shudao-main/shudao-go-backend/controllers/shudaooss.go

package controllers

import (
	"bytes"
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"image"
	"image/jpeg"
	"io"
	"math"
	"net/http"
	neturl "net/url"
	"path/filepath"
	"shudao-chat-go/utils"
	"strings"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/s3"
	"github.com/beego/beego/v2/server/web"
)

type ShudaoOssController struct {
	web.Controller
}

// OSS配置信息 - 延迟初始化
var (
	ossBucket    string
	ossAccessKey string
	ossSecretKey string
	ossEndpoint  string
	ossRegion    = "us-east-1"
	ossInited    = false
)

// initOSSConfig 延迟初始化OSS配置
func initOSSConfig() {
	if ossInited {
		return
	}
	ossConfig := utils.GetOSSConfig()
	ossBucket = ossConfig["bucket"]
	ossAccessKey = ossConfig["access_key"]
	ossSecretKey = ossConfig["secret_key"]
	ossEndpoint = ossConfig["endpoint"]
	ossInited = true
}

// 图片压缩配置
const (
	// 目标文件大小（字节）
	TargetFileSize = 200 * 1024 // 200KB
	// 最大图片尺寸（像素）- 作为备选方案
	MaxImageWidth  = 1920
	MaxImageHeight = 1080
	// JPEG压缩质量范围
	MinJPEGQuality = 10 // 最低质量
	MaxJPEGQuality = 95 // 最高质量
	// 是否启用图片压缩
	EnableImageCompression = true
)

// 上传响应结构
type UploadResponse struct {
	StatusCode int    `json:"statusCode"`
	Message    string `json:"message"`
	FileURL    string `json:"fileUrl"`
	FileName   string `json:"fileName"`
	FileSize   int64  `json:"fileSize"`
}

// getS3Session 获取S3会话
func getS3Session() (*session.Session, error) {
	initOSSConfig()
	s3Config := &aws.Config{
		Credentials:      credentials.NewStaticCredentials(ossAccessKey, ossSecretKey, ""),
		Endpoint:         aws.String(ossEndpoint),
		Region:           aws.String(ossRegion),
		S3ForcePathStyle: aws.Bool(true),
		DisableSSL:       aws.Bool(true),
		MaxRetries:       aws.Int(3),
	}

	sess, err := session.NewSession(s3Config)
	if err != nil {
		return nil, err
	}

	if _, err = sess.Config.Credentials.Get(); err != nil {
		return nil, fmt.Errorf("凭据验证失败: %v", err)
	}

	return sess, nil
}

// getUTCS3Session 获取UTC时间同步的S3会话
func getUTCS3Session() (*session.Session, error) {
	initOSSConfig()
	s3Config := &aws.Config{
		Credentials:      credentials.NewStaticCredentials(ossAccessKey, ossSecretKey, ""),
		Endpoint:         aws.String(ossEndpoint),
		Region:           aws.String(ossRegion),
		S3ForcePathStyle: aws.Bool(true), // 强制使用路径样式（OSS兼容性需要）
		// 移除DisableSSL，因为endpoint已经包含http://
		// 移除LogLevel，减少调试输出
		// 移除MaxRetries，使用默认值
		// 移除S3DisableContentMD5Validation，使用默认值
	}

	// 创建会话
	sess, err := session.NewSession(s3Config)
	if err != nil {
		return nil, err
	}

	// 验证凭据
	_, err = sess.Config.Credentials.Get()
	if err != nil {
		return nil, fmt.Errorf("凭据验证失败: %v", err)
	}

	return sess, nil
}

// 判断是否为图片文件
func isImageFile(ext string) bool {
	imageExts := map[string]bool{
		".jpg":  true,
		".jpeg": true,
		".png":  true,
		".gif":  true,
		".bmp":  true,
		".webp": true,
		".tiff": true,
		".svg":  true,
		".ico":  true,
	}
	return imageExts[ext]
}

// 图片上传接口
func (c *ShudaoOssController) UploadImage() {
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Origin", "*")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Headers", "Content-Type")

	if c.Ctx.Request.Method == "OPTIONS" {
		c.Ctx.ResponseWriter.WriteHeader(200)
		return
	}

