rust_aliyun/

client.rs

use crate::error::Error::CommonError;
use crate::{Result, __setter, __string_enum};
use chrono::Utc;
use hmac::{Hmac, Mac};
use reqwest::header::{HeaderMap, HeaderName};
use reqwest::{Method, Response as ReqResponse, StatusCode, Url};
use serde::{Deserialize, Serialize, Serializer};
use sha2::{Digest, Sha256};
use std::collections::HashMap;
use std::marker::PhantomData;
use std::str::FromStr;
use log::log;
use serde::de::DeserializeOwned;
use crate::date::acs_date;
use crate::util::request::{canonical, hash, sign_string};

#[derive(Debug)]
pub struct Request<T: Serialize> {
    pub action: String,
    pub ssl: bool,
    pub uri: String,
    pub headers: Option<HashMap<String, String>>,
    pub queries: Option<HashMap<String, String>>,
    pub data: Option<T>,
    pub method: Method,
    pub content_type: ContentType,
    pub version: String,
}

impl<T: Serialize> Request<T> {
    pub fn url(&self, endpoint: &str) -> Result<Url> {
        Ok(Url::parse(&format!(
            "{}{}{}",
            if self.ssl { "https://" } else { "http://" },
            endpoint,
            self.uri
        ))
        .map_err(|err| CommonError(err.to_string()))?)
    }

    pub fn build_headers(&self, endpoint: &str, access_key_id: &str, access_key_secret: &str) -> Result<HeaderMap> {
        let payload_hex = self.hex_payload()?;
        let mut headers = HeaderMap::new();

        if let Some(req_headers) = &self.headers {
            for (k, v) in req_headers {
                headers.insert(HeaderName::from_str(k)?, v.parse()?);
            }
        }
        let now = Utc::now();
        let nonce = format!("{}", now.timestamp_millis());

        headers.insert("host", endpoint.parse()?);
        headers.insert("x-acs-action", self.action.parse()?);
        headers.insert("x-acs-content-sha256", payload_hex.parse()?);
        headers.insert("x-acs-date", acs_date().parse()?);
        headers.insert("x-acs-signature-nonce", nonce.parse()?);
        headers.insert("x-acs-version", self.version.parse()?);
        headers.insert("content-type", self.content_type.to_string().parse()?);

        let (header_string, header_name_string) = self.canonical_headers(&headers)?;
        let canonical_request = format!(
            "{}\n{}\n{}\n{}\n{}\n{}",
            self.method,
            self.canonical_uri(),
            self.canonical_queries()?,
            header_string,
            header_name_string,
            payload_hex
        );
        log::debug!("canonical request: {}", canonical_request);
        let pre_sign = format!("{}\n{}", SIGN_ALGORITHM, hash(&canonical_request));
        log::debug!("pre-sign: {}", pre_sign);
        let sign = sign_string(access_key_secret.as_bytes(), &pre_sign)?;
        let authorization = format!(
            "{} Credential={},SignedHeaders={},Signature={}",
            SIGN_ALGORITHM, access_key_id, header_name_string, sign
        );
        headers.insert("Authorization", authorization.parse()?);
        Ok(headers)
    }

    fn canonical_uri(&self) -> String {
        self.uri.split("/").map(|s| canonical(s)).collect::<Vec<String>>().join("/")
    }

    fn canonical_queries(&self) -> Result<String> {
        if let Some(queries) = &self.queries {
            Ok(canonical(serde_urlencoded::to_string(queries)?.as_str()))
        } else {
            Ok("".to_string())
        }
    }

    fn hex_payload(&self) -> Result<String> {
        let data = if let Some(data) = &self.data {
            match self.content_type {
                ContentType::Form => serde_urlencoded::to_string(data)?,
                ContentType::Json => serde_json::to_string(data)?,
            }
        } else {
            "".to_string()
        };
        Ok(hash(&data))
    }

    fn canonical_headers(&self, headers: &HeaderMap) -> Result<(String, String)> {
        let mut canonical_headers = headers
            .iter()
            .map(|item| (item.0.to_string().to_lowercase(), item.1))
            .filter(|item| {
                item.0 == "host" || item.0 == "content-type" || item.0.starts_with("x-acs")
            })
            .collect::<Vec<(_, _)>>();

        canonical_headers.sort_by(|a, b| a.0.cmp(&b.0));

        let mut header_string = canonical_headers
            .iter()
            .map(|item| format!("{}:{}\n", item.0, item.1.to_str().unwrap().trim()))
            .fold(String::new(), |acc, item| acc + &item)
            ;

        let canonical_header_name_string = canonical_headers
            .iter()
            .map(|item| item.0.clone())
            .collect::<Vec<_>>()
            .join(";");
        Ok((header_string, canonical_header_name_string))
    }
}

