Module: Qiniu::Auth
- Defined in:
- lib/qiniu/auth.rb
Defined Under Namespace
Classes: PutPolicy
Constant Summary collapse
- DEFAULT_AUTH_SECONDS =
3600
- EMPTY_ARGS =
{}
Class Method Summary collapse
-
.authenticate_callback_request(auth_str, url, body = '') ⇒ Object
generate_uptoken.
-
.authorize_download_url(url, args = EMPTY_ARGS) ⇒ Object
生成下载授权URL.
-
.authorize_download_url_2(domain, key, args = EMPTY_ARGS) ⇒ Object
对包含中文或其它 utf-8 字符的 Key 做下载授权.
- .calculate_deadline(expires_in, deadline = nil) ⇒ Object
-
.calculate_hmac_sha1_digest(sk, str) ⇒ Object
calculate_deadline.
-
.generate_acctoken(url, body = '') ⇒ Object
generate_acctoken_sign_with_mac.
-
.generate_acctoken_sign_with_mac(access_key, secret_key, url, body) ⇒ Object
authorize_download_url_2.
-
.generate_uptoken(put_policy) ⇒ Object
generate_acctoken.
Class Method Details
.authenticate_callback_request(auth_str, url, body = '') ⇒ Object
generate_uptoken
258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 |
# File 'lib/qiniu/auth.rb', line 258 def authenticate_callback_request(auth_str, url, body = '') ### 提取AK/SK信息 access_key = Config.settings[:access_key] secret_key = Config.settings[:secret_key] ### 检查签名格式 ak_pos = auth_str.index(access_key) if ak_pos.nil? then return false end colon_pos = auth_str.index(':', ak_pos + 1) if colon_pos.nil? || ((ak_pos + access_key.length) != colon_pos) then return false end encoded_sign = generate_acctoken_sign_with_mac(access_key, secret_key, url, body) sign_pos = auth_str.index(encoded_sign, colon_pos + 1) if sign_pos.nil? || ((sign_pos + encoded_sign.length) != auth_str.length) then return false end return true end |
.authorize_download_url(url, args = EMPTY_ARGS) ⇒ Object
生成下载授权URL
153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'lib/qiniu/auth.rb', line 153 def (url, args = EMPTY_ARGS) ### 提取AK/SK信息 access_key = Config.settings[:access_key] secret_key = Config.settings[:secret_key] download_url = url ### URL变换:追加FOP指令 if args[:fop].is_a?(String) && args[:fop] != '' then if download_url.index('?').is_a?(Fixnum) then # 已有参数 download_url = "#{download_url}&#{args[:fop]}" else # 尚无参数 download_url = "#{download_url}?#{args[:fop]}" end end ### 授权期计算 e = Auth.calculate_deadline(args[:expires_in], args[:deadline]) ### URL变换:追加授权期参数 if download_url.index('?').is_a?(Fixnum) then # 已有参数 download_url = "#{download_url}&e=#{e}" else # 尚无参数 download_url = "#{download_url}?e=#{e}" end ### 生成数字签名 sign = calculate_hmac_sha1_digest(secret_key, download_url) encoded_sign = Utils.urlsafe_base64_encode(sign) ### 生成下载授权凭证 dntoken = "#{access_key}:#{encoded_sign}" ### 返回下载授权URL return "#{download_url}&token=#{dntoken}" end |
.authorize_download_url_2(domain, key, args = EMPTY_ARGS) ⇒ Object
对包含中文或其它 utf-8 字符的 Key 做下载授权
195 196 197 198 199 200 201 202 203 204 205 206 207 |
# File 'lib/qiniu/auth.rb', line 195 def (domain, key, args = EMPTY_ARGS) url_encoded_key = CGI::escape(key) schema = args[:schema] || "http" port = args[:port] if port.nil? then download_url = "#{schema}://#{domain}/#{url_encoded_key}" else download_url = "#{schema}://#{domain}:#{port}/#{url_encoded_key}" end return (download_url, args) end |
.calculate_deadline(expires_in, deadline = nil) ⇒ Object
15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/qiniu/auth.rb', line 15 def calculate_deadline(expires_in, deadline = nil) ### 授权期计算 if expires_in.is_a?(Integer) && expires_in > 0 then # 指定相对时间,单位:秒 return Time.now.to_i + expires_in elsif deadline.is_a?(Integer) then # 指定绝对时间,常用于调试和单元测试 return deadline end # 默认授权期1小时 return Time.now.to_i + DEFAULT_AUTH_SECONDS end |
.calculate_hmac_sha1_digest(sk, str) ⇒ Object
calculate_deadline
29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/qiniu/auth.rb', line 29 def calculate_hmac_sha1_digest(sk, str) begin sign = HMAC::SHA1.new(sk).update(str).digest rescue RuntimeError => e raise RuntimeError, "Please set Qiniu's access_key and secret_key before authorize any tokens." rescue raise else return sign end end |
.generate_acctoken(url, body = '') ⇒ Object
generate_acctoken_sign_with_mac
234 235 236 237 |
# File 'lib/qiniu/auth.rb', line 234 def generate_acctoken(url, body = '') encoded_sign = generate_acctoken_sign_with_mac(Config.settings[:access_key], Config.settings[:secret_key], url, body) return "#{Config.settings[:access_key]}:#{encoded_sign}" end |
.generate_acctoken_sign_with_mac(access_key, secret_key, url, body) ⇒ Object
authorize_download_url_2
209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 |
# File 'lib/qiniu/auth.rb', line 209 def generate_acctoken_sign_with_mac(access_key, secret_key, url, body) ### 解析URL,生成待签名字符串 uri = URI.parse(url) signing_str = uri.path # 如有QueryString部分,则需要加上 query_string = uri.query if query_string.is_a?(String) && !query_string.empty? signing_str += '?' + query_string end # 追加换行符 signing_str += "\n" # 如果有Body,则也加上 # (仅限于mime == "application/x-www-form-urlencoded"的情况) if body.is_a?(String) && !body.empty? signing_str += body end ### 生成数字签名 sign = calculate_hmac_sha1_digest(secret_key, signing_str) return Utils.urlsafe_base64_encode(sign) end |
.generate_uptoken(put_policy) ⇒ Object
generate_acctoken
239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 |
# File 'lib/qiniu/auth.rb', line 239 def generate_uptoken(put_policy) ### 提取AK/SK信息 access_key = Config.settings[:access_key] secret_key = Config.settings[:secret_key] ### 生成待签名字符串 encoded_put_policy = Utils.urlsafe_base64_encode(put_policy.to_json) ### 生成数字签名 sign = calculate_hmac_sha1_digest(secret_key, encoded_put_policy) encoded_sign = Utils.urlsafe_base64_encode(sign) ### 生成上传授权凭证 uptoken = "#{access_key}:#{encoded_sign}:#{encoded_put_policy}" ### 返回上传授权凭证 return uptoken end |