Skip to content

Commit

Permalink
修改签名方式,保证安全性
Browse files Browse the repository at this point in the history
  • Loading branch information
@carsonxu
carsonxu committed Mar 26, 2018
1 parent 2dac011 commit 0fa7b69
Show file tree
Hide file tree
Showing 22 changed files with 6,152 additions and 4,947 deletions.
62 changes: 47 additions & 15 deletions demo/demo.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,58 @@ var util = {

var getAuthorization = function (options, callback) {

// 方法一(推荐)
// 方法一、后端计算签名(推荐)
var method = (options.Method || 'get').toLowerCase();
var key = options.Key || '';
var query = options.Query || {};
var headers = options.Headers || {};
var pathname = key.indexOf('/') === 0 ? key : '/' + key;

var url = '../server/auth.php?method=' + method + '&pathname=' + encodeURIComponent(pathname);
// var url = 'http://127.0.0.1:3000/auth';
var url = '../server/auth.php';
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
var data = {
method: method,
pathname: pathname,
query: query,
headers: headers,
};
xhr.open('POST', url, true);
xhr.setRequestHeader('content-type', 'application/json');
xhr.onload = function (e) {
callback(e.target.responseText);
};
xhr.send();

// // 方法二(适用于前端调试)
xhr.send(JSON.stringify(data));

// // 方法二、后端通过获取临时密钥,计算签名给到前端(适用于前端调试)
// var method = (options.Method || 'get').toLowerCase();
// var key = options.Key || '';
// var query = options.Query || {};
// var headers = options.Headers || {};
// var pathname = key.indexOf('/') === 0 ? key : '/' + key;
// // var url = 'http://127.0.0.1:3000/sts';
// var url = '../server/sts.php';
// var xhr = new XMLHttpRequest();
// var data = {
// method: method,
// pathname: pathname,
// query: query,
// headers: headers,
// };
// xhr.open('POST', url, true);
// xhr.setRequestHeader('content-type', 'application/json');
// xhr.onload = function (e) {
// try {
// var AuthData = JSON.parse(e.target.responseText);
// } catch (e) {
// }
// callback({
// Authorization: AuthData.authorization,
// XCosSecurityToken: AuthData.sessionToken,
// });
// };
// xhr.send(JSON.stringify(data));

// // 方法三、前端计算签名(适用于前端调试)
// var authorization = COS.getAuthorization({
// SecretId: 'AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
// SecretKey: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
Expand All @@ -52,14 +90,8 @@ var getSTS = function (params, callback) {
};

var cos = new COS({
// 必选参数
getAuthorization: getAuthorization,
// getSTS: getSTS, // 支持使用临时密钥
// 可选参数
FileParallelLimit: 3, // 控制文件上传并发数
ChunkParallelLimit: 3, // 控制单个文件下分片上传并发数
ChunkSize: 1024 * 1024, // 控制分片大小,单位 B
ProgressInterval: 1000, // 控制 onProgress 回调的间隔
// getSTS: getSTS,
});
var TaskId;

Expand Down Expand Up @@ -572,7 +604,7 @@ function abortUploadTask() {
}

function sliceUploadFile() {
var blob = util.createFile({size: 1024 * 1024 * 30});
var blob = util.createFile({size: 1024 * 1024 * 2});
cos.sliceUploadFile({
Bucket: config.Bucket, // Bucket 格式:test-1250000000
Region: config.Region,
Expand Down
99 changes: 0 additions & 99 deletions demo/simple-form.html
View file

This file was deleted.

36 changes: 17 additions & 19 deletions demo/simple-put.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,35 +34,33 @@ <h1>Ajax Put 上传</h1>

// 计算签名
var getAuthorization = function (options, callback) {
// 方法一(适用于前端调试)
var method = (options.Method || 'get').toLowerCase();
var key = options.Key || '';
var pathname = key.indexOf('/') === 0 ? key : '/' + key;
var url = '../server/auth.php?method=' + method + '&pathname=' + encodeURIComponent(pathname);

var url = '../server/auth.php';
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = function (e) {
callback(null, e.target.responseText);
var data = {
method: method,
pathname: pathname,
};
xhr.onerror = function (e) {
callback('获取签名出错');
xhr.open('POST', url, true);
xhr.setRequestHeader('content-type', 'application/json');
xhr.onload = function (e) {
if (e.target.responseText === 'action deny') {
alert('action deny');
} else {
callback(e.target.responseText);
}
};
xhr.send();

// // 方法二(适用于前端调试),需要引入../dist/cos-js-sdk-v5.min.js
// var authorization = COS.getAuthorization({
// SecretId: SecretId,
// SecretKey: SecretKey,
// Method: options.Method,
// Key: options.Key,
// });
// callback(null, authorization);
xhr.send(JSON.stringify(data));
};

// 上传文件
var uploadFile = function (file, callback) {
var Key = file.name;
getAuthorization({Method: 'PUT', Key: Key}, function (err, auth) {
var Key = 'dir/' + file.name; // 这里指定上传目录和文件名
getAuthorization({Method: 'PUT', Key: Key}, function (auth) {

