add credential

jojoliang · jojoliang · commit 72d8904b4cff · 2021-12-24T18:08:44.000+08:00
diff --git a/auth.go b/auth.go
@@ -339,7 +339,7 @@ type CVMSecurityCredentials struct {
 	Code         string `json:",omitempty"`
 }
 
-type CVMCredentialsTransport struct {
+type CVMCredentialTransport struct {
 	RoleName     string
 	Transport    http.RoundTripper
 	secretID     string
@@ -349,7 +349,7 @@ type CVMCredentialsTransport struct {
 	rwLocker     sync.RWMutex
 }
 
-func (t *CVMCredentialsTransport) GetRoles() ([]string, error) {
+func (t *CVMCredentialTransport) GetRoles() ([]string, error) {
 	urlname := fmt.Sprintf("%s://%s/%s", defaultCVMSchema, defaultCVMMetaHost, defaultCVMCredURI)
 	resp, err := http.Get(urlname)
 	if err != nil {
@@ -372,7 +372,7 @@ func (t *CVMCredentialsTransport) GetRoles() ([]string, error) {
 }
 
 // https://cloud.tencent.com/document/product/213/4934
-func (t *CVMCredentialsTransport) UpdateCredential(now int64) (string, string, string, error) {
+func (t *CVMCredentialTransport) UpdateCredential(now int64) (string, string, string, error) {
 	t.rwLocker.Lock()
 	defer t.rwLocker.Unlock()
 	if t.expiredTime > now+defaultCVMAuthExpire {
@@ -408,7 +408,7 @@ func (t *CVMCredentialsTransport) UpdateCredential(now int64) (string, string, s
 	return t.secretID, t.secretKey, t.sessionToken, nil
 }
 
-func (t *CVMCredentialsTransport) GetCredential() (string, string, string, error) {
+func (t *CVMCredentialTransport) GetCredential() (string, string, string, error) {
 	now := time.Now().Unix()
 	t.rwLocker.RLock()
 	// 提前 defaultCVMAuthExpire 获取重新获取临时密钥
@@ -426,7 +426,7 @@ func (t *CVMCredentialsTransport) GetCredential() (string, string, string, error
 	return t.secretID, t.secretKey, t.sessionToken, nil
 }
 
-func (t *CVMCredentialsTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+func (t *CVMCredentialTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	ak, sk, token, err := t.GetCredential()
 	if err != nil {
 		return nil, err
@@ -440,9 +440,59 @@ func (t *CVMCredentialsTransport) RoundTrip(req *http.Request) (*http.Response,
 	return resp, err
 }
 
-func (t *CVMCredentialsTransport) transport() http.RoundTripper {
+func (t *CVMCredentialTransport) transport() http.RoundTripper {
 	if t.Transport != nil {
 		return t.Transport
 	}
 	return http.DefaultTransport
 }
+
+type CredentialTransport struct {
+	Transport  http.RoundTripper
+	Credential CredentialIface
+}
+
+func (t *CredentialTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	ak, sk, token := t.Credential.GetSecretId(), t.Credential.GetSecretKey(), t.Credential.GetToken()
+
+	req = cloneRequest(req)
+	// 增加 Authorization header
+	authTime := NewAuthTime(defaultAuthExpire)
+	AddAuthorizationHeader(ak, sk, token, req, authTime)
+
+	resp, err := t.transport().RoundTrip(req)
+	return resp, err
+}
+
+func (t *CredentialTransport) transport() http.RoundTripper {
+	if t.Transport != nil {
+		return t.Transport
+	}
+	return http.DefaultTransport
+}
+
+type CredentialIface interface {
+	GetSecretId() string
+	GetToken() string
+	GetSecretKey() string
+}
+
+func NewTokenCredential(secretId, secretKey, token string) *Credential {
+	return &Credential{
+		SecretID:     secretId,
+		SecretKey:    secretKey,
+		SessionToken: token,
+	}
+}
+
+func (c *Credential) GetSecretKey() string {
+	return c.SecretKey
+}
+
+func (c *Credential) GetSecretId() string {
+	return c.SecretID
+}
+
+func (c *Credential) GetToken() string {
+	return c.SessionToken
+}
diff --git a/auth_test.go b/auth_test.go
@@ -57,7 +57,7 @@ func TestAuthorizationTransport(t *testing.T) {
 	client.doAPI(context.Background(), req, nil, true)
 }
 
-func TestCVMCredentialsTransport(t *testing.T) {
+func TestCVMCredentialTransport(t *testing.T) {
 	setup()
 	defer teardown()
 	uri := client.BaseURL.BucketURL.String()
@@ -67,15 +67,15 @@ func TestCVMCredentialsTransport(t *testing.T) {
 
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		if r.Header.Get("x-cos-security-token") != token {
-			t.Errorf("CVMCredentialsTransport x-cos-security-token error, want:%v, return:%v\n", token, r.Header.Get("x-cos-security-token"))
+			t.Errorf("CVMCredentialTransport x-cos-security-token error, want:%v, return:%v\n", token, r.Header.Get("x-cos-security-token"))
 		}
 		auth := r.Header.Get("Authorization")
 		if auth == "" {
-			t.Error("CVMCredentialsTransport didn't add Authorization header")
+			t.Error("CVMCredentialTransport didn't add Authorization header")
 		}
 		field := strings.Split(auth, "&")
 		if len(field) != 7 {
-			t.Errorf("CVMCredentialsTransport Authorization header format error: %v\n", auth)
+			t.Errorf("CVMCredentialTransport Authorization header format error: %v\n", auth)
 		}
 		st_et := strings.Split(strings.Split(field[2], "=")[1], ";")
 		st, _ := strconv.ParseInt(st_et[0], 10, 64)
@@ -91,7 +91,7 @@ func TestCVMCredentialsTransport(t *testing.T) {
 		req.Header.Add("Host", host)
 		expect := newAuthorization(ak, sk, req, authTime, true)
 		if expect != auth {
-			t.Errorf("CVMCredentialsTransport Authorization error, want:%v, return:%v\n", expect, auth)
+			t.Errorf("CVMCredentialTransport Authorization error, want:%v, return:%v\n", expect, auth)
 		}
 	})
 
