fnvtk/cunkebao_v3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

代码同步

Browse Source
This commit is contained in:
Ghost
2025-03-24 14:59:19 +08:00
parent f0fa19f89f
commit bd2e1e5386
716 changed files with 90318 additions and 26155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Server/vendor/alibabacloud/credentials/CHANGELOG.md vendored
View File

@@ -1,5 +1,9 @@
# CHANGELOG
## 1.2.0 - 2024-10-17
- Refactor all credentials providers.
## 1.1.3 - 2020-12-24
- Require guzzle ^6.3|^7.0

367
Server/vendor/alibabacloud/credentials/README-zh-CN.md vendored
View File

@@ -1,41 +1,57 @@
[English](/README.md) | 简体中文
![](https://aliyunsdk-pages.alicdn.com/icons/AlibabaCloud.svg)
# Alibaba Cloud Credentials for PHP
[![PHP CI](https://github.com/aliyun/credentials-php/actions/workflows/ci.yml/badge.svg)](https://github.com/aliyun/credentials-php/actions/workflows/ci.yml)
[![codecov](https://codecov.io/gh/aliyun/credentials-php/graph/badge.svg?token=YIkSjtfKbB)](https://codecov.io/gh/aliyun/credentials-php)
[![Latest Stable Version](https://poser.pugx.org/alibabacloud/credentials/v/stable)](https://packagist.org/packages/alibabacloud/credentials)
[![composer.lock](https://poser.pugx.org/alibabacloud/credentials/composerlock)](https://packagist.org/packages/alibabacloud/credentials)
[![Total Downloads](https://poser.pugx.org/alibabacloud/credentials/downloads)](https://packagist.org/packages/alibabacloud/credentials)
[![License](https://poser.pugx.org/alibabacloud/credentials/license)](https://packagist.org/packages/alibabacloud/credentials)
[![codecov](https://codecov.io/gh/aliyun/credentials-php/branch/master/graph/badge.svg)](https://codecov.io/gh/aliyun/credentials-php)
[![Travis Build Status](https://travis-ci.org/aliyun/credentials-php.svg?branch=master)](https://travis-ci.org/aliyun/credentials-php)
[![Appveyor Build Status](https://ci.appveyor.com/api/projects/status/6jxpwmhyfipagtge/branch/master?svg=true)](https://ci.appveyor.com/project/aliyun/credentials-php)
![](https://aliyunsdk-pages.alicdn.com/icons/AlibabaCloud.svg)
Alibaba Cloud Credentials for PHP 是帮助 PHP 开发者管理凭据的工具。
## 先决条件
您的系统需要满足[先决条件](/docs/zh-CN/0-Prerequisites.md),包括 PHP> = 5.6。 我们强烈建议使用cURL扩展并使用TLS后端编译cURL 7.16.2+。
## 安装依赖
如果已在系统上[全局安装 Composer](https://getcomposer.org/doc/00-intro.md#globally),请直接在项目目录中运行以下内容来安装 Alibaba Cloud Credentials for PHP 作为依赖项:
```
```sh
composer require alibabacloud/credentials
```
> 一些用户可能由于网络问题无法安装,可以使用[阿里云 Composer 全量镜像](https://developer.aliyun.com/composer)。
请看[安装](/docs/zh-CN/1-Installation.md)有关通过 Composer 和其他方式安装的详细信息。
## 快速使用
在您开始之前,您需要注册阿里云帐户并获取您的[凭证](https://usercenter.console.aliyun.com/#/manage/ak)。
### 凭证类型
#### 使用默认凭据链
当您在初始化凭据客户端不传入任何参数时Credentials工具会使用默认凭据链方式初始化客户端。默认凭据的读取逻辑请参见[默认凭据链](#默认凭证提供程序链)。
```php
<?php
use AlibabaCloud\Credentials\Credential;
// Chain Provider if no Parameter
$client = new Credential();
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### AccessKey
通过[用户信息管理][ak]设置 access_key它们具有该账户完全的权限请妥善保管。有时出于安全考虑您不能把具有完全访问权限的主账户 AccessKey 交于一个项目的开发者使用,您可以[创建RAM子账户][ram]并为子账户[授权][permissions]使用RAM子用户的 AccessKey 来进行API调用。
@@ -44,20 +60,19 @@ composer require alibabacloud/credentials
<?php
use AlibabaCloud\Credentials\Credential;
// Chain Provider if no Parameter
$credential = new Credential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
use AlibabaCloud\Credentials\Credential\Config;
// Access Key
$ak = new Credential([
'type' => 'access_key',
'access_key_id' => '<access_key_id>',
'access_key_secret' => '<access_key_secret>',
$config = new Config([
'type' => 'access_key',
'accessKeyId' => '<access_key_id>',
'accessKeySecret' => '<access_key_secret>',
]);
$ak->getAccessKeyId();
$ak->getAccessKeySecret();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
```
#### STS
@@ -68,102 +83,256 @@ $ak->getAccessKeySecret();
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$sts = new Credential([
'type' => 'sts',
'access_key_id' => '<access_key_id>',
'accessKey_secret' => '<accessKey_secret>',
'security_token' => '<security_token>',
$config = new Config([
'type' => 'sts',
'accessKeyId' => '<access_key_id>',
'accessKeySecret' => '<access_key_secret>',
'securityToken' => '<security_token>',
]);
$sts->getAccessKeyId();
$sts->getAccessKeySecret();
$sts->getSecurityToken();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### RamRoleArn
通过指定[RAM角色][RAM Role],让凭证自动申请维护 STS Token。可以通过为 `Policy` 赋值来限制获取到的 STS Token 的权限。
通过指定RAM角色的ARNAlibabacloud Resource NameCredentials工具可以帮助开发者前往STS换取STS Token。您也可以通过为 `Policy` 赋值来限制RAM角色到一个更小的权限集合
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$ramRoleArn = new Credential([
'type' => 'ram_role_arn',
'access_key_id' => '<access_key_id>',
'access_key_secret' => '<access_key_secret>',
'role_arn' => '<role_arn>',
'role_session_name' => '<role_session_name>',
'policy' => '',
$config = new Config([
'type' => 'ram_role_arn',
'accessKeyId' => '<access_key_id>',
'accessKeySecret' => '<access_key_secret>',
// 要扮演的RAM角色ARN示例值acs:ram::123456789012****:role/adminrole可以通过环境变量ALIBABA_CLOUD_ROLE_ARN设置role_arn
'roleArn' => '<role_arn>',
// 角色会话名称可以通过环境变量ALIBABA_CLOUD_ROLE_SESSION_NAME设置role_session_name
'roleSessionName' => '<role_session_name>',
// 设置更小的权限策略,非必填。示例值:{"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
'policy' => '',
// 设置session过期时间非必填。
'roleSessionExpiration' => 3600,
]);
$ramRoleArn->getAccessKeyId();
$ramRoleArn->getAccessKeySecret();
$ramRoleArn->getRoleArn();
$ramRoleArn->getRoleSessionName();
$ramRoleArn->getPolicy();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### EcsRamRole
通过指定角色名称,让凭证自动申请维护 STS Token
ECS和ECI实例均支持绑定实例RAM角色当在实例中使用Credentials工具时将自动获取实例绑定的RAM角色并通过访问元数据服务获取RAM角色的STS Token以完成凭据客户端的初始化。
实例元数据服务器支持加固模式和普通模式两种访问方式Credentials工具默认使用加固模式IMDSv2获取访问凭据。若使用加固模式时发生异常您可以通过设置disableIMDSv1来执行不同的异常处理逻辑
- 当值为false默认值会使用普通模式继续获取访问凭据。
- 当值为true时表示只能使用加固模式获取访问凭据会抛出异常。
服务端是否支持IMDSv2取决于您在服务器的配置。
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$ecsRamRole = new Credential([
'type' => 'ecs_ram_role',
'role_name' => '<role_name>',
$config = new Config([
'type' => 'ecs_ram_role',
// 选填该ECS角色的角色名称不填会自动获取但是建议加上以减少请求次数可以通过环境变量ALIBABA_CLOUD_ECS_METADATA设置role_name
'roleName' => '<role_name>',
// 选填是否强制关闭IMDSv1即必须使用IMDSv2加固模式可以通过环境变量ALIBABA_CLOUD_IMDSV1_DISABLED设置
'disableIMDSv1' => true,
]);
$ecsRamRole->getRoleName();
// Note: `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### RsaKeyPair
#### OIDCRoleArn
通过指定公钥Id和私钥文件让凭证自动申请维护 AccessKey。仅支持日本站
在容器服务 Kubernetes 版中设置了Worker节点RAM角色后对应节点内的Pod中的应用也就可以像ECS上部署的应用一样通过元数据服务Meta Data Server获取关联角色的STS Token。但如果容器集群上部署的是不可信的应用比如部署您的客户提交的应用代码也没有对您开放您可能并不希望它们能通过元数据服务获取Worker节点关联实例RAM角色的STS Token。为了避免影响云上资源的安全同时又能让这些不可信的应用安全地获取所需的 STS Token实现应用级别的权限最小化您可以使用RRSARAM Roles for Service Account功能。阿里云容器集群会为不同的应用Pod创建和挂载相应的服务账户OIDC Token文件并将相关配置信息注入到环境变量中Credentials工具通过获取环境变量的配置信息调用STS服务的AssumeRoleWithOIDC - OIDC角色SSO时获取扮演角色的临时身份凭证接口换取绑定角色的STS Token。详情请参见[通过RRSA配置ServiceAccount的RAM权限实现Pod权限隔离](https://help.aliyun.com/zh/ack/ack-managed-and-ack-dedicated/user-guide/use-rrsa-to-authorize-pods-to-access-different-cloud-services#task-2142941)
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$rsaKeyPair = new Credential([
'type' => 'rsa_key_pair',
'public_key_id' => '<public_key_id>',
'private_key_file' => '<private_key_file>',
$config = new Config([
'type' => 'oidc_role_arn',
// OIDC提供商ARN可以通过环境变量ALIBABA_CLOUD_OIDC_PROVIDER_ARN设置oidc_provider_arn
'oidcProviderArn' => '<oidc_provider_arn>',
// OIDC Token文件路径可以通过环境变量ALIBABA_CLOUD_OIDC_TOKEN_FILE设置oidc_token_file_path
'oidcTokenFilePath' => '<oidc_token_file_path>',
// 要扮演的RAM角色ARN示例值acs:ram::123456789012****:role/adminrole可以通过环境变量ALIBABA_CLOUD_ROLE_ARN设置role_arn
'roleArn' => '<role_arn>',
// 角色会话名称可以通过环境变量ALIBABA_CLOUD_ROLE_SESSION_NAME设置role_session_name
'roleSessionName' => '<role_session_name>',
// 设置更小的权限策略,非必填。示例值:{"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
'policy' => '',
# 设置session过期时间
'roleSessionExpiration' => 3600,
]);
$rsaKeyPair->getPublicKeyId();
$rsaKeyPair->getPrivateKey();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### Credentials URI
通过指定提供凭证的自定义网络服务地址,让凭证自动申请维护 STS Token。
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$config = new Config([
'type' => 'credentials_uri',
// 凭证的 URI格式为http://local_or_remote_uri/可以通过环境变量ALIBABA_CLOUD_CREDENTIALS_URI设置credentials_uri
'credentialsURI' => '<credentials_uri>',
]);
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### Bearer Token
呼叫中心(CCC)需用此凭证,请自行申请维护 Bearer Token。
目前只有云呼叫中心 CCC 这款产品支持 Bearer Token 的凭据初始化方式
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$bearerToken = new Credential([
'type' => 'bearer_token',
'bearer_token' => '<bearer_token>',
$config = new Config([
'type' => 'bearer',
// 填入您的Bearer Token
'bearerToken' => '<bearer_token>',
]);
$bearerToken->getBearerToken();
$bearerToken->getSignature();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getBearerToken();
```
## 默认凭证提供程序链
默认凭证提供程序链查找可用的凭证,寻找顺序如下:
### 1. 环境凭证
程序首先会在环境变量里寻找环境凭证,如果定义了 `ALIBABA_CLOUD_ACCESS_KEY_ID``ALIBABA_CLOUD_ACCESS_KEY_SECRET` 环境变量且不为空,程序将使用他们创建默认凭证。
当您的程序开发环境和生产环境采用不同的凭据类型常见做法是在代码中获取当前环境信息编写获取不同凭据的分支代码。借助Credentials工具的默认凭据链您可以用同一套代码通过程序之外的配置来控制不同环境下的凭据获取方式。当您在不传入参数的情况下直接使用$credential = new Credential();初始化凭据客户端时阿里云SDK将会尝试按照如下顺序查找相关凭据信息。
### 2. 配置文件
> 如果用户主目录存在默认文件 `~/.alibabacloud/credentials` Windows 为 `C:\Users\USER_NAME\.alibabacloud\credentials`),程序会自动创建指定类型和名称的凭证。默认文件可以不存在,但解析错误会抛出异常。 凭证名称不分大小写若凭证同名后者会覆盖前者。不同的项目、工具之间可以共用这个配置文件因为超出项目之外也不会被意外提交到版本控制。Windows 上可以使用环境变量引用到主目录 %UserProfile%。类 Unix 的系统可以使用环境变量 $HOME 或 ~ (tilde)。 可以通过定义 `ALIBABA_CLOUD_CREDENTIALS_FILE` 环境变量修改默认文件的路径。
### 1. 使用环境变量
Credentials工具会优先在环境变量中获取凭据信息。
- 如果系统环境变量 `ALIBABA_CLOUD_ACCESS_KEY_ID`密钥Key`ALIBABA_CLOUD_ACCESS_KEY_SECRET`密钥Value 不为空Credentials工具会优先使用它们作为默认凭据。
- 如果系统环境变量 `ALIBABA_CLOUD_ACCESS_KEY_ID`密钥Key`ALIBABA_CLOUD_ACCESS_KEY_SECRET`密钥Value`ALIBABA_CLOUD_SECURITY_TOKEN`Token均不为空Credentials工具会优先使用STS Token作为默认凭据。
### 2. 使用OIDC RAM角色
若不存在优先级更高的凭据信息Credentials工具会在环境变量中获取如下内容
`ALIBABA_CLOUD_ROLE_ARN`RAM角色名称ARN
`ALIBABA_CLOUD_OIDC_PROVIDER_ARN`OIDC提供商ARN
`ALIBABA_CLOUD_OIDC_TOKEN_FILE`OIDC Token文件路径
若以上三个环境变量都已设置内容Credentials将会使用变量内容调用STS服务的[AssumeRoleWithOIDC - OIDC角色SSO时获取扮演角色的临时身份凭证](https://help.aliyun.com/zh/ram/developer-reference/api-sts-2015-04-01-assumerolewithoidc)接口换取STS Token作为默认凭据。
### 3. 使用 Aliyun CLI 工具的 config.json 配置文件
若不存在优先级更高的凭据信息Credentials工具会优先在如下位置查找 `config.json` 文件是否存在:
Linux系统`~/.aliyun/config.json`
Windows系统 `C:\Users\USER_NAME\.aliyun\config.json`
如果文件存在,程序将会使用配置文件中 `current` 指定的凭据信息初始化凭据客户端。当然,您也可以通过环境变量 `ALIBABA_CLOUD_PROFILE` 来指定凭据信息,例如设置 `ALIBABA_CLOUD_PROFILE` 的值为 `AK`
在config.json配置文件中每个module的值代表了不同的凭据信息获取方式
- AK使用用户的Access Key作为凭据信息
- RamRoleArn使用RAM角色的ARN来获取凭据信息
- EcsRamRole利用ECS绑定的RAM角色来获取凭据信息
- OIDC通过OIDC ARN和OIDC Token来获取凭据信息
- ChainableRamRoleArn采用角色链的方式通过指定JSON文件中的其他凭据以重新获取新的凭据信息。
配置示例信息如下:
```json
{
"current": "AK",
"profiles": [
{
"name": "AK",
"mode": "AK",
"access_key_id": "access_key_id",
"access_key_secret": "access_key_secret"
},
{
"name": "RamRoleArn",
"mode": "RamRoleArn",
"access_key_id": "access_key_id",
"access_key_secret": "access_key_secret",
"ram_role_arn": "ram_role_arn",
"ram_session_name": "ram_session_name",
"expired_seconds": 3600,
"sts_region": "cn-hangzhou"
},
{
"name": "EcsRamRole",
"mode": "EcsRamRole",
"ram_role_name": "ram_role_name"
},
{
"name": "OIDC",
"mode": "OIDC",
"ram_role_arn": "ram_role_arn",
"oidc_token_file": "path/to/oidc/file",
"oidc_provider_arn": "oidc_provider_arn",
"ram_session_name": "ram_session_name",
"expired_seconds": 3600,
"sts_region": "cn-hangzhou"
},
{
"name": "ChainableRamRoleArn",
"mode": "ChainableRamRoleArn",
"source_profile": "AK",
"ram_role_arn": "ram_role_arn",
"ram_session_name": "ram_session_name",
"expired_seconds": 3600,
"sts_region": "cn-hangzhou"
}
]
}
```
### 4. 使用配置文件
>
> 如果用户主目录存在默认文件 `~/.alibabacloud/credentials` Windows 为 `C:\Users\USER_NAME\.alibabacloud\credentials`),程序会自动创建指定类型和名称的凭证。您也可通过环境变量 `ALIBABA_CLOUD_CREDENTIALS_FILE` 指定配置文件路径。如果文件存在,程序将会使用配置文件中 default 指定的凭据信息初始化凭据客户端。当然,您也可以通过环境变量 `ALIBABA_CLOUD_PROFILE` 来指定凭据信息,例如设置 `ALIBABA_CLOUD_PROFILE` 的值为 `client1`。
配置示例信息如下:
```ini
[default]
@@ -183,68 +352,72 @@ role_arn = role_arn
role_session_name = session_name
[project3]
type = rsa_key_pair # 认证方式为 rsa_key_pair
public_key_id = publicKeyId # Public Key ID
private_key_file = /your/pk.pem # Private Key 文件
type=oidc_role_arn # 认证方式为 oidc_role_arn
oidc_provider_arn=oidc_provider_arn
oidc_token_file_path=oidc_token_file_path
role_arn=role_arn
role_session_name=session_name
```
### 3. 实例 RAM 角色
如果定义了环境变量 `ALIBABA_CLOUD_ECS_METADATA` 且不为空,程序会将该环境变量的值作为角色名称,请求 `http://100.100.100.200/latest/meta-data/ram/security-credentials/` 获取临时安全凭证作为默认凭证。
### 5. 使用 ECS 实例RAM角色
### 自定义凭证提供程序链
可通过自定义程序链代替默认程序链的寻找顺序,也可以自行编写闭包传入提供者。
```php
<?php
若不存在优先级更高的凭据信息Credentials工具将通过环境变量获取ALIBABA_CLOUD_ECS_METADATAECS实例RAM角色名称的值。若该变量的值存在程序将采用加固模式IMDSv2访问ECS的元数据服务Meta Data Server以获取ECS实例RAM角色的STS Token作为默认凭据信息。在使用加固模式时若发生异常将使用普通模式兜底来获取访问凭据。您也可以通过设置环境变量ALIBABA_CLOUD_IMDSV1_DISABLED执行不同的异常处理逻辑
use AlibabaCloud\Credentials\Providers\ChainProvider;
- 当值为false时会使用普通模式继续获取访问凭据。
ChainProvider::set(
ChainProvider::ini(),
ChainProvider::env(),
ChainProvider::instance()
);
- 当值为true时表示只能使用加固模式获取访问凭据会抛出异常。
服务端是否支持IMDSv2取决于您在服务器的配置。
### 6. 使用外部服务 Credentials URI
若不存在优先级更高的凭据信息Credentials工具会在环境变量中获取ALIBABA_CLOUD_CREDENTIALS_URI若存在程序将请求该URI地址获取临时安全凭证作为默认凭据信息。
外部服务响应结构应如下:
```json
{
"Code": "Success",
"AccessKeyId": "AccessKeyId",
"AccessKeySecret": "AccessKeySecret",
"SecurityToken": "SecurityToken",
"Expiration": "2024-10-26T03:46:38Z"
}
```
## 文档
* [先决条件](/docs/zh-CN/0-Prerequisites.md)
* [安装](/docs/zh-CN/1-Installation.md)
## 问题
[提交 Issue](https://github.com/aliyun/credentials-php/issues/new/choose),不符合指南的问题可能会立即关闭。
## 发行说明
每个版本的详细更改记录在[发行说明](/CHANGELOG.md)中。
## 贡献
提交 Pull Request 之前请阅读[贡献指南](/CONTRIBUTING.md)。
## 相关
* [OpenAPI 开发者门户][open-api]
* [Packagist][packagist]
* [Composer][composer]
* [Guzzle中文文档][guzzle-docs]
* [最新源码][latest-release]
## 许可证
[Apache-2.0](/LICENSE.md)
Copyright (c) 2009-present, Alibaba Cloud All rights reserved.
[open-api]: https://next.api.aliyun.com
[open-api]: https://api.aliyun.com
[latest-release]: https://github.com/aliyun/credentials-php
[guzzle-docs]: https://guzzle-cn.readthedocs.io/zh_CN/latest/request-options.html
[composer]: https://getcomposer.org
[packagist]: https://packagist.org/packages/alibabacloud/credentials
[home]: https://home.console.aliyun.com
[aliyun]: https://www.aliyun.com
[cURL]: http://php.net/manual/zh/book.curl.php
[OPCache]: http://php.net/manual/zh/book.opcache.php
[xdebug]: http://xdebug.org
[OpenSSL]: http://php.net/manual/zh/book.openssl.php

361
Server/vendor/alibabacloud/credentials/README.md vendored
View File

@@ -1,41 +1,59 @@
English | [简体中文](/README-zh-CN.md)
![](https://aliyunsdk-pages.alicdn.com/icons/AlibabaCloud.svg)
# Alibaba Cloud Credentials for PHP
[![PHP CI](https://github.com/aliyun/credentials-php/actions/workflows/ci.yml/badge.svg)](https://github.com/aliyun/credentials-php/actions/workflows/ci.yml)
[![codecov](https://codecov.io/gh/aliyun/credentials-php/graph/badge.svg?token=YIkSjtfKbB)](https://codecov.io/gh/aliyun/credentials-php)
[![Latest Stable Version](https://poser.pugx.org/alibabacloud/credentials/v/stable)](https://packagist.org/packages/alibabacloud/credentials)
[![composer.lock](https://poser.pugx.org/alibabacloud/credentials/composerlock)](https://packagist.org/packages/alibabacloud/credentials)
[![Total Downloads](https://poser.pugx.org/alibabacloud/credentials/downloads)](https://packagist.org/packages/alibabacloud/credentials)
[![License](https://poser.pugx.org/alibabacloud/credentials/license)](https://packagist.org/packages/alibabacloud/credentials)
[![codecov](https://codecov.io/gh/aliyun/credentials-php/branch/master/graph/badge.svg)](https://codecov.io/gh/aliyun/credentials-php)
[![Travis Build Status](https://travis-ci.org/aliyun/credentials-php.svg?branch=master)](https://travis-ci.org/aliyun/credentials-php)
[![Appveyor Build Status](https://ci.appveyor.com/api/projects/status/6jxpwmhyfipagtge/branch/master?svg=true)](https://ci.appveyor.com/project/aliyun/credentials-php)
![](https://aliyunsdk-pages.alicdn.com/icons/AlibabaCloud.svg)
Alibaba Cloud Credentials for PHP is a tool that helps PHP developers manage their credentials.
## Prerequisites
Your system needs to meet [Prerequisites](/docs/zh-CN/0-Prerequisites.md), including PHP> = 5.6. We strongly recommend using the cURL extension and compiling cURL 7.16.2+ using the TLS backend.
## Installation
If you have [Globally Install Composer](https://getcomposer.org/doc/00-intro.md#globally) on your system, install Alibaba Cloud Credentials for PHP as a dependency by running the following directly in the project directory:
```
```sh
composer require alibabacloud/credentials
```
> Some users may not be able to install due to network problems, you can switch to the [Alibaba Cloud Composer Mirror](https://developer.aliyun.com/composer).
See [Installation](/docs/zh-CN/1-Installation.md) for details on installing through Composer and other means.
## Quick Examples
Before you begin, you need to sign up for an Alibaba Cloud account and retrieve your [Credentials](https://usercenter.console.aliyun.com/#/manage/ak).
### Credential Type
#### Default credential provider chain
If you do not specify a method to initialize a Credentials client, the default credential provider chain is used. For more information, see the Default credential provider chain section of this topic.
```php
<?php
use AlibabaCloud\Credentials\Credential;
// Chain Provider if no Parameter
// Do not specify a method to initialize a Credentials client.
$client = new Credential();
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### AccessKey
Setup access_key credential through [User Information Management][ak], it have full authority over the account, please keep it safe. Sometimes for security reasons, you cannot hand over a primary account AccessKey with full access to the developer of a project. You may create a sub-account [RAM Sub-account][ram] , grant its [authorization][permissions]and use the AccessKey of RAM Sub-account.
@@ -44,20 +62,19 @@ Setup access_key credential through [User Information Management][ak], it have f
