339 lines
12 KiB
PHP
339 lines
12 KiB
PHP
<?php
|
||
|
||
namespace addons\hwobs\controller;
|
||
|
||
use think\Config;
|
||
use Obs\ObsClient;
|
||
use addons\hwobs\Hwobs;
|
||
use think\addons\Controller;
|
||
use addons\hwobs\library\Auth;
|
||
use app\common\library\Upload;
|
||
use Obs\Internal\Common\Model;
|
||
use addons\hwobs\library\Signer;
|
||
use app\common\model\Attachment;
|
||
use app\common\exception\UploadException;
|
||
use Obs\Internal\Signature\DefaultSignature;
|
||
|
||
class Index extends Controller
|
||
{
|
||
|
||
public function _initialize()
|
||
{
|
||
//跨域检测
|
||
check_cors_request();
|
||
|
||
parent::_initialize();
|
||
Config::set('default_return_type', 'json');
|
||
}
|
||
|
||
public function index()
|
||
{
|
||
Config::set('default_return_type', 'html');
|
||
$this->error("当前插件暂无前台页面");
|
||
}
|
||
|
||
public function config()
|
||
{
|
||
$upload = [];
|
||
(new Hwobs)->uploadConfigInit($upload);
|
||
$this->success('', null, $upload);
|
||
}
|
||
|
||
public function params()
|
||
{
|
||
$this->check();
|
||
|
||
$config = get_addon_config('hwobs');
|
||
$name = $this->request->post('name');
|
||
$md5 = $this->request->post('md5');
|
||
$chunk = $this->request->post('chunk');
|
||
$name = xss_clean($name);
|
||
|
||
// 检查文件后缀
|
||
$extension = strtolower(pathinfo($name, PATHINFO_EXTENSION));
|
||
$allowedExtensions = explode(',', strtolower($config['mimetype']));
|
||
if (!in_array($extension, $allowedExtensions) || in_array($extension, ['php', 'html', 'htm', 'phar', 'phtml']) || preg_match("/^php(.*)/i", $extension)) {
|
||
$this->error('不允许的文件类型');
|
||
}
|
||
|
||
$key = (new Upload())->getSavekey($config['savekey'], $name, $md5);
|
||
$key = ltrim($key, "/");
|
||
$params = [
|
||
'key' => $key,
|
||
'md5' => $md5
|
||
];
|
||
$fileSize = $this->request->post('size');
|
||
$type = $this->request->post('type');
|
||
$date = gmdate('D, d M Y H:i:s \G\M\T', time());
|
||
$headers = [];
|
||
$obs = new ObsClient([
|
||
'key' => $config['accessKey'],
|
||
'secret' => $config['secretKey'],
|
||
'endpoint' => $config['endpoint']
|
||
]);
|
||
if ($chunk) {
|
||
$partSize = $this->request->post("chunksize");
|
||
|
||
try {
|
||
$ret = $obs->initiateMultipartUpload([
|
||
'Bucket' => $config['bucket'],
|
||
'Key' => $key,
|
||
]);
|
||
} catch (\Exception $e) {
|
||
$this->error("上传失败");
|
||
}
|
||
$uploadId = $ret['UploadId'];
|
||
|
||
$params['key'] = $key;
|
||
$params['uploadId'] = $uploadId;
|
||
$params['partsAuthorization'] = Signer::getPartsAuthorization($key, $uploadId, $fileSize, $partSize, $date);
|
||
} else {
|
||
$signature = $obs->createPostSignature([
|
||
'Bucket' => $config['bucket'],
|
||
'Key' => $key,
|
||
'FormParams' => []
|
||
]);
|
||
$params['key'] = $key;
|
||
$params['AccessKeyId'] = $config['accessKey'];
|
||
$params['policy'] = $signature['Policy'];
|
||
$params['signature'] = $signature['Signature'];
|
||
}
|
||
$params['headers'] = $headers;
|
||
$params['date'] = $date;
|
||
$this->success('', null, $params);
|
||
}
|
||
|
||
/**
|
||
* 服务器中转上传文件
|
||
* 上传分片
|
||
* 合并分片
|
||
* @param bool $isApi
|
||
*/
|
||
public function upload($isApi = false)
|
||
{
|
||
if ($isApi === true) {
|
||
if (!Auth::isModuleAllow()) {
|
||
$this->error("请登录后再进行操作");
|
||
}
|
||
} else {
