diff --git a/.env.example b/.env.example index d383af0..eaa7c8a 100755 --- a/.env.example +++ b/.env.example @@ -16,3 +16,16 @@ JWT_SECRET=your-secret-key-change-in-production SHORT_VIDEO_API_KEY=replace-with-real-key SHORT_VIDEO_FREE_QUOTA=20 SHORT_VIDEO_TIMEOUT_SECONDS=5 + +# 七牛直传配置(Kodo) +QINIU_ACCESS_KEY=replace-with-access-key +QINIU_SECRET_KEY=replace-with-secret-key +QINIU_BUCKET=replace-with-bucket +# 上传地址:可保持默认(自动调度),也可以配置具体 Region 的 up 域名 +QINIU_UPLOAD_URL=https://upload.qiniup.com +# CDN 域名(可选):用于拼接最终访问地址,例如 https://cdn.example.com +QINIU_CDN_DOMAIN= +# 上传 key 前缀(可选) +QINIU_KEY_PREFIX=uploads/ +# token 有效期(秒) +QINIU_TOKEN_EXPIRE_SECONDS=300 diff --git a/cmd/api/main.go b/cmd/api/main.go index 9abfed8..89ddbe1 100644 --- a/cmd/api/main.go +++ b/cmd/api/main.go @@ -6,14 +6,16 @@ import ( "github.com/gin-gonic/gin" "wx_service/config" + authhandler "wx_service/internal/common/auth/handler" + authservice "wx_service/internal/common/auth/service" + commonhandler "wx_service/internal/common/handler" + commonservice "wx_service/internal/common/service" "wx_service/internal/database" - "wx_service/internal/handler" "wx_service/internal/model" rmhandler "wx_service/internal/remove_watermark/handler" rmmodel "wx_service/internal/remove_watermark/model" rmservice "wx_service/internal/remove_watermark/service" "wx_service/internal/routes" - "wx_service/internal/service" smokehandler "wx_service/internal/smoke/handler" smokemodel "wx_service/internal/smoke/model" smokeservice "wx_service/internal/smoke/service" @@ -43,9 +45,9 @@ func main() { router := gin.Default() // 5) 依赖注入:先创建 service,再创建 handler(handler 只关心 HTTP 输入/输出) - miniProgramService := service.NewMiniProgramService(database.DB) - authService := service.NewAuthService(database.DB, miniProgramService) - authHandler := handler.NewAuthHandler(authService) + miniProgramService := authservice.NewMiniProgramService(database.DB) + authService := authservice.NewAuthService(database.DB, miniProgramService) + authHandler := authhandler.NewAuthHandler(authService) videoService, err := rmservice.NewVideoService(database.DB, config.AppConfig.ShortVideo) if err != nil { log.Fatalf("init video service failed: %v", err) @@ -55,8 +57,11 @@ func main() { smokeLogService := smokeservice.NewSmokeLogService(database.DB) smokeHandler := smokehandler.NewSmokeHandler(smokeLogService) + qiniuService := commonservice.NewQiniuService(config.AppConfig.Qiniu) + uploadHandler := commonhandler.NewUploadHandler(qiniuService) + // 6) 注册路由:把 URL 映射到 handler - routes.Register(router, database.DB, authHandler, videoHandler, smokeHandler) + routes.Register(router, database.DB, authHandler, videoHandler, smokeHandler, uploadHandler) // 7) 启动监听端口 addr := ":" + config.AppConfig.Server.Port diff --git a/config/config.go b/config/config.go index f8e4d68..b74d5e9 100755 --- a/config/config.go +++ b/config/config.go @@ -14,6 +14,7 @@ type Config struct { Database DatabaseConfig JWT JWTConfig ShortVideo ShortVideoConfig + Qiniu QiniuConfig } type ServerConfig struct { @@ -40,6 +41,18 @@ type ShortVideoConfig struct { RequestTimeout time.Duration } +// QiniuConfig 用于七牛云(Kodo)直传相关配置。 +// 前端通常会向后端请求 upload token,然后直传文件到七牛。 +type QiniuConfig struct { + AccessKey string + SecretKey string + Bucket string + UploadURL string + CDNDomain string + KeyPrefix string + TokenExpireSeconds int +} + var AppConfig *Config func LoadConfig() { @@ -69,6 +82,15 @@ func LoadConfig() { FreeDailyQuota: getEnvAsInt("SHORT_VIDEO_FREE_QUOTA", 20), RequestTimeout: time.Duration(getEnvAsInt("SHORT_VIDEO_TIMEOUT_SECONDS", 5)) * time.Second, }, + Qiniu: QiniuConfig{ + AccessKey: getEnv("QINIU_ACCESS_KEY", ""), + SecretKey: getEnv("QINIU_SECRET_KEY", ""), + Bucket: getEnv("QINIU_BUCKET", ""), + UploadURL: getEnv("QINIU_UPLOAD_URL", "https://upload.qiniup.com"), + CDNDomain: getEnv("QINIU_CDN_DOMAIN", ""), + KeyPrefix: getEnv("QINIU_KEY_PREFIX", "uploads/"), + TokenExpireSeconds: getEnvAsInt("QINIU_TOKEN_EXPIRE_SECONDS", 300), + }, } } diff --git a/docs/README.md b/docs/README.md index 8913c4e..97ac955 100644 --- a/docs/README.md +++ b/docs/README.md @@ -7,6 +7,7 @@ - `docs/common/README.md` - `docs/common/auth.md` - `docs/common/response.md` +- `docs/common/upload_qiniu.md` ## 去水印小程序 diff --git a/docs/common/README.md b/docs/common/README.md index 86f31a3..322a90a 100644 --- a/docs/common/README.md +++ b/docs/common/README.md @@ -23,3 +23,6 @@ 除登录接口外,其他接口都需要携带登录后返回的 `session_key`(见:`docs/common/auth.md`)。 +## 上传(七牛直传) + +- `docs/common/upload_qiniu.md` diff --git a/docs/common/upload_qiniu.md b/docs/common/upload_qiniu.md new file mode 100644 index 0000000..3adfef0 --- /dev/null +++ b/docs/common/upload_qiniu.md @@ -0,0 +1,76 @@ +# 七牛(Kodo)直传:获取上传凭证 + +用途:小程序/前端把文件直接上传到七牛(CDN 源站),后端只负责签发上传 token,减少带宽与压力。 + +## 前置条件 + +- 已完成登录并拿到 `session_key`(见:`docs/common/auth.md`) +- 已配置 `.env` 中的七牛参数(见:`.env.example`) + +## 接口 + +`POST /api/v1/common/upload/qiniu/token` + +Header: + +``` +Authorization: Bearer +Content-Type: application/json +``` + +请求体(可选): + +```json +{ + "filename": "avatar.png" +} +``` + +说明: +- `filename` 仅用于提取文件后缀(例如 `.png`),以便后端生成带后缀的 `key`;不传也可以。 + +成功响应示例: + +```json +{ + "code": 200, + "message": "success", + "data": { + "token": "xxx", + "key": "uploads/mp_1/user_123/20251231/ab12cd34ef....png", + "upload_url": "https://upload.qiniup.com", + "expire": 1767150000, + "cdn_domain": "https://cdn.example.com" + } +} +``` + +字段说明: +- `token`:七牛上传凭证(uptoken) +- `key`:后端生成的对象 key,上传时必须使用该 key +- `upload_url`:上传入口(表单上传 URL) +- `expire`:token 过期时间(Unix 秒) +- `cdn_domain`:可选;如果配置了,可用 `cdn_domain + "/" + key` 拼出访问 URL + +## 使用示例(curl 直传) + +1) 先请求 token: + +```bash +curl -X POST 'http://127.0.0.1:8080/api/v1/common/upload/qiniu/token' \ + -H 'Content-Type: application/json' \ + -H 'Authorization: Bearer wx-session-key' \ + -d '{"filename":"avatar.png"}' +``` + +2) 再把文件直传七牛(multipart/form-data): + +```bash +curl -X POST 'https://upload.qiniup.com' \ + -F "token=上一步返回的 token" \ + -F "key=上一步返回的 key" \ + -F "file=@./avatar.png" +``` + +七牛成功时会返回 JSON(字段可能因配置不同略有差异),其中一般会包含 `key/hash`。 + diff --git a/internal/handler/auth_handler.go b/internal/common/auth/handler/auth_handler.go similarity index 98% rename from internal/handler/auth_handler.go rename to internal/common/auth/handler/auth_handler.go index 3579990..b4d9d1a 100644 --- a/internal/handler/auth_handler.go +++ b/internal/common/auth/handler/auth_handler.go @@ -6,8 +6,8 @@ import ( "github.com/gin-gonic/gin" + "wx_service/internal/common/auth/service" "wx_service/internal/model" - "wx_service/internal/service" ) type AuthHandler struct { diff --git a/internal/service/auth_service.go b/internal/common/auth/service/auth_service.go similarity index 100% rename from internal/service/auth_service.go rename to internal/common/auth/service/auth_service.go diff --git a/internal/service/mini_program_service.go