<?php
use AlibabaCloud\Credentials\Credential;
// Chain Provider if no Parameter
$credential = new Credential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
use AlibabaCloud\Credentials\Credential\Config;
// Access Key
$ak = new Credential([
'type' => 'access_key',
'access_key_id' => '<access_key_id>',
'access_key_secret' => '<access_key_secret>',
$config = new Config([
'type' => 'access_key',
'accessKeyId' => '<access_key_id>',
'accessKeySecret' => '<access_key_secret>',
]);
$ak->getAccessKeyId();
$ak->getAccessKeySecret();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
```
#### STS
@@ -68,16 +85,20 @@ Create a temporary security credential by applying Temporary Security Credential
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$sts = new Credential([
'type' => 'sts',
'access_key_id' => '<access_key_id>',
'accessKey_secret' => '<accessKey_secret>',
'security_token' => '<security_token>',
$config = new Config([
'type' => 'sts',
'accessKeyId' => '<access_key_id>',
'accessKeySecret' => '<access_key_secret>',
'securityToken' => '<security_token>',
]);
$sts->getAccessKeyId();
$sts->getAccessKeySecret();
$sts->getSecurityToken();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### RamRoleArn
@@ -88,56 +109,116 @@ By specifying [RAM Role][RAM Role], the credential will be able to automatically
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$ramRoleArn = new Credential([
'type' => 'ram_role_arn',
'access_key_id' => '<access_key_id>',
'access_key_secret' => '<access_key_secret>',
'role_arn' => '<role_arn>',
'role_session_name' => '<role_session_name>',
'policy' => '',
$config = new Config([
'type' => 'ram_role_arn',
'accessKeyId' => '<access_key_id>',
'accessKeySecret' => '<access_key_secret>',
// Specify the ARN of the RAM role to be assumed. Example: acs:ram::123456789012****:role/adminrole.
'roleArn' => '<role_arn>',
// Specify the name of the role session.
'roleSessionName' => '<role_session_name>',
// Optional. Specify limited permissions for the RAM role. Example: {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}.
'policy' => '',
// Optional. Specify the expiration of the session
'roleSessionExpiration' => 3600,
]);
$ramRoleArn->getAccessKeyId();
$ramRoleArn->getAccessKeySecret();
$ramRoleArn->getRoleArn();
$ramRoleArn->getRoleSessionName();
$ramRoleArn->getPolicy();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### EcsRamRole
By specifying the role name, the credential will be able to automatically request maintenance of STS Token.
Both ECS and ECI instances support binding instance RAM roles. When the Credentials tool is used in an instance, the RAM role bound to the instance will be automatically obtained, and the STS Token of the RAM role will be obtained by accessing the metadata service to complete the initialization of the credential client.
The instance metadata server supports two access modes: hardened mode and normal mode. The Credentials tool uses hardened mode (IMDSv2) by default to obtain access credentials. If an exception occurs when using hardened mode, you can set disableIMDSv1 to perform different exception handling logic:
- When the value is false (default value), the normal mode will continue to be used to obtain access credentials.
- When the value is true, it means that only hardened mode can be used to obtain access credentials, and an exception will be thrown.
Whether the server supports IMDSv2 depends on your configuration on the server.
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$ecsRamRole = new Credential([
'type' => 'ecs_ram_role',
'role_name' => '<role_name>',
$config = new Config([
'type' => 'ecs_ram_role',
// Optional. Specify the name of the RAM role of the ECS instance. If you do not specify this parameter, its value is automatically obtained. To reduce the number of requests, we recommend that you specify this parameter.
'roleName' => '<role_name>',
//Optional, whether to forcibly disable IMDSv1, that is, to use IMDSv2 hardening mode, which can be set by the environment variable ALIBABA_CLOUD_IMDSV1_DISABLED
'disableIMDSv1' => true,
]);
$ecsRamRole->getRoleName();
// Note: `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### RsaKeyPair
By specifying the public key Id and the private key file, the credential will be able to automatically request maintenance of the AccessKey before sending the request. Only Japan station is supported.
#### OIDCRoleArn
After you attach a RAM role to a worker node in an Container Service for Kubernetes, applications in the pods on the worker node can use the metadata server to obtain an STS token the same way in which applications on ECS instances do. However, if an untrusted application is deployed on the worker node, such as an application that is submitted by your customer and whose code is unavailable to you, you may not want the application to use the metadata server to obtain an STS token of the RAM role attached to the worker node. To ensure the security of cloud resources and enable untrusted applications to securely obtain required STS tokens, you can use the RAM Roles for Service Accounts (RRSA) feature to grant minimum necessary permissions to an application. In this case, the ACK cluster creates a service account OpenID Connect (OIDC) token file, associates the token file with a pod, and then injects relevant environment variables into the pod. Then, the Credentials tool uses the environment variables to call the AssumeRoleWithOIDC operation of STS and obtains an STS token of the RAM role. For more information about the RRSA feature, see [Use RRSA to authorize different pods to access different cloud services](https://www.alibabacloud.com/help/en/ack/ack-managed-and-ack-dedicated/user-guide/use-rrsa-to-authorize-pods-to-access-different-cloud-services#task-2142941).
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$rsaKeyPair = new Credential([
'type' => 'rsa_key_pair',
'public_key_id' => '<public_key_id>',
'private_key_file' => '<private_key_file>',
$config = new Config([
'type' => 'oidc_role_arn',
// Specify the ARN of the OIDC IdP by specifying the ALIBABA_CLOUD_OIDC_PROVIDER_ARN environment variable.
'oidcProviderArn' => '<oidc_provider_arn>',
// Specify the path of the OIDC token file by specifying the ALIBABA_CLOUD_OIDC_TOKEN_FILE environment variable.
'oidcTokenFilePath' => '<oidc_token_file_path>',
// Specify the ARN of the RAM role by specifying the ALIBABA_CLOUD_ROLE_ARN environment variable.
'roleArn' => '<role_arn>',
// Specify the role session name by specifying the ALIBABA_CLOUD_ROLE_SESSION_NAME environment variable.
'roleSessionName' => '<role_session_name>',
// Optional. Specify limited permissions for the RAM role. Example: {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}.
'policy' => '',
// Optional. Specify the validity period of the session.
'roleSessionExpiration' => 3600,
]);
$rsaKeyPair->getPublicKeyId();
$rsaKeyPair->getPrivateKey();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### Credentials URI
By specifying the url, the credential will be able to automatically request maintenance of STS Token.
```php
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$config = new Config([
'type' => 'credentials_uri',
// Format: http url. `credentialsURI` can be replaced by setting environment variable: ALIBABA_CLOUD_CREDENTIALS_URI
'credentialsURI' => '<credentials_uri>',
]);
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getAccessKeyId();
$credential->getAccessKeySecret();
$credential->getSecurityToken();
```
#### Bearer Token
@@ -148,24 +229,110 @@ If credential is required by the Cloud Call Centre (CCC), please apply for Beare
<?php
use AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Credential\Config;
$bearerToken = new Credential([
'type' => 'bearer_token',
'bearer_token' => '<bearer_token>',
$config = new Config([
'type' => 'bearer',
'bearerToken' => '<bearer_token>',
]);
$bearerToken->getBearerToken();
$bearerToken->getSignature();
$client = new Credential($config);
$credential = $client->getCredential();
$credential->getBearerToken();
```
## Default credential provider chain
The default credential provider chain looks for available credentials, looking in the following order:
If you want to use different types of credentials in the development and production environments of your application, you generally need to obtain the environment information from the code and write code branches to obtain different credentials for the development and production environments. The default credential provider chain of the Credentials tool allows you to use the same code to obtain credentials for different environments based on configurations independent of the application. If you use $credential = new Credential(); to initialize a Credentials client without specifying an initialization method, the Credentials tool obtains the credential information in the following order:
### 1. Environmental certificate
The program first looks for environment credentials in the environment variable. If the `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` environment variables are defined and not empty, the program will use them to create default credentials.
### 2. Configuration file
> If the user's home directory has the default file `~/.alibabacloud/credentials` (Windows is `C:\Users\USER_NAME\.alibabacloud\credentials`), the program will automatically create credentials with the specified type and name. The default file may not exist, but parsing errors will throw an exception. The voucher name is not case sensitive. If the voucher has the same name, the latter will overwrite the former. This configuration file can be shared between different projects and tools, and it will not be accidentally submitted to version control because it is outside the project. Environment variables can be referenced to the home directory %UserProfile% on Windows. Unix-like systems can use the environment variable $HOME or ~ (tilde). The path to the default file can be modified by defining the `ALIBABA_CLOUD_CREDENTIALS_FILE` environment variable.
Look for environment credentials in environment variable.
- If the `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` environment variables are defined and are not empty, the program will use them to create default credentials.
- If the `ALIBABA_CLOUD_ACCESS_KEY_ID`, `ALIBABA_CLOUD_ACCESS_KEY_SECRET` and `ALIBABA_CLOUD_SECURITY_TOKEN` environment variables are defined and are not empty, the program will use them to create temporary security credentials(STS). Note: This token has an expiration time, it is recommended to use it in a temporary environment.
### 2. The RAM role of an OIDC IdP
If no credentials are found in the previous step, the Credentials tool obtains the values of the following environment variables:
`ALIBABA_CLOUD_ROLE_ARN`: the ARN of the RAM role.
`ALIBABA_CLOUD_OIDC_PROVIDER_ARN`: the ARN of the OIDC IdP.
`ALIBABA_CLOUD_OIDC_TOKEN_FILE`: the path of the OIDC token file.
If the preceding three environment variables are specified, the Credentials tool uses the environment variables to call the [AssumeRoleWithOIDC](https://www.alibabacloud.com/help/en/ram/developer-reference/api-sts-2015-04-01-assumerolewithoidc) operation of STS to obtain an STS token as the default credential.
### 3. Using the config.json Configuration File of Aliyun CLI Tool
If there is no higher-priority credential information, the Credentials tool will first check the following locations to see if the config.json file exists:
Linux system: `~/.aliyun/config.json`
Windows system: `C:\Users\USER_NAME\.aliyun\config.json`
If the file exists, the program will use the credential information specified by `current` in the configuration file to initialize the credentials client. Of course, you can also use the environment variable `ALIBABA_CLOUD_PROFILE` to specify the credential information, for example by setting the value of `ALIBABA_CLOUD_PROFILE` to `AK`.
In the config.json configuration file, the value of each module represents different ways to obtain credential information:
- AK: Use the Access Key of the user as credential information;
- RamRoleArn: Use the ARN of the RAM role to obtain credential information;
- EcsRamRole: Use the RAM role bound to the ECS to obtain credential information;
- OIDC: Obtain credential information through OIDC ARN and OIDC Token;
- ChainableRamRoleArn: Use the role chaining method to obtain new credential information by specifying other credentials in the JSON file.
The configuration example information is as follows:
```json
{
"current": "AK",
"profiles": [
{
"name": "AK",
"mode": "AK",
"access_key_id": "access_key_id",
"access_key_secret": "access_key_secret"
},
{
"name": "RamRoleArn",
"mode": "RamRoleArn",
"access_key_id": "access_key_id",
"access_key_secret": "access_key_secret",
"ram_role_arn": "ram_role_arn",
"ram_session_name": "ram_session_name",
"expired_seconds": 3600,
"sts_region": "cn-hangzhou"
},
{
"name": "EcsRamRole",
"mode": "EcsRamRole",
"ram_role_name": "ram_role_name"
},
{
"name": "OIDC",
"mode": "OIDC",
"ram_role_arn": "ram_role_arn",
"oidc_token_file": "path/to/oidc/file",
"oidc_provider_arn": "oidc_provider_arn",
"ram_session_name": "ram_session_name",
"expired_seconds": 3600,
"sts_region": "cn-hangzhou"
},
{
"name": "ChainableRamRoleArn",
"mode": "ChainableRamRoleArn",
"source_profile": "AK",
"ram_role_arn": "ram_role_arn",
"ram_session_name": "ram_session_name",
"expired_seconds": 3600,
"sts_region": "cn-hangzhou"
}
]
}
```
### 4. Configuration file
>
> If the user's home directory has the default file `~/.alibabacloud/credentials` (Windows is `C:\Users\USER_NAME\.alibabacloud\credentials`), the program will automatically create credentials with the specified type and name. You can also specify the configuration file path by configuring the `ALIBABA_CLOUD_CREDENTIALS_FILE` environment variable. If the configuration file exists, the application initializes a Credentials client by using the credential information that is specified by default in the configuration file. You can also configure the `ALIBABA_CLOUD_PROFILE` environment variable to modify the default credential information that is read.
Configuration example:
```ini
[default]
type = access_key # Authentication method is access_key
@@ -184,68 +351,72 @@ role_arn = role_arn
role_session_name = session_name
[project3]
type = rsa_key_pair # Authentication method is rsa_key_pair
public_key_id = publicKeyId # Public Key ID
private_key_file = /your/pk.pem # Private Key File
type=oidc_role_arn # Authentication method is oidc_role_arn
oidc_provider_arn=oidc_provider_arn
oidc_token_file_path=oidc_token_file_path
role_arn=role_arn
role_session_name=session_name
```
### 3. Instance RAM role
If the environment variable `ALIBABA_CLOUD_ECS_METADATA` is defined and not empty, the program will take the value of the environment variable as the role name and request `http://100.100.100.200/latest/meta-data/ram/security-credentials/` to get the temporary Security credentials are used as default credentials.
### 5. Instance RAM role
### Custom credential provider chain
You can replace the default order of the program chain by customizing the program chain, or you can write the closure to the provider.
```php
<?php
If there is no credential information with a higher priority, the Credentials tool will obtain the value of ALIBABA_CLOUD_ECS_METADATA (ECS instance RAM role name) through the environment variable. If the value of this variable exists, the program will use the hardened mode (IMDSv2) to access the metadata service (Meta Data Server) of ECS to obtain the STS Token of the ECS instance RAM role as the default credential information. If an exception occurs when using the hardened mode, the normal mode will be used as a fallback to obtain access credentials. You can also set the environment variable ALIBABA_CLOUD_IMDSV1_DISABLED to perform different exception handling logic:
use AlibabaCloud\Credentials\Providers\ChainProvider;
- When the value is false, the normal mode will continue to obtain access credentials.
ChainProvider::set(
ChainProvider::ini(),
ChainProvider::env(),
ChainProvider::instance()
);
- When the value is true, it means that only the hardened mode can be used to obtain access credentials, and an exception will be thrown.
Whether the server supports IMDSv2 depends on your configuration on the server.
### 6. Using External Service Credentials URI
If there are no higher-priority credential information, the Credentials tool will obtain the `ALIBABA_CLOUD_CREDENTIALS_URI` from the environment variables. If it exists, the program will request the URI address to obtain temporary security credentials as the default credential information.
The external service response structure should be as follows:
```json
{
"Code": "Success",
"AccessKeyId": "AccessKeyId",
"AccessKeySecret": "AccessKeySecret",
"SecurityToken": "SecurityToken",
"Expiration": "2024-10-26T03:46:38Z"
}
```
## Documentation
* [Prerequisites](/docs/zh-CN/0-Prerequisites.md)
* [Installation](/docs/zh-CN/1-Installation.md)
## Issue
[Submit Issue](https://github.com/aliyun/credentials-php/issues/new/choose), Problems that do not meet the guidelines may close immediately.
## Release notes
Detailed changes for each version are recorded in the [Release Notes](/CHANGELOG.md).
## Contribution
Please read the [Contribution Guide](/CONTRIBUTING.md) before submitting a Pull Request.
## Related
* [OpenAPI Developer Portal][open-api]
* [Packagist][packagist]
* [Composer][composer]
* [Guzzle Doc][guzzle-docs]
* [Latest Release][latest-release]
## License
[Apache-2.0](/LICENSE.md)
Copyright (c) 2009-present, Alibaba Cloud All rights reserved.
[open-api]: https://next.api.aliyun.com
[open-api]: https://api.alibabacloud.com
[latest-release]: https://github.com/aliyun/credentials-php
[guzzle-docs]: http://docs.guzzlephp.org/en/stable/request-options.html
[composer]: https://getcomposer.org
[packagist]: https://packagist.org/packages/alibabacloud/credentials
[home]: https://home.console.aliyun.com
[aliyun]: https://www.aliyun.com
[cURL]: https://www.php.net/manual/en/book.curl.php
[OPCache]: http://php.net/manual/en/book.opcache.php
[xdebug]: http://xdebug.org
[OpenSSL]: http://php.net/manual/en/book.openssl.php

