RubyGems - aliyun-sdk - Versions diffs - 0.4.0 → 0.4.1 - Mend

aliyun-sdk 0.4.0 → 0.4.1

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/aliyun/oss/bucket.rb +26 -10
data/lib/aliyun/oss/protocol.rb +6 -0
data/lib/aliyun/oss/util.rb +2 -2
data/lib/aliyun/sts/config.rb +2 -1
data/lib/aliyun/sts/protocol.rb +1 -1
data/lib/aliyun/version.rb +1 -1
data/spec/aliyun/oss/client/bucket_spec.rb +24 -0
data/tests/config.rb +16 -0
data/tests/test_object_url.rb +69 -0
metadata +6 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3351c07de0b29f43528b3bcb1a3ce7acae4cd9be
-  data.tar.gz: e748094c575c5f22e775723d88794c92f2819d3b
+  metadata.gz: 4d2294b9c0a613bb98a3b888d820be1e0c2ecff3
+  data.tar.gz: 2891c2c8687b498e2c404b4637709088975440e9
 SHA512:
-  metadata.gz: 7ca9fac250cd61d7f9adee1012e033e29a5eeecd5c890f795b0bfb3be4e1094475eb10fcf976e78b3d1662ba8b1046329698375928495c620762bb56228a6714
-  data.tar.gz: d5a21aea9411798f93e44f45142abb488c67c4ec06c4b0ff7382cac289862fddac10976f488e9aac59a441b8e2528d9e6844614dd2e95b21d1cb092c09cdffaf
+  metadata.gz: e1ea89fa4af2f7f46a78ada3fda39e7ff491ad7feecc4f8e056791e93f411a403db25076c3bf42a2e2f227e2de7f59e8daf78ee426249d70e6b4182664602ddc
+  data.tar.gz: 61abb3e86fc538213d70826bf2bde4c3e6dbfa47c8cdbd0c5c9eb271359f366930f23c68cc314dcb10cb18c5619fcc140dcebab87c7aa247bf228834a79056b6

data/CHANGELOG.md CHANGED

@@ -1,5 +1,9 @@
 ## Change Log
+### v0.4.1 / 2016-07-19
+- Support signature object url with STS
 ### v0.4.0 / 2016-05-19
 - Enable copy objects of different buckets(but in the same region)

data/lib/aliyun/oss/bucket.rb CHANGED

@@ -595,17 +595,33 @@ module Aliyun
         return url unless sign
         expires = Time.now.to_i + expiry
-        string_to_sign = "GET\n" +
-                         "\n\n" +
-                         "#{expires}\n" +
-                         "/#{name}/#{key}"
-        signature = sign(string_to_sign)
-        query_string = {
+        query = {
           'Expires' => expires.to_s,
-          'OSSAccessKeyId' => CGI.escape(access_key_id),
-          'Signature' => CGI.escape(signature)
-        }.map { |k, v| "#{k}=#{v}" }.join('&')
+          'OSSAccessKeyId' => CGI.escape(access_key_id)
+        }
+        sub_res = []
+        if @protocol.get_sts_token
+          sub_res << "security-token=#{@protocol.get_sts_token}"
+          query['security-token'] = CGI.escape(@protocol.get_sts_token)
+        end
+        resource = "/#{name}/#{key}"
+        unless sub_res.empty?
+          resource << "?#{sub_res.join('&')}"
+        end
+        string_to_sign = "" <<
+                         "GET\n" << # method
+                         "\n" <<    # Content-MD5
+                         "\n" <<    # Content-Type
+                         "#{expires}\n" <<
+                         "#{resource}"
+        signature = sign(string_to_sign)
+        query_string =
+          query.merge('Signature' => CGI.escape(signature))
+          .map { |k, v| "#{k}=#{v}" }.join('&')
         [url, query_string].join('?')
       end

data/lib/aliyun/oss/protocol.rb CHANGED

@@ -1365,6 +1365,12 @@ module Aliyun
         @config.access_key_id
       end
+      # Get user's STS token
+      # @return [String] the STS token
+      def get_sts_token
+        @config.sts_token
+      end
       # Sign a string using the stored access key secret
       # @param [String] string_to_sign the string to sign
       # @return [String] the signature

data/lib/aliyun/oss/util.rb CHANGED

@@ -41,8 +41,6 @@ module Aliyun
             "#{verb}\n#{content_md5}\n#{content_type}\n#{date}\n" +
             "#{cano_headers}#{cano_res}"
-          logger.debug("String to sign: #{string_to_sign}")
           Util.sign(key, string_to_sign)
         end
@@ -51,6 +49,8 @@ module Aliyun
         # @param [String] string_to_sign the string to sign
         # @return [String] the signature
         def sign(key, string_to_sign)
+          logger.debug("String to sign: #{string_to_sign}")
           Base64.strict_encode64(
             OpenSSL::HMAC.digest('sha1', key, string_to_sign))
         end

data/lib/aliyun/sts/config.rb CHANGED

@@ -7,13 +7,14 @@ module Aliyun
     # timeout, retry mechanism, etc
     class Config < Common::Struct::Base
-      attrs :access_key_id, :access_key_secret
+      attrs :access_key_id, :access_key_secret, :endpoint
       def initialize(opts = {})
         super(opts)
         @access_key_id = @access_key_id.strip if @access_key_id
         @access_key_secret = @access_key_secret.strip if @access_key_secret
+        @endpoint = @endpoint.strip if @endpoint
       end
     end # Config