b/internal/common/auth/service/mini_program_service.go similarity index 100% rename from internal/service/mini_program_service.go rename to internal/common/auth/service/mini_program_service.go diff --git a/internal/service/wechat_client.go b/internal/common/auth/service/wechat_client.go similarity index 100% rename from internal/service/wechat_client.go rename to internal/common/auth/service/wechat_client.go diff --git a/internal/common/handler/upload_handler.go b/internal/common/handler/upload_handler.go new file mode 100644 index 0000000..ab74a7a --- /dev/null +++ b/internal/common/handler/upload_handler.go @@ -0,0 +1,50 @@ +package handler + +import ( + "errors" + "net/http" + + "github.com/gin-gonic/gin" + + "wx_service/internal/common/service" + "wx_service/internal/middleware" + "wx_service/internal/model" +) + +type UploadHandler struct { + qiniuService *service.QiniuService +} + +func NewUploadHandler(qiniuService *service.QiniuService) *UploadHandler { + return &UploadHandler{qiniuService: qiniuService} +} + +type qiniuTokenRequest struct { + // filename 用于保留文件后缀(可选),例如:"a.png"、"video.mp4" + Filename string `json:"filename"` +} + +// QiniuToken 返回七牛直传所需的 token/key/upload_url 等信息。 +// 建议放在鉴权后:用当前登录用户生成 key,避免前端写入任意路径。 +func (h *UploadHandler) QiniuToken(c *gin.Context) { + user, ok := middleware.CurrentUser(c) + if !ok { + c.JSON(http.StatusUnauthorized, model.Error(http.StatusUnauthorized, "未登录或登录已过期")) + return + } + + var req qiniuTokenRequest + _ = c.ShouldBindJSON(&req) // filename 可选,解析失败也不影响生成 token + + token, err := h.qiniuService.CreateUploadToken(user.MiniProgramID, user.ID, req.Filename) + if err != nil { + if errors.Is(err, service.ErrQiniuNotConfigured) { + c.JSON(http.StatusServiceUnavailable, model.Error(http.StatusServiceUnavailable, "未配置七牛上传服务,请联系管理员")) + return + } + c.JSON(http.StatusInternalServerError, model.Error(http.StatusInternalServerError, "获取上传凭证失败,请稍后重试")) + return + } + + c.JSON(http.StatusOK, model.Success(token)) +} diff --git a/internal/common/service/qiniu_service.go b/internal/common/service/qiniu_service.go new file mode 100644 index 0000000..4d5a6da --- /dev/null +++ b/internal/common/service/qiniu_service.go @@ -0,0 +1,122 @@ +package service + +import ( + "crypto/hmac" + "crypto/rand" + "crypto/sha1" + "encoding/base64" + "encoding/hex" + "encoding/json" + "errors" + "fmt" + "path" + "regexp" + "strings" + "time" + + "wx_service/config" +) + +var ( + ErrQiniuNotConfigured = errors.New("qiniu is not configured") +) + +type QiniuService struct { + cfg config.QiniuConfig +} + +func NewQiniuService(cfg config.QiniuConfig) *QiniuService { + return &QiniuService{cfg: cfg} +} + +type QiniuUploadToken struct { + Token string `json:"token"` + Key string `json:"key"` + UploadURL string `json:"upload_url"` + ExpireAt int64 `json:"expire"` + CDNDomain string `json:"cdn_domain"` +} + +var extPattern = regexp.MustCompile(`^\.[a-z0-9]{1,10}$`) + +func (s *QiniuService) CreateUploadToken(miniProgramID uint, userID uint, filename string) (QiniuUploadToken, error) { + if s.cfg.AccessKey == "" || s.cfg.SecretKey == "" || s.cfg.Bucket == "" { + return QiniuUploadToken{}, ErrQiniuNotConfigured + } + + expireSeconds := s.cfg.TokenExpireSeconds + if expireSeconds <= 0 { + expireSeconds = 300 + } + expireAt := time.Now().Add(time.Duration(expireSeconds) * time.Second).Unix() + + ext := strings.ToLower(path.Ext(filename)) + if !extPattern.MatchString(ext) { + ext = "" + } + + randomHex, err := randomHex(16) + if err != nil { + return QiniuUploadToken{}, fmt.Errorf("generate random key: %w", err) + } + + // 统一由后端生成 key,避免前端随意写入任意路径。 + // 这里按“业务前缀/小程序/用户/日期/随机名”组织,便于后期排查与管理。 + keyPrefix := strings.Trim(s.cfg.KeyPrefix, "/") + key := fmt.Sprintf("%s/mp_%d/user_%d/%s/%s%s", + keyPrefix, + miniProgramID, + userID, + time.Now().Format("20060102"), + randomHex, + ext, + ) + + putPolicy := map[string]interface{}{ + // scope = ":" 表示只允许写入指定 key(更安全) + "scope": fmt.Sprintf("%s:%s", s.cfg.Bucket, key), + "deadline": expireAt, + // 上传完成后返回给前端的 JSON(七牛会做变量替换) + "returnBody": `{"key":"$(key)","hash":"$(etag)","fsize":$(fsize),"mimeType":"$(mimeType)"}`, + } + + policyJSON, err := json.Marshal(putPolicy) + if err != nil { + return QiniuUploadToken{}, fmt.Errorf("marshal put policy: %w", err) + } + + encodedPolicy := urlSafeBase64NoPad(policyJSON) + sign := hmacSHA1([]byte(s.cfg.SecretKey), []byte(encodedPolicy)) + encodedSign := urlSafeBase64NoPad(sign) + + token := fmt.Sprintf("%s:%s:%s", s.cfg.AccessKey, encodedSign, encodedPolicy) + + return QiniuUploadToken{ + Token: token, + Key: key, + UploadURL: s.cfg.UploadURL, + ExpireAt: expireAt, + CDNDomain: s.cfg.CDNDomain, + }, nil +} + +func hmacSHA1(secret []byte, data []byte) []byte { + mac := hmac.New(sha1.New, secret) + mac.Write(data) + return mac.Sum(nil) +} + +func urlSafeBase64NoPad(data []byte) string { + return base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(data) +} + +func randomHex(nBytes int) (string, error) { + if nBytes <= 0 { + return "", fmt.Errorf("invalid random bytes length") + } + buf := make([]byte, nBytes) + if _, err := rand.Read(buf); err != nil { + return "", err + } + return hex.EncodeToString(buf), nil +} diff --git a/internal/routes/common_routes.go b/internal/routes/common_routes.go new file mode 100644 index 0000000..fdc806e --- /dev/null +++ b/internal/routes/common_routes.go @@ -0,0 +1,16 @@ +package routes + +import ( + "github.com/gin-gonic/gin" + + commonhandler "wx_service/internal/common/handler" +) + +func registerCommonRoutes(protected *gin.RouterGroup, uploadHandler *commonhandler.UploadHandler) { + // 公共接口(所有小程序共用) + common := protected.Group("/common") + { + // 七牛直传凭证:前端先拿 token,再直传文件到七牛 upload_url + common.POST("/upload/qiniu/token", uploadHandler.QiniuToken) + } +} diff --git a/internal/routes/routes.go b/internal/routes/routes.go index 5234e5f..7e94dcc 100644 --- a/internal/routes/routes.go +++ b/internal/routes/routes.go @@ -6,7 +6,8 @@ import ( "github.com/gin-gonic/gin" "gorm.io/gorm" - "wx_service/internal/handler" + authhandler "wx_service/internal/common/auth/handler" + commonhandler "wx_service/internal/common/handler" "wx_service/internal/middleware" rmhandler "wx_service/internal/remove_watermark/handler" smokehandler "wx_service/internal/smoke/handler" @@ -15,9 +16,10 @@ import ( func Register( router *gin.Engine, db *gorm.DB, - authHandler *handler.AuthHandler, + authHandler *authhandler.AuthHandler, videoHandler *rmhandler.VideoHandler, smokeHandler *smokehandler.SmokeHandler, + uploadHandler *commonhandler.UploadHandler, ) { // Register 用来集中注册所有 HTTP 路由,便于工程结构更清晰: // - main 只负责初始化(配置/DB/依赖注入) @@ -31,6 +33,7 @@ func Register( protected := api.Group("") protected.Use(middleware.AuthMiddleware(db)) { + registerCommonRoutes(protected, uploadHandler) registerRemoveWatermarkRoutes(protected, videoHandler) registerSmokeRoutes(protected, smokeHandler) }