7
Server/vendor/alibabacloud/credentials/composer.json vendored
View File

@@ -47,7 +47,7 @@
"ext-sockets": "*",
"drupal/coder": "^8.3",
"symfony/dotenv": "^3.4",
"phpunit/phpunit": "^4.8.35|^5.4.3",
"phpunit/phpunit": "^5.7|^6.6|^9.3",
"monolog/monolog": "^1.24",
"composer/composer": "^1.8",
"mikey179/vfsstream": "^1.6",
@@ -68,7 +68,10 @@
},
"config": {
"preferred-install": "dist",
"optimize-autoloader": true
"optimize-autoloader": true,
"allow-plugins": {
"dealerdirect/phpcodesniffer-composer-installer": true
}
},
"minimum-stability": "dev",
"prefer-stable": true,

16
Server/vendor/alibabacloud/credentials/src/AccessKeyCredential.php vendored
View File

@@ -2,9 +2,12 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
/**
* @deprecated
* Use the AccessKey to complete the authentication.
*/
class AccessKeyCredential implements CredentialsInterface
@@ -29,7 +32,7 @@ class AccessKeyCredential implements CredentialsInterface
{
Filter::accessKey($access_key_id, $access_key_secret);
$this->accessKeyId = $access_key_id;
$this->accessKeyId = $access_key_id;
$this->accessKeySecret = $access_key_secret;
}
@@ -69,4 +72,15 @@ class AccessKeyCredential implements CredentialsInterface
{
return '';
}
/**
* @inheritDoc
*/
public function getCredential()
{
return new CredentialModel([
'accessKeyId' => $this->accessKeyId,
'accessKeySecret' => $this->accessKeySecret,
'type' => 'access_key',
]);
}
}

22
Server/vendor/alibabacloud/credentials/src/BearerTokenCredential.php vendored
View File

@@ -2,6 +2,8 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Signature\BearerTokenSignature;
/**
@@ -18,13 +20,13 @@ class BearerTokenCredential implements CredentialsInterface
/**
* BearerTokenCredential constructor.
*
* @param $bearerToken
* @param $bearer_token
*/
public function __construct($bearerToken)
public function __construct($bearer_token)
{
Filter::bearerToken($bearerToken);
Filter::bearerToken($bearer_token);
$this->bearerToken = $bearerToken;
$this->bearerToken = $bearer_token;
}
/**
@@ -50,4 +52,16 @@ class BearerTokenCredential implements CredentialsInterface
{
return new BearerTokenSignature();
}
/**
* @inheritDoc
*/
public function getCredential()
{
return new CredentialModel([
'bearerToken' => $this->bearerToken,
'type' => 'bearer',
]);
}
}

282
Server/vendor/alibabacloud/credentials/src/Credential.php vendored
View File

@@ -3,153 +3,188 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Credential\Config;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Providers\DefaultCredentialsProvider;
use AlibabaCloud\Credentials\Providers\EcsRamRoleCredentialsProvider;
use AlibabaCloud\Credentials\Providers\OIDCRoleArnCredentialsProvider;
use AlibabaCloud\Credentials\Providers\RamRoleArnCredentialsProvider;
use AlibabaCloud\Credentials\Providers\RsaKeyPairCredentialsProvider;
use AlibabaCloud\Credentials\Providers\StaticAKCredentialsProvider;
use AlibabaCloud\Credentials\Providers\StaticSTSCredentialsProvider;
use AlibabaCloud\Credentials\Providers\URLCredentialsProvider;
use AlibabaCloud\Credentials\Utils\Helper;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
use ReflectionClass;
use ReflectionException;
use ReflectionParameter;
use RuntimeException;
/**
* Class Credential
*
* @package AlibabaCloud\Credentials
*
* @mixin AccessKeyCredential
* @mixin BearerTokenCredential
* @mixin EcsRamRoleCredential
* @mixin RamRoleArnCredential
* @mixin RsaKeyPairCredential
*/
class Credential
{
/**
* @var array
*/
protected $config = [];
/**
* @var array
* Version of the Client
*/
protected $types = [
'access_key' => AccessKeyCredential::class,
'sts' => StsCredential::class,
'ecs_ram_role' => EcsRamRoleCredential::class,
'ram_role_arn' => RamRoleArnCredential::class,
'rsa_key_pair' => RsaKeyPairCredential::class,
];
const VERSION = '1.1.5';
/**
* @var AccessKeyCredential|BearerTokenCredential|EcsRamRoleCredential|RamRoleArnCredential|RsaKeyPairCredential
* @var Config
*/
protected $config;
/**
* @var CredentialsInterface
*/
protected $credential;
/**
* @var string
*/
protected $type;
/**
* Credential constructor.
*
* @param array|Config $config
*
* @throws ReflectionException
*/
public function __construct($config = [])
{
if ($config instanceof Config) {
$config = $this->parse($config);
}
if ($config !== []) {
$this->config = array_change_key_case($config);
$this->parseConfig();
if (\is_array($config)) {
if (empty($config)) {
$this->config = null;
} else {
$this->config = new Config($this->parseConfig($config));
}
} else {
$this->credential = Credentials::get()->getCredential();
$this->config = $config;
}
$this->credential = $this->getCredentials($this->config);
}
/**
* @param Config $config
* @param array $config
*
* @return array
*/
private function parse($config)
private function parseConfig($config)
{
$config = get_object_vars($config);
$res = [];
foreach ($config as $key => $value) {
$res[$this->toUnderScore($key)] = $value;
$res = [];
foreach (\array_change_key_case($config) as $key => $value) {
$res[Helper::snakeToCamelCase($key)] = $value;
}
return $res;
}
private function toUnderScore($str)
{
$dstr = preg_replace_callback('/([A-Z]+)/', function ($matchs) {
return '_' . strtolower($matchs[0]);
}, $str);
return trim(preg_replace('/_{2,}/', '_', $dstr), '_');
}
/**
* @throws ReflectionException
*/
private function parseConfig()
{
if (!isset($this->config['type'])) {
throw new InvalidArgumentException('Missing required type option');
}
$this->type = $this->config['type'];
if (!isset($this->types[$this->type])) {
throw new InvalidArgumentException(
'Invalid type option, support: ' .
implode(', ', array_keys($this->types))
);
}
$class = new ReflectionClass($this->types[$this->type]);
$parameters = [];
/**
* @var $parameter ReflectionParameter
*/
foreach ($class->getConstructor()->getParameters() as $parameter) {
$parameters[] = $this->getValue($parameter);
}
$this->credential = $class->newInstance(...$parameters);
}
/**
* @param ReflectionParameter $parameter
* Credentials getter.
*
* @param Config $config
* @return CredentialsInterface
*
* @return string|array
* @throws ReflectionException
*/
protected function getValue(ReflectionParameter $parameter)
private function getCredentials($config)
{
if ($parameter->name === 'config' || $parameter->name === 'credential') {
return $this->config;
if (is_null($config)) {
return new CredentialsProviderWrap('default', new DefaultCredentialsProvider());
}
foreach ($this->config as $key => $value) {
if (strtolower($parameter->name) === $key) {
return $value;
}
switch ($config->type) {
case 'access_key':
$provider = new StaticAKCredentialsProvider([
'accessKeyId' => $config->accessKeyId,
'accessKeySecret' => $config->accessKeySecret,
]);
return new CredentialsProviderWrap('access_key', $provider);
case 'sts':
$provider = new StaticSTSCredentialsProvider([
'accessKeyId' => $config->accessKeyId,
'accessKeySecret' => $config->accessKeySecret,
'securityToken' => $config->securityToken,
]);
return new CredentialsProviderWrap('sts', $provider);
case 'bearer':
return new BearerTokenCredential($config->bearerToken);
case 'ram_role_arn':
if (!is_null($config->securityToken) && $config->securityToken !== '') {
$innerProvider = new StaticSTSCredentialsProvider([
'accessKeyId' => $config->accessKeyId,
'accessKeySecret' => $config->accessKeySecret,
'securityToken' => $config->securityToken,
]);
} else {
$innerProvider = new StaticAKCredentialsProvider([
'accessKeyId' => $config->accessKeyId,
'accessKeySecret' => $config->accessKeySecret,
]);
}
$provider = new RamRoleArnCredentialsProvider([
'credentialsProvider' => $innerProvider,
'roleArn' => $config->roleArn,
'roleSessionName' => $config->roleSessionName,
'policy' => $config->policy,
'durationSeconds' => $config->roleSessionExpiration,
'externalId' => $config->externalId,
'stsEndpoint' => $config->STSEndpoint,
], [
'connectTimeout' => $config->connectTimeout,
'readTimeout' => $config->readTimeout,
]);
return new CredentialsProviderWrap('ram_role_arn', $provider);
case 'rsa_key_pair':
$provider = new RsaKeyPairCredentialsProvider([
'publicKeyId' => $config->publicKeyId,
'privateKeyFile' => $config->privateKeyFile,
'durationSeconds' => $config->roleSessionExpiration,
'stsEndpoint' => $config->STSEndpoint,
], [
'connectTimeout' => $config->connectTimeout,
'readTimeout' => $config->readTimeout,
]);
return new CredentialsProviderWrap('rsa_key_pair', $provider);
case 'ecs_ram_role':
$provider = new EcsRamRoleCredentialsProvider([
'roleName' => $config->roleName,
'disableIMDSv1' => $config->disableIMDSv1,
], [
'connectTimeout' => $config->connectTimeout,
'readTimeout' => $config->readTimeout,
]);
return new CredentialsProviderWrap('ecs_ram_role', $provider);
case 'oidc_role_arn':
$provider = new OIDCRoleArnCredentialsProvider([
'roleArn' => $config->roleArn,
'oidcProviderArn' => $config->oidcProviderArn,
'oidcTokenFilePath' => $config->oidcTokenFilePath,
'roleSessionName' => $config->roleSessionName,
'policy' => $config->policy,
'durationSeconds' => $config->roleSessionExpiration,
'stsEndpoint' => $config->STSEndpoint,
], [
'connectTimeout' => $config->connectTimeout,
'readTimeout' => $config->readTimeout,
]);
return new CredentialsProviderWrap('oidc_role_arn', $provider);
case "credentials_uri":
$provider = new URLCredentialsProvider([
'credentialsURI' => $config->credentialsURI,
], [
'connectTimeout' => $config->connectTimeout,
'readTimeout' => $config->readTimeout,
]);
return new CredentialsProviderWrap('credentials_uri', $provider);
default:
throw new InvalidArgumentException('Unsupported credential type option: ' . $config->type . ', support: access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri');
}
if ($parameter->isDefaultValueAvailable()) {
return $parameter->getDefaultValue();
}
throw new InvalidArgumentException("Missing required {$parameter->name} option in config for {$this->type}");
}
/**
* @return AccessKeyCredential|BearerTokenCredential|EcsRamRoleCredential|RamRoleArnCredential|RsaKeyPairCredential
* @return CredentialModel
* @throws RuntimeException
* @throws GuzzleException
*/
public function getCredential()
{
return $this->credential;
return $this->credential->getCredential();
}
/**
@@ -157,17 +192,68 @@ class Credential
*/
public function getConfig()
{
return $this->config;
return $this->config->toMap();
}
/**
* @deprecated use getCredential() instead
*
* @return string
* @throws RuntimeException
* @throws GuzzleException
*/
public function getType()
{
return $this->type;
return $this->credential->getCredential()->getType();
}
/**
* @deprecated use getCredential() instead
*
* @return string
* @throws RuntimeException
* @throws GuzzleException
*/
public function getAccessKeyId()
{
return $this->credential->getCredential()->getAccessKeyId();
}
/**
* @deprecated use getCredential() instead
*
* @return string
* @throws RuntimeException
* @throws GuzzleException
*/
public function getAccessKeySecret()
{
return $this->credential->getCredential()->getAccessKeySecret();
}
/**
* @deprecated use getCredential() instead
*
* @return string
* @throws RuntimeException
* @throws GuzzleException
*/
public function getSecurityToken()
{
return $this->credential->getCredential()->getSecurityToken();
}
/**
* @deprecated use getCredential() instead
*
* @return string
* @throws RuntimeException
* @throws GuzzleException
*/
public function getBearerToken()
{
return $this->credential->getCredential()->getBearerToken();
}
/**
* @param string $name

266
Server/vendor/alibabacloud/credentials/src/Credential/Config.php vendored
View File

@@ -2,49 +2,269 @@
namespace AlibabaCloud\Credentials\Credential;
class Config
use AlibabaCloud\Tea\Model;
class Config extends Model
{
public function validate()
{
}
public function toMap()
{
$res = [];
if (null !== $this->accessKeyId) {
$res['accessKeyId'] = $this->accessKeyId;
}
if (null !== $this->accessKeySecret) {
$res['accessKeySecret'] = $this->accessKeySecret;
}
if (null !== $this->securityToken) {
$res['securityToken'] = $this->securityToken;
}
if (null !== $this->bearerToken) {
$res['bearerToken'] = $this->bearerToken;
}
if (null !== $this->durationSeconds) {
$res['durationSeconds'] = $this->durationSeconds;
}
if (null !== $this->roleArn) {
$res['roleArn'] = $this->roleArn;
}
if (null !== $this->policy) {
$res['policy'] = $this->policy;
}
if (null !== $this->roleSessionExpiration) {
$res['roleSessionExpiration'] = $this->roleSessionExpiration;
}
if (null !== $this->roleSessionName) {
$res['roleSessionName'] = $this->roleSessionName;
}
if (null !== $this->publicKeyId) {
$res['publicKeyId'] = $this->publicKeyId;
}
if (null !== $this->privateKeyFile) {
$res['privateKeyFile'] = $this->privateKeyFile;
}
if (null !== $this->roleName) {
$res['roleName'] = $this->roleName;
}
if (null !== $this->credentialsURI) {
$res['credentialsURI'] = $this->credentialsURI;
}
if (null !== $this->type) {
$res['type'] = $this->type;
}
if (null !== $this->STSEndpoint) {
$res['STSEndpoint'] = $this->STSEndpoint;
}
if (null !== $this->externalId) {
$res['externalId'] = $this->externalId;
}
return $res;
}
/**
* @param array $map
* @return Config
*/
public static function fromMap($map = [])
{
$model = new self();
if (isset($map['accessKeyId'])) {
$model->accessKeyId = $map['accessKeyId'];
}
if (isset($map['accessKeySecret'])) {
$model->accessKeySecret = $map['accessKeySecret'];
}
if (isset($map['securityToken'])) {
$model->securityToken = $map['securityToken'];
}
if (isset($map['bearerToken'])) {
$model->bearerToken = $map['bearerToken'];
}
if (isset($map['durationSeconds'])) {
$model->durationSeconds = $map['durationSeconds'];
}
if (isset($map['roleArn'])) {
$model->roleArn = $map['roleArn'];
}
if (isset($map['policy'])) {
$model->policy = $map['policy'];
}
if (isset($map['roleSessionExpiration'])) {
$model->roleSessionExpiration = $map['roleSessionExpiration'];
}
if (isset($map['roleSessionName'])) {
$model->roleSessionName = $map['roleSessionName'];
}
if (isset($map['publicKeyId'])) {
$model->publicKeyId = $map['publicKeyId'];
}
if (isset($map['privateKeyFile'])) {
$model->privateKeyFile = $map['privateKeyFile'];
}
if (isset($map['roleName'])) {
$model->roleName = $map['roleName'];
}
if (isset($map['credentialsURI'])) {
$model->credentialsURI = $map['credentialsURI'];
}
if (isset($map['type'])) {
$model->type = $map['type'];
}
if (isset($map['STSEndpoint'])) {
$model->STSEndpoint = $map['STSEndpoint'];
}
if (isset($map['externalId'])) {
$model->externalId = $map['externalId'];
}
return $model;
}
/**
* @description credential type
* @example access_key
* @var string
*/
public $type = 'default';
public $accessKeyId = "";
/**
* @description accesskey id
* @var string
*/
public $accessKeyId;
public $accessKeySecret = "";
/**
* @description accesskey secret
* @var string
*/
public $accessKeySecret;
public $securityToken = "";
/**
* @description security token
* @var string
*/
public $securityToken;
public $bearerToken = "";
/**
* @description bearer token
* @var string
*/
public $bearerToken;
public $roleName = "";
/**
* @description role name
* @var string
*/
public $roleName;
public $roleArn = "";
/**
* @description role arn
* @var string
*/
public $roleArn;
public $roleSessionName = "";
/**
* @description oidc provider arn
* @var string
*/
public $oidcProviderArn;
public $host = "";
/**
* @description oidc token file path
* @var string
*/
public $oidcTokenFilePath;
public $publicKeyId = "";
/**
* @description role session expiration
* @example 3600
* @var int
*/
public $roleSessionExpiration;
public $privateKeyFile = "";
/**
* @description role session name
* @var string
*/
public $roleSessionName;
public $readTimeout = 0;
/**
* @description role arn policy
* @var string
*/
public $policy;
public $connectTimeout = 0;
/**
* @description external id for ram role arn
* @var string
*/
public $externalId;
/**
* @description sts endpoint
* @var string
*/
public $STSEndpoint;
public $publicKeyId;
public $privateKeyFile;
/**
* @description read timeout
* @var int
*/
public $readTimeout;
/**
* @description connection timeout
* @var int
*/
public $connectTimeout;
/**
* @description disable IMDS v1
* @var bool
*/
public $disableIMDSv1;
/**
* @description credentials URI
* @var string
*/
public $credentialsURI;
/**
* @deprecated
*/
public $metadataTokenDuration;
/**
* @deprecated
*/
public $durationSeconds;
/**
* @deprecated
*/
public $host;
/**
* @deprecated
*/
public $expiration;
/**
* @deprecated
*/
public $certFile = "";
/**
* @deprecated
*/
public $certPassword = "";
public $proxy = "";
public $expiration = 0;
public function __construct($config)
{
foreach ($config as $k => $v) {
$this->{$k} = $v;
}
}
/**
* @internal
*/
public $proxy;
}

