├── .gitignore
├── README.md
├── config.json
├── index.js
├── package.json
└── policy
    ├── all_policy.txt
    ├── bucket_read_policy.txt
    └── bucket_read_write_policy.txt


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules/


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # A simple app server using STS
 2 | 
 3 | App Server一般作为一个企业的应用服务器，它管理着OSS的
 4 | AccessKeyId/AccessKeySecret，服务于众多的客户端。当客户端（移动端
 5 | /Web/Client等）需要访问OSS时，它们向App Server请求一个临时的token，并
 6 | 利用这个token从OSS下载或者向OSS上传文件。
 7 | 
 8 | App Server可以实现更复杂的策略，为不同的客户端提供不同权限的token，隔
 9 | 离不同的客户端的存储路径等。
10 | 
11 | 使用参考：https://help.aliyun.com/document_detail/oss/practice/ram_guide_dir/no_user_accout.html
12 | 
13 | ## Run
14 | 
15 | ### Checkout code
16 | 
17 |     git clone https://github.com/rockuw/node-sts-app-server.git
18 |     cd node-sts-app-server
19 | 
20 | ### Install dependencies
21 | 
22 |     npm install
23 | 
24 | ### Start server
25 | 
26 |     node index.js
27 | 
28 | ### Open in your browser
29 | 
30 | http://localhost:3000/
31 | 


--------------------------------------------------------------------------------
/config.json:
--------------------------------------------------------------------------------
1 | {
2 |   "AccessKeyId" : "",
3 |   "AccessKeySecret" : "",
4 |   "RoleArn" : "",
5 |   "TokenExpireTime" : "900",
6 |   "PolicyFile": "policy/all_policy.txt"
7 | }
8 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | var express = require('express');
 2 | var STS = require('ali-oss').STS;
 3 | var co = require('co');
 4 | var fs = require('fs');
 5 | var app = express();
 6 | 
 7 | app.get('/', function (req, res) {
 8 |   var conf = JSON.parse(fs.readFileSync('./config.json'));
 9 |   var policy;
10 |   if (conf.PolicyFile) {
11 |     policy = fs.readFileSync(conf.PolicyFile).toString('utf-8');
12 |   }
13 | 
14 |   var client = new STS({
15 |     accessKeyId: conf.AccessKeyId,
16 |     accessKeySecret: conf.AccessKeySecret,
17 |   });
18 | 
19 |   co(function* () {
20 |     var result = yield client.assumeRole(conf.RoleArn, policy, conf.TokenExpireTime);
21 |     console.log(result);
22 | 
23 |     res.set('Access-Control-Allow-Origin', '*');
24 |     res.set('Access-Control-Allow-METHOD', 'GET');
25 |     res.json({
26 |       AccessKeyId: result.credentials.AccessKeyId,
27 |       AccessKeySecret: result.credentials.AccessKeySecret,
28 |       SecurityToken: result.credentials.SecurityToken,
29 |       Expiration: result.credentials.Expiration
30 |     });
31 |   }).then(function () {
32 |     // pass
33 |   }).catch(function (err) {
34 |     console.log(err);
35 |     res.status(400).json(err.message);
36 |   });
37 | });
38 | 
39 | app.listen(3000, function () {
40 |   console.log('App started.');
41 | });
42 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "node-sts-app-server",
 3 |   "version": "1.0.0",
 4 |   "description": "Node.js STS app server",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "echo \"Error: no test specified\" && exit 1"
 8 |   },
 9 |   "keywords": [
10 |     "Node.js",
11 |     "STS",
12 |     "OSS"
13 |   ],
14 |   "author": "rockuw <rockuw@gmail.com>",
15 |   "license": "MIT",
16 |   "engines": {
17 |     "node": ">=4"
18 |   },
19 |   "dependencies": {
20 |     "ali-oss": "^4.0.1",
21 |     "co": "^4.6.0",
22 |     "express": "^4.13.4"
23 |   }
24 | }
25 | 


--------------------------------------------------------------------------------
/policy/all_policy.txt:
--------------------------------------------------------------------------------
 1 | {
 2 |   "Statement": [
 3 |     {
 4 |       "Action": [
 5 |         "oss:*"
 6 |       ],
 7 |       "Effect": "Allow",
 8 |       "Resource": ["acs:oss:*:*:*"]
 9 |     }
10 |   ],
11 |   "Version": "1"
12 | }
13 | 


--------------------------------------------------------------------------------
/policy/bucket_read_policy.txt:
--------------------------------------------------------------------------------
 1 | {
 2 |   "Statement": [
 3 |     {
 4 |       "Action": [
 5 |         "oss:GetObject",
 6 |         "oss:ListObjects"
 7 |       ],
 8 |       "Effect": "Allow",
 9 |       "Resource": ["acs:oss:*:*:$BUCKET_NAME/*", "acs:oss:*:*:$BUCKET_NAME"]
10 |     }
11 |   ],
12 |   "Version": "1"
13 | }
14 | 


--------------------------------------------------------------------------------
/policy/bucket_read_write_policy.txt:
--------------------------------------------------------------------------------
 1 | {
 2 |   "Statement": [
 3 |     {
 4 |       "Action": [
 5 |         "oss:GetObject",
 6 |         "oss:PutObject",
 7 |         "oss:DeleteObject",
 8 |         "oss:ListParts",
 9 |         "oss:AbortMultipartUpload",
10 |         "oss:ListObjects"
11 |       ],
12 |       "Effect": "Allow",
13 |       "Resource": ["acs:oss:*:*:$BUCKET_NAME/*", "acs:oss:*:*:$BUCKET_NAME"]
14 |     }
15 |   ],
16 |   "Version": "1"
17 | }
18 | 


--------------------------------------------------------------------------------