hexo/node_modules/cos-nodejs-sdk-v5/demo/demo-sts-scope.js

/**
 * 使用临时密钥例子
 */
var STS = require('qcloud-cos-sts');
var COS = require('../index');
var config = require('./config');

var allowPrefix = '';
// 简单上传和分片，需要以下的权限，其他权限列表请看 https://cloud.tencent.com/document/product/436/14048
var allowActions = [
    'name/cos:PutObject',
    'name/cos:InitiateMultipartUpload',
    'name/cos:ListMultipartUploads',
    'name/cos:ListParts',
    'name/cos:UploadPart',
    'name/cos:CompleteMultipartUpload'
];


// 判断是否允许获取密钥
var allowScope = function (scope) {
    var allow = (scope || []).every(function (item) {
        return allowActions.includes(item.action) &&
            item.bucket === config.bucket &&
            item.region === config.region &&
            (item.prefix || '').startsWith(allowPrefix);
    });
    return allow;
};

var cos = new COS({
    getAuthorization: function (options, callback) {

        // TODO 这里根据自己业务需要做好放行判断
        if (!allowScope()) {
            console.log('deny Scope');
            return;
        }

        // 获取临时密钥
        var policy = STS.getPolicy(options.Scope);
        STS.getCredential({
            secretId: config.SecretId,
            secretKey: config.SecretKey,
            policy: policy,
            // durationSeconds: 1800,
            proxy: '',
            region: 'ap-guangzhou'
        }, function (err, data) {
            if (err) {
                console.error(err);
            } else {
                console.log(data);
                var credentials = data.credentials;
                callback({
                    TmpSecretId: credentials.tmpSecretId,
                    TmpSecretKey: credentials.tmpSecretKey,
                    SecurityToken: credentials.sessionToken,
                    ExpiredTime: data.expiredTime,
                    ScopeLimit: true, // 设为 true 可限制密钥只在相同请求可重用，默认不限制一直可重用，细粒度控制权限需要设为 true
                });
            }
        });

    },
});

cos.putObject({
    Bucket: config.Bucket,
    Region: config.Region,
    Key: 'dir/1.txt',
    Body: 'hello!',
}, function (err, data) {
    console.log(err || data);
});
20231003 update 2023-10-03 11:14:36 +08:00			`/**`
			`* 使用临时密钥例子`
			`*/`
			`var STS = require('qcloud-cos-sts');`
			`var COS = require('../index');`
			`var config = require('./config');`

			`var allowPrefix = '';`
			`// 简单上传和分片，需要以下的权限，其他权限列表请看 https://cloud.tencent.com/document/product/436/14048`
			`var allowActions = [`
			`'name/cos:PutObject',`
			`'name/cos:InitiateMultipartUpload',`
			`'name/cos:ListMultipartUploads',`
			`'name/cos:ListParts',`
			`'name/cos:UploadPart',`
			`'name/cos:CompleteMultipartUpload'`
			`];`


			`// 判断是否允许获取密钥`
			`var allowScope = function (scope) {`
			`var allow = (scope \|\| []).every(function (item) {`
			`return allowActions.includes(item.action) &&`
			`item.bucket === config.bucket &&`
			`item.region === config.region &&`
			`(item.prefix \|\| '').startsWith(allowPrefix);`
			`});`
			`return allow;`
			`};`

			`var cos = new COS({`
			`getAuthorization: function (options, callback) {`

			`// TODO 这里根据自己业务需要做好放行判断`
			`if (!allowScope()) {`
			`console.log('deny Scope');`
			`return;`
			`}`

			`// 获取临时密钥`
			`var policy = STS.getPolicy(options.Scope);`
			`STS.getCredential({`
			`secretId: config.SecretId,`
			`secretKey: config.SecretKey,`
			`policy: policy,`
			`// durationSeconds: 1800,`
			`proxy: '',`
			`region: 'ap-guangzhou'`
			`}, function (err, data) {`
			`if (err) {`
			`console.error(err);`
			`} else {`
			`console.log(data);`
			`var credentials = data.credentials;`
			`callback({`
			`TmpSecretId: credentials.tmpSecretId,`
			`TmpSecretKey: credentials.tmpSecretKey,`
			`SecurityToken: credentials.sessionToken,`
			`ExpiredTime: data.expiredTime,`
			`ScopeLimit: true, // 设为 true 可限制密钥只在相同请求可重用，默认不限制一直可重用，细粒度控制权限需要设为 true`
			`});`
			`}`
			`});`

			`},`
			`});`

			`cos.putObject({`
			`Bucket: config.Bucket,`
			`Region: config.Region,`
			`Key: 'dir/1.txt',`
			`Body: 'hello!',`
			`}, function (err, data) {`
			`console.log(err \|\| data);`
			`});`