143
Server/vendor/alibabacloud/credentials/src/Credential/CredentialModel.php vendored Normal file
View File

@@ -0,0 +1,143 @@
<?php
// This file is auto-generated, don't edit it. Thanks.
namespace AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Tea\Model;
class CredentialModel extends Model
{
public function validate()
{
}
public function toMap()
{
$res = [];
if (null !== $this->accessKeyId) {
$res['accessKeyId'] = $this->accessKeyId;
}
if (null !== $this->accessKeySecret) {
$res['accessKeySecret'] = $this->accessKeySecret;
}
if (null !== $this->securityToken) {
$res['securityToken'] = $this->securityToken;
}
if (null !== $this->bearerToken) {
$res['bearerToken'] = $this->bearerToken;
}
if (null !== $this->type) {
$res['type'] = $this->type;
}
if (null !== $this->providerName) {
$res['providerName'] = $this->providerName;
}
return $res;
}
/**
* @param array $map
* @return CredentialModel
*/
public static function fromMap($map = [])
{
$model = new self();
if (isset($map['accessKeyId'])) {
$model->accessKeyId = $map['accessKeyId'];
}
if (isset($map['accessKeySecret'])) {
$model->accessKeySecret = $map['accessKeySecret'];
}
if (isset($map['securityToken'])) {
$model->securityToken = $map['securityToken'];
}
if (isset($map['bearerToken'])) {
$model->bearerToken = $map['bearerToken'];
}
if (isset($map['type'])) {
$model->type = $map['type'];
}
if(isset($map['providerName'])){
$model->providerName = $map['providerName'];
}
return $model;
}
/**
* @description accesskey id
* @var string
*/
public $accessKeyId;
/**
* @description accesskey secret
* @var string
*/
public $accessKeySecret;
/**
* @description security token
* @var string
*/
public $securityToken;
/**
* @description bearer token
* @var string
*/
public $bearerToken;
/**
* @description type
* @example access_key
* @var string
*/
public $type;
/**
* @description provider name
* @example cli_profile/static_ak
* @var string
*/
public $providerName;
/**
* @return string
*/
public function getAccessKeyId()
{
return $this->accessKeyId;
}
/**
* @return string
*/
public function getAccessKeySecret()
{
return $this->accessKeySecret;
}
/**
* @return string
*/
public function getSecurityToken()
{
return $this->securityToken;
}
/**
* @return string
*/
public function getBearerToken()
{
return $this->bearerToken;
}
public function getType()
{
return $this->type;
}
public function getProviderName()
{
return $this->providerName;
}
}

99
Server/vendor/alibabacloud/credentials/src/Credential/RefreshResult.php vendored Normal file
View File

@@ -0,0 +1,99 @@
<?php
namespace AlibabaCloud\Credentials\Credential;
use AlibabaCloud\Credentials\Providers\Credentials;
use function PHPUnit\Framework\isNull;
class RefreshResult
{
/**
* RefreshResult constructor.
* @param Credentials $params
* @param int $staleTime
* @param int $prefetchTime
*/
public function __construct($credentials = null, $staleTime = PHP_INT_MAX, $prefetchTime = PHP_INT_MAX)
{
$this->credentials = $credentials;
$this->staleTime = $staleTime;
$this->prefetchTime = $prefetchTime;
}
public function validate() {}
public function toMap()
{
$res = [];
if (null !== $this->staleTime) {
$res['staleTime'] = $this->staleTime;
}
if (null !== $this->prefetchTime) {
$res['prefetchTime'] = $this->prefetchTime;
}
if (null !== $this->credentials) {
$res['credentials'] = $this->credentials;
}
return $res;
}
/**
* @param array $map
* @return RefreshResult
*/
public static function fromMap($map = [])
{
$model = new self();
if (isset($map['staleTime'])) {
$model->staleTime = $map['staleTime'];
}
if (isset($map['prefetchTime'])) {
$model->staleTime = $map['prefetchTime'];
}
if (isset($map['credentials'])) {
$model->staleTime = $map['credentials'];
}
return $model;
}
/**
* @description staleTime
* @var int
*/
public $staleTime;
/**
* @description prefetchTime
* @var int
*/
public $prefetchTime;
/**
* @description credentials
* @var Credentials
*/
public $credentials;
/**
* @return Credentials
*/
public function credentials()
{
return $this->credentials;
}
/**
* @var int
*/
public function staleTime()
{
return $this->staleTime;
}
/**
* @var int
*/
public function prefetchTime()
{
return $this->prefetchTime;
}
}

4
Server/vendor/alibabacloud/credentials/src/Credentials.php vendored
View File

@@ -3,6 +3,8 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Providers\ChainProvider;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Utils\MockTrait;
use ReflectionException;
use RuntimeException;
@@ -99,4 +101,4 @@ class Credentials
self::$credentials[\strtolower($name)] = \array_change_key_case($credential);
}
}
}

9
Server/vendor/alibabacloud/credentials/src/CredentialsInterface.php vendored
View File

@@ -2,9 +2,11 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Signature\SignatureInterface;
/**
* @internal This class is intended for internal use within the package.
* Interface CredentialsInterface
*
* @codeCoverageIgnore
@@ -12,12 +14,19 @@ use AlibabaCloud\Credentials\Signature\SignatureInterface;
interface CredentialsInterface
{
/**
* @deprecated
* @return string
*/
public function __toString();
/**
* @deprecated
* @return SignatureInterface
*/
public function getSignature();
/**
* @return CredentialModel
*/
public function getCredential();
}

76
Server/vendor/alibabacloud/credentials/src/CredentialsProviderWrap.php vendored Normal file
View File

@@ -0,0 +1,76 @@
<?php
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Providers\CredentialsProvider;
/**
* @internal This class is intended for internal use within the package.
* Class CredentialsProviderWrap
*
* @package AlibabaCloud\Credentials
*/
class CredentialsProviderWrap implements CredentialsInterface
{
/**
* @var string
*/
private $typeName;
/**
* @var CredentialsProvider
*/
private $credentialsProvider;
/**
* CLIProfileCredentialsProvider constructor.
*
* @param string $typeName
* @param CredentialsProvider $credentialsProvider
*/
public function __construct($typeName, $credentialsProvider)
{
$this->typeName = $typeName;
$this->credentialsProvider = $credentialsProvider;
}
/**
* @inheritDoc
*/
public function getCredential()
{
$credentials = $this->credentialsProvider->getCredentials();
return new CredentialModel([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'type' => $this->typeName,
'providerName' => $credentials->getProviderName(),
]);
}
/**
* @param string $name
* @param array $arguments
*
* @return mixed
*/
public function __call($name, $arguments)
{
return $this->credentialsProvider->$name($arguments);
}
public function __toString()
{
return "credentialsProviderWrap#$this->typeName";
}
/**
* @return ShaHmac1Signature
*/
public function getSignature()
{
return null;
}
}

64
Server/vendor/alibabacloud/credentials/src/EcsRamRoleCredential.php vendored
View File

@@ -2,15 +2,18 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Providers\EcsRamRoleProvider;
use AlibabaCloud\Credentials\Request\Request;
use AlibabaCloud\Credentials\Providers\EcsRamRoleCredentialsProvider;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
use AlibabaCloud\Credentials\Request\Request;
use AlibabaCloud\Credentials\Utils\Filter;
use Exception;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
use RuntimeException;
/**
* @deprecated
* Use the RAM role of an ECS instance to complete the authentication.
*/
class EcsRamRoleCredential implements CredentialsInterface
@@ -21,16 +24,33 @@ class EcsRamRoleCredential implements CredentialsInterface
*/
private $roleName;
/**
* @var boolean
*/
private $disableIMDSv1;
/**
* @var int
*/
private $metadataTokenDuration;
/**
* EcsRamRoleCredential constructor.
*
* @param $role_name
*/
public function __construct($role_name = null)
public function __construct($role_name = null, $disable_imdsv1 = false, $metadata_token_duration = 21600)
{
Filter::roleName($role_name);
$this->roleName = $role_name;
Filter::disableIMDSv1($disable_imdsv1);
$this->disableIMDSv1 = $disable_imdsv1;
$this->metadataTokenDuration = $metadata_token_duration;
}
/**
@@ -56,8 +76,8 @@ class EcsRamRoleCredential implements CredentialsInterface
public function getRoleNameFromMeta()
{
$options = [
'http_errors' => false,
'timeout' => 1,
'http_errors' => false,
'timeout' => 1,
'connect_timeout' => 1,
];
@@ -75,7 +95,7 @@ class EcsRamRoleCredential implements CredentialsInterface
throw new RuntimeException('Error retrieving credentials from result: ' . $result->getBody());
}
$role_name = (string)$result;
$role_name = (string) $result;
if (!$role_name) {
throw new RuntimeException('Error retrieving credentials from result is empty');
}
@@ -110,13 +130,18 @@ class EcsRamRoleCredential implements CredentialsInterface
}
/**
* @return StsCredential
* @return AlibabaCloud\Credentials\Providers\Credentials
* @throws Exception
* @throws GuzzleException
*/
protected function getSessionCredential()
{
return (new EcsRamRoleProvider($this))->get();
$params = [
"roleName" => $this->roleName,
'disableIMDSv1' => $this->disableIMDSv1,
'metadataTokenDuration' => $this->metadataTokenDuration,
];
return (new EcsRamRoleCredentialsProvider($params))->getCredentials();
}
/**
@@ -148,4 +173,27 @@ class EcsRamRoleCredential implements CredentialsInterface
{
return $this->getSessionCredential()->getExpiration();
}
/**
* @return bool
*/
public function isDisableIMDSv1()
{
return $this->disableIMDSv1;
}
/**
* @inheritDoc
*/
public function getCredential()
{
$credentials = $this->getSessionCredential();
return new CredentialModel([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'type' => 'ecs_ram_role',
]);
}
}

134
Server/vendor/alibabacloud/credentials/src/Filter.php vendored
View File

@@ -1,134 +0,0 @@
<?php
namespace AlibabaCloud\Credentials;
use InvalidArgumentException;
class Filter
{
/**
* @param $name
*
* @codeCoverageIgnore
* @return string
*/
public static function credentialName($name)
{
if (!is_string($name)) {
throw new InvalidArgumentException('Name must be a string');
}
if ($name === '') {
throw new InvalidArgumentException('Name cannot be empty');
}
return $name;
}
/**
* @param $bearerToken
*
* @return mixed
* @throws InvalidArgumentException
*/
public static function bearerToken($bearerToken)
{
if (!is_string($bearerToken)) {
throw new InvalidArgumentException('Bearer Token must be a string');
}
if ($bearerToken === '') {
throw new InvalidArgumentException('Bearer Token cannot be empty');
}
return $bearerToken;
}
/**
* @param $publicKeyId
*
* @return mixed
*/
public static function publicKeyId($publicKeyId)
{
if (!is_string($publicKeyId)) {
throw new InvalidArgumentException('public_key_id must be a string');
}
if ($publicKeyId === '') {
throw new InvalidArgumentException('public_key_id cannot be empty');
}
return $publicKeyId;
}
/**
* @param $privateKeyFile
*
* @return mixed
*/
public static function privateKeyFile($privateKeyFile)
{
if (!is_string($privateKeyFile)) {
throw new InvalidArgumentException('private_key_file must be a string');
}
if ($privateKeyFile === '') {
throw new InvalidArgumentException('private_key_file cannot be empty');
}
return $privateKeyFile;
}
/**
* @param string|null $role_name
*/
public static function roleName($role_name)
{
if ($role_name === null) {
return;
}
if (!is_string($role_name)) {
throw new InvalidArgumentException('role_name must be a string');
}
if ($role_name === '') {
throw new InvalidArgumentException('role_name cannot be empty');
}
}
/**
* @param string $accessKeyId
* @param string $accessKeySecret
*/
public static function accessKey($accessKeyId, $accessKeySecret)
{
if (!is_string($accessKeyId)) {
throw new InvalidArgumentException('access_key_id must be a string');
}
if ($accessKeyId === '') {
throw new InvalidArgumentException('access_key_id cannot be empty');
}
if (!is_string($accessKeySecret)) {
throw new InvalidArgumentException('access_key_secret must be a string');
}
if ($accessKeySecret === '') {
throw new InvalidArgumentException('access_key_secret cannot be empty');
}
}
/**
* @param int $expiration
*/
public static function expiration($expiration)
{
if (!is_int($expiration)) {
throw new InvalidArgumentException('expiration must be a int');
}
}
}

187
Server/vendor/alibabacloud/credentials/src/Providers/CLIProfileCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,187 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use RuntimeException;
/**
* @internal This class is intended for internal use within the package.
* Class CLIProfileCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class CLIProfileCredentialsProvider implements CredentialsProvider
{
/**
* @var string
*/
private $profileName;
/**
* @var CredentialsProvider
*/
private $credentialsProvider;
/**
* CLIProfileCredentialsProvider constructor.
*
* @param array $params
*/
public function __construct(array $params = [])
{
$this->filterProfileName($params);
}
private function filterProfileName(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_PROFILE')) {
$this->profileName = Helper::env('ALIBABA_CLOUD_PROFILE');
}
if (isset($params['profileName'])) {
$this->profileName = $params['profileName'];
}
}
/**
* @return bool
*/
private function shouldReloadCredentialsProvider()
{
if (is_null($this->credentialsProvider)) {
return true;
}
return false;
}
/**
* @return CredentialsProvider
*/
protected function reloadCredentialsProvider($profileFile, $profileName)
{
if (!Helper::inOpenBasedir($profileFile)) {
throw new RuntimeException('Unable to open credentials file: ' . $profileFile);
}
if (!\is_readable($profileFile) || !\is_file($profileFile)) {
throw new RuntimeException('Credentials file is not readable: ' . $profileFile);
}
$jsonContent = \file_get_contents($profileFile);
$fileArray = json_decode($jsonContent, true);
if (\is_array($fileArray) && !empty($fileArray)) {
if (is_null($profileName) || $profileName === '') {
$profileName = $fileArray['current'];
}
if (isset($fileArray['profiles'])) {
foreach ($fileArray['profiles'] as $profile) {
if (Helper::unsetReturnNull($profile, 'name') === $profileName) {
switch (Helper::unsetReturnNull($profile, 'mode')) {
case 'AK':
return new StaticAKCredentialsProvider([
'accessKeyId' => Helper::unsetReturnNull($profile, 'access_key_id'),
'accessKeySecret' => Helper::unsetReturnNull($profile, 'access_key_secret'),
]);
case 'RamRoleArn':
$innerProvider = new StaticAKCredentialsProvider([
'accessKeyId' => Helper::unsetReturnNull($profile, 'access_key_id'),
'accessKeySecret' => Helper::unsetReturnNull($profile, 'access_key_secret'),
]);
return new RamRoleArnCredentialsProvider([
'credentialsProvider' => $innerProvider,
'roleArn' => Helper::unsetReturnNull($profile, 'ram_role_arn'),
'roleSessionName' => Helper::unsetReturnNull($profile, 'ram_session_name'),
'durationSeconds' => Helper::unsetReturnNull($profile, 'expired_seconds'),
'policy' => Helper::unsetReturnNull($profile, 'policy'),
'externalId' => Helper::unsetReturnNull($profile, 'external_id'),
'stsRegionId' => Helper::unsetReturnNull($profile, 'sts_region'),
'enableVpc' => Helper::unsetReturnNull($profile, 'enable_vpc'),
]);
case 'EcsRamRole':
return new EcsRamRoleCredentialsProvider([
'roleName' => Helper::unsetReturnNull($profile, 'ram_role_name'),
]);
case 'OIDC':
return new OIDCRoleArnCredentialsProvider([
'roleArn' => Helper::unsetReturnNull($profile, 'ram_role_arn'),
'oidcProviderArn' => Helper::unsetReturnNull($profile, 'oidc_provider_arn'),
'oidcTokenFilePath' => Helper::unsetReturnNull($profile, 'oidc_token_file'),
'roleSessionName' => Helper::unsetReturnNull($profile, 'ram_session_name'),
'durationSeconds' => Helper::unsetReturnNull($profile, 'expired_seconds'),
'policy' => Helper::unsetReturnNull($profile, 'policy'),
'stsRegionId' => Helper::unsetReturnNull($profile, 'sts_region'),
'enableVpc' => Helper::unsetReturnNull($profile, 'enable_vpc'),
]);
case 'ChainableRamRoleArn':
$previousProvider = $this->reloadCredentialsProvider($profileFile, Helper::unsetReturnNull($profile, 'source_profile'));
return new RamRoleArnCredentialsProvider([
'credentialsProvider' => $previousProvider,
'roleArn' => Helper::unsetReturnNull($profile, 'ram_role_arn'),
'roleSessionName' => Helper::unsetReturnNull($profile, 'ram_session_name'),
'durationSeconds' => Helper::unsetReturnNull($profile, 'expired_seconds'),
'policy' => Helper::unsetReturnNull($profile, 'policy'),
'externalId' => Helper::unsetReturnNull($profile, 'external_id'),
'stsRegionId' => Helper::unsetReturnNull($profile, 'sts_region'),
'enableVpc' => Helper::unsetReturnNull($profile, 'enable_vpc'),
]);
default:
throw new RuntimeException('Unsupported credential mode from CLI credentials file: ' . Helper::unsetReturnNull($profile, 'mode'));
}
}
}
}
}
throw new RuntimeException('Failed to get credential from CLI credentials file: ' . $profileFile);
}
/**
* Get credential.
*
* @return Credentials
* @throws RuntimeException
*/
public function getCredentials()
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_CLI_PROFILE_DISABLED') && Helper::env('ALIBABA_CLOUD_CLI_PROFILE_DISABLED') === true) {
throw new RuntimeException('CLI credentials file is disabled');
}
$cliProfileFile = self::getDefaultFile();
if ($this->shouldReloadCredentialsProvider()) {
$this->credentialsProvider = $this->reloadCredentialsProvider($cliProfileFile, $this->profileName);
}
$credentials = $this->credentialsProvider->getCredentials();
return new Credentials([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'providerName' => $this->getProviderName() . '/' . $this->credentialsProvider->getProviderName(),
]);
}
/**
* Get the default credential file.
*
* @return string
*/
private function getDefaultFile()
{
return Helper::getHomeDirectory() .
DIRECTORY_SEPARATOR .
'.aliyun' .
DIRECTORY_SEPARATOR .
'config.json';
}
/**
* @return string
*/
public function getProviderName()
{
return 'cli_profile';
}
}

