From 622e9d7e4882d8d8c55d0aa5e8c5d92164d4b6f9 Mon Sep 17 00:00:00 2001 From: Shiming Zhang Date: Tue, 26 Nov 2024 10:55:08 +0800 Subject: [PATCH] Add ip check for oss --- crproxy.go | 1 + storage/driver/oss/oss.go | 15 +++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/crproxy.go b/crproxy.go index 029d041..a932d9d 100644 --- a/crproxy.go +++ b/crproxy.go @@ -714,6 +714,7 @@ func (c *CRProxy) notFoundResponse(rw http.ResponseWriter, r *http.Request) { func (c *CRProxy) redirect(rw http.ResponseWriter, r *http.Request, blobPath string, info *PathInfo) error { options := map[string]interface{}{ "method": r.Method, + "ip": r.RemoteAddr, } linkExpires := c.linkExpires if linkExpires > 0 { diff --git a/storage/driver/oss/oss.go b/storage/driver/oss/oss.go index 87348bf..3565cc6 100644 --- a/storage/driver/oss/oss.go +++ b/storage/driver/oss/oss.go @@ -484,6 +484,7 @@ func (d *driver) Delete(ctx context.Context, path string) error { // URLFor returns a URL which may be used to retrieve the content stored at the given path. // May return an UnsupportedMethodErr in certain StorageDriver implementations. +// https://help.aliyun.com/zh/oss/developer-reference/ddd-signatures-to-urls func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) { methodString := "GET" method, ok := options["method"] @@ -504,17 +505,23 @@ func (d *driver) URLFor(ctx context.Context, path string, options map[string]int } } - var q url.Values + q := url.Values{} referer, ok := options["referer"] if ok { refererString, ok := referer.(string) if ok { - q = url.Values{ - "referer": []string{refererString}, - } + q["referer"] = []string{refererString} } } + ip, ok := options["ip"] + if ok { + ipString, ok := ip.(string) + if ok { + q["x-oss-ac-source-ip"] = []string{ipString} + q["x-oss-ac-subnet-mask"] = []string{"32"} + } + } signedURL := d.Bucket.SignedURLWithMethod(methodString, d.ossPath(path), expiresTime, q, nil) return signedURL, nil }