hexo/node_modules/cos-nodejs-sdk-v5/demo/demo-sts-scope.js

76 lines
2.3 KiB
JavaScript
Raw Normal View History

2023-10-03 11:14:36 +08:00
/**
* 使用临时密钥例子
*/
var STS = require('qcloud-cos-sts');
var COS = require('../index');
var config = require('./config');
var allowPrefix = '';
// 简单上传和分片,需要以下的权限,其他权限列表请看 https://cloud.tencent.com/document/product/436/14048
var allowActions = [
'name/cos:PutObject',
'name/cos:InitiateMultipartUpload',
'name/cos:ListMultipartUploads',
'name/cos:ListParts',
'name/cos:UploadPart',
'name/cos:CompleteMultipartUpload'
];
// 判断是否允许获取密钥
var allowScope = function (scope) {
var allow = (scope || []).every(function (item) {
return allowActions.includes(item.action) &&
item.bucket === config.bucket &&
item.region === config.region &&
(item.prefix || '').startsWith(allowPrefix);
});
return allow;
};
var cos = new COS({
getAuthorization: function (options, callback) {
// TODO 这里根据自己业务需要做好放行判断
if (!allowScope()) {
console.log('deny Scope');
return;
}
// 获取临时密钥
var policy = STS.getPolicy(options.Scope);
STS.getCredential({
secretId: config.SecretId,
secretKey: config.SecretKey,
policy: policy,
// durationSeconds: 1800,
proxy: '',
region: 'ap-guangzhou'
}, function (err, data) {
if (err) {
console.error(err);
} else {
console.log(data);
var credentials = data.credentials;
callback({
TmpSecretId: credentials.tmpSecretId,
TmpSecretKey: credentials.tmpSecretKey,
SecurityToken: credentials.sessionToken,
ExpiredTime: data.expiredTime,
ScopeLimit: true, // 设为 true 可限制密钥只在相同请求可重用,默认不限制一直可重用,细粒度控制权限需要设为 true
});
}
});
},
});
cos.putObject({
Bucket: config.Bucket,
Region: config.Region,
Key: 'dir/1.txt',
Body: 'hello!',
}, function (err, data) {
console.log(err || data);
});