From b427226ae44b1c0f25b8681147e828f4603a9014 Mon Sep 17 00:00:00 2001 From: jojoliang Date: Wed, 4 Dec 2019 21:52:59 +0800 Subject: [PATCH] add policy --- bucket_policy.go | 71 +++++++++++++++++++++++++++++++++++++++++++++ example/bucket/delPolicy.go | 35 ++++++++++++++++++++++ example/bucket/getPolicy.go | 39 +++++++++++++++++++++++++ example/bucket/putPolicy.go | 63 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 208 insertions(+) create mode 100644 bucket_policy.go create mode 100644 example/bucket/delPolicy.go create mode 100644 example/bucket/getPolicy.go create mode 100644 example/bucket/putPolicy.go diff --git a/bucket_policy.go b/bucket_policy.go new file mode 100644 index 0000000..a2fd7da --- /dev/null +++ b/bucket_policy.go @@ -0,0 +1,71 @@ +package cos + +import ( + "bytes" + "context" + "encoding/json" + "net/http" + "strings" +) + +type BucketStatement struct { + Principal map[string][]string `json:"principal,omitempty"` + Action []string `json:"action,omitempty"` + Effect string `json:"effect,omitempty"` + Resource []string `json:"resource,omitempty"` + Condition map[string]map[string]interface{} `json:"condition,omitempty"` +} + +type BucketPutPolicyOptions struct { + Statement []BucketStatement `json:"statement,omitempty"` + Version string `json:"version,omitempty"` + Principal map[string][]string `json:"principal,omitempty"` +} + +type BucketGetPolicyResult BucketPutPolicyOptions + +func (s *BucketService) PutPolicy(ctx context.Context, opt *BucketPutPolicyOptions) (*Response, error) { + var f *strings.Reader + if opt != nil { + bs, err := json.Marshal(opt) + if err != nil { + return nil, err + } + body := string(bs) + f = strings.NewReader(body) + } + sendOpt := &sendOptions{ + baseURL: s.client.BaseURL.BucketURL, + uri: "/?policy", + method: http.MethodPut, + body: f, + } + resp, err := s.client.send(ctx, sendOpt) + return resp, err +} + +func (s *BucketService) GetPolicy(ctx context.Context) (*BucketGetPolicyResult, *Response, error) { + var bs bytes.Buffer + var res BucketGetPolicyResult + sendOpt := &sendOptions{ + baseURL: s.client.BaseURL.BucketURL, + uri: "/?policy", + method: http.MethodGet, + result: &bs, + } + resp, err := s.client.send(ctx, sendOpt) + if err == nil { + err = json.Unmarshal(bs.Bytes(), &res) + } + return &res, resp, err +} + +func (s *BucketService) DeletePolicy(ctx context.Context) (*Response, error) { + sendOpt := &sendOptions{ + baseURL: s.client.BaseURL.BucketURL, + uri: "/?policy", + method: http.MethodDelete, + } + resp, err := s.client.send(ctx, sendOpt) + return resp, err +} diff --git a/example/bucket/delPolicy.go b/example/bucket/delPolicy.go new file mode 100644 index 0000000..cefc709 --- /dev/null +++ b/example/bucket/delPolicy.go @@ -0,0 +1,35 @@ +package main + +import ( + "context" + "net/http" + "net/url" + "os" + + "github.com/tencentyun/cos-go-sdk-v5" + "github.com/tencentyun/cos-go-sdk-v5/debug" +) + +func main() { + u, _ := url.Parse("https://test-1259654469.cos.ap-guangzhou.myqcloud.com") + b := &cos.BaseURL{ + BucketURL: u, + } + c := cos.NewClient(b, &http.Client{ + Transport: &cos.AuthorizationTransport{ + SecretID: os.Getenv("COS_SECRETID"), + SecretKey: os.Getenv("COS_SECRETKEY"), + Transport: &debug.DebugRequestTransport{ + RequestHeader: true, + RequestBody: true, + ResponseHeader: true, + ResponseBody: true, + }, + }, + }) + + _, err := c.Bucket.DeletePolicy(context.Background()) + if err != nil { + panic(err) + } +} diff --git a/example/bucket/getPolicy.go b/example/bucket/getPolicy.go new file mode 100644 index 0000000..0ac95c2 --- /dev/null +++ b/example/bucket/getPolicy.go @@ -0,0 +1,39 @@ +package main + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/url" + "os" + + "github.com/tencentyun/cos-go-sdk-v5" + "github.com/tencentyun/cos-go-sdk-v5/debug" +) + +func main() { + u, _ := url.Parse("https://test-1259654469.cos.ap-guangzhou.myqcloud.com") + b := &cos.BaseURL{ + BucketURL: u, + } + c := cos.NewClient(b, &http.Client{ + Transport: &cos.AuthorizationTransport{ + SecretID: os.Getenv("COS_SECRETID"), + SecretKey: os.Getenv("COS_SECRETKEY"), + Transport: &debug.DebugRequestTransport{ + RequestHeader: true, + RequestBody: true, + ResponseHeader: true, + ResponseBody: true, + }, + }, + }) + + res, _, err := c.Bucket.GetPolicy(context.Background()) + if err != nil { + panic(err) + } + bs, err := json.Marshal(res) + fmt.Println(string(bs)) +} diff --git a/example/bucket/putPolicy.go b/example/bucket/putPolicy.go new file mode 100644 index 0000000..d4e3a10 --- /dev/null +++ b/example/bucket/putPolicy.go @@ -0,0 +1,63 @@ +package main + +import ( + "context" + "net/http" + "net/url" + "os" + + "github.com/tencentyun/cos-go-sdk-v5" + "github.com/tencentyun/cos-go-sdk-v5/debug" +) + +func main() { + u, _ := url.Parse("https://test-1259654469.cos.ap-guangzhou.myqcloud.com") + b := &cos.BaseURL{ + BucketURL: u, + } + c := cos.NewClient(b, &http.Client{ + Transport: &cos.AuthorizationTransport{ + SecretID: os.Getenv("COS_SECRETID"), + SecretKey: os.Getenv("COS_SECRETKEY"), + Transport: &debug.DebugRequestTransport{ + RequestHeader: true, + RequestBody: true, + ResponseHeader: true, + ResponseBody: true, + }, + }, + }) + + opt := &cos.BucketPutPolicyOptions{ + Version: "2.0", + Statement: []cos.BucketStatement{ + { + Principal: map[string][]string{ + "qcs": []string{ + "qcs::cam::uin/100000000001:uin/100000000011", //替换成您想授予权限的账户uin + }, + }, + Action: []string{ + "name/cos:GetObject", + }, + Effect: "allow", + Resource: []string{ + //这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用) + "qcs::cos:ap-guangzhou:uid/1259654469:test-1259654469/exampleobject", + }, + Condition: map[string]map[string]interface{}{ + "ip_not_equal": map[string]interface{}{ + "qcs:ip": []string{ + "192.168.1.1", + }, + }, + }, + }, + }, + } + + _, err := c.Bucket.PutPolicy(context.Background(), opt) + if err != nil { + panic(err) + } +}