#[derive(Debug, Serialize)]
pub enum ContentType {
    Form,
    Json,
}

__string_enum!{
    ContentType {
        Form = "application/x-www-form-urlencoded",
        Json = "application/json",
    }
}

#[derive(Serialize, Deserialize, Debug)]
pub struct Response<T> {
    #[serde(rename = "RequestId")]
    pub request_id: String,
    #[serde(flatten)]
    pub data: Option<T>,
    #[serde(rename = "Message", skip_serializing_if = "Option::is_none")]
    pub message: Option<String>,
    #[serde(rename = "Recommend", skip_serializing_if = "Option::is_none")]
    pub recommend: Option<String>,
    #[serde(rename = "Code", skip_serializing_if = "Option::is_none")]
    pub code: Option<String>,
    #[serde(rename = "HostId", skip_serializing_if = "Option::is_none")]
    pub host: Option<String>,
}

pub trait Caculator<R> {
    fn calculate(&self, client: &Client) -> Result<R>;
}

pub struct Client {
    client: reqwest::Client,
    pub access_key_id: String,
    pub access_key_secret: String,
    pub endpoint: String,
    pub region: Option<String>,
}
const SIGN_ALGORITHM: &str = "ACS3-HMAC-SHA256";
impl Client {
    __setter!(client: reqwest::Client);
    __setter!(access_key_id: String);
    __setter!(access_key_secret: String);
    __setter!(endpoint: String);
    __setter!(region: Option<String>);

    pub fn new(access_key_id: &str, access_key_secret: &str, endpoint: &str) -> Client {
        Self {
            access_key_id: access_key_id.to_string(),
            access_key_secret: access_key_secret.to_string(),
            endpoint: endpoint.to_string(),
            client: reqwest::Client::new(),
            region: None
        }
    }

    pub async fn do_request<T: Serialize, R: DeserializeOwned>(&self, request: Request<T>) -> Result<Response<R>> {
        let endpoint = if let Some(region) = &self.region {
            format!("{}.{}", region, self.endpoint)
        } else {
            self.endpoint.clone()
        };
        let mut builder = self
            .client
            .request(request.method.clone(), request.url(&endpoint)?)
            .headers(request.build_headers(&self.endpoint, &self.access_key_id, &self.access_key_secret)?);

        if let Some(data) = &request.data {
            match request.content_type {
                ContentType::Form => builder = builder.form(&data),
                ContentType::Json => builder = builder.json(&data),
            };
        }

        if let Some(queries) = request.queries {
            builder = builder.query(&queries);
        }
        let response = builder.send().await?;
        Ok(response.json::<Response<R>>().await?)
    }

    pub fn do_calculate<T: Caculator<R>, R>(&self, calc: T) -> Result<R> {
        calc.calculate(self)
    }
}

mod test {
    use crate::client::hash;

    #[test]
    fn test_hash() {
        let raw = "POST\n/\n\ncontent-type:application/json\nhost:sts.cn-shanghai.aliyuncs.com\nx-acs-action:AssumeRole\nx-acs-content-sha256:992472389d0b7c44944968826f0bb6a5225f76220f7457498c7edd2a3ff8d7aa\nx-acs-date:2025-03-20T14:38:58Z\nx-acs-signature-nonce:1742481538630\nx-acs-version:2015-04-01\n\ncontent-type;host;x-acs-action;x-acs-content-sha256;x-acs-date;x-acs-signature-nonce;x-acs-version\n992472389d0b7c44944968826f0bb6a5225f76220f7457498c7edd2a3ff8d7aa";
        assert_eq!("942734fd080698a94360a3634040119a821a0ed670663f998b610ae2090ae4c8", hash(raw));
    }
}