[PHP知识库]php 直传图片到腾讯云oss

<?php
// 临时密钥计算样例

include './qcloud-sts-sdk.php'; // 这里获取 sts.php https://github.com/tencentyun/qcloud-cos-sts-sdk/blob/master/php/sts/sts.php
$sts = new STS();
// 配置参数
$config = array(
    'url' => 'https://sts.tencentcloudapi.com/',
    'domain' => 'sts.tencentcloudapi.com',
    'proxy' => '',
    'secretId' => '', // 固定密钥
    'secretKey' => '', // 固定密钥
    'bucket' => 'zhichuan-1304188111', // 换成你的 bucket
    'region' => 'ap-beijing', // 换成 bucket 所在园区
    'durationSeconds' => 1800, // 密钥有效期
    // 允许操作（上传）的对象前缀，可以根据自己网站的用户登录态判断允许上传的目录，例子： user1/* 或者 * 或者a.jpg
    // 请注意当使用 * 时，可能存在安全风险，详情请参阅：https://cloud.tencent.com/document/product/436/40265
    'allowPrefix' => '*',
    // 密钥的权限列表。简单上传和分片需要以下的权限，其他权限列表请看 https://cloud.tencent.com/document/product/436/31923
    'allowActions' => array (
        // 所有 action 请看文档 https://cloud.tencent.com/document/product/436/31923
        // 简单上传
        'name/cos:PutObject',
        'name/cos:PostObject',
        // 分片上传
        'name/cos:InitiateMultipartUpload',
        'name/cos:ListMultipartUploads',
        'name/cos:ListParts',
        'name/cos:UploadPart',
        'name/cos:CompleteMultipartUpload'
    )
);
// 获取临时密钥，计算签名
$tempKeys = $sts->getTempKeys($config);

// 返回数据给前端
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: http://127.0.0.1'); // 这里修改允许跨域访问的网站
header('Access-Control-Allow-Headers: origin,accept,content-type');
echo json_encode($tempKeys);

<?php

class STS{
    // 临时密钥计算样例

    function _hex2bin($data) {
        $len = strlen($data);
        return pack("H" . $len, $data);
    }
    // obj 转 query string
    function json2str($obj, $notEncode = false) {
        ksort($obj);
        $arr = array();
        if(!is_array($obj)){
            throw new Exception($obj + " must be a array");
        }
        foreach ($obj as $key => $val) {
            array_push($arr, $key . '=' . ($notEncode ? $val : rawurlencode($val)));
        }
        return join('&', $arr);
    }
    // 计算临时密钥用的签名
    function getSignature($opt, $key, $method, $config) {
        $formatString = $method . $config['domain'] . '/?' . $this->json2str($opt, 1);
        $sign = hash_hmac('sha1', $formatString, $key);
        $sign = base64_encode($this->_hex2bin($sign));
        return $sign;
    }
    // v2接口的key首字母小写，v3改成大写，此处做了向下兼容
    function backwardCompat($result) {
        if(!is_array($result)){
            throw new Exception($result + " must be a array");
        }
        $compat = array();
        foreach ($result as $key => $value) {
            if(is_array($value)) {
                $compat[lcfirst($key)] = $this->backwardCompat($value);
            } elseif ($key == 'Token') {
                $compat['sessionToken'] = $value;
            } else {
                $compat[lcfirst($key)] = $value;
            }
        }
        return $compat;
    }
    // 获取临时密钥
    function getTempKeys($config) {
        if(array_key_exists('bucket', $config)){
            $ShortBucketName = substr($config['bucket'],0, strripos($config['bucket'], '-'));
            $AppId = substr($config['bucket'], 1 + strripos($config['bucket'], '-'));
        }
        if(array_key_exists('policy', $config)){
            $policy = $config['policy'];
        }else{
            $policy = array(
                'version'=> '2.0',
                'statement'=> array(
                    array(
                        'action'=> $config['allowActions'],
                        'effect'=> 'allow',
                        'principal'=> array('qcs'=> array('*')),
                        'resource'=> array(
                            'qcs::cos:' . $config['region'] . ':uid/' . $AppId . ':prefix//' . $AppId . '/' . $ShortBucketName . '/' . $config['allowPrefix']
                        )
                    )
                )
            );
        }
        $policyStr = str_replace('\\/', '/', json_encode($policy));
        $Action = 'GetFederationToken';
        $Nonce = rand(10000, 20000);
        $Timestamp = time();
        $Method = 'POST';
        $params = array(
            'SecretId'=> $config['secretId'],
            'Timestamp'=> $Timestamp,
            'Nonce'=> $Nonce,
            'Action'=> $Action,
            'DurationSeconds'=> $config['durationSeconds'],
            'Version'=>'2018-08-13',
            'Name'=> 'cos',
            'Region'=> 'ap-guangzhou',
            'Policy'=> urlencode($policyStr)
        );
        $params['Signature'] = $this->getSignature($params, $config['secretKey'], $Method, $config);
        $url = $config['url'];
        $ch = curl_init($url);
        if(array_key_exists('proxy', $config)){
            $config['proxy'] && curl_setopt($ch, CURLOPT_PROXY, $config['proxy']);
        }
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
        curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $this->json2str($params));
        $result = curl_exec($ch);
        if(curl_errno($ch)) $result = curl_error($ch);
        curl_close($ch);
        $result = json_decode($result, 1);
        if (isset($result['Response'])) {
            $result = $result['Response'];
            $result['startTime'] = $result['ExpiredTime'] - $config['durationSeconds'];
        }
        $result = $this->backwardCompat($result);
        return $result;
    }