var url = prefix + Key;
var xhr = new XMLHttpRequest();
xhr.open('PUT', url, true);
Expand Down
17 changes: 11 additions & 6 deletions demo/sts-form.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ <h1>Form 表单简单上传(兼容 IE8)</h1>
<input id="success_action_redirect" name="success_action_redirect" type="hidden" value="">
<input id="key" name="key" type="hidden" value="">
<input id="Signature" name="Signature" type="hidden" value="">
<input id="x-cos-security-token" name="x-cos-security-token" type="hidden" value="">
<input id="fileSelector" name="file" type="file">
<input id="submitBtn" type="button" value="提交">
</form>
Expand All @@ -38,8 +39,11 @@ <h1>Form 表单简单上传(兼容 IE8)</h1>
var getAuthorization = function (options, callback) {
var method = (options.Method || 'get').toLowerCase();
var key = options.Key || '';
var pathname = key.indexOf('/') === 0 ? key : '/' + key;
var url = '../server/sts.php?method=' + method + '&pathname=' + encodeURIComponent(pathname);
// var url = 'http://127.0.0.1:3000/sts-post-object' +
var url = '../server/sts-post-object.php' +
'?method=' + method +
'&pathname=' + encodeURIComponent('/') +
'&key=' + encodeURIComponent(key);
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onreadystatechange = function (e) {
Expand All @@ -48,7 +52,7 @@ <h1>Form 表单简单上传(兼容 IE8)</h1>
var data = JSON.parse(xhr.responseText);
callback(null, {
Authorization: data.authorization,
XCosSecurityToken: data.credentials.sessionToken,
XCosSecurityToken: data.sessionToken,
});
} else {
callback('获取签名出错');
Expand Down Expand Up @@ -91,12 +95,13 @@ <h1>Form 表单简单上传(兼容 IE8)</h1>
document.getElementById('msg').innerText = '未选择上传文件';
return;
}
Key = filePath.match(/[\\\/]?([^\\\/]+)$/)[1];
getAuthorization({Method: 'POST', Key: '/'}, function (err, auth) {
Key = 'dir/' + filePath.match(/[\\\/]?([^\\\/]+)$/)[1]; // 这里指定上传目录和文件名
getAuthorization({Method: 'POST', Key: Key}, function (err, AuthData) {
// 在当前目录下放一个空的 empty.html 以便让接口上传完成跳转回来
document.getElementById('success_action_redirect').value = location.href.substr(0, location.href.lastIndexOf('/') + 1) + 'empty.html';
document.getElementById('key').value = Key;
document.getElementById('Signature').value = auth;
document.getElementById('Signature').value = AuthData.Authorization;
document.getElementById('x-cos-security-token').value = AuthData.XCosSecurityToken;
form.submit();
});
};
Expand Down
49 changes: 15 additions & 34 deletions demo/sts-post.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,76 +26,56 @@ <h1>Ajax Post 上传</h1>
<script>
(function () {
// 请求用到的参数
var Bucket = 'test-125000000';
var Bucket = 'test-1250000000';
var Region = 'ap-guangzhou';
var protocol = location.protocol === 'https:' ? 'https:' : 'http:';
var prefix = protocol + '//' + Bucket + '.cos.' + Region + '.myqcloud.com/';

// 计算签名
var getAuthorization = function (options, callback) {
// 方法一(适用于前端调试)
var method = (options.Method || 'get').toLowerCase();
var key = options.Key || '';
var pathname = key.indexOf('/') === 0 ? key : '/' + key;
var url = '../server/sts.php?method=' + method + '&pathname=' + encodeURIComponent(pathname);
// var url = 'http://127.0.0.1:3000/sts-post-object' +
var url = '../server/sts-post-object.php' +
'?method=' + method +
'&pathname=' + encodeURIComponent('/') +
'&key=' + encodeURIComponent(key);
var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.onload = function (e) {
var data = JSON.parse(e.target.responseText);
if (data.authorization === '') {

}
callback(null, {
Authorization: data.authorization,
XCosSecurityToken: data.credentials.sessionToken,
XCosSecurityToken: data.sessionToken,
});
};
xhr.onerror = function (e) {
callback('获取签名出错');
};
xhr.send();

// // 方法二(适用于前端调试)
// var method = (options.Method || 'get').toLowerCase();
// var key = options.Key || '';
// var pathname = key.indexOf('/') === 0 ? key : '/' + key;
// var url = '../server/key.php?method=' + method + '&pathname=' + encodeURIComponent(pathname);
// var xhr = new XMLHttpRequest();
// xhr.open('GET', url, true);
// xhr.onload = function (e) {
// var data = JSON.parse(e.target.responseText);
// var authorization = COS.getAuthorization({
// SecretId: data.credentials.tmpSecretId,
// SecretKey: data.credentials.tmpSecretKey,
// Method: options.Method,
// Key: options.Key,
// });
// callback(null, {
// Authorization: authorization,
// XCosSecurityToken: data.credentials.sessionToken,
// });
// };
// xhr.onerror = function (e) {
// callback('获取签名出错');
// };
// xhr.send();
};

// 上传文件
var uploadFile = function (file, callback) {
var Key = file.name;
var Key = 'dir/' + file.name; // 这里指定上传目录和文件名

getAuthorization({Method: 'POST', Key: ''}, function (err, info) {
getAuthorization({Method: 'POST', Key: Key}, function (err, info) {
var auth = info.Authorization;
var XCosSecurityToken = info.XCosSecurityToken;

var fd = new FormData();
fd.append('key', Key);
fd.append('Signature', auth);
XCosSecurityToken && fd.append('x-cos-security-token', XCosSecurityToken);
fd.append('file', file);

var url = prefix;
var xhr = new XMLHttpRequest();
xhr.open('POST', url, true);
xhr.onload = function () {
if (xhr.status === 200 || xhr.status === 206) {
if (Math.floor(xhr.status / 100) === 2) {
var ETag = xhr.getResponseHeader('etag');
callback(null, {url: url, ETag: ETag});
} else {
Expand All @@ -106,6 +86,7 @@ <h1>Ajax Post 上传</h1>
callback('文件 ' + Key + ' 上传失败,请检查是否没配置 CORS 跨域规则');
};
xhr.send(fd);

});
};

Expand Down
Loading

0 comments on commit 0fa7b69

Please sign in to comment.