Files
geo/server/internal/shared/objectstorage/aliyun.go
T
root 5f6e9f11da
Desktop Client Build / Resolve Build Metadata (push) Successful in 19s
Frontend CI / Frontend (push) Successful in 3m20s
Backend CI / Backend (push) Successful in 16m48s
Desktop Client Build / Build Desktop Client (push) Successful in 24m46s
Desktop Client Build / Publish Client Artifacts to NAS (push) Successful in 37s
feat(desktop): add client release updater
2026-05-25 19:23:49 +08:00

361 lines
9.1 KiB
Go

package objectstorage
import (
"bytes"
"context"
"fmt"
"io"
"strings"
"time"
"github.com/aliyun/aliyun-oss-go-sdk/oss"
"go.uber.org/zap"
"github.com/geo-platform/tenant-api/internal/shared/config"
"github.com/geo-platform/tenant-api/internal/shared/middleware"
)
type aliyunClient struct {
client *oss.Client
bucket string
logger *zap.Logger
cfg config.ObjectStorageConfig
}
func NewAliyunClient(cfg config.ObjectStorageConfig, logger *zap.Logger) Client {
endpoint := strings.TrimSpace(cfg.Endpoint)
accessKey := strings.TrimSpace(cfg.AccessKey)
secretKey := strings.TrimSpace(cfg.SecretKey)
bucket := strings.TrimSpace(cfg.Bucket)
region := strings.TrimSpace(cfg.Region)
if endpoint == "" || accessKey == "" || secretKey == "" || bucket == "" || region == "" {
return disabledClient{reason: "missing object_storage aliyun endpoint/access_key/secret_key/bucket/region"}
}
endpointURL, err := parseURLWithScheme(endpoint, boolScheme(cfg.UseSSL))
if err != nil {
return disabledClient{reason: fmt.Sprintf("parse aliyun endpoint failed: %v", err)}
}
client, err := oss.New(
endpointURL.String(),
accessKey,
secretKey,
oss.AuthVersion(oss.AuthV4),
oss.Region(region),
)
if err != nil {
return disabledClient{reason: fmt.Sprintf("init aliyun oss client failed: %v", err)}
}
return &aliyunClient{
client: client,
bucket: bucket,
logger: logger,
cfg: cfg,
}
}
func (c *aliyunClient) Validate() error {
if c == nil || c.client == nil {
return fmt.Errorf("%w: aliyun oss client is not initialized", ErrNotConfigured)
}
if strings.TrimSpace(c.bucket) == "" {
return fmt.Errorf("%w: aliyun bucket is empty", ErrNotConfigured)
}
if strings.TrimSpace(c.cfg.Region) == "" {
return fmt.Errorf("%w: aliyun region is empty", ErrNotConfigured)
}
return nil
}
func (c *aliyunClient) PutBytes(ctx context.Context, objectKey string, content []byte, contentType string) error {
if err := c.Validate(); err != nil {
return err
}
if strings.TrimSpace(objectKey) == "" {
return fmt.Errorf("object key is required")
}
exists, err := c.client.IsBucketExist(c.bucket)
if err != nil {
c.logError(ctx, "aliyun bucket exists check failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return fmt.Errorf("check aliyun bucket: %w", err)
}
if !exists {
if err := c.client.CreateBucket(c.bucket); err != nil {
c.logError(ctx, "aliyun create bucket failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return fmt.Errorf("create aliyun bucket: %w", err)
}
}
bucket, err := c.client.Bucket(c.bucket)
if err != nil {
c.logError(ctx, "aliyun get bucket failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return fmt.Errorf("get aliyun bucket: %w", err)
}
options, err := aliyunPutObjectOptions(c.cfg, contentType)
if err != nil {
return err
}
if err := bucket.PutObject(objectKey, bytes.NewReader(content), options...); err != nil {
c.logError(ctx, "aliyun put object failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Int("content_size", len(content)),
zap.String("object_acl", strings.TrimSpace(c.cfg.ObjectACL)),
zap.String("content_type", contentType),
zap.String("aliyun_error_code", aliyunErrorCode(err)),
zap.String("aliyun_request_id", aliyunRequestID(err)),
zap.Int("aliyun_status_code", aliyunStatusCode(err)),
zap.Error(err),
)
return fmt.Errorf("put aliyun object: %w", err)
}
return nil
}
func aliyunPutObjectOptions(cfg config.ObjectStorageConfig, contentType string) ([]oss.Option, error) {
options := []oss.Option{oss.ContentType(contentType)}
acl := strings.ToLower(strings.TrimSpace(cfg.ObjectACL))
switch acl {
case "", "default":
return options, nil
case "private":
return append(options, oss.ObjectACL(oss.ACLPrivate)), nil
case "public-read":
return append(options, oss.ObjectACL(oss.ACLPublicRead)), nil
case "public-read-write":
return append(options, oss.ObjectACL(oss.ACLPublicReadWrite)), nil
default:
return nil, fmt.Errorf("unsupported aliyun oss object_acl %q", cfg.ObjectACL)
}
}
func aliyunErrorCode(err error) string {
serviceErr, ok := err.(oss.ServiceError)
if !ok {
return ""
}
