fix: 修复 CDN API 签名算法

2026-01-09 12:11:02 +08:00
parent ff3d32c656
commit a0726c59b3
1 changed files with 7 additions and 4 deletions
--- a/scripts/deploy-to-cos.js
+++ b/scripts/deploy-to-cos.js
@@ -365,17 +365,19 @@ async function uploadBuildDir() {
 /**
 * 生成腾讯云 TC3-HMAC-SHA256 签名
 */
-function generateTC3Signature(secretId, secretKey, service, payload) {
+function generateTC3Signature(secretId, secretKey, service, action, payload) {
    const timestamp = Math.floor(Date.now() / 1000);
    const date = new Date(timestamp * 1000).toISOString().slice(0, 10);
+    const host = `${service}.tencentcloudapi.com`;

    // 1. 拼接规范请求串
    const httpRequestMethod = 'POST';
    const canonicalUri = '/';
    const canonicalQueryString = '';
    const hashedPayload = crypto.createHash('sha256').update(payload).digest('hex');
-    const canonicalHeaders = `content-type:application/json; charset=utf-8\nhost:cdn.tencentcloudapi.com\nx-tc-action:purgeUrlsCache\n`;
-    const signedHeaders = 'content-type;host;x-tc-action';
+    // 只签名 content-type 和 host（按字母顺序）
+    const canonicalHeaders = `content-type:application/json; charset=utf-8\nhost:${host}\n`;
+    const signedHeaders = 'content-type;host';
    const canonicalRequest = `${httpRequestMethod}\n${canonicalUri}\n${canonicalQueryString}\n${canonicalHeaders}\n${signedHeaders}\n${hashedPayload}`;

    // 2. 拼接待签名字符串
@@ -402,7 +404,7 @@ function generateTC3Signature(secretId, secretKey, service, payload) {
 function callCdnApi(secretId, secretKey, action, params) {
    return new Promise((resolve, reject) => {
        const payload = JSON.stringify(params);
-        const { authorization, timestamp } = generateTC3Signature(secretId, secretKey, 'cdn', payload);
+        const { authorization, timestamp } = generateTC3Signature(secretId, secretKey, 'cdn', action, payload);

        const options = {
            hostname: 'cdn.tencentcloudapi.com',
@@ -415,6 +417,7 @@ function callCdnApi(secretId, secretKey, action, params) {
                'X-TC-Action': action,
                'X-TC-Version': '2018-06-06',
                'X-TC-Timestamp': timestamp.toString(),
+                'X-TC-Region': '',
                'Authorization': authorization,
            },
        };