Feat: client-upload file in oss

2026-01-26 17:41:57 +08:00 · 2020-01-16 13:36:13 +08:00
parent 0e62665d7f
commit dd198becce
13 changed files with 302 additions and 48 deletions
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -165,7 +165,6 @@ func RemoteCallbackAuth() gin.HandlerFunc {
 }

 // QiniuCallbackAuth 七牛回调签名验证
-// TODO 测试
 func QiniuCallbackAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 验证key并查找用户
@@ -194,3 +193,20 @@ func QiniuCallbackAuth() gin.HandlerFunc {
 		c.Next()
 	}
 }
+
+// OSSCallbackAuth 阿里云OSS回调签名验证
+func OSSCallbackAuth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 验证key并查找用户
+		resp, _ := uploadCallbackCheck(c)
+		if resp.Code != 0 {
+			c.JSON(401, serializer.QiniuCallbackFailed{Error: resp.Msg})
+			c.Abort()
+			return
+		}
+
+		// TODO 验证OSS给出的签名
+
+		c.Next()
+	}
+}
--- a/middleware/auth_test.go
+++ b/middleware/auth_test.go
@@ -424,3 +424,53 @@ func TestQiniuCallbackAuth(t *testing.T) {
 		asserts.True(c.IsAborted())
 	}
 }
+
+func TestOSSCallbackAuth(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	AuthFunc := OSSCallbackAuth()
+
+	// Callback Key 相关验证失败
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testOSSBackRemote"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/oss/testQiniuBackRemote", nil)
+		AuthFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// 成功
+	{
+		cache.Set(
+			"callback_testCallBackOSS",
+			serializer.UploadSession{
+				UID:         1,
+				PolicyID:    2,
+				VirtualPath: "/",
+			},
+			0,
+		)
+		cache.Deletes([]string{"1"}, "policy_")
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
+		mock.ExpectQuery("SELECT(.+)groups(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[2]"))
+		mock.ExpectQuery("SELECT(.+)policies(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testCallBackOSS"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/qiniu/testCallBackOSS", nil)
+		mac := qbox.NewMac("123", "123")
+		token, err := mac.SignRequest(c.Request)
+		asserts.NoError(err)
+		c.Request.Header["Authorization"] = []string{"QBox " + token}
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.False(c.IsAborted())
+	}
+
+}