AWS对S3桶里的文件设置签名验证，过期时间等

AWS 可以对S3桶的文件设置访问权限，当设置不公开访问的时候，又要让用户可以查看，那么就需要用到设置临时访问权限了

亚马逊 CloudFront 网址进行签名

/*** CDN域名使用* 给某个文件设置临时过期时间的url* @param $filePath* @return mixed|string* @author wzb* @data 2024/5/30*/static function ossAwsUrlSign($filePath = '', $expiresTime = 60){if (empty($filePath)) {return $filePath;}$configOss = config('aws_oss');$configOss = $configOss['video'] ?? [];$accessKeyId = $configOss['accessKeyId'] ?? '';  // 你的AccessKeyId$accessKeySecret = $configOss['accessKeySecret'] ?? '';  // 你的AccessKeySecret$region = $configOss['region'] ?? ''; // 你的Bucket所在地域的域名$bucket = $configOss['bucket'] ?? ''; // 你的Bucket名字$ossDomain = $configOss['oss_domain'] ?? '';  // CDN域名if (empty($accessKeyId) || empty($accessKeySecret) || empty($region) || empty($bucket)) {return '';}$resourceKey = $ossDomain . $filePath;$expires = time() + $expiresTime; // 5 minutes (5 * 60 seconds) from now.$privateKey = ROOT_PATH . "oss/aws_s3/private_key.pem";$keyPairId = 'K2****ADPC';$stsClient = new StsClient(['version' => 'latest',//版本'region' => $region,//区域'credentials' => new Credentials($accessKeyId,//Access key ID$accessKeySecret,//Secret access key),]);$result = $stsClient->getSessionToken();$cloudFrontClient = new CloudFrontClient(['version' => 'latest',//版本'region' => $region,//区域'credentials' => ['key' => $result['Credentials']['AccessKeyId'],'secret' => $result['Credentials']['SecretAccessKey'],'token' => $result['Credentials']['SessionToken']]]);try {$result = $cloudFrontClient->getSignedUrl(['url' => $resourceKey,'expires' => $expires,'private_key' => $privateKey,'key_pair_id' => $keyPairId]);return $result;} catch (AwsException $e) {return 'Error: ' . $e->getAwsErrorMessage();}}// CDN域名使用// 给用户临时的cookie访问权限static function ossAwsUrlCookie($resourceKey){if (empty($resourceKey)) {return $resourceKey;}$configOss = config('aws_oss');$configOss = $configOss['video'] ?? [];$accessKeyId = $configOss['accessKeyId'] ?? '';  // 你的AccessKeyId$accessKeySecret = $configOss['accessKeySecret'] ?? '';  // 你的AccessKeySecret$region = $configOss['region'] ?? ''; // 你的Bucket所在地域的域名$bucket = $configOss['bucket'] ?? ''; // 你的Bucket名字$ossDomain = $configOss['oss_domain'] ?? '';if (empty($accessKeyId) || empty($accessKeySecret) || empty($region) || empty($bucket)) {return [];}$expires = time() + 300; // 5 minutes (5 * 60 seconds) from now.$privateKey = ROOT_PATH . "oss/aws_s3/private_key.pem";$keyPairId = 'K2CKP307JZADPC';$stsClient = new StsClient(['version' => 'latest',//版本'region' => $region,//区域'credentials' => new Credentials($accessKeyId,//Access key ID$accessKeySecret,//Secret access key),]);$result = $stsClient->getSessionToken();$cloudFrontClient = new CloudFrontClient(['version' => 'latest',//版本'region' => $region,//区域'credentials' => ['key' => $result['Credentials']['AccessKeyId'],'secret' => $result['Credentials']['SecretAccessKey'],'token' => $result['Credentials']['SessionToken']]]);try {$result = $cloudFrontClient->getSignedCookie(['url' => $ossDomain . $resourceKey,'expires' => $expires,'private_key' => $privateKey,'key_pair_id' => $keyPairId]);// 需要把返回的数据写入cookie里return $result;} catch (AwsException $e) {return ['Error' => $e->getAwsErrorMessage()];}}

Amazon S3 预签名 URL

/*** S3桶自带的域名使用* 生成临时链接-过期时间* @return string* @author wzb* @data 2024/5/30*/static function ossAwsUrlExpires($filePath = ''){$configOss = config('aws_oss');$configOss = $configOss['video'] ?? [];$accessKeyId = $configOss['accessKeyId'] ?? '';  // 你的AccessKeyId$accessKeySecret = $configOss['accessKeySecret'] ?? '';  // 你的AccessKeySecret$region = $configOss['region'] ?? ''; // 你的Bucket所在地域的域名$bucket = $configOss['bucket'] ?? ''; // 你的Bucket名字if (empty($accessKeyId) || empty($accessKeySecret) || empty($region) || empty($bucket)) {return '';}//实例化$s3Client = new S3Client(['version' => 'latest',//版本'region' => $region,//区域'credentials' => new Credentials($accessKeyId,//Access key ID$accessKeySecret,//Secret access key),]);$cmd = $s3Client->getCommand('GetObject', ['Bucket' => $bucket,'Key' => $filePath]);//        $request = $s3Client->createPresignedRequest($cmd, '+1 minutes');$request = $s3Client->createPresignedRequest($cmd, '+20 second');$presignedUrl = (string)$request->getUri();return $presignedUrl;}