package main
import (
"context"
"fmt"
"github.com/tencentyun/cos-go-sdk-v5"
"github.com/tencentyun/cos-go-sdk-v5/debug"
"github.com/tencentyun/qcloud-cos-sts-sdk/go"
"net/http"
"net/url"
"os"
"strings"
"time"
)
func main() {
appid := "1259654469"
bucket := "test-1259654469"
c := sts.NewClient(
os.Getenv("COS_SECRETID"),
os.Getenv("COS_SECRETKEY"),
nil,
)
opt := &sts.CredentialOptions{
DurationSeconds: int64(time.Hour.Seconds()),
Region: "ap-guangzhou",
Policy: &sts.CredentialPolicy{
Statement: []sts.CredentialPolicyStatement{
{
Action: []string{
"name/cos:PostObject",
"name/cos:PutObject",
"name/cos:GetObject",
},
Effect: "allow",
Resource: []string{
//这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
"qcs::cos:ap-guangzhou:uid/" + appid + ":" + bucket + "/exampleobject",
},
},
},
},
}
res, err := c.GetCredential(opt)
if err != nil {
panic(err)
}
fmt.Printf("%+v\n", res.Credentials)
//获取临时ak、sk、token
tAk := res.Credentials.TmpSecretID
tSk := res.Credentials.TmpSecretKey
token := res.Credentials.SessionToken
u, _ := url.Parse("https://" + bucket + ".cos.ap-guangzhou.myqcloud.com")
b := &cos.BaseURL{BucketURL: u}
client := cos.NewClient(b, &http.Client{
Transport: &cos.AuthorizationTransport{
// 使用临时密钥
SecretID: tAk,
SecretKey: tSk,
SessionToken: token,
Transport: &debug.DebugRequestTransport{
RequestHeader: true,
RequestBody: true,
ResponseHeader: true,
ResponseBody: true,
},
},
})
name := "exampleobject"
f := strings.NewReader("test")
_, err = client.Object.Put(context.Background(), name, f, nil)
if err != nil {
panic(err)
}
name = "exampleobject"
f = strings.NewReader("test xxx")
optc := &cos.ObjectPutOptions{
ObjectPutHeaderOptions: &cos.ObjectPutHeaderOptions{
ContentType: "text/html",
},
ACLHeaderOptions: &cos.ACLHeaderOptions{
//XCosACL: "public-read",
XCosACL: "private",
},
}
_, err = client.Object.Put(context.Background(), name, f, optc)
if err != nil {
panic(err)
}
}