GenarrativeAI/Genarrative
5
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

fix oss bucket-prefixed signing

Browse Source
This commit is contained in:
历冰郁-hermes版
2026-05-08 14:20:56 +08:00
parent b08127031c
commit 20d5121c6c
3 changed files with 120 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.hermes/shared-memory/pitfalls.md
View File

@@ -14,7 +14,13 @@
- 关联:相关文件、文档、提交或 Issue
```
---
## OSS V4 签名时间和 bucket/object_key 兼容
- 现象:使用 `xushi-dev/generated-square-hole-assets/.../image.png` 这类带 bucket 前缀的对象路径做私有读签名时,请求可能被判定为不在 `generated-*` 白名单下;小时小于 10 时还可能出现 `OSS V4 签名时间格式化失败` 或服务端签名格式错误。
- 原因:旧逻辑直接把完整路径当 `object_key` 校验,未剥离当前配置 bucket同时依赖 `time::Time::to_string()` 再去掉冒号,小时小于 10 时输出不稳定补零。
- 处理:在 `platform-oss` 内统一用 `normalize_object_key_for_bucket` 先剥离当前 bucket 前缀,再做 object_key 白名单校验OSS V4 `x-oss-date` 使用固定宽度 `yyyyMMdd'T'HHmmss'Z'` 格式化。
- 验证:运行 `cd server-rs && cargo test -p platform-oss -- --nocapture`,并覆盖 `xushi-dev/generated-square-hole-assets/square-hole-session-546d881972684be2980a2a882cd0cc71/square-hole-profile-134411276ce1469cbe398f946a25d7f8/square-hole-shape-image/rabbit-option/asset-1777979289912039/image.png`
- 关联:`server-rs/crates/platform-oss/src/lib.rs``server-rs/crates/platform-oss/README.md`
## 中文乱码与编码风险