    // get policy
    function getPolicy($scopes){
        if (!is_array($scopes)){
            return null;
        }
        $statements = array();

        for($i=0, $counts=count($scopes); $i < $counts; $i++){
            $actions=array();
            $resources = array();
            array_push($actions, $scopes[$i]->get_action());
            array_push($resources, $scopes[$i]->get_resource());
            $principal = array(
                'qcs' => array('*')
            );
            $statement = array(
                'actions' => $actions,
                'effect' => 'allow',
                'principal' => $principal,
                'resource' => $resources
            );
            array_push($statements, $statement);
        }

        $policy = array(
            'version' => '2.0',
            'statement' => $statements
        );
        return $policy;
    }
}

class Scope{
    var $action;
    var $bucket;
    var $region;
    var $resourcePrefix;
    function __construct($action, $bucket, $region, $resourcePrefix){
        $this->action = $action;
        $this->bucket = $bucket;
        $this->region = $region;
        $this->resourcePrefix = $resourcePrefix;
    }
    function get_action(){
        return $this->action;
    }

    function get_resource(){
        $index = strripos($this->bucket, '-');
        $bucketName = substr($this->bucket, 0, $index);
        $appid = substr($this->bucket, $index + 1);
        if(!(strpos($this->resourcePrefix, '/') === 0)){
            $this->resourcePrefix = '/' . $this->resourcePrefix;
        }
        return 'qcs::cos:' . $this->region . ':uid/' . $appid . ':prefix//' . $appid . '/' . $bucketName . $this->resourcePrefix;
    }
}
?>

html

<!doctype html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>Ajax Put 上传</title>
  <style>
      h1, h2 {
          font-weight: normal;
      }
       #msg {
          margin-top: 10px;
      }
  </style>
</head>
<body>
<h1>Ajax Put 上传</h1>
<input id="fileSelector" type="file">
<input id="submitBtn" type="submit">
<div id="msg"></div>
<script src="https://unpkg.com/cos-js-sdk-v5/demo/common/cos-auth.min.js"></script>
<script>
  (function () {
      // 请求用到的参数
      var Bucket = 'zhichuan-1304188111';
      var Region = 'ap-beijing';
      var protocol = location.protocol === 'https:' ? 'https:' : 'http:';
      var prefix = protocol + '//' + Bucket + '.cos.' + Region + '.myqcloud.com/';  // prefix 用于拼接请求 url 的前缀，域名使用存储桶的默认域名
       // 对更多字符编码的 url encode 格式
      var camSafeUrlEncode = function (str) {
          return encodeURIComponent(str)
              .replace(/!/g, '%21')
              .replace(/'/g, '%27')
              .replace(/\(/g, '%28')
              .replace(/\)/g, '%29')
              .replace(/\*/g, '%2A');
      };
       // 计算签名
      var getAuthorization = function (options, callback) {
          // var url = 'http://127.0.0.1:3000/sts-auth' +
          var url = 'sts.php';
          var xhr = new XMLHttpRequest();
          xhr.open('GET', url, true);
          xhr.onload = function (e) {
              var credentials;
              try {
                  credentials = (new Function('return ' + xhr.responseText))().credentials;
              } catch (e) {}
              if (credentials) {
                  callback(null, {
                      SecurityToken: credentials.sessionToken,
                      Authorization: CosAuth({
                          SecretId: credentials.tmpSecretId,
                          SecretKey: credentials.tmpSecretKey,
                          Method: options.Method,
                          Pathname: options.Pathname,
                      })
                  });
              } else {
                  console.error(xhr.responseText);
                  callback('获取签名出错');
              }
          };
          xhr.onerror = function (e) {
              callback('获取签名出错');
          };
          xhr.send();
      };
       // 上传文件
      var uploadFile = function (file, callback) {
          var Key = 'dir/' + file.name; // 这里指定上传目录和文件名
          getAuthorization({Method: 'PUT', Pathname: '/' + Key}, function (err, info) {
               if (err) {
                  alert(err);
                  return;
              }
               var auth = info.Authorization;
              var SecurityToken = info.SecurityToken;
              var url = prefix + camSafeUrlEncode(Key).replace(/%2F/g, '/');
              var xhr = new XMLHttpRequest();
              xhr.open('PUT', url, true);
              xhr.setRequestHeader('Authorization', auth);
              SecurityToken && xhr.setRequestHeader('x-cos-security-token', SecurityToken);
              xhr.upload.onprogress = function (e) {
                  console.log('上传进度 ' + (Math.round(e.loaded / e.total * 10000) / 100) + '%');
              };
              xhr.onload = function () {
                  if (/^2\d\d$/.test('' + xhr.status)) {
                      var ETag = xhr.getResponseHeader('etag');
                      callback(null, {url: url, ETag: ETag});
                  } else {
                      callback('文件 ' + Key + ' 上传失败，状态码：' + xhr.status);
                  }
              };
              xhr.onerror = function () {
                  callback('文件 ' + Key + ' 上传失败，请检查是否没配置 CORS 跨域规则');
              };
              xhr.send(file);
          });
      };
       // 监听表单提交
      document.getElementById('submitBtn').onclick = function (e) {
          var file = document.getElementById('fileSelector').files[0];
          if (!file) {
              document.getElementById('msg').innerText = '未选择上传文件';
              return;
          }
          file && uploadFile(file, function (err, data) {
              console.log(err || data);
              document.getElementById('msg').innerText = err ? err : ('上传成功，ETag=' + data.ETag);
          });
      };
  })();
</script>
</body>
</html>