diff --git a/scripts/deploy-to-cos.js b/scripts/deploy-to-cos.js index 75f53a05..614b41e5 100644 --- a/scripts/deploy-to-cos.js +++ b/scripts/deploy-to-cos.js @@ -365,17 +365,19 @@ async function uploadBuildDir() { /** * 生成腾讯云 TC3-HMAC-SHA256 签名 */ -function generateTC3Signature(secretId, secretKey, service, payload) { +function generateTC3Signature(secretId, secretKey, service, action, payload) { const timestamp = Math.floor(Date.now() / 1000); const date = new Date(timestamp * 1000).toISOString().slice(0, 10); + const host = `${service}.tencentcloudapi.com`; // 1. 拼接规范请求串 const httpRequestMethod = 'POST'; const canonicalUri = '/'; const canonicalQueryString = ''; const hashedPayload = crypto.createHash('sha256').update(payload).digest('hex'); - const canonicalHeaders = `content-type:application/json; charset=utf-8\nhost:cdn.tencentcloudapi.com\nx-tc-action:purgeUrlsCache\n`; - const signedHeaders = 'content-type;host;x-tc-action'; + // 只签名 content-type 和 host(按字母顺序) + const canonicalHeaders = `content-type:application/json; charset=utf-8\nhost:${host}\n`; + const signedHeaders = 'content-type;host'; const canonicalRequest = `${httpRequestMethod}\n${canonicalUri}\n${canonicalQueryString}\n${canonicalHeaders}\n${signedHeaders}\n${hashedPayload}`; // 2. 拼接待签名字符串 @@ -402,7 +404,7 @@ function generateTC3Signature(secretId, secretKey, service, payload) { function callCdnApi(secretId, secretKey, action, params) { return new Promise((resolve, reject) => { const payload = JSON.stringify(params); - const { authorization, timestamp } = generateTC3Signature(secretId, secretKey, 'cdn', payload); + const { authorization, timestamp } = generateTC3Signature(secretId, secretKey, 'cdn', action, payload); const options = { hostname: 'cdn.tencentcloudapi.com', @@ -415,6 +417,7 @@ function callCdnApi(secretId, secretKey, action, params) { 'X-TC-Action': action, 'X-TC-Version': '2018-06-06', 'X-TC-Timestamp': timestamp.toString(), + 'X-TC-Region': '', 'Authorization': authorization, }, };