return serviceErr.Code
}
func aliyunRequestID(err error) string {
serviceErr, ok := err.(oss.ServiceError)
if !ok {
return ""
}
return serviceErr.RequestID
}
func aliyunStatusCode(err error) int {
serviceErr, ok := err.(oss.ServiceError)
if !ok {
return 0
}
return serviceErr.StatusCode
}
func (c *aliyunClient) GetBytes(ctx context.Context, objectKey string) ([]byte, error) {
if err := c.Validate(); err != nil {
return nil, err
}
bucket, err := c.client.Bucket(c.bucket)
if err != nil {
c.logError(ctx, "aliyun get bucket failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return nil, fmt.Errorf("get aliyun bucket: %w", err)
}
reader, err := bucket.GetObject(objectKey)
if err != nil {
c.logError(ctx, "aliyun get object failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
if isAliyunObjectNotFound(err) {
return nil, fmt.Errorf("%w: %s", ErrObjectNotFound, objectKey)
}
return nil, fmt.Errorf("get aliyun object: %w", err)
}
defer reader.Close()
data, err := io.ReadAll(reader)
if err != nil {
c.logError(ctx, "aliyun read object failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return nil, fmt.Errorf("read aliyun object: %w", err)
}
return data, nil
}
func isAliyunObjectNotFound(err error) bool {
serviceErr, ok := err.(oss.ServiceError)
if !ok {
return false
}
return serviceErr.StatusCode == 404 ||
serviceErr.Code == "NoSuchKey" ||
serviceErr.Code == "NoSuchObject"
}
func (c *aliyunClient) Exists(ctx context.Context, objectKey string) (bool, error) {
if err := c.Validate(); err != nil {
return false, err
}
if strings.TrimSpace(objectKey) == "" {
return false, nil
}
bucket, err := c.client.Bucket(c.bucket)
if err != nil {
c.logError(ctx, "aliyun get bucket failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return false, fmt.Errorf("get aliyun bucket: %w", err)
}
exists, err := bucket.IsObjectExist(objectKey)
if err != nil {
c.logError(ctx, "aliyun stat object failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return false, fmt.Errorf("stat aliyun object: %w", err)
}
return exists, nil
}
func (c *aliyunClient) Delete(ctx context.Context, objectKey string) error {
if err := c.Validate(); err != nil {
return err
}
if strings.TrimSpace(objectKey) == "" {
return nil
}
bucket, err := c.client.Bucket(c.bucket)
if err != nil {
c.logError(ctx, "aliyun get bucket failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return fmt.Errorf("get aliyun bucket: %w", err)
}
if err := bucket.DeleteObject(objectKey); err != nil {
c.logError(ctx, "aliyun delete object failed",
zap.String("bucket", c.bucket),
zap.String("object_key", objectKey),
zap.Error(err),
)
return fmt.Errorf("delete aliyun object: %w", err)
}
return nil
}
func (c *aliyunClient) PublicURL(objectKey string) (string, error) {
if err := c.Validate(); err != nil {
return "", err
}
publicRead, err := c.isPublicReadable()
if err != nil {
return "", err
}
if !publicRead {
return c.signedURL(objectKey)
}
return buildPublicURL(c.cfg, objectKey, true)
}
func (c *aliyunClient) isPublicReadable() (bool, error) {
objectACL := strings.ToLower(strings.TrimSpace(c.cfg.ObjectACL))
if isPublicReadACL(objectACL) {
return true, nil
}
if objectACL != "" && objectACL != "default" {
return false, nil
}
bucketACL := strings.ToLower(strings.TrimSpace(c.cfg.BucketACL))
if bucketACL != "" {
return isPublicReadACL(bucketACL), nil
}
result, err := c.client.GetBucketACL(c.bucket)
if err != nil {
return false, fmt.Errorf("get aliyun bucket acl: %w", err)
}
return isPublicReadACL(result.ACL), nil
}
func (c *aliyunClient) signedURL(objectKey string) (string, error) {
objectKey = normalizeObjectKeyPath(objectKey)
if objectKey == "" {
return "", fmt.Errorf("object key is required")
}
bucket, err := c.client.Bucket(c.bucket)
if err != nil {
return "", fmt.Errorf("get aliyun bucket: %w", err)
}
ttl := c.cfg.SignedURLTTL
if ttl <= 0 {
ttl = 30 * time.Minute
}
return bucket.SignURL(objectKey, oss.HTTPGet, int64(ttl.Seconds()))
}
func isPublicReadACL(acl string) bool {
switch strings.ToLower(strings.TrimSpace(acl)) {
case "public-read", "public-read-write":
return true
default:
return false
}
}
func (c *aliyunClient) logError(ctx context.Context, msg string, fields ...zap.Field) {
if c == nil || c.logger == nil {
return
}
if requestID := middleware.RequestIDFromContext(ctx); requestID != "" {
fields = append(fields, zap.String("request_id", requestID))
}
c.logger.Error(msg, fields...)
}
func boolScheme(useSSL bool) string {
if useSSL {
return "https"
}
return "http"
}