Merge pull request #156 from agin719/cos-v4-dev

Cos v4 dev

Author: agin719

auth.go

@@ -3,8 +3,10 @@ package cos
 import (
 	"crypto/hmac"
 	"crypto/sha1"
+	"encoding/json"
 	"fmt"
 	"hash"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"sort"
@@ -13,9 +15,18 @@ import (
 	"time"
 )
 
-const sha1SignAlgorithm = "sha1"
-const privateHeaderPrefix = "x-cos-"
-const defaultAuthExpire = time.Hour
+const (
+	sha1SignAlgorithm   = "sha1"
+	privateHeaderPrefix = "x-cos-"
+	defaultAuthExpire   = time.Hour
+)
+
+var (
+	defaultCVMAuthExpire = int64(600)
+	defaultCVMSchema     = "http"
+	defaultCVMMetaHost   = "metadata.tencentyun.com"
+	defaultCVMCredURI    = "latest/meta-data/cam/security-credentials"
+)
 
 // 需要校验的 Headers 列表
 var needSignHeaders = map[string]bool{
@@ -318,3 +329,120 @@ func (t *AuthorizationTransport) transport() http.RoundTripper {
 	}
 	return http.DefaultTransport
 }
+
+type CVMSecurityCredentials struct {
+	TmpSecretId  string `json:",omitempty"`
+	TmpSecretKey string `json:",omitempty"`
+	ExpiredTime  int64  `json:",omitempty"`
+	Expiration   string `json:",omitempty"`
+	Token        string `json:",omitempty"`
+	Code         string `json:",omitempty"`
+}
+
+type CVMCredentialsTransport struct {
+	RoleName     string
+	Transport    http.RoundTripper
+	secretID     string
+	secretKey    string
+	sessionToken string
+	expiredTime  int64
+	rwLocker     sync.RWMutex
+}
+
+func (t *CVMCredentialsTransport) GetRoles() ([]string, error) {
+	urlname := fmt.Sprintf("%s://%s/%s", defaultCVMSchema, defaultCVMMetaHost, defaultCVMCredURI)
+	resp, err := http.Get(urlname)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode < 200 || resp.StatusCode > 299 {
+		bs, _ := ioutil.ReadAll(resp.Body)
+		return nil, fmt.Errorf("get cvm security-credentials role failed, StatusCode: %v, Body: %v", resp.StatusCode, string(bs))
+	}
+	bs, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	roles := strings.Split(strings.TrimSpace(string(bs)), "\n")
+	if len(roles) == 0 {
+		return nil, fmt.Errorf("get cvm security-credentials role failed, No valid cam role was found")
+	}
+	return roles, nil
+}
+
+// https://cloud.tencent.com/document/product/213/4934
+func (t *CVMCredentialsTransport) UpdateCredential(now int64) (string, string, string, error) {
+	t.rwLocker.Lock()
+	defer t.rwLocker.Unlock()
+	if t.expiredTime > now+defaultCVMAuthExpire {
+		return t.secretID, t.secretKey, t.sessionToken, nil
+	}
+	roleName := t.RoleName
+	if roleName == "" {
+		roles, err := t.GetRoles()
+		if err != nil {
+			return t.secretID, t.secretKey, t.sessionToken, err
+		}
+		roleName = roles[0]
+	}
+	urlname := fmt.Sprintf("%s://%s/%s/%s", defaultCVMSchema, defaultCVMMetaHost, defaultCVMCredURI, roleName)
+	resp, err := http.Get(urlname)
+	if err != nil {
+		return t.secretID, t.secretKey, t.sessionToken, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode < 200 || resp.StatusCode > 299 {
+		bs, _ := ioutil.ReadAll(resp.Body)
+		return t.secretID, t.secretKey, t.sessionToken, fmt.Errorf("call cvm security-credentials failed, StatusCode: %v, Body: %v", resp.StatusCode, string(bs))
+	}
+	var cred CVMSecurityCredentials
+	err = json.NewDecoder(resp.Body).Decode(&cred)
+	if err != nil {
+		return t.secretID, t.secretKey, t.sessionToken, err
+	}
+	if cred.Code != "Success" {
+		return t.secretID, t.secretKey, t.sessionToken, fmt.Errorf("call cvm security-credentials failed, Code:%v", cred.Code)
+	}
+	t.secretID, t.secretKey, t.sessionToken, t.expiredTime = cred.TmpSecretId, cred.TmpSecretKey, cred.Token, cred.ExpiredTime
+	return t.secretID, t.secretKey, t.sessionToken, nil
+}
+
+func (t *CVMCredentialsTransport) GetCredential() (string, string, string, error) {
+	now := time.Now().Unix()
+	t.rwLocker.RLock()
+	// 提前 defaultCVMAuthExpire 获取重新获取临时密钥
+	if t.expiredTime <= now+defaultCVMAuthExpire {
+		expiredTime := t.expiredTime
+		t.rwLocker.RUnlock()
+		secretID, secretKey, secretToken, err := t.UpdateCredential(now)
+		// 获取临时密钥失败但密钥未过期
+		if err != nil && now < expiredTime {
+			err = nil
+		}
+		return secretID, secretKey, secretToken, err
+	}
+	defer t.rwLocker.RUnlock()
+	return t.secretID, t.secretKey, t.sessionToken, nil
+}
+
+func (t *CVMCredentialsTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	ak, sk, token, err := t.GetCredential()
+	if err != nil {
+		return nil, err
+	}
+	req = cloneRequest(req)
+	// 增加 Authorization header
+	authTime := NewAuthTime(defaultAuthExpire)
+	AddAuthorizationHeader(ak, sk, token, req, authTime)
+
+	resp, err := t.transport().RoundTrip(req)
+	return resp, err
+}
+
+func (t *CVMCredentialsTransport) transport() http.RoundTripper {
+	if t.Transport != nil {
+		return t.Transport
+	}
+	return http.DefaultTransport
+}

