Merge pull request #59 from agin719/sts

update the sts example

example/sts/sts.go

@@ -4,12 +4,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/QcloudApi/qcloud_sign_golang"
-	"github.com/tencentyun/cos-go-sdk-v5"
-	"github.com/tencentyun/cos-go-sdk-v5/debug"
 	"net/http"
 	"net/url"
+	"os"
 	"strings"
+
+	"github.com/QcloudApi/qcloud_sign_golang"
+	"github.com/tencentyun/cos-go-sdk-v5"
+	"github.com/tencentyun/cos-go-sdk-v5/debug"
 )
 
 // Use Qcloud api github.com/QcloudApi/qcloud_sign_golang
@@ -20,6 +22,19 @@ type Credent struct {
 	TmpSecretKey string `json:"tmpSecretKey"`
 }
 
+type PolicyStatement struct {
+	Action    []string                          `json:"action,omitempty"`
+	Effect    string                            `json:"effect,omitempty"`
+	Resource  []string                          `json:"resource,omitempty"`
+	Condition map[string]map[string]interface{} `json:"condition,omitempty"`
+}
+
+type CAMPolicy struct {
+	Statement []PolicyStatement   `json:"statement,omitempty"`
+	Version   string              `json:"version,omitempty"`
+	Principal map[string][]string `json:"principal,omitempty"`
+}
+
 // Data data in sts response body
 type Data struct {
 	Credentials Credent `json:"credentials"`
@@ -32,16 +47,43 @@ type Response struct {
 }
 
 func main() {
-	// 替换实际的 SecretId 和 SecretKey
-	secretID := "ak"
-	secretKey := "sk"
+	// 在环境变量中设置您的 SecretId 和 SecretKey
+	secretID := os.Getenv("COS_SECRETID")
+	secretKey := os.Getenv("COS_SECRETKEY")
+	appid := "1259654469"       //替换成您的APPID
+	bucket := "test-1259654469" //替换成您的bucket，格式：<bucketname-APPID>
 
 	// 配置
 	config := map[string]interface{}{"secretId": secretID, "secretKey": secretKey, "debug": false}
 
+	policy := &CAMPolicy{
+		Statement: []PolicyStatement{
+			PolicyStatement{
+				Action: []string{
+					"name/cos:PostObject",
+					"name/cos:PutObject",
+				},
+				Effect: "allow",
+				Resource: []string{
+					"qcs::cos:ap-guangzhou:uid/" + appid + ":" + bucket + "/*",
+				},
+			},
+		},
+		Version: "2.0",
+	}
+	bPolicy, err := json.Marshal(policy)
+	if err != nil {
+		fmt.Print("Error.", err)
+		return
+	}
+	policyStr := string(bPolicy)
 	// 请求参数
-	params := map[string]interface{}{"Region": "gz", "Action": "GetFederationToken", "name": "alantong", "policy": "{\"statement\": [{\"action\": [\"name/cos:GetObject\",\"name/cos:PutObject\"],\"effect\": \"allow\",\"resource\":[\"qcs::cos:ap-guangzhou:uid/1253960454:prefix//1253960454/alangz/*\"]}],\"version\": \"2.0\"}"}
-
+	params := map[string]interface{}{
+		"Region": "gz",
+		"Action": "GetFederationToken",
+		"name":   "test",
+		"policy": policyStr,
+	}
 	// 发送请求
 	retData, err := QcloudApi.SendRequest("sts", params, config)
 	if err != nil {
@@ -59,7 +101,7 @@ func main() {
 	tSk := r.Dat.Credentials.TmpSecretKey
 	token := r.Dat.Credentials.SessionToken
 
-	u, _ := url.Parse("https://alangz-1253960454.cos.ap-guangzhou.myqcloud.com")
+	u, _ := url.Parse("https://" + bucket + ".cos.ap-guangzhou.myqcloud.com")
 	b := &cos.BaseURL{BucketURL: u}
 	c := cos.NewClient(b, &http.Client{
 		Transport: &cos.AuthorizationTransport{
@@ -98,4 +140,5 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
+
 }