	// 获取上传的图片文件
	file, header, err := c.GetFile("image")
	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 400,
			Message:    "获取上传图片失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}
	defer file.Close()

	// 检查文件扩展名
	ext := strings.ToLower(filepath.Ext(header.Filename))
	if !isImageFile(ext) {
		c.Data["json"] = UploadResponse{
			StatusCode: 400,
			Message:    "不支持的文件格式，请上传图片文件（jpg, png, gif, bmp, webp等）",
		}
		c.ServeJSON()
		return
	}

	// 图片文件大小限制（10MB）
	if header.Size > 10*1024*1024 {
		c.Data["json"] = UploadResponse{
			StatusCode: 400,
			Message:    "图片文件大小超过限制（10MB）",
		}
		c.ServeJSON()
		return
	}

	// 生成图片文件名（使用UTC时间）
	utcNow := time.Now().UTC()
	timestamp := utcNow.Unix()
	// 压缩后的图片统一使用.jpg扩展名
	fileName := fmt.Sprintf("images/%d/%s_%d.jpg",
		utcNow.Year(),
		utcNow.Format("0102"),
		timestamp)

	// 读取图片内容
	fileBytes, err := io.ReadAll(file)
	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 500,
			Message:    "读取图片内容失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}

	// 压缩图片
	if EnableImageCompression {
		compressedBytes, err := compressImage(fileBytes, MaxImageWidth, MaxImageHeight, 0)
		if err == nil {
			fileBytes = compressedBytes
		}
	}

	// 获取UTC时间同步的S3会话（解决时区问题）
	sess, err := getUTCS3Session()
	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 500,
			Message:    "创建S3会话失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}

	// 创建S3服务
	s3Client := s3.New(sess)

	// 上传图片到S3
	_, err = s3Client.PutObject(&s3.PutObjectInput{
		Bucket: aws.String(ossBucket),
		Key:    aws.String(fileName),
		Body:   aws.ReadSeekCloser(strings.NewReader(string(fileBytes))), // 使用与测试文件相同的方式
		ACL:    aws.String("public-read"),
	})

	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 500,
			Message:    "上传图片到OSS失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}

	// // 生成预签名URL（1小时有效期）
	// req, _ := s3Client.GetObjectRequest(&s3.GetObjectInput{
	// 	Bucket: aws.String(ossBucket),
	// 	Key:    aws.String(fileName),
	// })

	// presignedURL, err := req.Presign(24 * time.Hour)
	// if err != nil {
	// 	fmt.Printf("生成预签名URL失败: %v\n", err)
	// 	// 如果预签名URL生成失败，使用简单URL作为备选
	// 	imageURL := fmt.Sprintf("%s/%s", ossEndpoint, fileName)
	// 	c.Data["json"] = UploadResponse{
	// 		StatusCode: 200,
	// 		Message:    "图片上传成功，但预签名URL生成失败",
	// 		FileURL:    imageURL,
	// 		FileName:   fileName,
	// 		FileSize:   header.Size,
	// 	}
	// 	c.ServeJSON()
	// 	return
	// }
	permanentURL := fmt.Sprintf("%s/%s/%s", ossEndpoint, ossBucket, fileName)
	proxyURL := utils.GetProxyURL(permanentURL)

	c.Data["json"] = UploadResponse{
		StatusCode: 200,
		Message:    "图片上传成功",
		FileURL:    proxyURL,
		FileName:   fileName,
		FileSize:   int64(len(fileBytes)), // 使用压缩后的文件大小
	}
	c.ServeJSON()
}

// 上传PPTjson文件
func (c *ShudaoOssController) UploadPPTJson() {
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Origin", "*")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Headers", "Content-Type")

	if c.Ctx.Request.Method == "OPTIONS" {
		c.Ctx.ResponseWriter.WriteHeader(200)
		return
	}

	// 获取上传的JSON文件
	file, header, err := c.GetFile("json")
	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 400,
			Message:    "获取上传JSON文件失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}
	defer file.Close()

