feat(server): remove oss sts

HUAHUAI23 · Oct 18, 2023 · b7adb8a · b7adb8a
1 parent 40e25f1
commit b7adb8a
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 68 deletions.
diff --git a/server/src/application/application.controller.ts b/server/src/application/application.controller.ts
@@ -182,17 +182,8 @@ export class ApplicationController {
     let storage = {}
     const storageUser = await this.storage.findOne(appid)
     if (storageUser) {
-      const sts = await this.storage.getOssSTS(region, appid, storageUser)
-      const credentials = {
-        endpoint: region.storageConf.externalEndpoint,
-        accessKeyId: sts.Credentials?.AccessKeyId,
-        secretAccessKey: sts.Credentials?.SecretAccessKey,
-        sessionToken: sts.Credentials?.SessionToken,
-        expiration: sts.Credentials?.Expiration,
-      }
-
       storage = {
-        credentials,
+        endpoint: region.storageConf.externalEndpoint,
         ...storageUser,
       }
     }

diff --git a/server/src/storage/storage.service.ts b/server/src/storage/storage.service.ts
@@ -1,10 +1,8 @@
 import { Injectable, Logger } from '@nestjs/common'
 import { GenerateAlphaNumericPassword } from 'src/utils/random'
 import { MinioService } from './minio/minio.service'
-import { AssumeRoleCommand, STSClient } from '@aws-sdk/client-sts'
 import { RegionService } from 'src/region/region.service'
 import { TASK_LOCK_INIT_TIME } from 'src/constants'
-import { Region } from 'src/region/entities/region'
 import { SystemDatabase } from 'src/system-database'
 import {
   StoragePhase,
@@ -105,60 +103,4 @@ export class StorageService {
 
     return res.value
   }
-
-  /**
-   * Create s3 client of application
-   * @param app
-   * @returns
-   */
-  private getSTSClient(region: Region, user: StorageUser) {
-    return new STSClient({
-      endpoint: region.storageConf.externalEndpoint,
-      credentials: {
-        accessKeyId: user.accessKey,
-        secretAccessKey: user.secretKey,
-      },
-      region: region.name,
-    })
-  }
-
-  /**
-   * Generate application full-granted OSS STS
-   * @param bucket
-   * @param duration_seconds
-   * @returns
-   */
-  public async getOssSTS(
-    region: Region,
-    appid: string,
-    user: StorageUser,
-    duration_seconds?: number,
-  ) {
-    const exp = duration_seconds || 3600 * 24 * 7
-    const s3 = this.getSTSClient(region, user)
-    const policy = await this.getSTSPolicy()
-    const cmd = new AssumeRoleCommand({
-      DurationSeconds: exp,
-      Policy: policy,
-      RoleArn: 'arn:xxx:xxx:xxx:xxxx',
-      RoleSessionName: appid,
-    })
-
-    return await s3.send(cmd)
-  }
-
-  async getSTSPolicy() {
-    const policy = {
-      Version: '2012-10-17',
-      Statement: [
-        {
-          Sid: `app-sts-full-grant`,
-          Effect: 'Allow',
-          Action: 's3:*',
-          Resource: 'arn:aws:s3:::*',
-        },
-      ],
-    }
-    return JSON.stringify(policy)
-  }
 }