scottpan/huangjingfen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e87f96ab00f2b20dca7aff4c7fffcd44f9e7bc3b
huangjingfen/pro_v3.5.1_副本/crmeb/services/upload/extend/cos/Sts.php

322 lines
12 KiB
PHP
Raw Normal View History

feat(fsgx): 完成全部24项开发任务 Phase1-7 Phase1 后端核心: - 新增 fsgx_v1.sql 迁移脚本(is_queue_goods/frozen_points/available_points/no_assess) - SystemConfigServices 返佣设置扩展(周期人数/分档比例/范围/时机) - StoreOrderCreateServices 周期循环佣金计算 - StoreOrderTakeServices 佣金发放后同步冻结积分 - StoreProductServices/StoreProduct 保存 is_queue_goods Phase2 后端接口: - GET /api/hjf/brokerage/progress 佣金周期进度 - GET /api/hjf/assets/overview 资产总览 - HjfPointsServices 每日 frozen_points 0.4‰ 释放定时任务 - PUT /adminapi/hjf/member/{uid}/no_assess 不考核接口 - GET /adminapi/hjf/points/release_log 积分日志接口 Phase3 前端清理: - hjfCustom.js 路由精简(仅保留 points/log) - hjfQueue.js/hjfMember.js API 清理/重定向至 CRMEB 原生接口 - pages.json 公排→推荐佣金/佣金记录/佣金规则 Phase4-5 前端改造: - queue/status.vue 推荐佣金进度页整体重写 - 商品详情/订单确认/支付结果页文案与逻辑改造 - 个人中心/资产页/引导页/规则页文案改造 - HjfQueueProgress/HjfRefundNotice/HjfAssetCard 组件改造 - 推广中心嵌入佣金进度摘要 - hjfMockData.js 全量更新(公排字段→佣金字段) Phase6 Admin 增强: - 用户列表新增 frozen_points/available_points 列及不考核操作按钮 - hjfPoints.js USE_MOCK=false 对接真实积分日志接口 Phase7 配置文档: - docs/fsgx-phase7-config-checklist.md 后台配置与全链路验收清单 Made-with: Cursor
2026-03-23 22:32:19 +08:00
<?php
/**
* +----------------------------------------------------------------------
* | CRMEB [ CRMEB赋能开发者助力企业发展 ]
* +----------------------------------------------------------------------
* | Copyright (c) 2016~2022 https://www.crmeb.com All rights reserved.
* +----------------------------------------------------------------------
* | Licensed CRMEB并不是自由软件未经许可不能去掉CRMEB相关版权
* +----------------------------------------------------------------------
* | Author: CRMEB Team <admin@crmeb.com>
* +----------------------------------------------------------------------
*/
namespace crmeb\services\upload\extend\cos;
class Sts
{
// 临时密钥计算样例
function _hex2bin($data)
{
$len = strlen($data);
return pack("H" . $len, $data);
}
// obj 转 query string
function json2str($obj, $notEncode = false)
{
ksort($obj);
$arr = array();
if (!is_array($obj)) {
throw new \Exception('$obj must be an array, the actual value is:' . json_encode($obj));
}
foreach ($obj as $key => $val) {
array_push($arr, $key . '=' . ($notEncode ? $val : rawurlencode($val)));
}
return join('&', $arr);
}
// 计算临时密钥用的签名
function getSignature($opt, $key, $method, $config)
{
$host = "sts.tencentcloudapi.com";
if (array_key_exists('domain', $config)) {
$host = $config['domain'];
}
if (array_key_exists('endpoint', $config)) {
$host = "sts." . $config['endpoint'];
}
$formatString = $method . $host . '/?' . $this->json2str($opt, 1);
$sign = hash_hmac('sha1', $formatString, $key);
$sign = base64_encode($this->_hex2bin($sign));
return $sign;
}
// v2接口的key首字母小写v3改成大写此处做了向下兼容
function backwardCompat($result)
{
if (!is_array($result)) {
throw new \Exception('$result must be an array, the actual value is:' . json_encode($result));
}
$compat = array();
foreach ($result as $key => $value) {
if (is_array($value)) {
$compat[lcfirst($key)] = $this->backwardCompat($value);
} elseif ($key == 'Token') {
$compat['sessionToken'] = $value;
} else {
$compat[lcfirst($key)] = $value;
}
}
return $compat;
}
// 获取临时密钥
function getTempKeys($config)
{
$result = null;
try {
if (array_key_exists('policy', $config)) {
$policy = $config['policy'];
} else {
if (array_key_exists('bucket', $config)) {
$ShortBucketName = substr($config['bucket'], 0, strripos($config['bucket'], '-'));
$AppId = substr($config['bucket'], 1 + strripos($config['bucket'], '-'));
} else {
throw new \Exception("bucket== null");
}
if (array_key_exists('allowPrefix', $config)) {
if (!(strpos($config['allowPrefix'], '/') === 0)) {
$config['allowPrefix'] = '/' . $config['allowPrefix'];
}
} else {
throw new \Exception("allowPrefix == null");
}
if (!array_key_exists('region', $config)) {
throw new \Exception("region == null");
}
$policy = array(
'version' => '2.0',
'statement' => array(
array(
'action' => $config['allowActions'],
'effect' => 'allow',
'resource' => array(
'qcs::cos:' . $config['region'] . ':uid/' . $AppId . ':' . $config['bucket'] . $config['allowPrefix']
)
)
)
);
}
$policyStr = str_replace('\\/', '/', json_encode($policy));
$Action = 'GetFederationToken';
$Nonce = rand(10000, 20000);
$Timestamp = time();
$Method = 'POST';
if (array_key_exists('durationSeconds', $config)) {
if (!(is_integer($config['durationSeconds']))) {
throw new \Exception("durationSeconds must be a int type");
}
}
$params = array(
'SecretId' => $config['secretId'],
'Timestamp' => $Timestamp,
'Nonce' => $Nonce,
'Action' => $Action,
'DurationSeconds' => $config['durationSeconds'],