	// 检查文件扩展名
	ext := strings.ToLower(filepath.Ext(header.Filename))
	if ext != ".json" {
		c.Data["json"] = UploadResponse{
			StatusCode: 400,
			Message:    "不支持的文件格式，请上传JSON文件（.json）",
		}
		c.ServeJSON()
		return
	}

	// JSON文件大小限制（50MB）
	if header.Size > 50*1024*1024 {
		c.Data["json"] = UploadResponse{
			StatusCode: 400,
			Message:    "JSON文件大小超过限制（50MB）",
		}
		c.ServeJSON()
		return
	}

	// 生成JSON文件名（使用UTC时间）
	utcNow := time.Now().UTC()
	timestamp := utcNow.Unix()
	fileName := fmt.Sprintf("json/%d/%s_%d%s",
		utcNow.Year(),
		utcNow.Format("0102"),
		timestamp,
		ext)

	// 读取JSON内容
	fileBytes, err := io.ReadAll(file)
	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 500,
			Message:    "读取JSON内容失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}

	// 验证JSON格式
	var jsonData interface{}
	if err := json.Unmarshal(fileBytes, &jsonData); err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 400,
			Message:    "JSON格式无效: " + err.Error(),
		}
		c.ServeJSON()
		return
	}

	// 获取UTC时间同步的S3会话
	sess, err := getUTCS3Session()
	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 500,
			Message:    "创建S3会话失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}

	// 创建S3服务
	s3Client := s3.New(sess)

	// 上传JSON到S3
	_, err = s3Client.PutObject(&s3.PutObjectInput{
		Bucket:      aws.String(ossBucket),
		Key:         aws.String(fileName),
		Body:        aws.ReadSeekCloser(strings.NewReader(string(fileBytes))),
		ACL:         aws.String("public-read"),
		ContentType: aws.String("application/json"),
	})

	if err != nil {
		c.Data["json"] = UploadResponse{
			StatusCode: 500,
			Message:    "上传JSON文件到OSS失败: " + err.Error(),
		}
		c.ServeJSON()
		return
	}

	// 生成永久URL
	permanentURL := fmt.Sprintf("%s/%s/%s", ossEndpoint, ossBucket, fileName)
	proxyURL := utils.GetProxyURL(permanentURL)

	c.Data["json"] = UploadResponse{
		StatusCode: 200,
		Message:    "JSON文件上传成功",
		FileURL:    proxyURL,
		FileName:   fileName,
		FileSize:   header.Size,
	}
	c.ServeJSON()
}

// ParseOSS OSS代理解析接口，用于代理转发OSS URL请求
func (c *ShudaoOssController) ParseOSS() {
	// 设置CORS头
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Origin", "*")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Headers", "Content-Type")

	// 处理OPTIONS预检请求
	if c.Ctx.Request.Method == "OPTIONS" {
		c.Ctx.ResponseWriter.WriteHeader(200)
		return
	}

	// 获取URL参数（加密的）
	encryptedURL := c.GetString("url")
	if encryptedURL == "" {
		fmt.Printf("OSS代理请求缺少url参数\n")
		c.Ctx.ResponseWriter.WriteHeader(400)
		c.Ctx.WriteString("缺少url参数")
		return
	}

	fmt.Printf("OSS代理请求 - 加密URL: %s\n", encryptedURL)

	// 解密URL
	decryptedURL, err := utils.DecryptURL(encryptedURL)
	if err != nil {
		fmt.Printf("OSS代理请求 - URL解密失败: %v\n", err)
		c.Ctx.ResponseWriter.WriteHeader(400)
		c.Ctx.WriteString("URL解密失败: " + err.Error())
		return
	}

	fmt.Printf("OSS代理请求 - 解密后URL: %s\n", decryptedURL)