cos.go

@@ -44,6 +44,8 @@ type BaseURL struct {
 	BatchURL *url.URL
 	// 访问 CI 的基础 URL
 	CIURL *url.URL
+	// 访问 Fetch Task 的基础 URL
+	FetchURL *url.URL
 }
 
 // NewBucketURL 生成 BaseURL 所需的 BucketURL
@@ -110,6 +112,7 @@ func NewClient(uri *BaseURL, httpClient *http.Client) *Client {
 		baseURL.ServiceURL = uri.ServiceURL
 		baseURL.BatchURL = uri.BatchURL
 		baseURL.CIURL = uri.CIURL
+		baseURL.FetchURL = uri.FetchURL
 	}
 	if baseURL.ServiceURL == nil {
 		baseURL.ServiceURL, _ = url.Parse(defaultServiceBaseURL)

cos_test.go

@@ -30,9 +30,8 @@ func setup() {
 	// test server
 	mux = http.NewServeMux()
 	server = httptest.NewServer(mux)
-
 	u, _ := url.Parse(server.URL)
-	client = NewClient(&BaseURL{u, u, u, u}, nil)
+	client = NewClient(&BaseURL{u, u, u, u, u}, nil)
 }
 
 // teardown closes the test HTTP server.

error.go

@@ -1,10 +1,13 @@
 package cos
 
 import (
+	"encoding/json"
 	"encoding/xml"
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"strconv"
+	"strings"
 )
 
 // ErrorResponse 包含 API 返回的错误信息
@@ -39,6 +42,12 @@ func (r *ErrorResponse) Error() string {
 		r.Response.StatusCode, r.Code, r.Message, RequestID, TraceID)
 }
 
+type jsonError struct {
+	Code      int    `json:"code,omitempty"`
+	Message   string `json:"message,omitempty"`
+	RequestID string `json:"request_id,omitempty"`
+}
+
 // 检查 response 是否是出错时的返回的 response
 func checkResponse(r *http.Response) error {
 	if c := r.StatusCode; 200 <= c && c <= 299 {
@@ -49,6 +58,18 @@ func checkResponse(r *http.Response) error {
 	if err == nil && data != nil {
 		xml.Unmarshal(data, errorResponse)
 	}
+	// 是否为 json 格式
+	if errorResponse.Code == "" {
+		ctype := strings.TrimLeft(r.Header.Get("Content-Type"), " ")
+		if strings.HasPrefix(ctype, "application/json") {
+			var jerror jsonError
+			json.Unmarshal(data, &jerror)
+			errorResponse.Code = strconv.Itoa(jerror.Code)
+			errorResponse.Message = jerror.Message
+			errorResponse.RequestID = jerror.RequestID
+		}
+
+	}
 	return errorResponse
 }
 

