package main

import (
	"context"
	"encoding/json"
	"fmt"
	"net/http"
	"net/url"
	"os"
	"strings"

	"github.com/QcloudApi/qcloud_sign_golang"
	"github.com/tencentyun/cos-go-sdk-v5"
	"github.com/tencentyun/cos-go-sdk-v5/debug"
)

// Use Qcloud api github.com/QcloudApi/qcloud_sign_golang
// doc https://cloud.tencent.com/document/product/436/14048
type Credent struct {
	SessionToken string `json:"sessionToken"`
	TmpSecretID  string `json:"tmpSecretId"`
	TmpSecretKey string `json:"tmpSecretKey"`
}

type PolicyStatement struct {
	Action    []string                          `json:"action,omitempty"`
	Effect    string                            `json:"effect,omitempty"`
	Resource  []string                          `json:"resource,omitempty"`
	Condition map[string]map[string]interface{} `json:"condition,omitempty"`
}

type CAMPolicy struct {
	Statement []PolicyStatement   `json:"statement,omitempty"`
	Version   string              `json:"version,omitempty"`
	Principal map[string][]string `json:"principal,omitempty"`
}

// Data data in sts response body
type Data struct {
	Credentials Credent `json:"credentials"`
}

// Response sts response body
// In qcloud_sign_golang this response only return ak, sk and token
type Response struct {
	Dat Data `json:"data"`
}

func main() {
	// 在环境变量中设置您的 SecretId 和 SecretKey
	secretID := os.Getenv("COS_SECRETID")
	secretKey := os.Getenv("COS_SECRETKEY")
	appid := "1259654469"       //替换成您的APPID
	bucket := "test-1259654469" //替换成您的bucket，格式：<bucketname-APPID>

	// 配置
	config := map[string]interface{}{"secretId": secretID, "secretKey": secretKey, "debug": false}

	policy := &CAMPolicy{
		Statement: []PolicyStatement{
			PolicyStatement{
				Action: []string{
					"name/cos:PostObject",
					"name/cos:PutObject",
				},
				Effect: "allow",
				Resource: []string{
                    //这里改成允许的路径前缀，可以根据自己网站的用户登录态判断允许上传的具体路径，例子： a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
					"qcs::cos:ap-guangzhou:uid/" + appid + ":" + bucket + "/exampleobject",
				},
			},
		},
		Version: "2.0",
	}
	bPolicy, err := json.Marshal(policy)
	if err != nil {
		fmt.Print("Error.", err)
		return
	}
	policyStr := string(bPolicy)
	// 请求参数
	params := map[string]interface{}{
		"Region": "gz",
		"Action": "GetFederationToken",
		"name":   "test",
		"policy": policyStr,
	}
	// 发送请求
	retData, err := QcloudApi.SendRequest("sts", params, config)
	if err != nil {
		fmt.Print("Error.", err)
		return
	}
	r := &Response{}
	err = json.Unmarshal([]byte(retData), r)
	if err != nil {
		fmt.Println(err)
		return
	}
	//获取临时ak、sk、token
	tAk := r.Dat.Credentials.TmpSecretID
	tSk := r.Dat.Credentials.TmpSecretKey
	token := r.Dat.Credentials.SessionToken

	u, _ := url.Parse("https://" + bucket + ".cos.ap-guangzhou.myqcloud.com")
	b := &cos.BaseURL{BucketURL: u}
	c := cos.NewClient(b, &http.Client{
		Transport: &cos.AuthorizationTransport{
			SecretID:     tAk,
			SecretKey:    tSk,
			SessionToken: token,
			Transport: &debug.DebugRequestTransport{
				RequestHeader:  true,
				RequestBody:    true,
				ResponseHeader: true,
				ResponseBody:   true,
			},
		},
	})

	name := "exampleobject"
	f := strings.NewReader("test")

	_, err = c.Object.Put(context.Background(), name, f, nil)
	if err != nil {
		panic(err)
	}

	name = "exampleobject"
	f = strings.NewReader("test xxx")
	opt := &cos.ObjectPutOptions{
		ObjectPutHeaderOptions: &cos.ObjectPutHeaderOptions{
			ContentType: "text/html",
		},
		ACLHeaderOptions: &cos.ACLHeaderOptions{
			//XCosACL: "public-read",
			XCosACL: "private",
		},
	}
	_, err = c.Object.Put(context.Background(), name, f, opt)
	if err != nil {
		panic(err)
	}

}