aliyun oss和minio 增加过期时间配置

2021-07-21 14:07:58 +08:00 · 2021-07-21 14:07:58 +08:00 · 69dc496580
parent b863b079d9
commit 69dc496580
5 changed files with 79 additions and 9 deletions
--- a/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/config/AliyunOssConfig.java
+++ b/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/config/AliyunOssConfig.java
@ -23,7 +23,7 @@ public class AliyunOssConfig {
     * AccessKeyId 【secretKey】eg:LTAI4GFov2QymkmPf9cXdH5z
     * AccessKeySecret 【secretKey】 eg:ap8nmIvD1TctcCLsADS4JbkOoXOluW
     * BucketName eg:yuebaoxiao
-     * Endpoint eg:oss-cn-shenzhen.aliyuncs.com
+     * Endpoint 对象存储服务的URL  eg:oss-cn-shenzhen.aliyuncs.com
     *
     * ak 获取地址：https://ak-console.aliyun.com/#/accesskey
     *
@ -44,6 +44,16 @@ public class AliyunOssConfig {
     * 4: eg: https://image.jl-media.cn
     */
    private String domain = null;
+    /**
+     * 过期时间，单位秒；
+     * 如：1小时就写：3600L
+     * 如：9小时就写：32400L
+     * 如：12小时就写：43200L, 【不支持】，最大是 32400（9小时）， 最小 1（1秒钟）
+     * 如：-1： 就永不过期，原样返回url
+     * 签名URL的默认过期时间为3600秒，最大值为32400秒
+     * 文档：对象存储 授权访问 https://help.aliyun.com/document_detail/32016.html?spm=a2c4g.11186623.6.996.335b6d13O5xgUH
+     */
+    private Long expiryDuration = 32400L;

    public String getAccessKey() {
        return accessKey;
@ -84,4 +94,21 @@ public class AliyunOssConfig {
    public void setDomain(String domain) {
        this.domain = domain;
    }
+
+    public Long getExpiryDuration() {
+        if (expiryDuration == null) {
+            // 默认一个小时, 3600秒
+            expiryDuration = 3600L;
+        }
+        if (expiryDuration < 1L && expiryDuration != -1) {
+            // 最小1秒
+            // 如果要永不过期，就不要调用 -1； 直接原样返回
+            expiryDuration = 1L;
+        }
+        return expiryDuration;
+    }
+
+    public void setExpiryDuration(Long expiryDuration) {
+        this.expiryDuration = expiryDuration;
+    }
 }
--- a/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/config/MinioConfig.java
+++ b/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/config/MinioConfig.java
@ -8,6 +8,8 @@ import org.springframework.context.annotation.Configuration;
 import io.minio.MinioClient;
 import org.springframework.stereotype.Component;

+import java.util.concurrent.TimeUnit;
+
 /**
 * Minio 配置信息
 *
@ -20,8 +22,14 @@ import org.springframework.stereotype.Component;
@ConfigurationProperties(prefix = MinioConfig.PREFIX)
 public class MinioConfig {
    public static final String PREFIX = "minio";
+
+    @Bean
+    public MinioClient getMinioClient() {
+        return MinioClient.builder().endpoint(url).credentials(accessKey, secretKey).build();
+    }
+
    /**
-     * 服务地址url 或者叫做 endpoint
+     * 服务地址url 或者叫做 endpoint 或者叫做 对象存储服务的URL
     * eg: http://192.168.254.100:9900
     */
    private String url;
@ -50,6 +58,18 @@ public class MinioConfig {
     */
    private String domain;

+    /**
+     * 过期时间
+     * 文档：MinIO STS快速入门指南 http://docs.minio.org.cn/docs/master/minio-sts-quickstart-guide
+     * 文档：适用于与Amazon S3兼容的云存储的MinIO Java SDK: API文档: Presigned操作: presignedGetObject:  http://docs.minio.org.cn/docs/master/java-client-quickstart-guide
+     * 默认7天，单位秒；
+     * 1小时：3600 = 60 * 60 * 1
+     * 24小时（1天）：86400 = 60 * 60 * 24
+     * 7天：604800 = 86400 * 7
+     * -1： 就永不过期，原样返回url
+     */
+    private Integer expiryDuration = 86400;
+
    public String getUrl() {
        return url;
    }
@ -90,8 +110,20 @@ public class MinioConfig {
        this.domain = domain;
    }

