Home Explore Help
Register Sign In
scott
/
crm
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: 5be43c6b86
Branches Tags
crm
/
app
/
api
/
controller
/
Uploadoss.php

Uploadoss.php 5.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 
  1. <?php
    2. 

  2. 

  3. namespace app\api\controller;
    4. 

  4. 

  5. use think\facade\Request;
    6. 

  6. 

  7. use DateTime;
    8. 

  8. 

  9. class Uploadoss extends Base
    10. 

  10. {
    11. 

  11.     /*
    12. 

  12.      *
    13. 

  13.      */
    14. 

  14.     private function gmt_iso8601($time)
    15. 

  15.     {
    16. 

  16.         $dtStr = date("c", $time);
    17. 

  17.         $mydatetime = new DateTime($dtStr);
    18. 

  18.         $expiration = $mydatetime->format(DateTime::ISO8601);
    19. 

  19.         $pos = strpos($expiration, '+');
    20. 

  20.         $expiration = substr($expiration, 0, $pos);
    21. 

  21.         return $expiration . "Z";
    22. 

  22.     }
    23. 

  23. 

  24.     /*
    25. 

  25. 	 * 后端直传oss文件
    26. 

  26. 	 */
    27. 

  27.     public function oss_signature()
    28. 

  28.     {
    29. 

  29. 

  30.         $cate = input('cate');
    31. 

  31. 

  32.         $id = config('app.ali_oss_access_key_id');
    33. 

  33.         $key = config('app.ali_oss_access_key_secret');
    34. 

  34.         // $host的格式为 bucketname.endpoint,请替换为您的真实信息。
    35. 

  35.         $host = 'https://' . config('app.ali_oss_bindurl');
    36. 

  36.         // $callbackUrl为上传回调服务器的URL,请将下面的IP和Port配置为您自己的真实URL信息。
    37. 

  37.         $callbackUrl = "https://" . $_SERVER['HTTP_HOST'] . "/api/uploadoss/osscallback.html";
    38. 

  38.         if ($cate) {
    39. 

  39.             $dir = $cate . '/';          // 用户上传文件时指定的前缀。
    40. 

  40.         }
    41. 

  41. 

  42.         $callback_param = array(
    43. 

  43.             'callbackUrl' => $callbackUrl,
    44. 

  44.             'callbackBody' => 'filename=${object}&size=${size}&mimeType=${mimeType}&height=${imageInfo.height}&width=${imageInfo.width}',
    45. 

  45.             'callbackBodyType' => "application/x-www-form-urlencoded"
    46. 

  46.         );
    47. 

  47.         $callback_string = json_encode($callback_param);
    48. 

  48.         $base64_callback_body = base64_encode($callback_string);
    49. 

  49.         $now = time();
    50. 

  50.         $expire = 30;  //设置该policy超时时间是10s. 即这个policy过了这个有效时间,将不能访问。
    51. 

  51.         $end = $now + $expire;
    52. 

  52.         $expiration = $this->gmt_iso8601($end);
    53. 

  53. 

  54. 

  55.         //最大文件大小.用户可以自己设置
    56. 

  56.         $condition = array(0 => 'content-length-range', 1 => 0, 2 => 1048576000);
    57. 

  57.         $conditions[] = $condition;
    58. 

  58. 

  59.         // 表示用户上传的数据,必须是以$dir开始,不然上传会失败,这一步不是必须项,只是为了安全起见,防止用户通过policy上传到别人的目录。
    60. 

  60.         $start = array(0 => 'starts-with', 1 => '$key', 2 => $dir);
    61. 

  61.         $conditions[] = $start;
    62. 

  62. 

  63. 

  64.         $arr = array('expiration' => $expiration, 'conditions' => $conditions);
    65. 

  65.         $policy = json_encode($arr);
    66. 

  66.         $base64_policy = base64_encode($policy);
    67. 

  67.         $string_to_sign = $base64_policy;
    68. 

  68.         $signature = base64_encode(hash_hmac('sha1', $string_to_sign, $key, true));
    69. 

  69. 

  70.         $response = array();
    71. 

  71.         $response['accessid'] = $id;
    72. 