	// URL解码，处理可能的编码问题
	decodedURL, err := neturl.QueryUnescape(decryptedURL)
	if err != nil {
		decodedURL = decryptedURL
	}

	fmt.Printf("OSS代理请求 - URL解码后: %s\n", decodedURL)

	var actualOSSURL string

	// 检查是否是代理URL格式（包含?url=参数）
	if strings.Contains(decodedURL, "?url=") {
		fmt.Printf("OSS代理请求 - 检测到嵌套代理URL格式\n")
		parsedProxyURL, err := neturl.Parse(decodedURL)
		if err != nil {
			fmt.Printf("OSS代理请求 - 代理URL解析失败: %v\n", err)
			c.Ctx.ResponseWriter.WriteHeader(400)
			c.Ctx.WriteString("代理URL格式无效: " + err.Error())
			return
		}

		actualOSSURL = parsedProxyURL.Query().Get("url")
		if actualOSSURL == "" {
			fmt.Printf("OSS代理请求 - 代理URL中缺少url参数\n")
			c.Ctx.ResponseWriter.WriteHeader(400)
			c.Ctx.WriteString("代理URL中缺少url参数")
			return
		}
		fmt.Printf("OSS代理请求 - 从嵌套URL提取的实际URL: %s\n", actualOSSURL)
	} else {
		actualOSSURL = decodedURL
		fmt.Printf("OSS代理请求 - 直接使用解密URL: %s\n", actualOSSURL)
	}

	// 验证实际OSS URL格式
	parsedOSSURL, err := neturl.Parse(actualOSSURL)
	if err != nil {
		fmt.Printf("OSS代理请求 - OSS URL解析失败: %v\n", err)
		c.Ctx.ResponseWriter.WriteHeader(400)
		c.Ctx.WriteString("OSS URL格式无效: " + err.Error())
		return
	}

	if parsedOSSURL.Scheme == "" {
		fmt.Printf("OSS代理请求 - OSS URL缺少协议方案: %s\n", actualOSSURL)
		c.Ctx.ResponseWriter.WriteHeader(400)
		c.Ctx.WriteString("OSS URL缺少协议方案")
		return
	}

	fmt.Printf("OSS代理请求 - 最终请求URL: %s\n", actualOSSURL)

	// 创建HTTP客户端，设置超时时间
	client := &http.Client{
		Timeout: 30 * time.Second,
	}

	// 发送GET请求到实际的OSS URL
	resp, err := client.Get(actualOSSURL)
	if err != nil {
		fmt.Printf("OSS代理请求 - 连接OSS失败: %v\n", err)
		c.Ctx.ResponseWriter.WriteHeader(502)
		c.Ctx.WriteString("无法连接到OSS: " + err.Error())
		return
	}
	defer resp.Body.Close()

	fmt.Printf("OSS代理请求 - OSS响应状态码: %d\n", resp.StatusCode)

	// 检查HTTP状态码
	if resp.StatusCode != http.StatusOK {
		fmt.Printf("OSS代理请求 - OSS返回错误状态码: %d\n", resp.StatusCode)
		c.Ctx.ResponseWriter.WriteHeader(resp.StatusCode)
		c.Ctx.WriteString(fmt.Sprintf("OSS返回错误: %d", resp.StatusCode))
		return
	}

	// 读取响应内容
	content, err := io.ReadAll(resp.Body)
	if err != nil {
		c.Ctx.ResponseWriter.WriteHeader(500)
		c.Ctx.WriteString("读取OSS响应失败: " + err.Error())
		return
	}

	// 获取原始的content-type
	contentType := resp.Header.Get("content-type")
	if contentType == "" {
		contentType = "application/octet-stream"
	}

	// 如果OSS返回的是binary/octet-stream或application/octet-stream，
	// 尝试根据URL文件扩展名推断正确的MIME类型
	if contentType == "binary/octet-stream" || contentType == "application/octet-stream" {
		// 解析URL获取文件路径
		parsedURL, err := neturl.Parse(actualOSSURL)
		if err == nil {
			filePath := parsedURL.Path
			// URL解码，处理中文文件名
			filePath, err = neturl.QueryUnescape(filePath)
			if err == nil {
				// 根据文件扩展名猜测MIME类型
				if strings.HasSuffix(strings.ToLower(filePath), ".jpg") || strings.HasSuffix(strings.ToLower(filePath), ".jpeg") {
					contentType = "image/jpeg"
				} else if strings.HasSuffix(strings.ToLower(filePath), ".png") {
					contentType = "image/png"
				} else if strings.HasSuffix(strings.ToLower(filePath), ".gif") {
					contentType = "image/gif"
				} else if strings.HasSuffix(strings.ToLower(filePath), ".pdf") {
					contentType = "application/pdf"
				} else if strings.HasSuffix(strings.ToLower(filePath), ".json") {
					contentType = "application/json"
				} else if strings.HasSuffix(strings.ToLower(filePath), ".txt") {
					contentType = "text/plain"
				}
			}
		}
	}

