import STS from 'qcloud-cos-sts' export interface TempKeyResult { credentials: { tmpSecretId: string tmpSecretKey: string sessionToken: string } startTime: number expiredTime: number } export function getBucketName(): string { const bucket = process.env.COS_BUCKET || '' const appid = process.env.COS_APPID || '' if (bucket.includes('-')) { return bucket } return `${bucket}-${appid}` } export async function getTempKey(): Promise { const secretId = process.env.COS_SECRET_ID || '' const secretKey = process.env.COS_SECRET_KEY || '' const bucket = getBucketName() const region = process.env.COS_REGION || 'ap-guangzhou' const appid = process.env.COS_APPID || '' // Define the policy for upload permissions (limited to mini_game/images/*) const policy = { version: '2.0', statement: [ { action: [ 'name/cos:PutObject', 'name/cos:PostObject', ], effect: 'allow', principal: { qcs: ['qcs::cam::anyone:anyone'] }, resource: [ `qcs::cos:${region}:uid/${appid}:${bucket}/mini_game/images/*`, ], }, ], } return new Promise((resolve, reject) => { STS.getCredential( { secretId, secretKey, proxy: '', durationSeconds: 1800, policy, }, (err, data) => { if (err) { reject(err) return } const credentialData = data as { credentials: { tmpSecretId: string tmpSecretKey: string sessionToken: string } startTime: number expiredTime: number } resolve({ credentials: { tmpSecretId: credentialData.credentials.tmpSecretId, tmpSecretKey: credentialData.credentials.tmpSecretKey, sessionToken: credentialData.credentials.sessionToken, }, startTime: credentialData.startTime, expiredTime: credentialData.expiredTime, }) } ) }) } export function getBucketConfig() { return { bucket: getBucketName(), region: process.env.COS_REGION || 'ap-guangzhou', } }