  72.         $response['host'] = $host;
    73. 

  73.         $response['policy'] = $base64_policy;
    74. 

  74.         $response['signature'] = $signature;
    75. 

  75.         $response['expire'] = $end;
    76. 

  76.         $response['callback'] = $base64_callback_body;
    77. 

  77.         $response['dir'] = $dir;  // 这个参数是设置用户上传文件时指定的前缀。
    78. 

  78.         $response['callback2'] = $callbackUrl;
    79. 

  79.         return json($response);
    80. 

  80.     }
    81. 

  81. 

  82.     public function osscallback()
    83. 

  83.     {
    84. 

  84. 

  85.         // 1.获取OSS的签名header和公钥url header
    86. 

  86.         $authorizationBase64 = "";
    87. 

  87.         $pubKeyUrlBase64 = "";
    88. 

  88.         /*
    89. 

  89.          * 注意:如果要使用HTTP_AUTHORIZATION头,你需要先在apache或者nginx中设置rewrite,以apache为例,修改
    90. 

  90.          * 配置文件/etc/httpd/conf/httpd.conf(以你的apache安装路径为准),在DirectoryIndex index.php这行下面增加以下两行
    91. 

  91.             RewriteEngine On
    92. 

  92.             RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
    93. 

  93.          * */
    94. 

  94.         header("Content-Type: application/json");
    95. 

  95.         $data = array("Status" => "Ok");
    96. 

  96.         echo json_encode($data);
    97. 

  97. 

  98.         if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
    99. 

  99.             $authorizationBase64 = $_SERVER['HTTP_AUTHORIZATION'];
    100. 

  100.         }
    101. 

  101.         if (isset($_SERVER['HTTP_X_OSS_PUB_KEY_URL'])) {
    102. 

  102.             $pubKeyUrlBase64 = $_SERVER['HTTP_X_OSS_PUB_KEY_URL'];
    103. 

  103.         }
    104. 

  104. 

  105.         if ($authorizationBase64 == '' || $pubKeyUrlBase64 == '') {
    106. 

  106.             header("http/1.1 403 Forbidden");
    107. 

  107.             exit();
    108. 

  108.         }
    109. 

  109. 

  110.         // 2.获取OSS的签名
    111. 

  111.         $authorization = base64_decode($authorizationBase64);
    112. 

  112. 

  113.         // 3.获取公钥
    114. 

  114.         $pubKeyUrl = base64_decode($pubKeyUrlBase64);
    115. 

  115.         $ch = curl_init();
    116. 

  116.         curl_setopt($ch, CURLOPT_URL, $pubKeyUrl);
    117. 

  117.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    118. 

  118.         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
    119. 

  119.         $pubKey = curl_exec($ch);
    120. 

  120.         if ($pubKey == "") {
    121. 

  121.             header("http/1.1 403 Forbidden");
    122. 

  122.             exit();
    123. 

  123.         }
    124. 

  124. 

  125.         // 4.获取回调body
    126. 

  126.         $body = file_get_contents('php://input');
    127. 

  127. 

  128.         // 5.拼接待签名字符串
    129. 

  129.         $authStr = '';
    130. 

  130.         $path = $_SERVER['REQUEST_URI'];
    131. 

  131.         $pos = strpos($path, '?');
    132. 

  132.         if ($pos === false) {
    133. 

  133.             $authStr = urldecode($path) . "\n" . $body;
    134. 

  134.         } else {
    135. 

  135.             $authStr = urldecode(substr($path, 0, $pos)) . substr($path, $pos, strlen($path) - $pos) . "\n" . $body;
    136. 

  136.         }
    137. 

  137. 

  138.         // 6.验证签名
    139. 

  139.         $ok = openssl_verify($authStr, $authorization, $pubKey, OPENSSL_ALGO_MD5);
    140. 

  140.         if ($ok == 1) {
    141. 

  141.             header("Content-Type: application/json");
    142. 

  142.         } else {
    143. 

  143.             header("http/1.1 403 Forbidden");
    144. 

  144.             exit();
    145. 

  145.         }
    146. 

  146.     }
    147. 

  147. }
    148.