1、blob数据库共享访问签名、策略

TEAMModelOS.SDK/Module/AzureBlob/Implements/AzureBlobDBRepository.cs

@@ -15,6 +15,9 @@ using TEAMModelOS.SDK.Extension.SnowFlake;
 using TEAMModelOS.SDK.Context.Constant;
 using TEAMModelOS.SDK.Helper.Common.JsonHelper;
 using TEAMModelOS.SDK.Helper.Security.ShaHash;
+using Microsoft.Extensions.Configuration;
+using TEAMModelOS.SDK.Context.Configuration;
+using Microsoft.AspNetCore.Hosting;
 
 namespace TEAMModelOS.SDK.Module.AzureBlob.Implements
 {
@@ -23,8 +26,11 @@ namespace TEAMModelOS.SDK.Module.AzureBlob.Implements
         public CloudBlobClient blobClient;
         public CloudBlobContainer blobContainer;
         public AzureBlobOptions _options;
-        public AzureBlobDBRepository(AzureBlobOptions options)
+        public IConfiguration Configuration { get; }
+        public AzureBlobDBRepository(IConfiguration configuration, IWebHostEnvironment env, AzureBlobOptions options)
         {
+            Configuration = configuration;
+            BaseConfigModel.SetBaseConfig(Configuration, env.ContentRootPath, env.WebRootPath);
             _options = options;
             if (!string.IsNullOrEmpty(options.ConnectionString))
             {
@@ -474,27 +480,49 @@ namespace TEAMModelOS.SDK.Module.AzureBlob.Implements
 
 
         /// <summary>
-        /// Creates a shared access policy on the container.
+        /// 在容器上创建共享访问策略。
         /// </summary>
         /// <param name="container">A reference to the container.</param>
         /// <param name="policyName">The name of the stored access policy.</param>
-        static async Task CreateSharedAccessPolicyAsync(CloudBlobContainer container,
+        public async Task<bool> CreateSharedAccessPolicyAsync(string containerName,
             string policyName)
         {
+
+            blobContainer = GetSASBoloClent(containerName);
             //Create a new shared access policy and define its constraints.
             SharedAccessBlobPolicy sharedPolicy = new SharedAccessBlobPolicy()
             {
-                SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
-                Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List |
-                    SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create | SharedAccessBlobPermissions.Delete
+                SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15),
+                Permissions =  SharedAccessBlobPermissions.Delete
             };
 
             //Get the container's existing permissions.
-            BlobContainerPermissions permissions = await container.GetPermissionsAsync();
+            BlobContainerPermissions permissions = await blobContainer.GetPermissionsAsync();
 
-            //Add the new policy to the container's permissions, and set the container's permissions.
-            permissions.SharedAccessPolicies.Add(policyName, sharedPolicy);
-            await container.SetPermissionsAsync(permissions);
+            if (permissions.SharedAccessPolicies.Count < 5)
+            {
+                //Add the new policy to the container's permissions, and set the container's permissions.
+                permissions.SharedAccessPolicies.TryAdd(policyName, sharedPolicy);
+               await blobContainer.SetPermissionsAsync(permissions);
+                return true;
+            }
+            else return false;
+        }
+
+        /// <summary>
+        /// 删除容器上共享访问策略。
+        /// </summary>
+        /// <param name="container">A reference to the container.</param>
+        /// <param name="policyName">The name of the stored access policy.</param>
+        public async Task DeleteSharedAccessPolicyAsync(string containerName,
+            string policyName)
+        {
+
+            blobContainer = GetSASBoloClent(containerName);
+            BlobContainerPermissions permissions = await blobContainer.GetPermissionsAsync();
+            permissions.SharedAccessPolicies.Remove(policyName);
+            await blobContainer.SetPermissionsAsync(permissions);
+           
         }
 
 
@@ -552,14 +580,14 @@ namespace TEAMModelOS.SDK.Module.AzureBlob.Implements
         /// <param name="blobName"></param>
         /// <param name="policyName"></param>
         /// <returns></returns>
-        public string GetBlobSasUri(string containerName, string blobName, string policyName = null)
+        public string GetBlobSasUri(string containerName, string blobName, string TEAMModelId, string policyName = null)
         {
             string sasBlobToken;
-            blobContainer = blobClient.GetContainerReference(containerName);
+            blobContainer = GetSASBoloClent(containerName);
 
             // Get a reference to a blob within the container.
             // Note that the blob may not exist yet, but a SAS can still be created for it.
-            CloudBlockBlob blob = blobContainer.GetBlockBlobReference(blobName);
+            CloudBlockBlob blob = blobContainer.GetBlockBlobReference(TEAMModelId + "/" + blobName);
             if (policyName == null)
             {
                 // Create a new access policy and define its constraints.
@@ -569,7 +597,8 @@ namespace TEAMModelOS.SDK.Module.AzureBlob.Implements
                 {
                     // When the start time for the SAS is omitted, the start time is assumed to be the time when the storage service receives the request.
                     // Omitting the start time for a SAS that is effective immediately helps to avoid clock skew.
-                    SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
+                    SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-15),
+                    SharedAccessExpiryTime = DateTime.UtcNow.AddHours(2),
                     Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create
                 };
 
@@ -588,6 +617,15 @@ namespace TEAMModelOS.SDK.Module.AzureBlob.Implements
             return blob.Uri + sasBlobToken;
         }
 