|
||
$this->check();
|
||
}
|
||
$config = get_addon_config('hwobs');
|
||
$obs = new ObsClient([
|
||
'key' => $config['accessKey'],
|
||
'secret' => $config['secretKey'],
|
||
'endpoint' => $config['endpoint']
|
||
]);
|
||
|
||
//检测删除文件或附件
|
||
$checkDeleteFile = function ($attachment, $upload, $force = false) use ($config) {
|
||
//如果设定为不备份则删除文件和记录 或 强制删除
|
||
if ((isset($config['serverbackup']) && !$config['serverbackup']) || $force) {
|
||
if ($attachment && !empty($attachment['id'])) {
|
||
$attachment->delete();
|
||
}
|
||
if ($upload) {
|
||
//文件绝对路径
|
||
$filePath = $upload->getFile()->getRealPath() ?: $upload->getFile()->getPathname();
|
||
@unlink($filePath);
|
||
}
|
||
}
|
||
};
|
||
|
||
$chunkid = $this->request->post("chunkid");
|
||
if ($chunkid) {
|
||
$action = $this->request->post("action");
|
||
$chunkindex = $this->request->post("chunkindex/d");
|
||
$chunkcount = $this->request->post("chunkcount/d");
|
||
$filesize = $this->request->post("filesize");
|
||
$filename = $this->request->post("filename");
|
||
$method = $this->request->method(true);
|
||
$key = $this->request->post("key");
|
||
$uploadId = $this->request->post("uploadId");
|
||
|
||
if ($action == 'merge') {
|
||
$attachment = null;
|
||
$upload = null;
|
||
//合并分片
|
||
if ($config['uploadmode'] == 'server') {
|
||
//合并分片文件
|
||
try {
|
||
$upload = new Upload();
|
||
$attachment = $upload->merge($chunkid, $chunkcount, $filename);
|
||
} catch (UploadException $e) {
|
||
$this->error($e->getMessage());
|
||
}
|
||
}
|
||
|
||
$etags = $this->request->post("etags/a", []);
|
||
if (count($etags) != $chunkcount) {
|
||
$checkDeleteFile($attachment, $upload, true);
|
||
$this->error("分片数据错误");
|
||
}
|
||
$listParts = [];
|
||
for ($i = 0; $i < $chunkcount; $i++) {
|
||
$listParts[] = array("PartNumber" => $i + 1, "ETag" => $etags[$i]);
|
||
}
|
||
try {
|
||
$result = $obs->completeMultipartUpload([
|
||
'Bucket' => $config['bucket'],
|
||
'Key' => $key,
|
||
// 设置Upload ID
|
||
'UploadId' => $uploadId,
|
||
'Parts' => $listParts
|
||
]);
|
||
} catch (\Exception $e) {
|
||
$checkDeleteFile($attachment, $upload, true);
|
||
$this->error($e->getMessage());
|
||
}
|
||
if (!isset($result['Key'])) {
|
||
$checkDeleteFile($attachment, $upload, true);
|
||
$this->error("上传失败");
|
||
} else {
|
||
$checkDeleteFile($attachment, $upload);
|
||
$this->success("上传成功", '', ['url' => "/" . $key, 'fullurl' => cdnurl("/" . $key, true)]);
|
||
}
|
||
} else {
|
||
//默认普通上传文件
|
||
$file = $this->request->file('file');
|
||
try {
|
||
$upload = new Upload($file);
|
||
$file = $upload->chunk($chunkid, $chunkindex, $chunkcount);
|
||
} catch (UploadException $e) {
|
||
$this->error($e->getMessage());
|
||
}
|
||
try {
|
||
$ret = $obs->uploadPart([
|
||
'Bucket' => $config['bucket'],
|
||
'Key' => $key,
|
||
// 设置分段号,范围是1~10000
|
||
'PartNumber' => $chunkindex + 1,
|
||
// 设置Upload ID
|
||
'UploadId' => $uploadId,
|
||
// 设置将要上传的大文件,localfile为上传的本地文件路径,需要指定到具体的文件名
|
||
'SourceFile' => $file->getRealPath(),
|
||
// 设置分段大小
|
||
'PartSize' => $file->getSize(),
|
||
// 设置分段的起始偏移大小
|
||
'Offset' => 0
|
||
]);
|
||
} catch (\Exception $e) {
|
||
$this->error($e->getMessage());
|
||
}
|
||
|
||
$etag = isset($ret['ETag']) ? $ret['ETag'] : '';
|
||
