在使用七牛iOS SDK上传图片时需要用到上传的token,虽然七牛建议token不要在客户端生成,这样做是不安全的,但是我们还是需要了解下客户端是如何生成token的

我简单地对生成token和上传数据做了封装,这是代码地址:provide simple interface to create token,upload file and upload files

首先我们需要用到三个参数scopeAccessKeySecretKey

scope其实就是资源存放的文件夹名字,例如下图的cmxj

AccessKeySecretKey在个人面板 -> 个人中心 -> 密钥管理里面就能看到

接下来就可以创建token了,首先我们将上传策略中的scopedeadline序列化成json格式,里面的liveTime则是token的有效时间,可以以天为单位

1
2
3
4
5
6
7
8
NSMutableDictionary *authInfo = [NSMutableDictionary dictionary];
[authInfo setObject:self.scope forKey:@"scope"];
[authInfo
setObject:[NSNumber numberWithLong:[[NSDate date] timeIntervalSince1970] + self.liveTime * 24 * 3600]
   forKey:@"deadline"];

NSData *jsonData =
[NSJSONSerialization dataWithJSONObject:authInfo options:NSJSONWritingPrettyPrinted error:nil];

再对json序列化后的上传策略进行URL安全的base64编码

1
NSString *encodedString = [self urlSafeBase64Encode:jsonData];

QN_GTM_Base64是七牛SDK提供给用户用来处理base64和WebSafeBase64编码的类,然后将里面的+/替换成_

1
2
3
4
5
6
7
- (NSString *)urlSafeBase64Encode:(NSData *)text {
    NSString *base64 =
    [[NSString alloc] initWithData:[QN_GTM_Base64 encodeData:text] encoding:NSUTF8StringEncoding];
    base64 = [base64 stringByReplacingOccurrencesOfString:@"+" withString:@"-"];
    base64 = [base64 stringByReplacingOccurrencesOfString:@"/" withString:@"_"];
    return base64;
}

然后用secretKey对编码后的上传策略进行HMAC-SHA1加密,并且做安全的base64编码,得到encoded_signed

1
NSString *encodedSignedString = [self HMACSHA1:self.secretKey text:encodedString];
1
2
3
4
5
6
7
8
9
10
11
12
- (NSString *)HMACSHA1:(NSString *)key text:(NSString *)text {
    const char *cKey = [key cStringUsingEncoding:NSUTF8StringEncoding];
    const char *cData = [text cStringUsingEncoding:NSUTF8StringEncoding];

    char cHMAC[CC_SHA1_DIGEST_LENGTH];

    CCHmac(kCCHmacAlgSHA1, cKey, strlen(cKey), cData, strlen(cData), cHMAC);

    NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:CC_SHA1_DIGEST_LENGTH];
    NSString *hash = [self urlSafeBase64Encode:HMAC];
    return hash;
}

最后将accessKey、encodedSignedString和encodedString拼接,中间用:分开,得到的就是上传的token

1
2
NSString *token =
    [NSString stringWithFormat:@"%@:%@:%@", self.accessKey, encodedSignedString, encodedString];