5
Server/vendor/alibabacloud/credentials/src/Providers/ChainProvider.php vendored
View File

@@ -3,12 +3,13 @@
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Credentials;
use AlibabaCloud\Credentials\Helper;
use AlibabaCloud\Credentials\Utils\Helper;
use Closure;
use InvalidArgumentException;
use RuntimeException;
/**
* @deprecated
* Class ChainProvider
*
* @package AlibabaCloud\Credentials\Providers
@@ -184,4 +185,4 @@ class ChainProvider
}
};
}
}
}

87
Server/vendor/alibabacloud/credentials/src/Providers/Credentials.php vendored Normal file
View File

@@ -0,0 +1,87 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
/**
* @internal This class is intended for internal use within the package.
* Class Credentials
*
* @package AlibabaCloud\Credentials\Providers
*/
class Credentials
{
/**
* @var string
*/
private $accessKeyId;
/**
* @var string
*/
private $accessKeySecret;
/**
* @var string
*/
private $securityToken;
/**
* @var int
*/
private $expiration;
/**
* @var int
*/
private $providerName;
public function __construct($config = [])
{
if (!empty($config)) {
foreach ($config as $k => $v) {
$this->{$k} = $v;
}
}
}
/**
* @return string
*/
public function getAccessKeyId()
{
return $this->accessKeyId;
}
/**
* @return string
*/
public function getAccessKeySecret()
{
return $this->accessKeySecret;
}
/**
* @return string
*/
public function getSecurityToken()
{
return $this->securityToken;
}
/**
* @return int
*/
public function getExpiration()
{
return $this->expiration;
}
/**
* @return string
*/
public function getProviderName()
{
return $this->providerName;
}
}

24
Server/vendor/alibabacloud/credentials/src/Providers/CredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
/**
* @internal This class is intended for internal use within the package.
* Interface CredentialsInterface
*
* @codeCoverageIgnore
*/
interface CredentialsProvider
{
/**
* @return Credentials
*/
public function getCredentials();
/**
* @return string
*/
public function getProviderName();
}

175
Server/vendor/alibabacloud/credentials/src/Providers/DefaultCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,175 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Utils\Helper;
use InvalidArgumentException;
use RuntimeException;
use Exception;
/**
* @internal This class is intended for internal use within the package.
* Class DefaultCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class DefaultCredentialsProvider implements CredentialsProvider
{
/**
* @var array
*/
private static $defaultProviders = [];
/**
* @var bool
*/
private $reuseLastProviderEnabled;
/**
* @var CredentialsProvider
*/
private $lastUsedCredentialsProvider;
/**
* @var array
*/
private static $customChain = [];
/**
* DefaultCredentialsProvider constructor.
* @param array $params
*/
public function __construct(array $params = [])
{
$this->filterReuseLastProviderEnabled($params);
$this->createDefaultChain();
Filter::reuseLastProviderEnabled($this->reuseLastProviderEnabled);
}
private function filterReuseLastProviderEnabled(array $params)
{
$this->reuseLastProviderEnabled = true;
if (isset($params['reuseLastProviderEnabled'])) {
$this->reuseLastProviderEnabled = $params['reuseLastProviderEnabled'];
}
}
private function createDefaultChain()
{
self::$defaultProviders = [
new EnvironmentVariableCredentialsProvider(),
];
if (
Helper::envNotEmpty('ALIBABA_CLOUD_ROLE_ARN')
&& Helper::envNotEmpty('ALIBABA_CLOUD_OIDC_PROVIDER_ARN')
&& Helper::envNotEmpty('ALIBABA_CLOUD_OIDC_TOKEN_FILE')
) {
array_push(
self::$defaultProviders,
new OIDCRoleArnCredentialsProvider()
);
}
array_push(
self::$defaultProviders,
new CLIProfileCredentialsProvider()
);
array_push(
self::$defaultProviders,
new ProfileCredentialsProvider()
);
array_push(
self::$defaultProviders,
new EcsRamRoleCredentialsProvider()
);
if (Helper::envNotEmpty('ALIBABA_CLOUD_CREDENTIALS_URI')) {
array_push(
self::$defaultProviders,
new URLCredentialsProvider()
);
}
}
/**
* @param CredentialsProvider ...$providers
*/
public static function set(...$providers)
{
if (empty($providers)) {
throw new InvalidArgumentException('No providers in chain');
}
foreach ($providers as $provider) {
if (!$provider instanceof CredentialsProvider) {
throw new InvalidArgumentException('Providers must all be CredentialsProvider');
}
}
self::$customChain = $providers;
}
/**
* @return bool
*/
public static function hasCustomChain()
{
return (bool) self::$customChain;
}
public static function flush()
{
self::$customChain = [];
}
/**
* Get credential.
*
* @return Credentials
* @throws RuntimeException
*/
public function getCredentials()
{
if ($this->reuseLastProviderEnabled && !is_null($this->lastUsedCredentialsProvider)) {
$credentials = $this->lastUsedCredentialsProvider->getCredentials();
return new Credentials([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'providerName' => $this->getProviderName() . '/' . $this->lastUsedCredentialsProvider->getProviderName(),
]);
}
$providerChain = array_merge(
self::$customChain,
self::$defaultProviders
);
$exceptionMessages = [];
foreach ($providerChain as $provider) {
try {
$credentials = $provider->getCredentials();
$this->lastUsedCredentialsProvider = $provider;
return new Credentials([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'providerName' => $this->getProviderName() . '/' . $provider->getProviderName(),
]);
} catch (Exception $exception) {
array_push($exceptionMessages, basename(str_replace('\\', '/', get_class($provider))) . ': ' . $exception->getMessage());
}
}
throw new RuntimeException('Unable to load credentials from any of the providers in the chain: ' . implode(', ', $exceptionMessages));
}
/**
* @inheritDoc
*/
public function getProviderName()
{
return "default";
}
}

276
Server/vendor/alibabacloud/credentials/src/Providers/EcsRamRoleCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,276 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Request\Request;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
use RuntimeException;
use AlibabaCloud\Credentials\Credential\RefreshResult;
/**
* @internal This class is intended for internal use within the package.
* Class EcsRamRoleCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class EcsRamRoleCredentialsProvider extends SessionCredentialsProvider
{
/**
* @var string
*/
private $metadataHost = 'http://100.100.100.200';
/**
* @var string
*/
private $ecsUri = '/latest/meta-data/ram/security-credentials/';
/**
* @var string
*/
private $metadataTokenUri = '/latest/api/token';
/**
* @var string
*/
private $roleName;
/**
* @var boolean
*/
private $disableIMDSv1 = false;
/**
* @var int
*/
private $metadataTokenDuration = 21600;
/**
* @var int
*/
private $connectTimeout = 1;
/**
* @var int
*/
private $readTimeout = 1;
/**
* EcsRamRoleCredentialsProvider constructor.
*
* @param array $params
* @param array $options
*/
public function __construct(array $params = [], array $options = [])
{
$this->filterOptions($options);
$this->filterRoleName($params);
$this->filterDisableECSIMDSv1($params);
Filter::roleName($this->roleName);
Filter::disableIMDSv1($this->disableIMDSv1);
}
private function filterOptions(array $options)
{
if (isset($options['connectTimeout'])) {
$this->connectTimeout = $options['connectTimeout'];
}
if (isset($options['readTimeout'])) {
$this->readTimeout = $options['readTimeout'];
}
Filter::timeout($this->connectTimeout, $this->readTimeout);
}
private function filterRoleName(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ECS_METADATA')) {
$this->roleName = Helper::env('ALIBABA_CLOUD_ECS_METADATA');
}
if (isset($params['roleName'])) {
$this->roleName = $params['roleName'];
}
}
private function filterDisableECSIMDSv1($params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_IMDSV1_DISABLED')) {
$this->disableIMDSv1 = Helper::env('ALIBABA_CLOUD_IMDSV1_DISABLED') === true ? true : false;
}
if (isset($params['disableIMDSv1'])) {
$this->disableIMDSv1 = $params['disableIMDSv1'];
}
}
/**
* Get credentials by request.
*
* @return RefreshResult
* @throws InvalidArgumentException
* @throws RuntimeException
* @throws GuzzleException
*/
public function refreshCredentials()
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ECS_METADATA_DISABLED') && Helper::env('ALIBABA_CLOUD_ECS_METADATA_DISABLED') === true) {
throw new RuntimeException('IMDS credentials is disabled');
}
if (is_null($this->roleName) || $this->roleName === '') {
$this->roleName = $this->getRoleNameFromMeta();
}
$url = $this->metadataHost . $this->ecsUri . $this->roleName;
$options = Request::commonOptions();
$options['read_timeout'] = $this->readTimeout;
$options['connect_timeout'] = $this->connectTimeout;
$metadataToken = $this->getMetadataToken();
if (!is_null($metadataToken)) {
$options['headers']['X-aliyun-ecs-metadata-token'] = $metadataToken;
}
$result = Request::createClient()->request('GET', $url, $options);
if ($result->getStatusCode() === 404) {
throw new InvalidArgumentException('The role was not found in the instance' . (string) $result);
}
if ($result->getStatusCode() !== 200) {
throw new RuntimeException('Error refreshing credentials from IMDS, statusCode: ' . $result->getStatusCode() . ', result: ' . (string) $result);
}
$credentials = $result->toArray();
if (!isset($credentials['AccessKeyId']) || !isset($credentials['AccessKeySecret']) || !isset($credentials['SecurityToken'])) {
throw new RuntimeException('Error retrieving credentials from IMDS result:' . $result->toJson());
}
if (!isset($credentials['Code']) || $credentials['Code'] !== 'Success') {
throw new RuntimeException('Error retrieving credentials from IMDS result, Code is not Success:' . $result->toJson());
}
return new RefreshResult(new Credentials([
'accessKeyId' => $credentials['AccessKeyId'],
'accessKeySecret' => $credentials['AccessKeySecret'],
'securityToken' => $credentials['SecurityToken'],
'expiration' => \strtotime($credentials['Expiration']),
'providerName' => $this->getProviderName(),
]), $this->getStaleTime(strtotime($credentials["Expiration"])), $this->getPrefetchTime(strtotime($credentials["Expiration"])));
}
/**
* @return string
* @throws InvalidArgumentException
* @throws RuntimeException
* @throws GuzzleException
*/
private function getRoleNameFromMeta()
{
$options = Request::commonOptions();
$options['read_timeout'] = $this->readTimeout;
$options['connect_timeout'] = $this->connectTimeout;
$metadataToken = $this->getMetadataToken();
if (!is_null($metadataToken)) {
$options['headers']['X-aliyun-ecs-metadata-token'] = $metadataToken;
}
$result = Request::createClient()->request(
'GET',
'http://100.100.100.200/latest/meta-data/ram/security-credentials/',
$options
);
if ($result->getStatusCode() === 404) {
throw new InvalidArgumentException('The role name was not found in the instance' . (string) $result);
}
if ($result->getStatusCode() !== 200) {
throw new RuntimeException('Error retrieving role name from result: ' . (string) $result);
}
$role_name = (string) $result;
if (!$role_name) {
throw new RuntimeException('Error retrieving role name from result is empty');
}
return $role_name;
}
/**
* Get metadata token by request.
*
* @return string
* @throws RuntimeException
* @throws GuzzleException
*/
private function getMetadataToken()
{
$url = $this->metadataHost . $this->metadataTokenUri;
$options = Request::commonOptions();
$options['read_timeout'] = $this->readTimeout;
$options['connect_timeout'] = $this->connectTimeout;
$options['headers']['X-aliyun-ecs-metadata-token-ttl-seconds'] = $this->metadataTokenDuration;
$result = Request::createClient()->request('PUT', $url, $options);
if ($result->getStatusCode() != 200) {
if ($this->disableIMDSv1) {
throw new RuntimeException('Failed to get token from ECS Metadata Service. HttpCode= ' . $result->getStatusCode());
}
return null;
}
return (string) $result;
}
/**
* @var int
*/
public function getPrefetchTime($expiration)
{
return $expiration <= 0 ?
time() + (5 * 60) :
time() + (60 * 60);
}
/**
* @return string
*/
public function key()
{
return 'ecs_ram_role#roleName#' . $this->roleName;
}
/**
* @return string
*/
public function getProviderName()
{
return 'ecs_ram_role';
}
/**
* @return string
*/
public function getRoleName()
{
return $this->roleName;
}
/**
* @return bool
*/
public function isDisableIMDSv1()
{
return $this->disableIMDSv1;
}
}

94
Server/vendor/alibabacloud/credentials/src/Providers/EcsRamRoleProvider.php vendored
View File

@@ -1,94 +0,0 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Request\Request;
use AlibabaCloud\Credentials\StsCredential;
use Exception;
use GuzzleHttp\Exception\GuzzleException;
use AlibabaCloud\Tea\Response;
use InvalidArgumentException;
use Psr\Http\Message\ResponseInterface;
use RuntimeException;
/**
* Class EcsRamRoleProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class EcsRamRoleProvider extends Provider
{
/**
* Expiration time slot for temporary security credentials.
*
* @var int
*/
protected $expirationSlot = 10;
/**
* @var string
*/
private $uri = 'http://100.100.100.200/latest/meta-data/ram/security-credentials/';
/**
* Get credential.
*
* @return StsCredential
* @throws Exception
* @throws GuzzleException
*/
public function get()
{
$result = $this->getCredentialsInCache();
if ($result === null) {
$result = $this->request();
if (!isset($result['AccessKeyId'], $result['AccessKeySecret'], $result['SecurityToken'])) {
throw new RuntimeException($this->error);
}
$this->cache($result->toArray());
}
return new StsCredential(
$result['AccessKeyId'],
$result['AccessKeySecret'],
strtotime($result['Expiration']),
$result['SecurityToken']
);
}
/**
* Get credentials by request.
*
* @return ResponseInterface
* @throws Exception
* @throws GuzzleException
*/
public function request()
{
$credential = $this->credential;
$url = $this->uri . $credential->getRoleName();
$options = [
'http_errors' => false,
'timeout' => 1,
'connect_timeout' => 1,
];
$result = Request::createClient()->request('GET', $url, $options);
if ($result->getStatusCode() === 404) {
$message = 'The role was not found in the instance';
throw new InvalidArgumentException($message);
}
if ($result->getStatusCode() !== 200) {
throw new RuntimeException('Error retrieving credentials from result: ' . $result->toJson());
}
return $result;
}
}

65
Server/vendor/alibabacloud/credentials/src/Providers/EnvironmentVariableCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,65 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use InvalidArgumentException;
/**
* @internal This class is intended for internal use within the package.
* Class EnvironmentVariableCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class EnvironmentVariableCredentialsProvider implements CredentialsProvider
{
/**
* EnvironmentVariableCredentialsProvider constructor.
*/
public function __construct() {}
/**
* Get credential.
*
* @return Credentials
* @throws InvalidArgumentException
*/
public function getCredentials()
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ACCESS_KEY_ID')) {
$accessKeyId = Helper::env('ALIBABA_CLOUD_ACCESS_KEY_ID');
} else {
throw new InvalidArgumentException('Access key ID must be specified via environment variable (ALIBABA_CLOUD_ACCESS_KEY_ID)');
}
if (Helper::envNotEmpty('ALIBABA_CLOUD_ACCESS_KEY_SECRET')) {
$accessKeySecret = Helper::env('ALIBABA_CLOUD_ACCESS_KEY_SECRET');
} else {
throw new InvalidArgumentException('Access key Secret must be specified via environment variable (ALIBABA_CLOUD_ACCESS_KEY_SECRET)');
}
if (Helper::envNotEmpty('ALIBABA_CLOUD_SECURITY_TOKEN')) {
$securityToken = Helper::env('ALIBABA_CLOUD_SECURITY_TOKEN');
return new Credentials([
'accessKeyId' => $accessKeyId,
'accessKeySecret' => $accessKeySecret,
'securityToken' => $securityToken,
'providerName' => $this->getProviderName(),
]);
}
return new Credentials([
'accessKeyId' => $accessKeyId,
'accessKeySecret' => $accessKeySecret,
'providerName' => $this->getProviderName(),
]);
}
/**
* @inheritDoc
*/
public function getProviderName()
{
return "env";
}
}

