|
@@ -29,13 +29,13 @@ class StsOssView(View):
|
|
|
request.encoding = 'utf-8'
|
|
request.encoding = 'utf-8'
|
|
|
operation = kwargs.get('operation')
|
|
operation = kwargs.get('operation')
|
|
|
|
|
|
|
|
- return self.validation(request.GET,operation)
|
|
|
|
|
|
|
+ return self.validation(request.GET, operation)
|
|
|
|
|
|
|
|
def post(self, request, *args, **kwargs):
|
|
def post(self, request, *args, **kwargs):
|
|
|
request.encoding = 'utf-8'
|
|
request.encoding = 'utf-8'
|
|
|
operation = kwargs.get('operation')
|
|
operation = kwargs.get('operation')
|
|
|
|
|
|
|
|
- return self.validation(request.POST,operation)
|
|
|
|
|
|
|
+ return self.validation(request.POST, operation)
|
|
|
|
|
|
|
|
def validation(self, request_dict, operation):
|
|
def validation(self, request_dict, operation):
|
|
|
response = ResponseObject()
|
|
response = ResponseObject()
|
|
@@ -46,45 +46,61 @@ class StsOssView(View):
|
|
|
tko = TokenObject(token)
|
|
tko = TokenObject(token)
|
|
|
if tko.code == 0:
|
|
if tko.code == 0:
|
|
|
userID = tko.userID
|
|
userID = tko.userID
|
|
|
- return self.uid_preview(userID,response)
|
|
|
|
|
|
|
+ return self.uid_preview(userID, response)
|
|
|
else:
|
|
else:
|
|
|
return response.json(tko.code)
|
|
return response.json(tko.code)
|
|
|
else:
|
|
else:
|
|
|
return response.json(444)
|
|
return response.json(444)
|
|
|
|
|
|
|
|
-
|
|
|
|
|
- def uid_preview(self, userID,response):
|
|
|
|
|
|
|
+ def uid_preview(self, userID, response):
|
|
|
storage = '{userID}/uid_preview/'.format(userID=userID)
|
|
storage = '{userID}/uid_preview/'.format(userID=userID)
|
|
|
bucket_name = 'apg'
|
|
bucket_name = 'apg'
|
|
|
endpoint = 'oss-cn-shenzhen.aliyuncs.com'
|
|
endpoint = 'oss-cn-shenzhen.aliyuncs.com'
|
|
|
region_id = 'cn-shenzhen'
|
|
region_id = 'cn-shenzhen'
|
|
|
- clt = client.AcsClient(OSS_STS_ACCESS_KEY,OSS_STS_ACCESS_SECRET,region_id)
|
|
|
|
|
|
|
+ clt = client.AcsClient(OSS_STS_ACCESS_KEY, OSS_STS_ACCESS_SECRET, region_id)
|
|
|
req = AssumeRoleRequest.AssumeRoleRequest()
|
|
req = AssumeRoleRequest.AssumeRoleRequest()
|
|
|
req.set_accept_format('json')
|
|
req.set_accept_format('json')
|
|
|
req.set_RoleArn(OSS_ROLE_ARN)
|
|
req.set_RoleArn(OSS_ROLE_ARN)
|
|
|
req.set_RoleSessionName(userID)
|
|
req.set_RoleSessionName(userID)
|
|
|
req.set_DurationSeconds(3600)
|
|
req.set_DurationSeconds(3600)
|
|
|
Resource_access = "acs:oss:*:*:{bucket_name}/{userID}*".format(bucket_name=bucket_name,
|
|
Resource_access = "acs:oss:*:*:{bucket_name}/{userID}*".format(bucket_name=bucket_name,
|
|
|
- userID=userID)
|
|
|
|
|
|
|
+ userID=userID)
|
|
|
Resource_access_root = "acs:oss:*:*:{bucket_name}".format(bucket_name=bucket_name)
|
|
Resource_access_root = "acs:oss:*:*:{bucket_name}".format(bucket_name=bucket_name)
|
|
|
# Resource_access_root = "acs:oss:*:*:{bucket_name}".format(bucket_name=bucket_name)
|
|
# Resource_access_root = "acs:oss:*:*:{bucket_name}".format(bucket_name=bucket_name)
|
|
|
print(Resource_access)
|
|
print(Resource_access)
|
|
|
|
|
+ # policys = {
|
|
|
|
|
+ # "Version": "1",
|
|
|
|
|
+ # "Statement": [
|
|
|
|
|
+ # {
|
|
|
|
|
+ # "Action": ["oss:PutObject", "oss:DeleteObject", "oss:GetObject", "oss:List*"],
|
|
|
|
|
+ # # "Action": ["*"],
|
|
|
|
|
+ # "Resource": [Resource_access],
|
|
|
|
|
+ # # "Resource": ["*"],
|
|
|
|
|
+ # "Effect": "Allow",
|
|
|
|
|
+ # "Condition": {
|
|
|
|
|
+ # # "IpAddress": {"acs:SourceIp": ip}
|
|
|
|
|
+ # # "IpAddress": {"acs:SourceIp": "120.237.157.184"}
|
|
|
|
|
+ # # "IpAddress": {"acs:SourceIp": "*"}
|
|
|
|
|
+ # }
|
|
|
|
|
+ # },
|
|
|
|
|
+ # #######
|
|
|
|
|
+ # ]
|
|
|
|
|
+ # }
|
|
|
policys = {
|
|
policys = {
|
|
|
"Version": "1",
|
|
"Version": "1",
|
|
|
"Statement": [
|
|
"Statement": [
|
|
|
{
|
|
{
|
|
|
- "Action": ["oss:PutObject", "oss:DeleteObject", "oss:GetObject","oss:List*"],
|
|
|
|
|
- # "Action": ["*"],
|
|
|
|
|
- "Resource": [Resource_access],
|
|
|
|
|
- # "Resource": ["*"],
|
|
|
|
|
"Effect": "Allow",
|
|
"Effect": "Allow",
|
|
|
- "Condition": {
|
|
|
|
|
- # "IpAddress": {"acs:SourceIp": ip}
|
|
|
|
|
- # "IpAddress": {"acs:SourceIp": "120.237.157.184"}
|
|
|
|
|
- # "IpAddress": {"acs:SourceIp": "*"}
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ "Action": [
|
|
|
|
|
+ "oss:List*",
|
|
|
|
|
+ "oss:Put*",
|
|
|
|
|
+ "oss:Get*"
|
|
|
|
|
+ ],
|
|
|
|
|
+ "Resource": [
|
|
|
|
|
+ "acs:oss:*:*:151564262337939513800138001/uid_preview"
|
|
|
|
|
+ ],
|
|
|
|
|
+ "Condition": {}
|
|
|
},
|
|
},
|
|
|
- #######
|
|
|
|
|
{
|
|
{
|
|
|
"Effect": "Allow",
|
|
"Effect": "Allow",
|
|
|
"Action": [
|
|
"Action": [
|
|
@@ -123,4 +139,4 @@ class StsOssView(View):
|
|
|
'code': 0,
|
|
'code': 0,
|
|
|
'storage': storage,
|
|
'storage': storage,
|
|
|
}
|
|
}
|
|
|
- return response.json(0,res)
|
|
|
|
|
|
|
+ return response.json(0, res)
|
chenjunkai