_Prod_IRC.json index 60875f62f..b76577877 100644 --- a/IRaCIS.Core.API/appsettings.US_Prod_IRC.json +++ b/IRaCIS.Core.API/appsettings.US_Prod_IRC.json @@ -15,18 +15,6 @@ "ObjectStoreService": { "ObjectStoreUse": "AWS", - "AliyunOSS": { - "regionId": "cn-shanghai", - "internalEndpoint": "https://oss-cn-shanghai-internal.aliyuncs.com", - "endPoint": "https://oss-cn-shanghai.aliyuncs.com", - "accessKeyId": "", - "accessKeySecret": "", - "bucketName": "zy-irc-test-store", - "roleArn": "acs:ram::1899121822495495:role/oss-upload", - "viewEndpoint": "https://zy-irc-test-store.oss-cn-shanghai.aliyuncs.com", - "region": "oss-cn-shanghai" - }, - "MinIO": { "endPoint": "44.210.231.169", "port": "9001",