-      
+        private  CloudBlobContainer GetSASBoloClent(string containerName)
+        {
+            AzureBlobOptions azureBlobOptions = Configuration.GetSection("Azure:Table").Get<AzureBlobOptions>();
+            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(azureBlobOptions.ConnectionString);
+            CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
+            CloudBlobContainer container = blobClient.GetContainerReference(containerName);
+            return container;
+        }
+
+
     }
 }

TEAMModelOS.SDK/Module/AzureBlob/Interfaces/IAzureBlobDBRepository.cs

@@ -17,7 +17,8 @@ namespace TEAMModelOS.SDK.Module.AzureBlob.Interfaces
         Task<AzureBlobModel> UploadFileByFolder(Stream fileSteam, string folder, string fileName, string fileSpace = "pptx", bool contentTypeDefault = true);
         Task<AzureBlobModel> UploadTextByFolder(string text, string folder, string fileName, string fileSpace = "pptx", bool contentTypeDefault = true);
         AzureBlobModel UploadFileByFolderNAsyn(Stream fileSteam, string folder, string fileName, string fileSpace = "pptx", bool contentTypeDefault = true);
-        string GetBlobSasUri(string containerName, string blobName, string policyName = null);
-
+        string GetBlobSasUri(string containerName, string blobName, string TEAMModelId, string policyName = null);
+        Task<bool> CreateSharedAccessPolicyAsync(string containerName, string policyName);
+        Task DeleteSharedAccessPolicyAsync(string containerName, string policyName);
     }
 }

TEAMModelOS/Controllers/Core/FileController.cs

@@ -154,17 +154,52 @@ namespace TEAMModelOS.Controllers.Syllabus
 
 
         /// <summary>
+        /// 获取共享访问签名 （读，写，新增）
         /// </summary>
-        /// <param name="request"></param>
+        /// <param name="azureBlobSASDto"></param>
         /// <returns></returns>
         [HttpPost("getBlobSAS")]
         public BaseJosnRPCResponse GetBlobSAS(JosnRPCRequest<AzureBlobSASDto> azureBlobSASDto)
         {
             JsonRPCResponseBuilder responseBuilder = new JsonRPCResponseBuilder();
             AzureBlobSASDto azureBlobSAS = azureBlobSASDto.@params;
-            string SAS = _azureBlobDBRepository.GetBlobSasUri(azureBlobSAS.ContainerName, azureBlobSAS.BlobName, azureBlobSAS.PolicyName);
+            //_azureBlobDBRepository.CreateSharedAccessPolicyAsync(azureBlobSAS.ContainerName, azureBlobSAS.PolicyName);
+            string SAS = _azureBlobDBRepository.GetBlobSasUri(azureBlobSAS.ContainerName, azureBlobSAS.BlobName, azureBlobSAS.TEAMModelId,azureBlobSAS.PolicyName);
             return responseBuilder.Data(SAS).build();
 
         }
+
+        /// <summary>
+        /// 创建共享访问策略 （删除权限）
+        /// </summary>
+        /// <param name="azureBlobSASDto"></param>
+        /// <returns></returns>
+        [HttpPost("CreateSharedAccessPolicy")]
+        public async Task<BaseJosnRPCResponse> CreateSharedAccessPolicyAsync(JosnRPCRequest<AzureBlobSASDto> azureBlobSASDto)
+        {
+            JsonRPCResponseBuilder responseBuilder = new JsonRPCResponseBuilder();
+            AzureBlobSASDto azureBlobSAS = azureBlobSASDto.@params;
+            bool flg = await _azureBlobDBRepository.CreateSharedAccessPolicyAsync(azureBlobSAS.ContainerName, azureBlobSAS.PolicyName);
+            //string SAS = _azureBlobDBRepository.GetBlobSasUri(azureBlobSAS.ContainerName, azureBlobSAS.BlobName, azureBlobSAS.TEAMModelId, azureBlobSAS.PolicyName);
+            return responseBuilder.Data(flg).build();
+
+        }
+
+        /// <summary>
+        /// 删除共享访问策略
+        /// </summary>
+        /// <param name="request"></param>
+        /// <returns></returns>
+        [HttpPost("DeleteSharedAccessPolicyAsync")]
+        public async Task<BaseJosnRPCResponse> DeleteSharedAccessPolicyAsync(JosnRPCRequest<AzureBlobSASDto> azureBlobSASDto)
+        {
+            JsonRPCResponseBuilder responseBuilder = new JsonRPCResponseBuilder();
+            AzureBlobSASDto azureBlobSAS = azureBlobSASDto.@params;
+             await _azureBlobDBRepository.DeleteSharedAccessPolicyAsync(azureBlobSAS.ContainerName, azureBlobSAS.PolicyName);
+            //string SAS = _azureBlobDBRepository.GetBlobSasUri(azureBlobSAS.ContainerName, azureBlobSAS.BlobName, azureBlobSAS.TEAMModelId, azureBlobSAS.PolicyName);
+            return responseBuilder.build();
+
+        }
+
     }
 }

TEAMModelOS/Models/AzureBlobSASDto.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading.Tasks;
 
@@ -7,9 +8,12 @@ namespace TEAMModelOS.Models
 {
     public class AzureBlobSASDto
     {
+        [Required(ErrorMessage = "{0} 必须填写")]
         public string ContainerName { get; set; }
+        [Required(ErrorMessage = "{0} 必须填写")]
         public string BlobName { get; set; }
         public string PolicyName { get; set; }
-
+        [Required(ErrorMessage = "{0} 必须填写")]
+        public string TEAMModelId { get; set; }
     }
 }