data/lib/aliyun/sts/protocol.rb CHANGED

@@ -86,7 +86,7 @@ module Aliyun
         r = RestClient::Request.execute(
           :method => 'POST',
-          :url => ENDPOINT,
+          :url => @config.endpoint || ENDPOINT,
           :payload => query
         ) do |response, request, result, &blk|

data/lib/aliyun/version.rb CHANGED

@@ -2,6 +2,6 @@
 module Aliyun
-    VERSION = "0.4.0"
+    VERSION = "0.4.1"
 end # Aliyun

data/spec/aliyun/oss/client/bucket_spec.rb CHANGED

@@ -466,6 +466,30 @@ module Aliyun
           sig = Util.sign('yyy', string_to_sign)
           expect(signature).to eq(sig)
         end
+        it "should get object url with STS" do
+          sts_bucket = Client.new(
+            :endpoint => @endpoint,
+            :access_key_id => 'xxx',
+            :access_key_secret => 'yyy',
+            :sts_token => 'zzz').get_bucket(@bucket_name)
+          object_url = 'http://rubysdk-bucket.oss-cn-hangzhou.aliyuncs.com/yeah'
+          url = sts_bucket.object_url('yeah')
+          path = url[0, url.index('?')]
+          expect(path).to eq(object_url)
+          query = {}
+          url[url.index('?') + 1, url.size].split('&')
+            .each { |s| k, v = s.split('='); query[k] = v }
+          expect(query.key?('Expires')).to be true
+          expect(query.key?('Signature')).to be true
+          expect(query['OSSAccessKeyId']).to eq('xxx')
+          expect(query['security-token']).to eq('zzz')
+        end
       end # object operations
       context "multipart operations" do

data/tests/config.rb CHANGED

@@ -11,5 +11,21 @@ class TestConf
     def bucket
       ENV['RUBY_SDK_OSS_BUCKET']
     end
+    def sts_creds
+      {
+        access_key_id: ENV['RUBY_SDK_STS_ID'],
+        access_key_secret: ENV['RUBY_SDK_STS_KEY'],
+        endpoint: ENV['RUBY_SDK_STS_ENDPOINT']
+      }
+    end
+    def sts_role
+      ENV['RUBY_SDK_STS_ROLE']
+    end
+    def sts_bucket
+      ENV['RUBY_SDK_STS_BUCKET']
+    end
   end
 end

data/tests/test_object_url.rb ADDED

@@ -0,0 +1,69 @@
+require 'minitest/autorun'
+require 'yaml'
+$LOAD_PATH.unshift(File.expand_path("../../lib", __FILE__))
+require 'aliyun/oss'
+require 'aliyun/sts'
+require 'rest-client'
+require_relative 'config'
+class TestObjectUrl < Minitest::Test
+  def setup
+    Aliyun::Common::Logging.set_log_level(Logger::DEBUG)
+    client = Aliyun::OSS::Client.new(TestConf.creds)
+    @bucket = client.get_bucket(TestConf.bucket)
+    @prefix = "tests/object_url/"
+  end
+  def get_key(k)
+    "#{@prefix}#{k}"
+  end
+  def test_signed_url_for_get
+    key = get_key('object-for-get')
+    @bucket.put_object(key, acl: Aliyun::OSS::ACL::PRIVATE)
+    plain_url = @bucket.object_url(key, false)
+    begin
+      r = RestClient.get(plain_url)
+      assert false, 'GET plain object url should receive 403'
+    rescue => e
+      assert_equal 403, e.response.code
+    end
+    signed_url = @bucket.object_url(key)
+    r = RestClient.get(signed_url)
+    assert_equal 200, r.code
+  end
+  def test_signed_url_with_sts
+    key = get_key('object-with-sts')
+    sts_client = Aliyun::STS::Client.new(TestConf.sts_creds)
+    token = sts_client.assume_role(TestConf.sts_role, 'app')
+    bucket = Aliyun::OSS::Client.new(
+      :endpoint => TestConf.creds[:endpoint],
+      :sts_token => token.security_token,
+      :access_key_id => token.access_key_id,
+      :access_key_secret => token.access_key_secret)
+             .get_bucket(TestConf.sts_bucket)
+    bucket.put_object(key, acl: Aliyun::OSS::ACL::PRIVATE)
+    plain_url = bucket.object_url(key, false)
+    begin
+      r = RestClient.get(plain_url)
+      assert false, 'GET plain object url should receive 403'
+    rescue => e
+      assert_equal 403, e.response.code
+    end
+    signed_url = bucket.object_url(key)
+    r = RestClient.get(signed_url)
+    assert_equal 200, r.code
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliyun-sdk
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Tianlong Wu
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-19 00:00:00.000000000 Z
+date: 2016-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: 0.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: 0.10.0
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -188,6 +188,7 @@ files:
 - tests/test_multipart.rb
 - tests/test_object_acl.rb
 - tests/test_object_key.rb
+- tests/test_object_url.rb
 - tests/test_resumable.rb
 homepage: https://github.com/aliyun/aliyun-oss-ruby-sdk
 licenses:
@@ -235,5 +236,6 @@ test_files:
 - tests/test_multipart.rb
 - tests/test_object_acl.rb
 - tests/test_object_key.rb
+- tests/test_object_url.rb
 - tests/test_resumable.rb
 has_rdoc: