支持 STS Scope

Author: carsonxu

demo/demo-sts-scope.js

@@ -0,0 +1,73 @@
+/**
+ * 使用临时密钥例子
+ */
+var STS = require('qcloud-cos-sts');
+var COS = require('../index');
+var config = require('./config');
+
+var allowPrefix = '';
+// 简单上传和分片，需要以下的权限，其他权限列表请看 https://cloud.tencent.com/document/product/436/14048
+var allowActions = [
+    'name/cos:PutObject',
+    'name/cos:InitiateMultipartUpload',
+    'name/cos:ListMultipartUploads',
+    'name/cos:ListParts',
+    'name/cos:UploadPart',
+    'name/cos:CompleteMultipartUpload'
+];
+
+
+// 判断是否允许获取密钥
+var allowScope = function (scope) {
+    var allow = (scope || []).every(function (item) {
+        return allowActions.includes(item.action) &&
+            item.bucket === config.bucket &&
+            item.region === config.region &&
+            (item.prefix || '').startsWith(allowPrefix);
+    });
+    return allow;
+};
+
+var cos = new COS({
+    getAuthorization: function (options, callback) {
+
+        if (!allowScope()) {
+            console.log('deny Scope');
+            return;
+        }
+
+        // 获取临时密钥
+        var policy = STS.getPolicy(options.Scope);
+        STS.getCredential({
+            secretId: config.SecretId,
+            secretKey: config.SecretKey,
+            policy: policy,
+            // durationSeconds: 1800,
+            proxy: '',
+        }, function (err, data) {
+            if (err) {
+                console.error(err);
+            } else {
+                console.log(data);
+                var credentials = data.credentials;
+                callback({
+                    TmpSecretId: credentials.tmpSecretId,
+                    TmpSecretKey: credentials.tmpSecretKey,
+                    XCosSecurityToken: credentials.sessionToken,
+                    ExpiredTime: data.expiredTime,
+                    ScopeLimit: true, // 设为 true 可限制密钥只在相同请求可重用，默认不限制一直可重用，细粒度控制权限需要设为 true
+                });
+            }
+        });
+
+    },
+});
+
+cos.putObject({
+    Bucket: config.Bucket,
+    Region: config.Region,
+    Key: 'dir/1.txt',
+    Body: 'hello!',
+}, function (err, data) {
+    console.log(err || data);
+});

demo/demo-sts.js

@@ -0,0 +1,62 @@
+/**
+ * 使用临时密钥例子
+ */
+var STS = require('qcloud-cos-sts');
+var COS = require('../index');
+var config = require('./config');
+
+
+var LongBucketName = config.Bucket;
+var ShortBucketName = LongBucketName.substr(0, LongBucketName.indexOf('-'));
+var AppId = LongBucketName.substr(LongBucketName.indexOf('-') + 1);
+var policy = {
+    'version': '2.0',
+    'statement': [{
+        'action': [
+            'name/cos:PutObject',
+            'name/cos:InitiateMultipartUpload',
+            'name/cos:ListMultipartUploads',
+            'name/cos:ListParts',
+            'name/cos:UploadPart',
+            'name/cos:CompleteMultipartUpload'
+        ],
+        'effect': 'allow',
+        'principal': {'qcs': ['*']},
+        'resource': [
+            'qcs::cos:ap-guangzhou:uid/' + AppId + ':prefix//' + AppId + '/' + ShortBucketName + '/dir/*'
+        ]
+    }]
+};
+
+var cos = new COS({
+    getAuthorization: function (options, callback) {
+        STS.getCredential({
+            secretId: config.SecretId,
+            secretKey: config.SecretKey,
+            policy: policy,
+            durationSeconds: 7200,
+            proxy: '',
+        }, function (err, data) {
+            if (err) {
+                console.error(err);
+            } else {
+                var credentials = data.credentials;
+                callback({
+                    TmpSecretId: credentials.tmpSecretId,
+                    TmpSecretKey: credentials.tmpSecretKey,
+                    XCosSecurityToken: credentials.sessionToken,
+                    ExpiredTime: data.expiredTime,
+                });
+            }
+        });
+    },
+});
+
+cos.putObject({
+    Bucket: config.Bucket,
+    Region: config.Region,
+    Key: 'dir/1.txt',
+    Body: 'hello!',
+}, function (err, data) {
+    console.log(err || data);
+});

demo/sts.js

@@ -1,10 +1,12 @@
 {
   "name": "cos-nodejs-sdk-v5",
-  "version": "2.4.16",
+  "version": "2.4.17",
   "description": "cos nodejs sdk v5",
   "main": "index.js",
   "scripts": {
     "demo": "node demo/demo.js",
+    "demo-sts": "node demo/demo-sts.js",
+    "demo-sts-scope": "node demo/demo-sts-scope.js",
     "test": "mocha test/test.js",
     "csp": "mocha test/csp.js"
   },
@@ -27,11 +29,11 @@
   "homepage": "https://github.com/tencentyun/cos-nodejs-sdk-v5#readme",
   "dependencies": {
     "configstore": "^3.1.2",
-    "qcloudapi-sdk": "^0.2.0",
     "request": "^2.81.0",
     "xml2js": "^0.4.19"
   },
   "devDependencies": {
-    "mocha": "^4.0.1"
+    "mocha": "^4.0.1",
+    "qcloud-cos-sts": "^2.0.5"
   }
 }