	// 设置响应头
	c.Ctx.ResponseWriter.Header().Set("Content-Type", contentType)
	c.Ctx.ResponseWriter.Header().Set("Content-Length", fmt.Sprintf("%d", len(content)))

	// 转发重要的响应头
	importantHeaders := []string{
		"content-disposition",
		"cache-control",
		"etag",
		"last-modified",
		"accept-ranges",
	}

	for _, header := range importantHeaders {
		if value := resp.Header.Get(header); value != "" {
			c.Ctx.ResponseWriter.Header().Set(header, value)
		}
	}

	// 写入响应内容
	c.Ctx.ResponseWriter.WriteHeader(200)
	c.Ctx.ResponseWriter.Write(content)
}

// compressImage 压缩图片到目标大小
func compressImage(imageData []byte, maxWidth, maxHeight int, quality int) ([]byte, error) {
	img, _, err := image.Decode(bytes.NewReader(imageData))
	if err != nil {
		return nil, fmt.Errorf("解码图片失败: %v", err)
	}

	originalSize := len(imageData)
	if originalSize <= TargetFileSize {
		return imageData, nil
	}

	return compressToTargetSize(img, originalSize)
}

// compressToTargetSize 压缩到目标文件大小
func compressToTargetSize(img image.Image, originalSize int) ([]byte, error) {
	bounds := img.Bounds()
	originalWidth := bounds.Dx()
	originalHeight := bounds.Dy()

	// 策略1: 先尝试调整质量，不改变尺寸
	compressedData, err := compressByQuality(img)
	if err == nil && len(compressedData) <= TargetFileSize {
		return compressedData, nil
	}

	// 策略2: 如果质量压缩不够，尝试缩小尺寸
	targetRatio := float64(TargetFileSize) / float64(originalSize)
	sizeRatio := math.Sqrt(targetRatio * 0.8)

	newWidth := int(float64(originalWidth) * sizeRatio)
	newHeight := int(float64(originalHeight) * sizeRatio)

	if newWidth < 100 {
		newWidth = 100
	}
	if newHeight < 100 {
		newHeight = 100
	}

	resizedImg := resizeImage(img, newWidth, newHeight)
	return compressByQuality(resizedImg)
}

// compressByQuality 通过调整质量压缩图片
func compressByQuality(img image.Image) ([]byte, error) {
	var bestResult []byte
	var bestSize int = math.MaxInt32

	qualities := []int{85, 70, 60, 50, 40, 30, 25, 20, 15, 10}

	for _, quality := range qualities {
		var buf bytes.Buffer
		if err := jpeg.Encode(&buf, img, &jpeg.Options{Quality: quality}); err != nil {
			continue
		}

		currentSize := buf.Len()
		if currentSize <= TargetFileSize {
			return buf.Bytes(), nil
		}

		if currentSize < bestSize {
			bestSize = currentSize
			bestResult = buf.Bytes()
		}
	}

	if bestResult != nil {
		return bestResult, nil
	}

	return nil, fmt.Errorf("压缩失败")
}

// resizeImage 调整图片尺寸
func resizeImage(img image.Image, newWidth, newHeight int) image.Image {
	// 创建新的图片
	resized := image.NewRGBA(image.Rect(0, 0, newWidth, newHeight))

	// 简单的最近邻插值缩放
	bounds := img.Bounds()
	for y := 0; y < newHeight; y++ {
		for x := 0; x < newWidth; x++ {
			// 计算原始图片中的对应位置
			srcX := int(float64(x) * float64(bounds.Dx()) / float64(newWidth))
			srcY := int(float64(y) * float64(bounds.Dy()) / float64(newHeight))