$this->success("上传成功", "", [], 3, ['ETag' => $etag]);
|
||
}
|
||
} else {
|
||
$attachment = null;
|
||
//默认普通上传文件
|
||
$file = $this->request->file('file');
|
||
try {
|
||
$upload = new Upload($file);
|
||
$attachment = $upload->upload();
|
||
} catch (UploadException $e) {
|
||
$this->error($e->getMessage());
|
||
}
|
||
|
||
//文件绝对路径
|
||
$filePath = $upload->getFile()->getRealPath() ?: $upload->getFile()->getPathname();
|
||
|
||
$url = $attachment->url;
|
||
|
||
try {
|
||
$ret = $obs->putObject([
|
||
'Bucket' => $config['bucket'],
|
||
'Key' => ltrim($attachment->url, '/'),
|
||
'SourceFile' => $filePath
|
||
]);
|
||
//成功不做任何操作
|
||
} catch (\Exception $e) {
|
||
$checkDeleteFile($attachment, $upload, true);
|
||
$this->error("上传失败");
|
||
}
|
||
$checkDeleteFile($attachment, $upload);
|
||
|
||
// 记录云存储记录
|
||
$data = $attachment->toArray();
|
||
unset($data['id']);
|
||
$data['storage'] = 'hwobs';
|
||
Attachment::create($data, true);
|
||
|
||
$this->success("上传成功", '', ['url' => $url, 'fullurl' => cdnurl($url, true)]);
|
||
}
|
||
return;
|
||
}
|
||
|
||
/**
|
||
* 回调
|
||
*/
|
||
public function notify()
|
||
{
|
||
$this->check();
|
||
$config = get_addon_config('hwobs');
|
||
if ($config['uploadmode'] != 'client') {
|
||
$this->error("无需执行该操作");
|
||
}
|
||
$this->request->filter('trim,strip_tags,htmlspecialchars,xss_clean');
|
||
|
||
$size = $this->request->post('size/d');
|
||
$name = $this->request->post('name', '');
|
||
$md5 = $this->request->post('md5', '');
|
||
$type = $this->request->post('type', '');
|
||
$url = $this->request->post('url', '');
|
||
$width = $this->request->post('width/d');
|
||
$height = $this->request->post('height/d');
|
||
$category = $this->request->post('category', '');
|
||
$suffix = strtolower(pathinfo($name, PATHINFO_EXTENSION));
|
||
$suffix = $suffix && preg_match("/^[a-zA-Z0-9]+$/", $suffix) ? $suffix : 'file';
|
||
$attachment = Attachment::where('url', $url)->where('storage', 'hwobs')->find();
|
||
if (!$attachment) {
|
||
$params = array(
|
||
'category' => $category,
|
||
'admin_id' => (int)session('admin.id'),
|
||
'user_id' => (int)$this->auth->id,
|
||
'filesize' => $size,
|
||
'filename' => $name,
|
||
'imagewidth' => $width,
|
||
'imageheight' => $height,
|
||
'imagetype' => $suffix,
|
||
'imageframes' => 0,
|
||
'mimetype' => $type,
|
||
'url' => $url,
|
||
'uploadtime' => time(),
|
||
'storage' => 'hwobs',
|
||
'sha1' => $md5,
|
||
);
|
||
Attachment::create($params, true);
|
||
}
|
||
$this->success();
|
||
return;
|
||
}
|
||
|
||
/**
|
||
* 检查签名是否正确或过期
|
||
*/
|
||
protected function check()
|
||
{
|
||
$hwobstoken = $this->request->post('hwobstoken', '', 'trim');
|
||
if (!$hwobstoken) {
|
||
$this->error("参数不正确(code:1)");
|
||
}
|
||
$config = get_addon_config('hwobs');
|
||
list($accessKey, $sign, $data) = explode(':', $hwobstoken);
|
||
if (!$accessKey || !$sign || !$data) {
|
||
$this->error("参数不正确(code:2)");
|
||
}
|
||
if ($accessKey !== $config['accessKey']) {
|
||
$this->error("参数不正确(code:3)");
|
||
}
|
||
if ($sign !== base64_encode(hash_hmac('sha1', base64_decode($data), $config['secretKey'], true))) {
|
||
$this->error("签名不正确");
|
||
}
|
||
$json = json_decode(base64_decode($data), true);
|
||
if ($json['deadline'] < time()) {
|
||
$this->error("请求已经超时");
|
||
}
|
||
}
|
||
}
|