Auth.php 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187
  1. <?php
  2. namespace Qiniu;
  3. use Qiniu\Zone;
  4. final class Auth
  5. {
  6. private $accessKey;
  7. private $secretKey;
  8. public function __construct($accessKey, $secretKey)
  9. {
  10. $this->accessKey = $accessKey;
  11. $this->secretKey = $secretKey;
  12. }
  13. public function getAccessKey()
  14. {
  15. return $this->accessKey;
  16. }
  17. public function sign($data)
  18. {
  19. $hmac = hash_hmac('sha1', $data, $this->secretKey, true);
  20. return $this->accessKey . ':' . \Qiniu\base64_urlSafeEncode($hmac);
  21. }
  22. public function signWithData($data)
  23. {
  24. $encodedData = \Qiniu\base64_urlSafeEncode($data);
  25. return $this->sign($encodedData) . ':' . $encodedData;
  26. }
  27. public function signRequest($urlString, $body, $contentType = null)
  28. {
  29. $url = parse_url($urlString);
  30. $data = '';
  31. if (array_key_exists('path', $url)) {
  32. $data = $url['path'];
  33. }
  34. if (array_key_exists('query', $url)) {
  35. $data .= '?' . $url['query'];
  36. }
  37. $data .= "\n";
  38. if ($body !== null && $contentType === 'application/x-www-form-urlencoded') {
  39. $data .= $body;
  40. }
  41. return $this->sign($data);
  42. }
  43. public function verifyCallback($contentType, $originAuthorization, $url, $body)
  44. {
  45. $authorization = 'QBox ' . $this->signRequest($url, $body, $contentType);
  46. return $originAuthorization === $authorization;
  47. }
  48. public function privateDownloadUrl($baseUrl, $expires = 3600)
  49. {
  50. $deadline = time() + $expires;
  51. $pos = strpos($baseUrl, '?');
  52. if ($pos !== false) {
  53. $baseUrl .= '&e=';
  54. } else {
  55. $baseUrl .= '?e=';
  56. }
  57. $baseUrl .= $deadline;
  58. $token = $this->sign($baseUrl);
  59. return "$baseUrl&token=$token";
  60. }
  61. public function uploadToken($bucket, $key = null, $expires = 3600, $policy = null, $strictPolicy = true)
  62. {
  63. $deadline = time() + $expires;
  64. $scope = $bucket;
  65. if ($key !== null) {
  66. $scope .= ':' . $key;
  67. }
  68. $args = self::copyPolicy($args, $policy, $strictPolicy);
  69. $args['scope'] = $scope;
  70. $args['deadline'] = $deadline;
  71. $b = json_encode($args);
  72. return $this->signWithData($b);
  73. }
  74. /**
  75. *上传策略,参数规格详见
  76. *http://developer.qiniu.com/docs/v6/api/reference/security/put-policy.html
  77. */
  78. private static $policyFields = array(
  79. 'callbackUrl',
  80. 'callbackBody',
  81. 'callbackHost',
  82. 'callbackBodyType',
  83. 'callbackFetchKey',
  84. 'returnUrl',
  85. 'returnBody',
  86. 'endUser',
  87. 'saveKey',
  88. 'insertOnly',
  89. 'detectMime',
  90. 'mimeLimit',
  91. 'fsizeMin',
  92. 'fsizeLimit',
  93. 'persistentOps',
  94. 'persistentNotifyUrl',
  95. 'persistentPipeline',
  96. 'deleteAfterDays',
  97. 'fileType',
  98. 'isPrefixalScope',
  99. );
  100. private static function copyPolicy(&$policy, $originPolicy, $strictPolicy)
  101. {
  102. if ($originPolicy === null) {
  103. return array();
  104. }
  105. foreach ($originPolicy as $key => $value) {
  106. if (!$strictPolicy || in_array((string)$key, self::$policyFields, true)) {
  107. $policy[$key] = $value;
  108. }
  109. }
  110. return $policy;
  111. }
  112. public function authorization($url, $body = null, $contentType = null)
  113. {
  114. $authorization = 'QBox ' . $this->signRequest($url, $body, $contentType);
  115. return array('Authorization' => $authorization);
  116. }
  117. public function authorizationV2($url, $method, $body = null, $contentType = null)
  118. {
  119. $urlItems = parse_url($url);
  120. $host = $urlItems['host'];
  121. if (isset($urlItems['port'])) {
  122. $port = $urlItems['port'];
  123. } else {
  124. $port = '';
  125. }
  126. $path = $urlItems['path'];
  127. if (isset($urlItems['query'])) {
  128. $query = $urlItems['query'];
  129. } else {
  130. $query = '';
  131. }
  132. //write request uri
  133. $toSignStr = $method . ' ' . $path;
  134. if (!empty($query)) {
  135. $toSignStr .= '?' . $query;
  136. }
  137. //write host and port
  138. $toSignStr .= "\nHost: " . $host;
  139. if (!empty($port)) {
  140. $toSignStr .= ":" . $port;
  141. }
  142. //write content type
  143. if (!empty($contentType)) {
  144. $toSignStr .= "\nContent-Type: " . $contentType;
  145. }
  146. $toSignStr .= "\n\n";
  147. //write body
  148. if (!empty($body)) {
  149. $toSignStr .= $body;
  150. }
  151. $sign = $this->sign($toSignStr);
  152. $auth = 'Qiniu ' . $sign;
  153. return array('Authorization' => $auth);
  154. }
  155. }