1 | <?php |
||||
2 | |||||
3 | namespace Freyo\Flysystem\QcloudCOSv5\Plugins\Traits; |
||||
4 | |||||
5 | use Carbon\Carbon; |
||||
6 | |||||
7 | trait TencentCloudAuthV3 |
||||
8 | { |
||||
9 | /** |
||||
10 | * @return \League\Flysystem\Config |
||||
11 | */ |
||||
12 | protected function getConfig() |
||||
13 | { |
||||
14 | return $this->filesystem->getConfig(); |
||||
15 | } |
||||
16 | |||||
17 | /** |
||||
18 | * @return array |
||||
19 | */ |
||||
20 | protected function getCredentials() |
||||
21 | { |
||||
22 | return $this->getConfig()->get('credentials'); |
||||
23 | } |
||||
24 | |||||
25 | /** |
||||
26 | * @param array $args |
||||
27 | * @param string $action |
||||
28 | * @param string $service |
||||
29 | * @param string $version |
||||
30 | * @param string|int|null $timestamp |
||||
31 | * |
||||
32 | * @return bool|array |
||||
33 | */ |
||||
34 | protected function request(array $args, $action, $service, $version, $timestamp = null) |
||||
35 | { |
||||
36 | $client = $this->getHttpClient($service); |
||||
37 | |||||
38 | $response = $client->post('/', [ |
||||
39 | 'body' => $body = \GuzzleHttp\json_encode( |
||||
40 | $args, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE |
||||
41 | ), |
||||
42 | 'headers' => [ |
||||
43 | 'X-TC-Action' => $action, |
||||
44 | 'X-TC-Region' => $this->getConfig()->get('region'), |
||||
45 | 'X-TC-Timestamp' => $timestamp = $timestamp ?: time(), |
||||
46 | 'X-TC-Version' => $version, |
||||
47 | 'Authorization' => $this->getAuthorization($timestamp, $service, $body), |
||||
48 | 'Content-Type' => 'application/json', |
||||
49 | ], |
||||
50 | ]); |
||||
51 | |||||
52 | $contents = $response->getBody()->getContents(); |
||||
53 | |||||
54 | return $this->normalize($contents); |
||||
55 | } |
||||
56 | |||||
57 | /** |
||||
58 | * @param $service |
||||
59 | * |
||||
60 | * @return \GuzzleHttp\Client |
||||
61 | */ |
||||
62 | protected function getHttpClient($service) |
||||
63 | { |
||||
64 | return new \GuzzleHttp\Client([ |
||||
65 | 'base_uri' => "https://{$service}.tencentcloudapi.com", |
||||
66 | ]); |
||||
67 | } |
||||
68 | |||||
69 | /** |
||||
70 | * @param string $contents |
||||
71 | * |
||||
72 | * @return bool|array |
||||
73 | */ |
||||
74 | protected function normalize($contents) |
||||
75 | { |
||||
76 | $data = json_decode($contents, true); |
||||
77 | |||||
78 | if (json_last_error() !== JSON_ERROR_NONE || !isset($data['Response'])) { |
||||
79 | return false; |
||||
80 | } |
||||
81 | |||||
82 | return $data['Response']; |
||||
83 | } |
||||
84 | |||||
85 | /** |
||||
86 | * @param string|int|null $timestamp |
||||
87 | * @param string $service |
||||
88 | * @param string $body |
||||
89 | * |
||||
90 | * @return string |
||||
91 | */ |
||||
92 | protected function getAuthorization($timestamp, $service, $body) |
||||
93 | { |
||||
94 | return sprintf( |
||||
95 | '%s Credential=%s/%s, SignedHeaders=%s, Signature=%s', |
||||
96 | 'TC3-HMAC-SHA256', |
||||
97 | $this->getCredentials()['secretId'], |
||||
98 | Carbon::createFromTimestampUTC($timestamp)->toDateString()."/{$service}/tc3_request", |
||||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||||
99 | 'content-type;host', |
||||
100 | hash_hmac( |
||||
101 | 'SHA256', |
||||
102 | $this->getSignatureString($timestamp, $service, $body), |
||||
103 | $this->getRequestKey($timestamp, $service) |
||||
104 | ) |
||||
105 | ); |
||||
106 | } |
||||
107 | |||||
108 | /** |
||||
109 | * @param string|int|null $timestamp |
||||
110 | * @param string $service |
||||
111 | * |
||||
112 | * @return string |
||||
113 | */ |
||||
114 | protected function getRequestKey($timestamp, $service) |
||||
115 | { |
||||
116 | $secretDate = hash_hmac( |
||||
117 | 'SHA256', |
||||
118 | Carbon::createFromTimestampUTC($timestamp)->toDateString(), |
||||
0 ignored issues
–
show
It seems like
$timestamp can also be of type string ; however, parameter $timestamp of Carbon\Carbon::createFromTimestampUTC() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
119 | 'TC3'.$this->getCredentials()['secretKey'], |
||||
120 | true |
||||
121 | ); |
||||
122 | $secretService = hash_hmac('SHA256', $service, $secretDate, true); |
||||
123 | |||||
124 | return hash_hmac('SHA256', 'tc3_request', $secretService, true); |
||||
125 | } |
||||
126 | |||||
127 | /** |
||||
128 | * @param string $service |
||||
129 | * @param string $body |
||||
130 | * |
||||
131 | * @return string |
||||
132 | */ |
||||
133 | protected function getCanonicalRequest($service, $body) |
||||
134 | { |
||||
135 | return implode("\n", [ |
||||
136 | 'POST', |
||||
137 | '/', |
||||
138 | '', |
||||
139 | 'content-type:application/json', |
||||
140 | "host:{$service}.tencentcloudapi.com", |
||||
141 | '', |
||||
142 | 'content-type;host', |
||||
143 | hash('SHA256', $body), |
||||
144 | ]); |
||||
145 | } |
||||
146 | |||||
147 | /** |
||||
148 | * @param string|int|null $timestamp |
||||
149 | * @param string $service |
||||
150 | * @param string $body |
||||
151 | * |
||||
152 | * @return string |
||||
153 | */ |
||||
154 | protected function getSignatureString($timestamp, $service, $body) |
||||
155 | { |
||||
156 | return implode("\n", [ |
||||
157 | 'TC3-HMAC-SHA256', |
||||
158 | $timestamp, |
||||
159 | Carbon::createFromTimestampUTC($timestamp)->toDateString()."/{$service}/tc3_request", |
||||
0 ignored issues
–
show
It seems like
$timestamp can also be of type string ; however, parameter $timestamp of Carbon\Carbon::createFromTimestampUTC() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
160 | hash('SHA256', $this->getCanonicalRequest($service, $body)), |
||||
161 | ]); |
||||
162 | } |
||||
163 | } |
||||
164 |