fix login

Author: dfounderliu

deploy/lib/deployFunction.js

@@ -38,134 +38,76 @@ class DeployFunction extends AbstractHandler {
  async addRole() {
  try {
  const roleName = 'SCF_QcsRole'
- const policyNameList = [
- 'QcloudCOSFullAccess',
- 'QcloudCOSBucketConfigWrite',
- 'QcloudCOSBucketConfigRead',
- 'QcloudCOSDataReadOnly',
- 'QcloudAPIGWFullAccess'
- ]
+ const policyName = 'QcloudAccessForScfRole'
  const listPoliciesModels = new camModels.ListPoliciesRequest()
  const listPoliciesHandler = util.promisify(this.camClient.ListPolicies.bind(this.camClient))
- const policyIdList = new Array()
+ let havePolicy = false
+ let policyId
  let pagePolicyCount = 200
- let body = { Rp: 200, Page: 0 }
- while (policyIdList.length < 5 || pagePolicyCount == 200) {
+ const body = { Rp: 200, Page: 0 }
+ while (!havePolicy && pagePolicyCount == 200) {
  body.Page = body.Page + 1
  listPoliciesModels.from_json_string(JSON.stringify(body))
  try {
  const pagePolicList = await listPoliciesHandler(listPoliciesModels)
  for (let i = 0; i < pagePolicList.List.length; i++) {
- if (policyNameList.indexOf(pagePolicList.List[i].PolicyName) > -1) {
- policyIdList.push(pagePolicList.List[i].PolicyId)
+ if (policyName == pagePolicList.List[i].PolicyName) {
+ havePolicy = true
+ policyId = pagePolicList.List[i].PolicyId
+ break
  }
  }
  pagePolicyCount = pagePolicList.List.length
- } catch (e) {}
+ } catch (e) {
+ pagePolicyCount = 0
+ }
  await utils.sleep(400)
  }
 