264
Server/vendor/alibabacloud/credentials/src/Providers/OIDCRoleArnCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,264 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Request\Request;
use GuzzleHttp\Psr7\Uri;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
use RuntimeException;
use Exception;
use AlibabaCloud\Credentials\Credential\RefreshResult;
/**
* @internal This class is intended for internal use within the package.
* Class OIDCRoleArnCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class OIDCRoleArnCredentialsProvider extends SessionCredentialsProvider
{
/**
* @var string
*/
private $roleArn;
/**
* @var string
*/
private $oidcProviderArn;
/**
* @var string
*/
private $oidcTokenFilePath;
/**
* @var string
*/
private $roleSessionName;
/**
* @description role session expiration
* @example 3600
* @var int
*/
private $durationSeconds = 3600;
/**
* @var string
*/
private $policy;
/**
* @var string
*/
private $stsEndpoint;
/**
* @var int
*/
private $connectTimeout = 5;
/**
* @var int
*/
private $readTimeout = 5;
/**
* OIDCRoleArnCredentialsProvider constructor.
*
* @param array $params
* @param array $options
*/
public function __construct(array $params = [], array $options = [])
{
$this->filterOptions($options);
$this->filterRoleArn($params);
$this->filterOIDCProviderArn($params);
$this->filterOIDCTokenFilePath($params);
$this->filterRoleSessionName($params);
$this->filterDurationSeconds($params);
$this->filterPolicy($params);
$this->filterSTSEndpoint($params);
}
private function filterRoleArn(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ROLE_ARN')) {
$this->roleArn = Helper::env('ALIBABA_CLOUD_ROLE_ARN');
}
if (isset($params['roleArn'])) {
$this->roleArn = $params['roleArn'];
}
Filter::roleArn($this->roleArn);
}
private function filterOIDCProviderArn(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_OIDC_PROVIDER_ARN')) {
$this->oidcProviderArn = Helper::env('ALIBABA_CLOUD_OIDC_PROVIDER_ARN');
}
if (isset($params['oidcProviderArn'])) {
$this->oidcProviderArn = $params['oidcProviderArn'];
}
Filter::oidcProviderArn($this->oidcProviderArn);
}
private function filterOIDCTokenFilePath(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_OIDC_TOKEN_FILE')) {
$this->oidcTokenFilePath = Helper::env('ALIBABA_CLOUD_OIDC_TOKEN_FILE');
}
if (isset($params['oidcTokenFilePath'])) {
$this->oidcTokenFilePath = $params['oidcTokenFilePath'];
}
Filter::oidcTokenFilePath($this->oidcTokenFilePath);
}
private function filterRoleSessionName(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ROLE_SESSION_NAME')) {
$this->roleSessionName = Helper::env('ALIBABA_CLOUD_ROLE_SESSION_NAME');
}
if (isset($params['roleSessionName'])) {
$this->roleSessionName = $params['roleSessionName'];
}
if (is_null($this->roleSessionName) || $this->roleSessionName === '') {
$this->roleSessionName = 'phpSdkRoleSessionName';
}
}
private function filterDurationSeconds(array $params)
{
if (isset($params['durationSeconds'])) {
if (is_int($params['durationSeconds'])) {
$this->durationSeconds = $params['durationSeconds'];
}
}
if ($this->durationSeconds < 900) {
throw new InvalidArgumentException('Role session expiration should be in the range of 900s - max session duration');
}
}
private function filterPolicy(array $params)
{
if (isset($params['policy'])) {
if (is_string($params['policy'])) {
$this->policy = $params['policy'];
}
if (is_array($params['policy'])) {
$this->policy = json_encode($params['policy']);
}
}
}
private function filterSTSEndpoint(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_STS_REGION')) {
$this->stsEndpoint = 'sts' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';
}
if (isset($params['stsRegionId'])) {
$this->stsEndpoint = 'sts' . $params['stsRegionId'] . '.aliyuncs.com';
}
if (isset($params['stsEndpoint'])) {
$this->stsEndpoint = $params['stsEndpoint'];
}
if (is_null($this->stsEndpoint) || $this->stsEndpoint === '') {
$this->stsEndpoint = 'sts.aliyuncs.com';
}
}
private function filterOptions(array $options)
{
if (isset($options['connectTimeout'])) {
$this->connectTimeout = $options['connectTimeout'];
}
if (isset($options['readTimeout'])) {
$this->readTimeout = $options['readTimeout'];
}
Filter::timeout($this->connectTimeout, $this->readTimeout);
}
/**
* Get credentials by request.
*
* @return RefreshResult
* @throws RuntimeException
* @throws GuzzleException
*/
public function refreshCredentials()
{
$options = Request::commonOptions();
$options['read_timeout'] = $this->readTimeout;
$options['connect_timeout'] = $this->connectTimeout;
$options['query']['Action'] = 'AssumeRoleWithOIDC';
$options['query']['Version'] = '2015-04-01';
$options['query']['Format'] = 'JSON';
$options['query']['Timestamp'] = gmdate('Y-m-d\TH:i:s\Z');
$options['query']['RoleArn'] = $this->roleArn;
$options['query']['OIDCProviderArn'] = $this->oidcProviderArn;
try {
$oidcToken = file_get_contents($this->oidcTokenFilePath);
$options['query']['OIDCToken'] = $oidcToken;
} catch (Exception $exception) {
throw new InvalidArgumentException($exception->getMessage());
}
$options['query']['RoleSessionName'] = $this->roleSessionName;
$options['query']['DurationSeconds'] = (string) $this->durationSeconds;
if (!is_null($this->policy)) {
$options['query']['Policy'] = $this->policy;
}
$url = (new Uri())->withScheme('https')->withHost($this->stsEndpoint);
$result = Request::createClient()->request('POST', $url, $options);
if ($result->getStatusCode() !== 200) {
throw new RuntimeException('Error refreshing credentials from OIDC, statusCode: ' . $result->getStatusCode() . ', result: ' . (string) $result);
}
$json = $result->toArray();
$credentials = $json['Credentials'];
if (!isset($credentials['AccessKeyId']) || !isset($credentials['AccessKeySecret']) || !isset($credentials['SecurityToken'])) {
throw new RuntimeException('Error retrieving credentials from OIDC result:' . $result->toJson());
}
return new RefreshResult(new Credentials([
'accessKeyId' => $credentials['AccessKeyId'],
'accessKeySecret' => $credentials['AccessKeySecret'],
'securityToken' => $credentials['SecurityToken'],
'expiration' => \strtotime($credentials['Expiration']),
'providerName' => $this->getProviderName(),
]), $this->getStaleTime(strtotime($credentials['Expiration'])) );
}
public function key()
{
return 'oidc_role_arn#roleArn#' . $this->roleArn . '#oidcProviderArn#' . $this->oidcProviderArn . '#roleSessionName#' . $this->roleSessionName;
}
public function getProviderName()
{
return 'oidc_role_arn';
}
}

188
Server/vendor/alibabacloud/credentials/src/Providers/ProfileCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,188 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use RuntimeException;
/**
* @internal This class is intended for internal use within the package.
* Class ProfileCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class ProfileCredentialsProvider implements CredentialsProvider
{
/**
* @var string
*/
private $profileName;
/**
* @var string
*/
private $profileFile;
/**
* @var CredentialsProvider
*/
private $credentialsProvider;
/**
* ProfileCredentialsProvider constructor.
*
* @param array $params
*/
public function __construct(array $params = [])
{
$this->filterProfileName($params);
$this->filterProfileFile();
}
private function filterProfileName(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_PROFILE')) {
$this->profileName = Helper::env('ALIBABA_CLOUD_PROFILE');
}
if (isset($params['profileName'])) {
$this->profileName = $params['profileName'];
}
if (is_null($this->profileName) || $this->profileName === '') {
$this->profileName = 'default';
}
}
private function filterProfileFile()
{
$this->profileFile = Helper::envNotEmpty('ALIBABA_CLOUD_CREDENTIALS_FILE');
if (!$this->profileFile) {
$this->profileFile = self::getDefaultFile();
}
}
/**
* @return bool
*/
private function shouldReloadCredentialsProvider()
{
if (is_null($this->credentialsProvider)) {
return true;
}
return false;
}
/**
* @return CredentialsProvider
*/
private function reloadCredentialsProvider($profileFile, $profileName)
{
if (!Helper::inOpenBasedir($profileFile)) {
throw new RuntimeException('Unable to open credentials file: ' . $profileFile);
}
if (!\is_readable($profileFile) || !\is_file($profileFile)) {
throw new RuntimeException('Credentials file is not readable: ' . $profileFile);
}
$fileArray = \parse_ini_file($profileFile, true);
if (\is_array($fileArray) && !empty($fileArray)) {
$credentialsConfigures = [];
foreach (\array_change_key_case($fileArray) as $name => $configures) {
if ($name === $profileName) {
$credentialsConfigures = $configures;
break;
}
}
if (\is_array($credentialsConfigures) && !empty($credentialsConfigures)) {
switch (Helper::unsetReturnNull($credentialsConfigures, 'type')) {
case 'access_key':
return new StaticAKCredentialsProvider([
'accessKeyId' => Helper::unsetReturnNull($credentialsConfigures, 'access_key_id'),
'accessKeySecret' => Helper::unsetReturnNull($credentialsConfigures, 'access_key_secret'),
]);
case 'ram_role_arn':
$innerProvider = new StaticAKCredentialsProvider([
'accessKeyId' => Helper::unsetReturnNull($credentialsConfigures, 'access_key_id'),
'accessKeySecret' => Helper::unsetReturnNull($credentialsConfigures, 'access_key_secret'),
]);
return new RamRoleArnCredentialsProvider([
'credentialsProvider' => $innerProvider,
'roleArn' => Helper::unsetReturnNull($credentialsConfigures, 'role_arn'),
'roleSessionName' => Helper::unsetReturnNull($credentialsConfigures, 'role_session_name'),
'policy' => Helper::unsetReturnNull($credentialsConfigures, 'policy'),
]);
case 'ecs_ram_role':
return new EcsRamRoleCredentialsProvider([
'roleName' => Helper::unsetReturnNull($credentialsConfigures, 'role_name'),
]);
case 'oidc_role_arn':
return new OIDCRoleArnCredentialsProvider([
'roleArn' => Helper::unsetReturnNull($credentialsConfigures, 'role_arn'),
'oidcProviderArn' => Helper::unsetReturnNull($credentialsConfigures, 'oidc_provider_arn'),
'oidcTokenFilePath' => Helper::unsetReturnNull($credentialsConfigures, 'oidc_token_file_path'),
'roleSessionName' => Helper::unsetReturnNull($credentialsConfigures, 'role_session_name'),
'policy' => Helper::unsetReturnNull($credentialsConfigures, 'policy'),
]);
case 'rsa_key_pair':
return new RsaKeyPairCredentialsProvider([
'publicKeyId' => Helper::unsetReturnNull($credentialsConfigures, 'public_key_id'),
'privateKeyFile' => Helper::unsetReturnNull($credentialsConfigures, 'private_key_file'),
]);
default:
throw new RuntimeException('Unsupported credential type from credentials file: ' . Helper::unsetReturnNull($credentialsConfigures, 'type'));
}
}
}
throw new RuntimeException('Failed to get credential from credentials file: ' . $profileFile);
}
/**
* Get credential.
*
* @return Credentials
* @throws RuntimeException
*/
public function getCredentials()
{
if ($this->shouldReloadCredentialsProvider()) {
$this->credentialsProvider = $this->reloadCredentialsProvider($this->profileFile, $this->profileName);
}
$credentials = $this->credentialsProvider->getCredentials();
return new Credentials([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'providerName' => $this->getProviderName() . '/' . $this->credentialsProvider->getProviderName(),
]);
}
/**
* Get the default credential file.
*
* @return string
*/
private function getDefaultFile()
{
return Helper::getHomeDirectory() .
DIRECTORY_SEPARATOR .
'.alibabacloud' .
DIRECTORY_SEPARATOR .
'credentials';
}
/**
* @return string
*/
public function getProviderName()
{
return 'profile';
}
}

82
Server/vendor/alibabacloud/credentials/src/Providers/Provider.php vendored
View File

@@ -1,82 +0,0 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\CredentialsInterface;
use AlibabaCloud\Credentials\EcsRamRoleCredential;
use AlibabaCloud\Credentials\RamRoleArnCredential;
use AlibabaCloud\Credentials\RsaKeyPairCredential;
abstract class Provider
{
/**
* For TSC Duration Seconds
*/
const DURATION_SECONDS = 3600;
/**
* @var array
*/
protected static $credentialsCache = [];
/**
* Expiration time slot for temporary security credentials.
*
* @var int
*/
protected $expirationSlot = 180;
/**
* @var RamRoleArnCredential|RsaKeyPairCredential|EcsRamRoleCredential
*/
protected $credential;
/**
* @var string
*/
protected $error = 'Result contains no credentials';
/**
* @var array
*/
protected $config = [];
/**
* CredentialTrait constructor.
*
* @param CredentialsInterface $credential
* @param array $config
*/
public function __construct(CredentialsInterface $credential, $config = [])
{
$this->credential = $credential;
$this->config = $config;
}
/**
* Get the credentials from the cache in the validity period.
*
* @return array|null
*/
public function getCredentialsInCache()
{
if (isset(self::$credentialsCache[(string)$this->credential])) {
$result = self::$credentialsCache[(string)$this->credential];
if (\strtotime($result['Expiration']) - \time() >= $this->expirationSlot) {
return $result;
}
}
return null;
}
/**
* Cache credentials.
*
* @param array $credential
*/
protected function cache(array $credential)
{
self::$credentialsCache[(string)$this->credential] = $credential;
}
}

317
Server/vendor/alibabacloud/credentials/src/Providers/RamRoleArnCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,317 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Request\Request;
use GuzzleHttp\Psr7\Uri;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
use RuntimeException;
use AlibabaCloud\Credentials\Credential\RefreshResult;
/**
* @internal This class is intended for internal use within the package.
* Class RamRoleArnCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class RamRoleArnCredentialsProvider extends SessionCredentialsProvider
{
/**
* @var CredentialsProvider
*/
private $credentialsProvider;
/**
* @var string
*/
private $roleArn;
/**
* @var string
*/
private $roleSessionName;
/**
* @description role session expiration
* @example 3600
* @var int
*/
private $durationSeconds = 3600;
/**
* @var string
*/
private $externalId;
/**
* @var string
*/
private $policy;
/**
* @var string
*/
private $stsEndpoint;
/**
* @var int
*/
private $connectTimeout = 5;
/**
* @var int
*/
private $readTimeout = 5;
/**
* RamRoleArnCredentialsProvider constructor.
*
* @param array $params
* @param array $options
*/
public function __construct(array $params = [], array $options = [])
{
$this->filterOptions($options);
$this->filterCredentials($params);
$this->filterRoleArn($params);
$this->filterRoleSessionName($params);
$this->filterDurationSeconds($params);
$this->filterPolicy($params);
$this->filterExternalId($params);
$this->filterSTSEndpoint($params);
}
private function filterRoleArn(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ROLE_ARN')) {
$this->roleArn = Helper::env('ALIBABA_CLOUD_ROLE_ARN');
}
if (isset($params['roleArn'])) {
$this->roleArn = $params['roleArn'];
}
Filter::roleArn($this->roleArn);
}
private function filterRoleSessionName(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ROLE_SESSION_NAME')) {
$this->roleSessionName = Helper::env('ALIBABA_CLOUD_ROLE_SESSION_NAME');
}
if (isset($params['roleSessionName'])) {
$this->roleSessionName = $params['roleSessionName'];
}
if (is_null($this->roleSessionName) || $this->roleSessionName === '') {
$this->roleSessionName = 'phpSdkRoleSessionName';
}
}
private function filterDurationSeconds(array $params)
{
if (isset($params['durationSeconds'])) {
if (is_int($params['durationSeconds'])) {
$this->durationSeconds = $params['durationSeconds'];
}
}
if ($this->durationSeconds < 900) {
throw new InvalidArgumentException('Role session expiration should be in the range of 900s - max session duration');
}
}
private function filterPolicy(array $params)
{
if (isset($params['policy'])) {
if (is_string($params['policy'])) {
$this->policy = $params['policy'];
}
if (is_array($params['policy'])) {
$this->policy = json_encode($params['policy']);
}
}
}
private function filterExternalId(array $params)
{
if (isset($params['externalId'])) {
if (is_string($params['externalId'])) {
$this->externalId = $params['externalId'];
}
}
}
private function filterSTSEndpoint(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_STS_REGION')) {
$this->stsEndpoint = 'sts.' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';
}
if (isset($params['stsRegionId'])) {
$this->stsEndpoint = 'sts.' . $params['stsRegionId'] . '.aliyuncs.com';
}
if (isset($params['stsEndpoint'])) {
$this->stsEndpoint = $params['stsEndpoint'];
}
if (is_null($this->stsEndpoint) || $this->stsEndpoint === '') {
$this->stsEndpoint = 'sts.aliyuncs.com';
}
}
private function filterCredentials(array $params)
{
if (isset($params['credentialsProvider'])) {
if (!($params['credentialsProvider'] instanceof CredentialsProvider)) {
throw new InvalidArgumentException('Invalid credentialsProvider option for ram_role_arn');
}
$this->credentialsProvider = $params['credentialsProvider'];
} else if (isset($params['accessKeyId']) && isset($params['accessKeySecret']) && isset($params['securityToken'])) {
Filter::accessKey($params['accessKeyId'], $params['accessKeySecret']);
Filter::securityToken($params['securityToken']);
$this->credentialsProvider = new StaticSTSCredentialsProvider($params);
} else if (isset($params['accessKeyId']) && isset($params['accessKeySecret'])) {
Filter::accessKey($params['accessKeyId'], $params['accessKeySecret']);
$this->credentialsProvider = new StaticAKCredentialsProvider($params);
} else {
throw new InvalidArgumentException('Missing required credentials option for ram_role_arn');
}
}
private function filterOptions(array $options)
{
if (isset($options['connectTimeout'])) {
$this->connectTimeout = $options['connectTimeout'];
}
if (isset($options['readTimeout'])) {
$this->readTimeout = $options['readTimeout'];
}
Filter::timeout($this->connectTimeout, $this->readTimeout);
}
/**
* Get credentials by request.
*
* @return RefreshResult
* @throws RuntimeException
* @throws GuzzleException
*/
public function refreshCredentials()
{
$options = Request::commonOptions();
$options['read_timeout'] = $this->readTimeout;
$options['connect_timeout'] = $this->connectTimeout;
$options['query']['Action'] = 'AssumeRole';
$options['query']['Version'] = '2015-04-01';
$options['query']['Format'] = 'JSON';
$options['query']['Timestamp'] = gmdate('Y-m-d\TH:i:s\Z');
$options['query']['SignatureMethod'] = 'HMAC-SHA1';
$options['query']['SignatureVersion'] = '1.0';
$options['query']['SignatureNonce'] = Request::uuid(json_encode($options['query']));
$options['query']['RoleArn'] = $this->roleArn;
$options['query']['RoleSessionName'] = $this->roleSessionName;
$options['query']['DurationSeconds'] = (string) $this->durationSeconds;
if (!is_null($this->policy) && $this->policy !== '') {
$options['query']['Policy'] = $this->policy;
}
if (!is_null($this->externalId) && $this->externalId !== '') {
$options['query']['ExternalId'] = $this->externalId;
}
$sessionCredentials = $this->credentialsProvider->getCredentials();
$options['query']['AccessKeyId'] = $sessionCredentials->getAccessKeyId();
if (!is_null($sessionCredentials->getSecurityToken())) {
$options['query']['SecurityToken'] = $sessionCredentials->getSecurityToken();
}
$options['query']['Signature'] = Request::shaHmac1sign(
Request::signString('GET', $options['query']),
$sessionCredentials->getAccessKeySecret() . '&'
);
$url = (new Uri())->withScheme('https')->withHost($this->stsEndpoint);
$result = Request::createClient()->request('GET', $url, $options);
if ($result->getStatusCode() !== 200) {
throw new RuntimeException('Error refreshing credentials from RamRoleArn, statusCode: ' . $result->getStatusCode() . ', result: ' . (string) $result);
}
$json = $result->toArray();
$credentials = $json['Credentials'];
if (!isset($credentials['AccessKeyId']) || !isset($credentials['AccessKeySecret']) || !isset($credentials['SecurityToken'])) {
throw new RuntimeException('Error retrieving credentials from RamRoleArn result:' . $result->toJson());
}
return new RefreshResult(new Credentials([
'accessKeyId' => $credentials['AccessKeyId'],
'accessKeySecret' => $credentials['AccessKeySecret'],
'securityToken' => $credentials['SecurityToken'],
'expiration' => \strtotime($credentials['Expiration']),
'providerName' => $this->getProviderName(),
]), $this->getStaleTime(strtotime($credentials['Expiration'])));
}
public function key()
{
$credentials = $this->credentialsProvider->getCredentials();
return 'ram_role_arn#credential#' . $credentials->getAccessKeyId() . '#roleArn#' . $this->roleArn . '#roleSessionName#' . $this->roleSessionName;
}
public function getProviderName()
{
return 'ram_role_arn/' . $this->credentialsProvider->getProviderName();
}
/**
* @return string
*/
public function getRoleArn()
{
return $this->roleArn;
}
/**
* @return string
*/
public function getRoleSessionName()
{
return $this->roleSessionName;
}
/**
* @return string
*/
public function getPolicy()
{
return $this->policy;
}
/**
* @deprecated
* @return string
*/
public function getOriginalAccessKeyId()
{
return $this->credentialsProvider->getCredentials()->getAccessKeyId();
}
/**
* @deprecated
* @return string
*/
public function getOriginalAccessKeySecret()
{
return $this->credentialsProvider->getCredentials()->getAccessKeySecret();
}
}