'Version' => '2018-08-13',
'Name' => 'cos',
'Region' => $config['region'],
'Policy' => urlencode($policyStr)
);
$params['Signature'] = $this->getSignature($params, $config['secretKey'], $Method, $config);
$url = 'https://sts.tencentcloudapi.com/';
if (array_key_exists('url', $config)) {
$url = $config['url'];
}
if (!array_key_exists('url', $config) && array_key_exists('domain', $config)) {
$url = 'https://sts.' . $config['domain'];
}
if (array_key_exists('endpoint', $config)) {
$url = 'https://sts.' . $config['endpoint'];
}
$ch = curl_init($url);
if (array_key_exists('proxy', $config)) {
$config['proxy'] && curl_setopt($ch, CURLOPT_PROXY, $config['proxy']);
}
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->json2str($params));
$result = curl_exec($ch);
if (curl_errno($ch)) $result = curl_error($ch);
curl_close($ch);
$result = json_decode($result, 1);
if (isset($result['Response'])) {
$result = $result['Response'];
if (isset($result['Error'])) {
throw new \Exception("get cam failed");
}
$result['startTime'] = $result['ExpiredTime'] - $config['durationSeconds'];
}
$result = $this->backwardCompat($result);
return $result;
} catch (\Exception $e) {
if ($result == null) {
$result = "error: " . $e->getMessage();
} else {
$result = json_encode($result);
}
throw new \Exception($result);
}
}
//申请角色授权
function getRoleCredential($config)
{
$result = null;
try {
if (array_key_exists('policy', $config)) {
$policy = $config['policy'];
} else {
if (array_key_exists('bucket', $config)) {
$ShortBucketName = substr($config['bucket'], 0, strripos($config['bucket'], '-'));
$AppId = substr($config['bucket'], 1 + strripos($config['bucket'], '-'));
} else {
throw new \Exception("bucket== null");
}
if (array_key_exists('allowPrefix', $config)) {
if (!(strpos($config['allowPrefix'], '/') === 0)) {
$config['allowPrefix'] = '/' . $config['allowPrefix'];
}
} else {
throw new \Exception("allowPrefix == null");
}
if (!array_key_exists('region', $config)) {
throw new \Exception("region == null");
}
$policy = array(
'version' => '2.0',
'statement' => array(
array(
'action' => $config['allowActions'],
'effect' => 'allow',
'resource' => array(
'qcs::cos:' . $config['region'] . ':uid/' . $AppId . ':' . $config['bucket'] . $config['allowPrefix']
)
)
)
);
}
if (array_key_exists('roleArn', $config)) {
$RoleArn = $config['roleArn'];
} else {
throw new \Exception("roleArn == null");
}
$policyStr = str_replace('\\/', '/', json_encode($policy));
$Action = 'AssumeRole';
$Nonce = rand(10000, 20000);
$Timestamp = time();
$Method = 'POST';
$ExternalId = "";
if (array_key_exists('externalId', $config)) {
$ExternalId = $config['externalId'];
}
if (array_key_exists('durationSeconds', $config)) {
if (!(is_integer($config['durationSeconds']))) {
throw new \Exception("durationSeconds must be a int type");
}
}
$params = array(
'SecretId' => $config['secretId'],
'Timestamp' => $Timestamp,
'RoleArn' => $RoleArn,
'Action' => $Action,
'Nonce' => $Nonce,
'DurationSeconds' => $config['durationSeconds'],
'Version' => '2018-08-13',
'RoleSessionName' => 'cos',
'Region' => $config['region'],
'ExternalId' => $ExternalId,
'Policy' => urlencode($policyStr)
);
$params['Signature'] = $this->getSignature($params, $config['secretKey'], $Method, $config);
$url = 'https://sts.internal.tencentcloudapi.com/';
if (array_key_exists('endpoint', $config)) {
$url = 'https://sts.' . $config['endpoint'];
}
$ch = curl_init($url);
if (array_key_exists('proxy', $config)) {
$config['proxy'] && curl_setopt($ch, CURLOPT_PROXY, $config['proxy']);
}
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->json2str($params));
$result = curl_exec($ch);
if (curl_errno($ch)) $result = curl_error($ch);
curl_close($ch);
$result = json_decode($result, 1);
if (isset($result['Response'])) {
$result = $result['Response'];
if (isset($result['Error'])) {
throw new \Exception("get cam failed");
}
$result['startTime'] = $result['ExpiredTime'] - $config['durationSeconds'];
}
$result = $this->backwardCompat($result);
return $result;
} catch (\Exception $e) {
if ($result == null) {
$result = "error: " . $e->getMessage();
} else {
$result = json_encode($result);
}
throw new \Exception($result);
}
}
// get policy
function getPolicy($scopes)
{
if (!is_array($scopes)) {
return null;
}
$statements = [];
for ($i = 0, $counts = count($scopes); $i < $counts; $i++) {
$actions = [];
$resources = [];
$actions[] = $scopes[$i]->get_action();
$resources[] = $scopes[$i]->get_resource();
$statement = [
'action' => $actions,
'effect' => $scopes[$i]->get_effect(),
'resource' => $resources
];
$statements[] = $statement;
}
$policy = [
'version' => '2.0',
'statement' => $statements
];
return $policy;
}
}
Reference in New Issue Copy Permalink