JointCloud
/
common
Not watched
1
0
Fork 0
Code
Releases 0 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
428 Commits
9 Branches
844 kB
5 Download
Tree: eacc4f6bd3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'eacc4f6bd3'
${ noResults }
common/sdks/storage/cdsapi/signer.go

signer.go 3.0 kB
Raw Normal View History

拆分签名逻辑
8 months ago
修复调试问题
8 months ago
拆分签名逻辑
8 months ago
修复调试问题
8 months ago
拆分签名逻辑
8 months ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 
  1. package cdsapi

  2. 

  3. import (

  4. 	"bytes"

  5. 	"context"

  6. 	"crypto/sha256"

  7. 	"encoding/hex"

  8. 	"fmt"

  9. 	"io"

  10. 	"net/http"

  11. 	"time"

  12. 

  13. 	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"

  14. 	"github.com/aws/aws-sdk-go-v2/credentials"

  15. )

  16. 

  17. const (

  18. 	AuthService = "jcs"

  19. 	AuthRegion  = "any"

  20. )

  21. 

  22. // 对一个请求进行签名,并将签名信息添加到请求头中。

  23. //

  24. // 会读取请求体计算sha256哈希值。如果hash值已知,可以使用SignWithPayloadHash方法。

  25. func Sign(req *http.Request, accessKey, secretKey string) error {

  26. 	prod := credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")

  27. 	cred, err := prod.Retrieve(context.TODO())

  28. 	if err != nil {

  29. 		return err

  30. 	}

  31. 

  32. 	payloadHash := ""

  33. 	if req.Body != nil {

  34. 		data, err := io.ReadAll(req.Body)

  35. 		if err != nil {

  36. 			return err

  37. 		}

  38. 		req.Body.Close()

  39. 		req.Body = io.NopCloser(bytes.NewReader(data))

  40. 

  41. 		hasher := sha256.New()

  42. 		hasher.Write(data)

  43. 		payloadHash = hex.EncodeToString(hasher.Sum(nil))

  44. 	} else {

  45. 		hash := sha256.Sum256([]byte(""))

  46. 		payloadHash = hex.EncodeToString(hash[:])

  47. 	}

  48. 

  49. 	signer := v4.NewSigner()

  50. 	err = signer.SignHTTP(context.Background(), cred, req, payloadHash, AuthService, AuthRegion, time.Now())

  51. 	if err != nil {

  52. 		return err

  53. 	}

  54. 

  55. 	return nil

  56. }

  57. 

  58. // 对一个请求进行签名,不计算请求体的哈希,适合上传文件接口。

  59. func SignWithoutBody(req *http.Request, accessKey, secretKey string) error {

  60. 	prod := credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")

  61. 	cred, err := prod.Retrieve(context.TODO())

  62. 	if err != nil {

  63. 		return err

  64. 	}

  65. 

  66. 	signer := v4.NewSigner()

  67. 	err = signer.SignHTTP(context.Background(), cred, req, "", AuthService, AuthRegion, time.Now())

  68. 	if err != nil {

  69. 		return err

  70. 	}

  71. 

  72. 	return nil

  73. }

  74. 

  75. // 对一个请求进行签名,签名时使用指定的哈希值作为请求体的哈希值。

  76. //

  77. // 参数payloadHash必须为sha256哈希值的16进制字符串,全小写。

  78. func SignWithPayloadHash(req *http.Request, payloadHash string, accessKey, secretKey string) error {

  79. 	prod := credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")

  80. 	cred, err := prod.Retrieve(context.TODO())

  81. 	if err != nil {

  82. 		return err

  83. 	}

  84. 

  85. 	signer := v4.NewSigner()

  86. 	err = signer.SignHTTP(context.Background(), cred, req, payloadHash, AuthService, AuthRegion, time.Now())

  87. 	if err != nil {

  88. 		return err

  89. 	}

  90. 

  91. 	return nil

  92. }

  93. 

  94. // 生成一个带签名的URL。

  95. //

  96. // expiration为签名过期时间,单位为秒。

  97. //

  98. // 签名时不会包含请求体的哈希值。

  99. func Presign(req *http.Request, accessKey, secretKey string, expiration int) (string, error) {

  100. 	query := req.URL.Query()

  101. 	query.Add("X-Expires", fmt.Sprintf("%v", expiration))

  102. 

  103. 	req.URL.RawQuery = query.Encode()

  104. 

  105. 	prod := credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")

  106. 	cred, err := prod.Retrieve(context.TODO())

  107. 	if err != nil {

  108. 		return "", err

  109. 	}

  110. 

  111. 	signer := v4.NewSigner()

  112. 	signedURL, _, err := signer.PresignHTTP(context.Background(), cred, req, "", AuthService, AuthRegion, time.Now())

  113. 	return signedURL, err

  114. }

公共库