49
Server/vendor/alibabacloud/credentials/src/Providers/RamRoleArnProvider.php vendored
View File

@@ -1,49 +0,0 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Request\AssumeRole;
use AlibabaCloud\Credentials\StsCredential;
use Exception;
use GuzzleHttp\Exception\GuzzleException;
use RuntimeException;
class RamRoleArnProvider extends Provider
{
/**
* Get credential.
*
* @return StsCredential
* @throws Exception
* @throws GuzzleException
*/
public function get()
{
$credential = $this->getCredentialsInCache();
if (null === $credential) {
$result = (new AssumeRole($this->credential))->request();
if ($result->getStatusCode() !== 200) {
throw new RuntimeException(isset($result['Message']) ? $result['Message'] : (string)$result->getBody());
}
if (!isset($result['Credentials']['AccessKeyId'],
$result['Credentials']['AccessKeySecret'],
$result['Credentials']['SecurityToken'])) {
throw new RuntimeException($this->error);
}
$credential = $result['Credentials'];
$this->cache($credential);
}
return new StsCredential(
$credential['AccessKeyId'],
$credential['AccessKeySecret'],
strtotime($credential['Expiration']),
$credential['SecurityToken']
);
}
}

200
Server/vendor/alibabacloud/credentials/src/Providers/RsaKeyPairCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,200 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Request\Request;
use GuzzleHttp\Psr7\Uri;
use GuzzleHttp\Exception\GuzzleException;
use AlibabaCloud\Credentials\Credential\RefreshResult;
use InvalidArgumentException;
use RuntimeException;
use Exception;
/**
* @internal This class is intended for internal use within the package.
* Class RsaKeyPairCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class RsaKeyPairCredentialsProvider extends SessionCredentialsProvider
{
/**
* @var string
*/
private $publicKeyId;
/**
* @var string
*/
private $privateKey;
/**
* @description role session expiration
* @example 3600
* @var int
*/
private $durationSeconds = 3600;
/**
* @var string
*/
private $stsEndpoint;
/**
* @var int
*/
private $connectTimeout = 5;
/**
* @var int
*/
private $readTimeout = 5;
/**
* RsaKeyPairCredentialsProvider constructor.
*
* @param array $params
* @param array $options
*/
public function __construct(array $params = [], array $options = [])
{
$this->filterOptions($options);
$this->filterDurationSeconds($params);
$this->filterSTSEndpoint($params);
$this->publicKeyId = isset($params['publicKeyId']) ? $params['publicKeyId'] : null;
$privateKeyFile = isset($params['privateKeyFile']) ? $params['privateKeyFile'] : null;
Filter::publicKeyId($this->publicKeyId);
Filter::privateKeyFile($privateKeyFile);
try {
$this->privateKey = file_get_contents($privateKeyFile);
} catch (Exception $exception) {
throw new InvalidArgumentException($exception->getMessage());
}
}
private function filterOptions(array $options)
{
if (isset($options['connectTimeout'])) {
$this->connectTimeout = $options['connectTimeout'];
}
if (isset($options['readTimeout'])) {
$this->readTimeout = $options['readTimeout'];
}
Filter::timeout($this->connectTimeout, $this->readTimeout);
}
private function filterDurationSeconds(array $params)
{
if (isset($params['durationSeconds'])) {
if (is_int($params['durationSeconds'])) {
$this->durationSeconds = $params['durationSeconds'];
}
}
if ($this->durationSeconds < 900) {
throw new InvalidArgumentException('Role session expiration should be in the range of 900s - max session duration');
}
}
private function filterSTSEndpoint(array $params)
{
if (isset($params['stsEndpoint'])) {
$this->stsEndpoint = $params['stsEndpoint'];
}
if (is_null($this->stsEndpoint) || $this->stsEndpoint === '') {
$this->stsEndpoint = 'sts.ap-northeast-1.aliyuncs.com';
}
}
/**
* Get credentials by request.
*
* @return RefreshResult
* @throws RuntimeException
* @throws GuzzleException
*/
public function refreshCredentials()
{
$options = Request::commonOptions();
$options['read_timeout'] = $this->readTimeout;
$options['connect_timeout'] = $this->connectTimeout;
$options['query']['Action'] = 'GenerateSessionAccessKey';
$options['query']['Version'] = '2015-04-01';
$options['query']['Format'] = 'JSON';
$options['query']['Timestamp'] = gmdate('Y-m-d\TH:i:s\Z');
$options['query']['SignatureMethod'] = 'SHA256withRSA';
$options['query']['SignatureType'] = 'PRIVATEKEY';
$options['query']['SignatureVersion'] = '1.0';
$options['query']['SignatureNonce'] = Request::uuid(json_encode($options['query']));
$options['query']['DurationSeconds'] = (string) $this->durationSeconds;
$options['query']['AccessKeyId'] = $this->publicKeyId;
$options['query']['Signature'] = Request::shaHmac256WithRsasign(
Request::signString('GET', $options['query']),
$this->privateKey
);
$url = (new Uri())->withScheme('https')->withHost($this->stsEndpoint);
$result = Request::createClient()->request('GET', $url, $options);
if ($result->getStatusCode() !== 200) {
throw new RuntimeException('Error refreshing credentials from RsaKeyPair, statusCode: ' . $result->getStatusCode() . ', result: ' . (string) $result);
}
$json = $result->toArray();
if (!isset($json['SessionAccessKey']['SessionAccessKeyId']) || !isset($json['SessionAccessKey']['SessionAccessKeySecret'])) {
throw new RuntimeException('Error retrieving credentials from RsaKeyPair result:' . $result->toJson());
}
$credentials = [];
$credentials['AccessKeyId'] = $json['SessionAccessKey']['SessionAccessKeyId'];
$credentials['AccessKeySecret'] = $json['SessionAccessKey']['SessionAccessKeySecret'];
$credentials['Expiration'] = $json['SessionAccessKey']['Expiration'];
$credentials['SecurityToken'] = null;
return new RefreshResult(new Credentials([
'accessKeyId' => $credentials['AccessKeyId'],
'accessKeySecret' => $credentials['AccessKeySecret'],
'securityToken' => $credentials['SecurityToken'],
'expiration' => \strtotime($credentials['Expiration']),
'providerName' => $this->getProviderName(),
]), $this->getStaleTime(strtotime($credentials['Expiration'])));
}
public function key()
{
return 'rsa_key_pair#publicKeyId#' . $this->publicKeyId;
}
public function getProviderName()
{
return 'rsa_key_pair';
}
/**
* @return string
*/
public function getPublicKeyId()
{
return $this->publicKeyId;
}
/**
* @return mixed
*/
public function getPrivateKey()
{
return $this->privateKey;
}
}

53
Server/vendor/alibabacloud/credentials/src/Providers/RsaKeyPairProvider.php vendored
View File

@@ -1,53 +0,0 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Request\GenerateSessionAccessKey;
use AlibabaCloud\Credentials\StsCredential;
use Exception;
use GuzzleHttp\Exception\GuzzleException;
use RuntimeException;
/**
* Class RsaKeyPairProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class RsaKeyPairProvider extends Provider
{
/**
* Get credential.
*
*
* @return StsCredential
* @throws Exception
* @throws GuzzleException
*/
public function get()
{
$credential = $this->getCredentialsInCache();
if ($credential === null) {
$result = (new GenerateSessionAccessKey($this->credential))->request();
if ($result->getStatusCode() !== 200) {
throw new RuntimeException(isset($result['Message']) ? $result['Message'] : (string)$result->getBody());
}
if (!isset($result['SessionAccessKey']['SessionAccessKeyId'],
$result['SessionAccessKey']['SessionAccessKeySecret'])) {
throw new RuntimeException($this->error);
}
$credential = $result['SessionAccessKey'];
$this->cache($credential);
}
return new StsCredential(
$credential['SessionAccessKeyId'],
$credential['SessionAccessKeySecret'],
strtotime($credential['Expiration'])
);
}
}

161
Server/vendor/alibabacloud/credentials/src/Providers/SessionCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,161 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Credential\RefreshResult;
abstract class SessionCredentialsProvider implements CredentialsProvider
{
/**
* @var array
*/
protected static $credentialsCache = [];
/**
* Expiration time slot for temporary security credentials.
*
* @var int
*/
protected $expirationSlot = 180;
/**
* @var string
*/
protected $error = 'Result contains no credentials';
/**
* Get the credentials from the cache in the validity period.
*
* @return RefreshResult|null
*/
protected function getCredentialsInCache()
{
if (isset(self::$credentialsCache[$this->key()])) {
$result = self::$credentialsCache[$this->key()];
return $result;
}
return null;
}
/**
* Cache credentials.
*
* @param RefreshResult $credential
*/
protected function cache(RefreshResult $credential)
{
self::$credentialsCache[$this->key()] = $credential;
}
/**
* Get credential.
*
* @return Credentials
*/
public function getCredentials()
{
if ($this->cacheIsStale() || $this->shouldInitiateCachePrefetch()) {
$result = $this->refreshCache();
$this->cache($result);
}
$result = $this->getCredentialsInCache();
return $result->credentials();
}
/**
* @return RefreshResult
*/
protected function refreshCache()
{
try {
return $this->handleFetchedSuccess($this->refreshCredentials());
} catch (\Exception $e) {
return $this->handleFetchedFailure($e);
}
}
/**
* @return RefreshResult
* @throws \Exception
*/
protected function handleFetchedFailure(\Exception $e)
{
$currentCachedValue = $this->getCredentialsInCache();
if (is_null($currentCachedValue)) {
throw $e;
}
if (time() < $currentCachedValue->staleTime()) {
return $currentCachedValue;
}
throw $e;
}
/**
* @return RefreshResult
*/
protected function handleFetchedSuccess(RefreshResult $value)
{
$now = time();
// 过期时间大于15分钟不用管
if ($now < $value->staleTime()) {
return $value;
}
// 不足或等于15分钟但未过期下次会再次刷新
if ($now < $value->staleTime() + 15 * 60) {
$value->staleTime = $now;
return $value;
}
// 已过期看缓存缓存若大于15分钟返回缓存若小于15分钟则稍后重试
if (is_null($this->getCredentialsInCache())) {
throw new \Exception("The fetched credentials have expired and no cache is available.");
} else if ($now < $this->getCredentialsInCache()->staleTime()) {
return $this->getCredentialsInCache();
} else {
// 返回成功,延长有效期 1 分钟
$expectation = mt_rand(50, 70);
$value->staleTime = time() + $expectation;
return $value;
}
}
/**
* @return bool
*/
protected function cacheIsStale()
{
return is_null($this->getCredentialsInCache()) || time() >= $this->getCredentialsInCache()->staleTime();
}
/**
* @return bool
*/
protected function shouldInitiateCachePrefetch()
{
return is_null($this->getCredentialsInCache()) || time() >= $this->getCredentialsInCache()->prefetchTime();
}
/**
* @return int
*/
public function getStaleTime($expiration)
{
return $expiration <= 0 ?
time() + (60 * 60) :
$expiration - (15 * 60);
}
/**
* @return RefreshResult
*/
abstract function refreshCredentials();
/**
* Get the toString of the credentials provider as the key.
*
* @return string
*/
abstract function key();
}

78
Server/vendor/alibabacloud/credentials/src/Providers/StaticAKCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,78 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use AlibabaCloud\Credentials\Utils\Filter;
/**
* @internal This class is intended for internal use within the package.
* Class StaticAKCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class StaticAKCredentialsProvider implements CredentialsProvider
{
/**
* @var string
*/
private $accessKeyId;
/**
* @var string
*/
private $accessKeySecret;
/**
* StaticAKCredentialsProvider constructor.
*
* @param array $params
*/
public function __construct(array $params = [])
{
$this->filterAK($params);
}
private function filterAK(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ACCESS_KEY_ID')) {
$this->accessKeyId = Helper::env('ALIBABA_CLOUD_ACCESS_KEY_ID');
}
if (Helper::envNotEmpty('ALIBABA_CLOUD_ACCESS_KEY_SECRET')) {
$this->accessKeySecret = Helper::env('ALIBABA_CLOUD_ACCESS_KEY_SECRET');
}
if (isset($params['accessKeyId'])) {
$this->accessKeyId = $params['accessKeyId'];
}
if (isset($params['accessKeySecret'])) {
$this->accessKeySecret = $params['accessKeySecret'];
}
Filter::accessKey($this->accessKeyId, $this->accessKeySecret);
}
/**
* Get credential.
*
* @return Credentials
*/
public function getCredentials()
{
return new Credentials([
'accessKeyId' => $this->accessKeyId,
'accessKeySecret' => $this->accessKeySecret,
'providerName' => $this->getProviderName(),
]);
}
/**
* @inheritDoc
*/
public function getProviderName()
{
return "static_ak";
}
}

92
Server/vendor/alibabacloud/credentials/src/Providers/StaticSTSCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,92 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use AlibabaCloud\Credentials\Utils\Filter;
/**
* @internal This class is intended for internal use within the package.
* Class StaticSTSCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class StaticSTSCredentialsProvider implements CredentialsProvider
{
/**
* @var string
*/
private $accessKeyId;
/**
* @var string
*/
private $accessKeySecret;
/**
* @var string
*/
private $securityToken;
/**
* StaticSTSCredentialsProvider constructor.
*
* @param array $params
*/
public function __construct(array $params = [])
{
$this->filterSTS($params);
}
private function filterSTS(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_ACCESS_KEY_ID')) {
$this->accessKeyId = Helper::env('ALIBABA_CLOUD_ACCESS_KEY_ID');
}
if (Helper::envNotEmpty('ALIBABA_CLOUD_ACCESS_KEY_SECRET')) {
$this->accessKeySecret = Helper::env('ALIBABA_CLOUD_ACCESS_KEY_SECRET');
}
if (Helper::envNotEmpty('ALIBABA_CLOUD_SECURITY_TOKEN')) {
$this->securityToken = Helper::env('ALIBABA_CLOUD_SECURITY_TOKEN');
}
if (isset($params['accessKeyId'])) {
$this->accessKeyId = $params['accessKeyId'];
}
if (isset($params['accessKeySecret'])) {
$this->accessKeySecret = $params['accessKeySecret'];
}
if (isset($params['securityToken'])) {
$this->securityToken = $params['securityToken'];
}
Filter::accessKey($this->accessKeyId, $this->accessKeySecret);
Filter::securityToken($this->securityToken);
}
/**
* Get credential.
*
* @return Credentials
*/
public function getCredentials()
{
return new Credentials([
'accessKeyId' => $this->accessKeyId,
'accessKeySecret' => $this->accessKeySecret,
'securityToken' => $this->securityToken,
'providerName' => $this->getProviderName(),
]);
}
/**
* @inheritDoc
*/
public function getProviderName()
{
return "static_sts";
}
}

126
Server/vendor/alibabacloud/credentials/src/Providers/URLCredentialsProvider.php vendored Normal file
View File

@@ -0,0 +1,126 @@
<?php
namespace AlibabaCloud\Credentials\Providers;
use AlibabaCloud\Credentials\Utils\Helper;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Request\Request;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
use RuntimeException;
use AlibabaCloud\Credentials\Credential\RefreshResult;
/**
* @internal This class is intended for internal use within the package.
* Class URLCredentialsProvider
*
* @package AlibabaCloud\Credentials\Providers
*/
class URLCredentialsProvider extends SessionCredentialsProvider
{
/**
* @var string
*/
private $credentialsURI;
/**
* @var int
*/
private $connectTimeout = 5;
/**
* @var int
*/
private $readTimeout = 5;
/**
* URLCredentialsProvider constructor.
*
* @param array $params
* @param array $options
*/
public function __construct(array $params = [], array $options = [])
{
$this->filterOptions($options);
$this->filterCredentialsURI($params);
}
private function filterOptions(array $options)
{
if (isset($options['connectTimeout'])) {
$this->connectTimeout = $options['connectTimeout'];
}
if (isset($options['readTimeout'])) {
$this->readTimeout = $options['readTimeout'];
}
Filter::timeout($this->connectTimeout, $this->readTimeout);
}
private function filterCredentialsURI(array $params)
{
if (Helper::envNotEmpty('ALIBABA_CLOUD_CREDENTIALS_URI')) {
$this->credentialsURI = Helper::env('ALIBABA_CLOUD_CREDENTIALS_URI');
}
if (isset($params['credentialsURI'])) {
$this->credentialsURI = $params['credentialsURI'];
}
Filter::credentialsURI($this->credentialsURI);
}
/**
* Get credentials by request.
*
* @return RefreshResult
* @throws InvalidArgumentException
* @throws RuntimeException
* @throws GuzzleException
*/
public function refreshCredentials()
{
$options = Request::commonOptions();
$options['read_timeout'] = $this->readTimeout;
$options['connect_timeout'] = $this->connectTimeout;
$result = Request::createClient()->request('GET', $this->credentialsURI, $options);
if ($result->getStatusCode() !== 200) {
throw new RuntimeException('Error refreshing credentials from credentialsURI, statusCode: ' . $result->getStatusCode() . ', result: ' . (string) $result);
}
$credentials = $result->toArray();
if (!isset($credentials['AccessKeyId']) || !isset($credentials['AccessKeySecret']) || !isset($credentials['SecurityToken']) || !isset($credentials['Expiration'])) {
throw new RuntimeException('Error retrieving credentials from credentialsURI result:' . $result->toJson());
}
return new RefreshResult(new Credentials([
'accessKeyId' => $credentials['AccessKeyId'],
'accessKeySecret' => $credentials['AccessKeySecret'],
'securityToken' => $credentials['SecurityToken'],
'expiration' => \strtotime($credentials['Expiration']),
'providerName' => $this->getProviderName(),
]), $this->getStaleTime(strtotime($credentials['Expiration'])));
}
/**
* @return string
*/
public function key()
{
return 'credential_uri#' . $this->credentialsURI;
}
/**
* @return string
*/
public function getProviderName()
{
return 'credential_uri';
}
}

36
Server/vendor/alibabacloud/credentials/src/RamRoleArnCredential.php vendored
View File

@@ -2,13 +2,16 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Providers\RamRoleArnProvider;
use AlibabaCloud\Credentials\Providers\RamRoleArnCredentialsProvider;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
use AlibabaCloud\Credentials\Utils\Filter;
use Exception;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
/**
* @deprecated
* Use the AssumeRole of the RAM account to complete the authentication.
*/
class RamRoleArnCredential implements CredentialsInterface
@@ -57,10 +60,10 @@ class RamRoleArnCredential implements CredentialsInterface
Filter::accessKey($credential['access_key_id'], $credential['access_key_secret']);
$this->config = $config;
$this->accessKeyId = $credential['access_key_id'];
$this->config = $config;
$this->accessKeyId = $credential['access_key_id'];
$this->accessKeySecret = $credential['access_key_secret'];
$this->roleArn = $credential['role_arn'];
$this->roleArn = $credential['role_arn'];
$this->roleSessionName = $credential['role_session_name'];
}
@@ -177,13 +180,20 @@ class RamRoleArnCredential implements CredentialsInterface
}
/**
* @return StsCredential
* @return AlibabaCloud\Credentials\Providers\Credentials
* @throws Exception
* @throws GuzzleException
*/
protected function getSessionCredential()
{
return (new RamRoleArnProvider($this))->get();
$params = [
'accessKeyId' => $this->accessKeyId,
'accessKeySecret' => $this->accessKeyId,
'roleArn' => $this->roleArn,
'roleSessionName' => $this->roleSessionName,
'policy' => $this->policy,
];
return (new RamRoleArnCredentialsProvider($params))->getCredentials();
}
/**
@@ -215,4 +225,18 @@ class RamRoleArnCredential implements CredentialsInterface
{
return $this->getSessionCredential()->getExpiration();
}
/**
* @inheritDoc
*/
public function getCredential()
{
$credentials = $this->getSessionCredential();
return new CredentialModel([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'type' => 'ram_role_arn',
]);
}
}