example/object/fetch_task.go

@@ -0,0 +1,64 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"github.com/tencentyun/cos-go-sdk-v5"
+	"github.com/tencentyun/cos-go-sdk-v5/debug"
+	"net/http"
+	"net/url"
+	"os"
+	"time"
+)
+
+func log_status(err error) {
+	if err == nil {
+		return
+	}
+	if cos.IsNotFoundError(err) {
+		// WARN
+		fmt.Println("WARN: Resource is not existed")
+	} else if e, ok := cos.IsCOSError(err); ok {
+		fmt.Printf("ERROR: Code: %v\n", e.Code)
+		fmt.Printf("ERROR: Message: %v\n", e.Message)
+		fmt.Printf("ERROR: Resource: %v\n", e.Resource)
+		fmt.Printf("ERROR: RequestId: %v\n", e.RequestID)
+		// ERROR
+	} else {
+		fmt.Printf("ERROR: %v\n", err)
+		// ERROR
+	}
+}
+
+func main() {
+	bucket := "test-1259654469"
+	bu, _ := url.Parse("https://" + bucket + ".cos.ap-guangzhou.myqcloud.com")
+	u, _ := url.Parse("http://ap-guangzhou.migration.myqcloud.com")
+	b := &cos.BaseURL{BucketURL: bu, FetchURL: u}
+	c := cos.NewClient(b, &http.Client{
+		Transport: &cos.AuthorizationTransport{
+			SecretID:  os.Getenv("COS_SECRETID"),
+			SecretKey: os.Getenv("COS_SECRETKEY"),
+			Transport: &debug.DebugRequestTransport{
+				RequestHeader:  true,
+				RequestBody:    true,
+				ResponseHeader: true,
+				ResponseBody:   true,
+			},
+		},
+	})
+	opt := &cos.PutFetchTaskOptions{
+		Url: "http://" + bucket + ".cos.ap-guangzhou.myqcloud.com/exampleobject",
+		Key: "exampleobject",
+	}
+
+	res, _, err := c.Object.PutFetchTask(context.Background(), bucket, opt)
+	log_status(err)
+	fmt.Printf("res: %+v\n", res)
+
+	time.Sleep(time.Second * 3)
+
+	rs, _, err := c.Object.GetFetchTask(context.Background(), bucket, res.Data.TaskId)
+	log_status(err)
+	fmt.Printf("res: %+v\n", rs)
+}

example/object/get_with_cvm_role.go

@@ -0,0 +1,52 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"net/http"
+
+	"github.com/tencentyun/cos-go-sdk-v5"
+	"github.com/tencentyun/cos-go-sdk-v5/debug"
+)
+
+func log_status(err error) {
+	if err == nil {
+		return
+	}
+	if cos.IsNotFoundError(err) {
+		// WARN
+		fmt.Println("WARN: Resource is not existed")
+	} else if e, ok := cos.IsCOSError(err); ok {
+		fmt.Printf("ERROR: Code: %v\n", e.Code)
+		fmt.Printf("ERROR: Message: %v\n", e.Message)
+		fmt.Printf("ERROR: Resource: %v\n", e.Resource)
+		fmt.Printf("ERROR: RequestId: %v\n", e.RequestID)
+		// ERROR
+	} else {
+		fmt.Printf("ERROR: %v\n", err)
+		// ERROR
+	}
+}
+
+func main() {
+	u, _ := url.Parse("https://test-1259654469.cos.ap-guangzhou.myqcloud.com")
+	b := &cos.BaseURL{BucketURL: u}
+	c := cos.NewClient(b, &http.Client{
+		// 使用 CVMCredentialsTransport
+		Transport: &cos.CVMCredentialsTransport{
+			Transport: &debug.DebugRequestTransport{
+				RequestHeader: true,
+				// Notice when put a large file and set need the request body, might happend out of memory error.
+				RequestBody:    false,
+				ResponseHeader: true,
+				ResponseBody:   false,
+			},
+		},
+	})
+
+	name := "exampleobject"
+	_, err := c.Object.Get(context.Background(), name, nil)
+	log_status(err)
+}