PHPackages                             overtrue/laravel-qcloud-federation-token - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. overtrue/laravel-qcloud-federation-token

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

overtrue/laravel-qcloud-federation-token
========================================

QCloud COS FederationToken generator for Laravel.

v5.0.1(1mo ago)179.5k↑192.9%3MITPHPPHP ^8.3CI passing

Since May 13Pushed 1mo ago1 watchersCompare

[ Source](https://github.com/overtrue/laravel-qcloud-federation-token)[ Packagist](https://packagist.org/packages/overtrue/laravel-qcloud-federation-token)[ GitHub Sponsors](https://github.com/overtrue)[ RSS](/packages/overtrue-laravel-qcloud-federation-token/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (10)Dependencies (24)Versions (24)Used By (0)

Laravel 腾讯云联合身份临时访问凭证生成器
------------------------

[](#laravel-腾讯云联合身份临时访问凭证生成器)

[![Laravel Octane Ready Status](https://camo.githubusercontent.com/1c218651cdc2c4d1b4e72a61bf34ce269474c7322d1e463f615e513789626afa/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4f6374616e63652d72656164792d677265656e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/1c218651cdc2c4d1b4e72a61bf34ce269474c7322d1e463f615e513789626afa/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4f6374616e63652d72656164792d677265656e3f7374796c653d666c61742d737175617265)[![GitHub release (latest SemVer)](https://camo.githubusercontent.com/31350f2af7f1bb3e30edc0ec7fcc7913d1f08482659df9bdc07f3af3beee7f4d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f6f766572747275652f6c61726176656c2d71636c6f75642d66656465726174696f6e2d746f6b656e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/31350f2af7f1bb3e30edc0ec7fcc7913d1f08482659df9bdc07f3af3beee7f4d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f6f766572747275652f6c61726176656c2d71636c6f75642d66656465726174696f6e2d746f6b656e3f7374796c653d666c61742d737175617265)[![GitHub License](https://camo.githubusercontent.com/f80e9469f4c4bb263e44c67cc378dbc2cf18bbf07369516d384e229a62a21261/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6f766572747275652f6c61726176656c2d71636c6f75642d66656465726174696f6e2d746f6b656e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/f80e9469f4c4bb263e44c67cc378dbc2cf18bbf07369516d384e229a62a21261/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6f766572747275652f6c61726176656c2d71636c6f75642d66656465726174696f6e2d746f6b656e3f7374796c653d666c61742d737175617265)[![Packagist Downloads](https://camo.githubusercontent.com/6b4dca6f1ac7791e84087516c78675618a8cefd9c75925a0d9ec5d761357e3d0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6f766572747275652f6c61726176656c2d71636c6f75642d66656465726174696f6e2d746f6b656e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/6b4dca6f1ac7791e84087516c78675618a8cefd9c75925a0d9ec5d761357e3d0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6f766572747275652f6c61726176656c2d71636c6f75642d66656465726174696f6e2d746f6b656e3f7374796c653d666c61742d737175617265)

Laravel [腾讯云联合身份临时访问凭证](https://cloud.tencent.com/document/product/1312/48195) 生成器，主要用于下发腾讯云联合身份临时访问凭证，比如前端直传等场景。

[![Sponsor me](https://github.com/overtrue/overtrue/raw/master/sponsor-me-button-s.svg?raw=true)](https://github.com/sponsors/overtrue)

开始之前，请您仔细阅读并理解一下官方文档：

- [获取联合身份临时访问凭证](https://cloud.tencent.com/document/product/1312/48195)
- [COS API 授权策略使用指引](https://cloud.tencent.com/document/product/436/31923)
- [条件键说明及使用示例](https://cloud.tencent.com/document/product/436/71307)
- [CAM 策略语法](https://cloud.tencent.com/document/product/598/10603)
- [临时证书](https://cloud.tencent.com/document/api/1312/48198#Credentials)
- [API Doctor(使用诊断)](https://console.cloud.tencent.com/api/diagnosis)
- [COS 自助诊断工具](https://console.cloud.tencent.com/cos/diagnose)