			// 确保不超出边界
			if srcX >= bounds.Dx() {
				srcX = bounds.Dx() - 1
			}
			if srcY >= bounds.Dy() {
				srcY = bounds.Dy() - 1
			}

			resized.Set(x, y, img.At(bounds.Min.X+srcX, bounds.Min.Y+srcY))
		}
	}

	return resized
}

// S3策略文档结构
type S3PolicyDocument struct {
	Expiration string        `json:"expiration"`
	Conditions []interface{} `json:"conditions"`
}

// S3响应结构
type S3PolicyToken struct {
	URL        string            `json:"url"`
	Fields     map[string]string `json:"fields"`
	Expire     int64             `json:"expire"`
	StatusCode int               `json:"statusCode"`
}

// Upload 生成S3预签名上传凭证
func (c *ShudaoOssController) Upload() {
	initOSSConfig()
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Origin", "*")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
	c.Ctx.ResponseWriter.Header().Set("Access-Control-Allow-Headers", "Content-Type")

	if c.Ctx.Request.Method == "OPTIONS" {
		c.Ctx.ResponseWriter.WriteHeader(200)
		return
	}

	userInfo, err := utils.GetUserInfoFromContext(c.Ctx.Input.GetData("userInfo"))
	if err != nil {
		c.Data["json"] = map[string]interface{}{"statusCode": 401, "error": "获取用户信息失败"}
		c.ServeJSON()
		return
	}
	userID := int(userInfo.ID)
	if userID == 0 {
		userID = 1
	}

	now := time.Now().UTC()
	expireTime := int64(1800)
	expireEnd := now.Unix() + expireTime
	dateStamp := now.Format("20060102")
	amzDate := now.Format("20060102T150405Z")
	expiration := now.Add(time.Duration(expireTime) * time.Second).Format("2006-01-02T15:04:05.000Z")

	credential := fmt.Sprintf("%s/%s/%s/s3/aws4_request", ossAccessKey, dateStamp, ossRegion)
	uploadDir := fmt.Sprintf("uploads/%s/%d/", now.Format("0102"), userID)
	host := fmt.Sprintf("%s/%s", ossEndpoint, ossBucket)

	policy := S3PolicyDocument{
		Expiration: expiration,
		Conditions: []interface{}{
			map[string]string{"bucket": ossBucket},
			[]interface{}{"starts-with", "$key", uploadDir},
			map[string]string{"x-amz-algorithm": "AWS4-HMAC-SHA256"},
			map[string]string{"x-amz-credential": credential},
			map[string]string{"x-amz-date": amzDate},
			[]interface{}{"content-length-range", "0", "104857600"},
		},
	}

	policyJSON, _ := json.Marshal(policy)
	policyBase64 := base64.StdEncoding.EncodeToString(policyJSON)
	signature := generateAWS4Signature(ossSecretKey, dateStamp, ossRegion, policyBase64)

	c.Data["json"] = S3PolicyToken{
		StatusCode: 200,
		URL:        host,
		Expire:     expireEnd,
		Fields: map[string]string{
			"key":              uploadDir + "${filename}",
			"policy":           policyBase64,
			"x-amz-algorithm":  "AWS4-HMAC-SHA256",
			"x-amz-credential": credential,
			"x-amz-date":       amzDate,
			"x-amz-signature":  signature,
		},
	}
	c.ServeJSON()
}

// generateAWS4Signature 生成AWS4签名
func generateAWS4Signature(secretKey, dateStamp, region, stringToSign string) string {
	kDate := hmacSHA256([]byte("AWS4"+secretKey), dateStamp)
	kRegion := hmacSHA256(kDate, region)
	kService := hmacSHA256(kRegion, "s3")
	kSigning := hmacSHA256(kService, "aws4_request")
	return hex.EncodeToString(hmacSHA256(kSigning, stringToSign))
}

// hmacSHA256 HMAC-SHA256计算
func hmacSHA256(key []byte, data string) []byte {
	mac := hmac.New(sha256.New, key)
	mac.Write([]byte(data))
	return mac.Sum(nil)
}