37
Server/vendor/alibabacloud/credentials/src/Request/AssumeRole.php vendored
View File

@@ -1,37 +0,0 @@
<?php
namespace AlibabaCloud\Credentials\Request;
use AlibabaCloud\Credentials\Providers\Provider;
use AlibabaCloud\Credentials\RamRoleArnCredential;
use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
/**
* Retrieving assume role credentials.
*/
class AssumeRole extends Request
{
/**
* AssumeRole constructor.
*
* @param RamRoleArnCredential $arnCredential
*/
public function __construct(RamRoleArnCredential $arnCredential)
{
parent::__construct();
$this->signature = new ShaHmac1Signature();
$this->credential = $arnCredential;
$this->uri = $this->uri->withHost('sts.aliyuncs.com');
$this->options['verify'] = false;
$this->options['query']['RoleArn'] = $arnCredential->getRoleArn();
$this->options['query']['RoleSessionName'] = $arnCredential->getRoleSessionName();
$this->options['query']['DurationSeconds'] = Provider::DURATION_SECONDS;
$this->options['query']['AccessKeyId'] = $this->credential->getOriginalAccessKeyId();
$this->options['query']['Version'] = '2015-04-01';
$this->options['query']['Action'] = 'AssumeRole';
$this->options['query']['RegionId'] = 'cn-hangzhou';
if ($arnCredential->getPolicy()) {
$this->options['query']['Policy'] = $arnCredential->getPolicy();
}
}
}

33
Server/vendor/alibabacloud/credentials/src/Request/GenerateSessionAccessKey.php vendored
View File

@@ -1,33 +0,0 @@
<?php
namespace AlibabaCloud\Credentials\Request;
use AlibabaCloud\Credentials\Providers\Provider;
use AlibabaCloud\Credentials\RsaKeyPairCredential;
use AlibabaCloud\Credentials\Signature\ShaHmac256WithRsaSignature;
/**
* Use the RSA key pair to complete the authentication (supported only on Japanese site)
*/
class GenerateSessionAccessKey extends Request
{
/**
* GenerateSessionAccessKey constructor.
*
* @param RsaKeyPairCredential $credential
*/
public function __construct(RsaKeyPairCredential $credential)
{
parent::__construct();
$this->signature = new ShaHmac256WithRsaSignature();
$this->credential = $credential;
$this->uri = $this->uri->withHost('sts.ap-northeast-1.aliyuncs.com');
$this->options['verify'] = false;
$this->options['query']['Version'] = '2015-04-01';
$this->options['query']['Action'] = 'GenerateSessionAccessKey';
$this->options['query']['RegionId'] = 'cn-hangzhou';
$this->options['query']['AccessKeyId'] = $credential->getPublicKeyId();
$this->options['query']['PublicKeyId'] = $credential->getPublicKeyId();
$this->options['query']['DurationSeconds'] = Provider::DURATION_SECONDS;
}
}

118
Server/vendor/alibabacloud/credentials/src/Request/Request.php vendored
View File

@@ -3,19 +3,16 @@
namespace AlibabaCloud\Credentials\Request;
use AlibabaCloud\Credentials\Credentials;
use AlibabaCloud\Credentials\EcsRamRoleCredential;
use AlibabaCloud\Credentials\Helper;
use AlibabaCloud\Credentials\RamRoleArnCredential;
use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
use AlibabaCloud\Credentials\Signature\ShaHmac256WithRsaSignature;
use Exception;
use AlibabaCloud\Credentials\Utils\Helper;
use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
use GuzzleHttp\Middleware;
use GuzzleHttp\Psr7\Uri;
use AlibabaCloud\Tea\Response;
use Psr\Http\Message\ResponseInterface;
use Exception;
use InvalidArgumentException;
/**
* RESTful RPC Request.
*/
@@ -28,67 +25,33 @@ class Request
const CONNECT_TIMEOUT = 5;
/**
* Request Timeout
* Request Read Timeout
*/
const TIMEOUT = 10;
const READ_TIMEOUT = 5;
/**
* @var array
*/
private static $config = [];
/**
* @var array
*/
public $options = [];
/**
* @var Uri
*
* @return array
*/
public $uri;
/**
* @var EcsRamRoleCredential|RamRoleArnCredential
*/
protected $credential;
/**
* @var ShaHmac256WithRsaSignature|ShaHmac1Signature
*/
protected $signature;
/**
* Request constructor.
*/
public function __construct()
public static function commonOptions()
{
$this->uri = (new Uri())->withScheme('https');
$this->options['http_errors'] = false;
$this->options['connect_timeout'] = self::CONNECT_TIMEOUT;
$this->options['timeout'] = self::TIMEOUT;
$options = [];
$options['http_errors'] = false;
$options['connect_timeout'] = self::CONNECT_TIMEOUT;
$options['read_timeout'] = self::READ_TIMEOUT;
$options['headers']['User-Agent'] = Helper::getUserAgent();
// Turn on debug mode based on environment variable.
if (strtolower(Helper::env('DEBUG')) === 'sdk') {
$this->options['debug'] = true;
$options['debug'] = true;
}
}
/**
* @return ResponseInterface
* @throws Exception
*/
public function request()
{
$this->options['query']['Format'] = 'JSON';
$this->options['query']['SignatureMethod'] = $this->signature->getMethod();
$this->options['query']['SignatureVersion'] = $this->signature->getVersion();
$this->options['query']['SignatureNonce'] = self::uuid(json_encode($this->options['query']));
$this->options['query']['Timestamp'] = gmdate('Y-m-d\TH:i:s\Z');
$this->options['query']['Signature'] = $this->signature->sign(
self::signString('GET', $this->options['query']),
$this->credential->getOriginalAccessKeySecret() . '&'
);
return self::createClient()->request('GET', (string)$this->uri, $this->options);
return $options;
}
/**
@@ -118,6 +81,53 @@ class Request
return $method . '&%2F&' . self::percentEncode(substr($canonicalized, 1));
}
/**
* @param string $string
* @param string $accessKeySecret
*
* @return string
*/
public static function shaHmac1sign($string, $accessKeySecret)
{
return base64_encode(hash_hmac('sha1', $string, $accessKeySecret, true));
}
/**
* @param string $string
* @param string $accessKeySecret
*
* @return string
*/
public static function shaHmac256sign($string, $accessKeySecret)
{
return base64_encode(hash_hmac('sha256', $string, $accessKeySecret, true));
}
/**
* @param string $string
* @param string $privateKey
*
* @return string
*/
public static function shaHmac256WithRsasign($string, $privateKey)
{
$binarySignature = '';
try {
openssl_sign(
$string,
$binarySignature,
$privateKey,
\OPENSSL_ALGO_SHA256
);
} catch (Exception $exception) {
throw new InvalidArgumentException(
$exception->getMessage()
);
}
return base64_encode($binarySignature);
}
/**
* @param string $string
*
@@ -140,6 +150,8 @@ class Request
{
if (Credentials::hasMock()) {
$stack = HandlerStack::create(Credentials::getMock());
$history = Credentials::getHandlerHistory();
$stack->push($history);
} else {
$stack = HandlerStack::create();
}

35
Server/vendor/alibabacloud/credentials/src/RsaKeyPairCredential.php vendored
View File

@@ -2,13 +2,16 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Providers\RsaKeyPairProvider;
use AlibabaCloud\Credentials\Providers\RsaKeyPairCredentialsProvider;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
use AlibabaCloud\Credentials\Utils\Filter;
use Exception;
use GuzzleHttp\Exception\GuzzleException;
use InvalidArgumentException;
/**
* @deprecated
* Use the RSA key pair to complete the authentication (supported only on Japanese site)
*/
class RsaKeyPairCredential implements CredentialsInterface
@@ -19,6 +22,11 @@ class RsaKeyPairCredential implements CredentialsInterface
*/
private $publicKeyId;
/**
* @var string
*/
private $privateKeyFile;
/**
* @var string
*/
@@ -42,7 +50,8 @@ class RsaKeyPairCredential implements CredentialsInterface
Filter::privateKeyFile($private_key_file);
$this->publicKeyId = $public_key_id;
$this->config = $config;
$this->privateKeyFile = $private_key_file;
$this->config = $config;
try {
$this->privateKey = file_get_contents($private_key_file);
} catch (Exception $exception) {
@@ -117,13 +126,17 @@ class RsaKeyPairCredential implements CredentialsInterface
}
/**
* @return StsCredential
* @return AlibabaCloud\Credentials\Providers\Credentials
* @throws Exception
* @throws GuzzleException
*/
protected function getSessionCredential()
{
return (new RsaKeyPairProvider($this))->get();
$params = [
'publicKeyId' => $this->publicKeyId,
'privateKeyFile' => $this->privateKeyFile,
];
return (new RsaKeyPairCredentialsProvider($params))->getCredentials();
}
/**
@@ -155,4 +168,18 @@ class RsaKeyPairCredential implements CredentialsInterface
{
return $this->getSessionCredential()->getExpiration();
}
/**
* @inheritDoc
*/
public function getCredential()
{
$credentials = $this->getSessionCredential();
return new CredentialModel([
'accessKeyId' => $credentials->getAccessKeyId(),
'accessKeySecret' => $credentials->getAccessKeySecret(),
'securityToken' => $credentials->getSecurityToken(),
'type' => 'rsa_key_pair',
]);
}
}

23
Server/vendor/alibabacloud/credentials/src/StsCredential.php vendored
View File

@@ -2,9 +2,12 @@
namespace AlibabaCloud\Credentials;
use AlibabaCloud\Credentials\Utils\Filter;
use AlibabaCloud\Credentials\Credential\CredentialModel;
use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
/**
* @deprecated
* Use the STS Token to complete the authentication.
*/
class StsCredential implements CredentialsInterface
@@ -42,10 +45,10 @@ class StsCredential implements CredentialsInterface
{
Filter::accessKey($access_key_id, $access_key_secret);
Filter::expiration($expiration);
$this->accessKeyId = $access_key_id;
$this->accessKeyId = $access_key_id;
$this->accessKeySecret = $access_key_secret;
$this->expiration = $expiration;
$this->securityToken = $security_token;
$this->expiration = $expiration;
$this->securityToken = $security_token;
}
/**
@@ -95,4 +98,18 @@ class StsCredential implements CredentialsInterface
{
return new ShaHmac1Signature();
}
/**
* @inheritDoc
*/
public function getCredential()
{
return new CredentialModel([
'accessKeyId' => $this->accessKeyId,
'accessKeySecret' => $this->accessKeySecret,
'securityToken' => $this->securityToken,
'type' => 'sts',
]);
}
}

233
Server/vendor/alibabacloud/credentials/src/Utils/Filter.php vendored Normal file
View File

@@ -0,0 +1,233 @@
<?php
namespace AlibabaCloud\Credentials\Utils;
use InvalidArgumentException;
/**
* Class Filter
*
* @package AlibabaCloud\Credentials\Utils
*/
class Filter
{
/**
* @param $name
*
* @codeCoverageIgnore
* @return string
*/
public static function credentialName($name)
{
if (!is_string($name)) {
throw new InvalidArgumentException('Name must be a string');
}
if ($name === '') {
throw new InvalidArgumentException('Name cannot be empty');
}
return $name;
}
/**
* @param $bearerToken
*
* @return mixed
* @throws InvalidArgumentException
*/
public static function bearerToken($bearerToken)
{
if (!is_string($bearerToken)) {
throw new InvalidArgumentException('bearerToken must be a string');
}
if ($bearerToken === '') {
throw new InvalidArgumentException('bearerToken cannot be empty');
}
return $bearerToken;
}
/**
* @param $publicKeyId
*
* @return mixed
*/
public static function publicKeyId($publicKeyId)
{
if (!is_string($publicKeyId)) {
throw new InvalidArgumentException('publicKeyId must be a string');
}
if ($publicKeyId === '') {
throw new InvalidArgumentException('publicKeyId cannot be empty');
}
return $publicKeyId;
}
/**
* @param $privateKeyFile
*
* @return mixed
*/
public static function privateKeyFile($privateKeyFile)
{
if (!is_string($privateKeyFile)) {
throw new InvalidArgumentException('privateKeyFile must be a string');
}
if ($privateKeyFile === '') {
throw new InvalidArgumentException('privateKeyFile cannot be empty');
}
return $privateKeyFile;
}
/**
* @param string|null $roleName
*/
public static function roleName($roleName)
{
if ($roleName === null) {
return;
}
if (!is_string($roleName)) {
throw new InvalidArgumentException('roleName must be a string');
}
if ($roleName === '') {
throw new InvalidArgumentException('roleName cannot be empty');
}
}
/**
* @param boolean|null $disableIMDSv1
*/
public static function disableIMDSv1($disableIMDSv1)
{
if (!is_bool($disableIMDSv1)) {
throw new InvalidArgumentException('disableIMDSv1 must be a boolean');
}
}
/**
* @param string|null $roleArn
*/
public static function roleArn($roleArn)
{
if (is_null($roleArn) || $roleArn === '') {
throw new InvalidArgumentException('roleArn cannot be empty');
}
}
/**
* @param string|null $roleArn
*/
public static function oidcProviderArn($oidcProviderArn)
{
if (is_null($oidcProviderArn) || $oidcProviderArn === '') {
throw new InvalidArgumentException('oidcProviderArn cannot be empty');
}
}
/**
* @param string|null $roleArn
*/
public static function oidcTokenFilePath($oidcTokenFilePath)
{
if (is_null($oidcTokenFilePath) || $oidcTokenFilePath === '') {
throw new InvalidArgumentException('oidcTokenFilePath cannot be empty');
}
}
/**
* @param string $accessKeyId
* @param string $accessKeySecret
*/
public static function accessKey($accessKeyId, $accessKeySecret)
{
if (!is_string($accessKeyId)) {
throw new InvalidArgumentException('accessKeyId must be a string');
}
if ($accessKeyId === '') {
throw new InvalidArgumentException('accessKeyId cannot be empty');
}
if (!is_string($accessKeySecret)) {
throw new InvalidArgumentException('accessKeySecret must be a string');
}
if ($accessKeySecret === '') {
throw new InvalidArgumentException('accessKeySecret cannot be empty');
}
}
/**
* @param string $securityToken
*/
public static function securityToken($securityToken)
{
if (!is_string($securityToken)) {
throw new InvalidArgumentException('securityToken must be a string');
}
if ($securityToken === '') {
throw new InvalidArgumentException('securityToken cannot be empty');
}
}
/**
* @param int $expiration
*/
public static function expiration($expiration)
{
if (!is_int($expiration)) {
throw new InvalidArgumentException('expiration must be a int');
}
}
/**
* @param int $connectTimeout
* @param int $readTimeout
*/
public static function timeout($connectTimeout, $readTimeout)
{
if (!is_int($connectTimeout)) {
throw new InvalidArgumentException('connectTimeout must be a int');
}
if (!is_int($readTimeout)) {
throw new InvalidArgumentException('readTimeout must be a int');
}
}
/**
* @param string|null $credentialsURI
*/
public static function credentialsURI($credentialsURI)
{
if (!is_string($credentialsURI)) {
throw new InvalidArgumentException('credentialsURI must be a string');
}
if ($credentialsURI === '') {
throw new InvalidArgumentException('credentialsURI cannot be empty');
}
}
/**
* @param boolean|null $reuseLastProviderEnabled
*/
public static function reuseLastProviderEnabled($reuseLastProviderEnabled)
{
if (!is_bool($reuseLastProviderEnabled)) {
throw new InvalidArgumentException('reuseLastProviderEnabled must be a boolean');
}
}
}

53
Server/vendor/alibabacloud/credentials/src/Helper.php → Server/vendor/alibabacloud/credentials/src/Utils/Helper.php vendored
View File

@@ -1,13 +1,15 @@
<?php
namespace AlibabaCloud\Credentials;
namespace AlibabaCloud\Credentials\Utils;
use AlibabaCloud\Credentials\Credential;
use org\bovigo\vfs\vfsStream;
use Closure;
/**
* Class Helper
*
* @package AlibabaCloud\Credentials
* @package AlibabaCloud\Credentials\Utils
*/
class Helper
{
@@ -51,6 +53,10 @@ class Helper
if (!$open_basedir) {
return true;
}
if (0 === strpos($filename, vfsStream::SCHEME)) {
// 虚拟文件忽略
return true;
}
$dirs = explode(PATH_SEPARATOR, $open_basedir);
@@ -199,4 +205,47 @@ class Helper
dump(...$parameters);
exit;
}
/**
* Snake to camel case.
*
* @param string $str
*
* @return string
*/
public static function snakeToCamelCase($str)
{
$components = explode('_', $str);
$camelCaseStr = $components[0];
for ($i = 1; $i < count($components); $i++) {
$camelCaseStr .= ucfirst($components[$i]);
}
return $camelCaseStr;
}
/**
* Get user agent.
*
* @param string $userAgent
*
* @return string
*/
public static function getUserAgent()
{
return sprintf('AlibabaCloud (%s; %s) PHP/%s Credentials/%s TeaDSL/1', PHP_OS, \PHP_SAPI, PHP_VERSION, Credential::VERSION);
}
/**
* @param array $arrays
* @param string $key
*
* @return mix
*/
public static function unsetReturnNull(array $arrays, $key)
{
if(isset($arrays[$key])) {
return $arrays[$key];
}
return null;
}
}

26
Server/vendor/alibabacloud/credentials/src/MockTrait.php → Server/vendor/alibabacloud/credentials/src/Utils/MockTrait.php vendored
View File

@@ -1,18 +1,19 @@
<?php
namespace AlibabaCloud\Credentials;
namespace AlibabaCloud\Credentials\Utils;
use Exception;
use GuzzleHttp\Exception\RequestException;
use GuzzleHttp\Handler\MockHandler;
use GuzzleHttp\Psr7\Response;
use GuzzleHttp\Middleware;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
/**
* Trait MockTrait
*
* @package AlibabaCloud\Credentials
* @package AlibabaCloud\Credentials\Utils
*/
trait MockTrait
{
@@ -21,6 +22,11 @@ trait MockTrait
*/
private static $mockQueue = [];
/**
* @var array
*/
private static $history = [];
/**
* @var MockHandler
*/
@@ -46,6 +52,14 @@ trait MockTrait
self::$mock = new MockHandler(self::$mockQueue);
}
/**
* @return MockHandler
*/
public static function getHandlerHistory()
{
return Middleware::history(self::$history);
}
/**
* @param string $message
* @param RequestInterface $request
@@ -95,4 +109,12 @@ trait MockTrait
{
return self::$mock;
}
/**
* @return array
*/
public static function getHistroy()
{
return self::$history;
}
}