@@ -116,7 +116,7 @@ func TestCVMCredentialsTransport(t *testing.T) {
         }`, ak, sk, time.Now().Unix()+3600, token))
 	})
 
-	client.client.Transport = &CVMCredentialsTransport{}
+	client.client.Transport = &CVMCredentialTransport{}
 	req, _ := http.NewRequest("GET", client.BaseURL.BucketURL.String(), nil)
 	client.doAPI(context.Background(), req, nil, true)
 
diff --git a/cos.go b/cos.go
@@ -160,17 +160,35 @@ type Credential struct {
 }
 
 func (c *Client) GetCredential() *Credential {
-	auth, ok := c.client.Transport.(*AuthorizationTransport)
-	if !ok {
-		return nil
+	if auth, ok := c.client.Transport.(*AuthorizationTransport); ok {
+		auth.rwLocker.Lock()
+		defer auth.rwLocker.Unlock()
+		return &Credential{
+			SecretID:     auth.SecretID,
+			SecretKey:    auth.SecretKey,
+			SessionToken: auth.SessionToken,
+		}
+	}
+	if auth, ok := c.client.Transport.(*CVMCredentialTransport); ok {
+		ak, sk, token, err := auth.GetCredential()
+		if err != nil {
+			return nil
+		}
+		return &Credential{
+			SecretID:     ak,
+			SecretKey:    sk,
+			SessionToken: token,
+		}
 	}
-	auth.rwLocker.Lock()
-	defer auth.rwLocker.Unlock()
-	return &Credential{
-		SecretID:     auth.SecretID,
-		SecretKey:    auth.SecretKey,
-		SessionToken: auth.SessionToken,
+	if auth, ok := c.client.Transport.(*CredentialTransport); ok {
+		ak, sk, token := auth.Credential.GetSecretId(), auth.Credential.GetSecretKey(), auth.Credential.GetToken()
+		return &Credential{
+			SecretID:     ak,
+			SecretKey:    sk,
+			SessionToken: token,
+		}
 	}
+	return nil
 }
 
 func (c *Client) newRequest(ctx context.Context, baseURL *url.URL, uri, method string, body interface{}, optQuery interface{}, optHeader interface{}) (req *http.Request, err error) {
diff --git a/example/object/get_with_credential.go b/example/object/get_with_credential.go
@@ -0,0 +1,71 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"net/http"
+	"os"
+
+	"github.com/tencentyun/cos-go-sdk-v5"
+	"github.com/tencentyun/cos-go-sdk-v5/debug"
+)
+
+func log_status(err error) {
+	if err == nil {
+		return
+	}
+	if cos.IsNotFoundError(err) {
+		// WARN
+		fmt.Println("WARN: Resource is not existed")
+	} else if e, ok := cos.IsCOSError(err); ok {
+		fmt.Printf("ERROR: Code: %v\n", e.Code)
+		fmt.Printf("ERROR: Message: %v\n", e.Message)
+		fmt.Printf("ERROR: Resource: %v\n", e.Resource)
+		fmt.Printf("ERROR: RequestId: %v\n", e.RequestID)
+		// ERROR
+	} else {
+		fmt.Printf("ERROR: %v\n", err)
+		// ERROR
+	}
+}
+
+type Credential struct {
+}
+
+// 需实现 CredentialIface 三个方法
+func (c *Credential) GetSecretId() string {
+	return os.Getenv("COS_SECRETID")
+}
+
+func (c *Credential) GetSecretKey() string {
+	return os.Getenv("COS_SECRETKEY")
+}
+
+func (c *Credential) GetToken() string {
+	return ""
+}
+
+func main() {
+	u, _ := url.Parse("https://test-1259654469.cos.ap-guangzhou.myqcloud.com")
+	b := &cos.BaseURL{BucketURL: u}
+	c := cos.NewClient(b, &http.Client{
+		// 使用 CredentialsTransport
+		Transport: &cos.CredentialTransport{
+			// 通过 CredentialIface 获取密钥, 需实现 GetSecretKey，GetSecretId，GetToken 方法。
+			Credential: &Credential{},
+			Transport: &debug.DebugRequestTransport{
+				RequestHeader: true,
+				// Notice when put a large file and set need the request body, might happend out of memory error.
+				RequestBody:    false,
+				ResponseHeader: true,
+				ResponseBody:   false,
+			},
+		},
+	})
+
+	name := "exampleobject"
+	_, err := c.Object.Get(context.Background(), name, nil)
+	log_status(err)
+}
diff --git a/example/object/get_with_cvm_role.go b/example/object/get_with_cvm_role.go
@@ -34,8 +34,8 @@ func main() {
 	u, _ := url.Parse("https://test-1259654469.cos.ap-guangzhou.myqcloud.com")
 	b := &cos.BaseURL{BucketURL: u}
 	c := cos.NewClient(b, &http.Client{
-		// 使用 CVMCredentialsTransport
-		Transport: &cos.CVMCredentialsTransport{
+		// 使用 CVMCredentialTransport
+		Transport: &cos.CVMCredentialTransport{
 			Transport: &debug.DebugRequestTransport{
 				RequestHeader: true,
 				// Notice when put a large file and set need the request body, might happend out of memory error.