安装
--

[](#安装)

```
$ composer require overtrue/laravel-qcloud-federation-token -vvv
```

### 配置

[](#配置)

你可以通过以下命令将配置文件写入 `config/federation-token.php`:

```
$ php artisan vendor:publish --provider="Overtrue\\LaravelQCloudFederationToken\\QCloudFederationTokenServiceProvider"
```

**config/federation-token.php**

```
return [
    // 默认配置，strategies 下的每一个策略将合并此基础配置
    'default' => [
        'secret_id' => env('QCLOUD_COS_SECRET_ID', ''),
        'secret_key' => env('QCLOUD_COS_SECRET_KEY', ''),
        'region' => env('QCLOUD_COS_REGION', 'ap-guangzhou'),
        "effect" => "allow",

        // 全局变量，会被替换到所有策略中
        'variables' => [
            'uid' => env('QCLOUD_COS_APP_ID'),
            'region' => env('QCLOUD_COS_REGION', 'ap-guangzhou'),
            //...
        ],
    ],
    // strategies
    'strategies' => [
        // 策略名称，比如：image/avatar...
        'avatar' => [
            // 策略名称，可选
            'name' => 'avatar',

            // 临时凭证过期时间
            'expires_in' => 1800,

            // 将与默认配置合并
            'variables' => [
                'appid' => env('QCLOUD_COS_APP_ID'),
                'bucket' => env('QCLOUD_COS_BUCKET', ''),
                //...
            ],

            // Statement 请参考：https://cloud.tencent.com/document/product/598/10603
            "statements" => [
                [
                    "action" => [
                        // 这里建议不要随便修改，分片上传需要用到这些
                        'cos:ListParts',
                        'cos:PutObject',
                        'cos:PostObject',
                        'cos:InitiateMultipartUpload',
                        'cos:UploadPart',
                        'cos:CompleteMultipartUpload',
                        'cos:AbortMultipartUpload',
                        'cos:ListMultipartUploads',
                    ],
                    "resource" => [
                        "qcs::cos:ap-beijing:uid/:-///*",
                    ],
                    'condition' => [
                        'string_equal' => [
                            'cos:x-cos-forbid-overwrite' => 'true', // 禁止覆盖
                        ],
                    ],
                ]
            ],
            'headers' => [
                // statements 包含 x 类型的 condition 需要告诉客户端传递 header
                'x-cos-forbid-overwrite' => true,
            ]
        ],
    ],
];
```

配置语法请参考：

你可以根据使用场景配置多个策略，然后按策略分发访问凭证。

> **Warning**
>
> 注意：`condition` 中使用 `cos:content-type` 记得 urlencode, 不然遇到带+号的 MIME 将会失效，比如 `image/svg+xml`。

### 安全提醒

[](#安全提醒)

临时 token 规则配置不合理，可能会造成安全问题，请谨慎配置，请严格检查如下：

- 配置前请仔细阅读：[《用于前端直传 COS 的临时密钥安全指引》](https://cloud.tencent.com/document/product/436/40265)
- 策略有限制最大长度，不建议把策略配置得太多。
- 凭证生命周期不要设置过长。
- 避免使用主账号来生成凭证，专用的限制登录的 API 子账号。
- 按照[《条件键说明及使用示例》](https://cloud.tencent.com/document/product/436/71307) 添加请求限制如上传大小和类型等。
- 将账号权限控制在尽量小的范围内，避免越权操作。

### 变量替换

[](#变量替换)

在配置中难免会用到各种上下文变量或者一些动态 resouce 路径等，你可以在配置中指定 `variables` 变量来实现变量替换，例如：

> 仅 principal 和 resource 中的变量可以替换，其他变量不支持替换。

```
// config/federation-token.php