-    @Bean
-    public MinioClient getMinioClient() {
-        return MinioClient.builder().endpoint(url).credentials(accessKey, secretKey).build();
+    public Integer getExpiryDuration() {
+        if (expiryDuration == null) {
+            // 默认一个小时, 3600秒
+            expiryDuration = 86400;
+        }
+        if (expiryDuration < 1L && expiryDuration != -1) {
+            // 最小1秒
+            // 如果要永不过期，就不要调用 -1； 直接原样返回
+            expiryDuration = 1;
+        }
+        return expiryDuration;
+    }
+
+    public void setExpiryDuration(Integer expiryDuration) {
+        this.expiryDuration = expiryDuration;
    }
 }
--- a/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/controller/SysFileController.java
+++ b/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/controller/SysFileController.java
@ -80,6 +80,8 @@ public class SysFileController {
     * 兼容 AWS Security Token Service (STS) 的联合身份临时安全凭证 (federation token) ，更多详细信息请查阅
     * aliyun oss 实例: http://react-yuebaoxiao-pro.oss-cn-shanghai.aliyuncs.com/dev/upload/default/20210719-23d31398-4849-408d-8775-a5b668ccafc3.jpeg?Expires=1626736182&OSSAccessKeyId=LTAI4GDQSbwgmbsRxxbDXnKT&Signature=P3w3%2FIpEnZEUhYku6scOos4p54A%3D
     * minio 示例: https://yq666.bj.gov.cn/appt-file/dev/default/2021/07/19/5fe1478b-969c-4b6e-9cc0-742412dc3128.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=D99KGE6ZTQXSATTJWU24%2F20210719%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210719T112025Z&X-Amz-Expires=432000&X-Amz-SignedHeaders=host&X-Amz-Signature=e45171d0885f006ee1de43cec9d88963e2b55c6e671740ae5695410ba16770c5
+     * ---------------------------------------------------
+     * 【说明】文件服务器，一般默认是不加延签参数就可以访问，要让验签看到效果，一般都需要在 对应文件服务器 bucket 上面做访问策略的配置
     */
    @ApiOperation(value = "临时安全凭证、获取加签的url", notes = "根据输入的url,获取带有临时安全凭证的url")
    @GetMapping("getPresignedUrl")
--- a/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/service/AliyunOssDsfServiceImpl.java
+++ b/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/service/AliyunOssDsfServiceImpl.java
@ -518,6 +518,9 @@ public class AliyunOssDsfServiceImpl implements IDfsService {

    @Override
    public String presignedUrl(String fileUrl) {
+        if (aliyunOssConfig.getExpiryDuration() == -1) {
+            return fileUrl;
+        }
        String objectKey = this.getStorePath(fileUrl);
        return this.getStsURL(objectKey);
    }
@ -539,14 +542,16 @@ public class AliyunOssDsfServiceImpl implements IDfsService {
                return objectName;
            }
            if (objectName.startsWith("/")) {
-                objectName = objectName.replaceFirst("/", ""); // 不能以/ 开头。例如 /dev/upload/123.jpg，需要转为 dev/upload/123.jpg
+                // 不能以/ 开头。例如 /dev/upload/123.jpg，需要转为 dev/upload/123.jpg
+                objectName = objectName.replaceFirst("/", "");
            }
        } catch (MalformedURLException e) {
            // 忽略
        }
        OSS ossClient = new OSSClientBuilder().build(aliyunOssConfig.getEndpoint(), aliyunOssConfig.getAccessKey(), aliyunOssConfig.getSecretKey());
-        // 设置URL过期时间为12小时，最大值就是43200
-        Date expiration = new Date(System.currentTimeMillis() + (43200 * 1000));
+        // 设置URL过期时间为9小时，最大值就是 32400L
+        // 设置签名URL过期时间为3600秒（1小时）。
+        Date expiration = new Date(System.currentTimeMillis() + (aliyunOssConfig.getExpiryDuration() * 1000));
        // 生成以GET方法访问的签名URL，访客可以直接通过浏览器访问相关内容。
        URL url = ossClient.generatePresignedUrl(aliyunOssConfig.getBucketName(), objectName, expiration);
        // 关闭OSSClient。
--- a/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/service/MinioDfsServiceImpl.java
+++ b/ruoyi-modules/ruoyi-file/src/main/java/com/ruoyi/file/service/MinioDfsServiceImpl.java
@ -143,11 +143,15 @@ public class MinioDfsServiceImpl implements IDfsService
     */
    @Override
    public String presignedUrl(String fileUrl) {
+        if (minioConfig.getExpiryDuration() == -1) {
+            return fileUrl;
+        }
        String objectName = this.getStorePath(fileUrl);
        GetPresignedObjectUrlArgs args = GetPresignedObjectUrlArgs.builder().
                bucket(minioConfig.getBucketName()).
                method(Method.GET).
-                object(objectName).expiry(5, TimeUnit.DAYS).build();
+                object(objectName).
+                expiry(minioConfig.getExpiryDuration(), TimeUnit.SECONDS).build();

        String presignedObjectUrl = null;
        try {