- let roleState = 1
-
- // Get role
+ // Create role and attach policy
  try {
- const getRoleModels = new camModels.GetRoleRequest()
- getRoleModels.from_json_string(JSON.stringify({ RoleName: roleName }))
- const getRoleHandler = util.promisify(this.camClient.GetRole.bind(this.camClient))
- await getRoleHandler(getRoleModels)
+ const createRoleModels = new camModels.CreateRoleRequest()
+ createRoleModels.from_json_string(
+ JSON.stringify({
+ RoleName: roleName,
+ PolicyDocument: JSON.stringify({
+ version: '2.0',
+ statement: [
+ {
+ effect: 'allow',
+ principal: {
+ service: 'scf.qcloud.com'
+ },
+ action: 'sts:AssumeRole'
+ }
+ ]
+ })
+ })
+ )
+ const createRoleHandler = util.promisify(this.camClient.CreateRole.bind(this.camClient))
+ await createRoleHandler(createRoleModels)
  } catch (e) {
- if (e.message.includes('role not exist')) {
- roleState = -1
+ if (e && e.message.match('role name in use')) {
  } else {
- roleState = 0
+ this.serverless.cli.log('Create role error : ' + e)
  }
  }
-
- const haveIdList = new Array()
- const addIdList = new Array()
-
- // Get role policy list
  try {
- pagePolicyCount = 200
- body = { Rp: 200, Page: 0, RoleName: roleName }
- const listRolePoliciesModels = new camModels.ListAttachedRolePoliciesRequest()
- const listRolePoliciesHandler = util.promisify(
- this.camClient.ListAttachedRolePolicies.bind(this.camClient)
+ const attachRolePolicyModels = new camModels.AttachRolePolicyRequest()
+ const attachRolePolicyHandler = util.promisify(
+ this.camClient.AttachRolePolicy.bind(this.camClient)
  )
- while (pagePolicyCount == 200) {
- body.Page = body.Page + 1
- listRolePoliciesModels.from_json_string(JSON.stringify(body))
- try {
- const pagePolicList = await listRolePoliciesHandler(listRolePoliciesModels)
- for (let i = 0; i < pagePolicList.List.length; i++) {
- haveIdList.push(pagePolicList.List[i].PolicyId)
- }
- pagePolicyCount = pagePolicList.List.length
- } catch (e) {
- pagePolicyCount = 0
- }
- await utils.sleep(400)
- }
- } catch (e) {}
-
- // Get policy id which need to add in SCF_QcsRole
- for (let i = 0; i < policyIdList.length; i++) {
- if (haveIdList.indexOf(policyIdList[i]) <= -1) {
- addIdList.push(policyIdList[i])
- }
- }
-
- // Create role and attach policy
- if (roleState <= 0) {
- try {
- const createRoleModels = new camModels.CreateRoleRequest()
- createRoleModels.from_json_string(
- JSON.stringify({
- RoleName: roleName,
- PolicyDocument: JSON.stringify({
- version: '2.0',
- statement: [
- {
- effect: 'allow',
- principal: {
- service: 'scf.qcloud.com'
- },
- action: 'sts:AssumeRole'
- }
- ]
- })
- })
- )
- const createRoleHandler = util.promisify(this.camClient.CreateRole.bind(this.camClient))
- await createRoleHandler(createRoleModels)
- } catch (e) {
- this.serverless.cli.log('Create role error: ' + e)
+ const attachRolePolicyBody = {
+ AttachRoleName: roleName
  }
- }
- if (addIdList.length > 0) {
  try {
- const attachRolePolicyModels = new camModels.AttachRolePolicyRequest()
- const attachRolePolicyHandler = util.promisify(
- this.camClient.AttachRolePolicy.bind(this.camClient)
- )
- const attachRolePolicyBody = {
- AttachRoleName: roleName
- }
- for (let i = 0; i < addIdList.length; i++) {
- try {
- attachRolePolicyBody.PolicyId = addIdList[i]
- attachRolePolicyModels.from_json_string(JSON.stringify(attachRolePolicyBody))
- await attachRolePolicyHandler(attachRolePolicyModels)
- } catch (e) {
- this.context.debug(`Attach policy id '${attachRolePolicyBody.PolicyId}' error: ${e}`)
- }
- await utils.sleep(400)
- }
+ attachRolePolicyBody.PolicyId = policyId
+ attachRolePolicyModels.from_json_string(JSON.stringify(attachRolePolicyBody))
+ await attachRolePolicyHandler(attachRolePolicyModels)
  } catch (e) {}
- }
- } catch (e) {
- this.serverless.cli.log('Check policy list error: ' + e)
- }
+ await utils.sleep(400)
+ } catch (e) {}
+ } catch (e) {}
  }
 
  async updateFunctionCode(ns, funcObject) {

provider/tencentProvider.js

@@ -126,16 +126,21 @@ class TencentProvider {
  const tencent_credentials = await login.login()
  if (tencent_credentials) {
  tencent_credentials.timestamp = Date.now() / 1000
- const tencent_credentials_json = JSON.stringify(tencent_credentials)
  try {
  const tencent = {
- tencent_secret_id: tencent_credentials.tencent_secret_id,
- tencent_secret_key: tencent_credentials.tencent_secret_key,
- tencent_appid: tencent_credentials.tencent_appid,
- token: tencent_credentials.tencent_token,
+ tencent_secret_id: tencent_credentials.secret_id,
+ tencent_secret_key: tencent_credentials.secret_key,
+ tencent_appid: tencent_credentials.appid,
+ token: tencent_credentials.token,
+ expired: tencent_credentials.expired,
+ signature: tencent_credentials.signature,
+ uuid: tencent_credentials.uuid,
  timestamp: tencent_credentials.timestamp
  }
- await fs.writeFileSync('./.serverless/.env', tencent_credentials_json)
+ await fs.writeFileSync('./.env_temp', JSON.stringify(tencent))
+ this.context.debug(
+ 'The temporary key is saved successfully, and the validity period is two hours.'
+ )
  return tencent
  } catch (e) {
  throw 'Error getting temporary key: ' + e
@@ -146,16 +151,30 @@ class TencentProvider {
  async getTempKey() {
  const that = this
  try {
- const data = await fs.readFileSync('./.serverless/.env', 'utf8')
+ const data = await fs.readFileSync('./.env_temp', 'utf8')
  try {
  const tencent = {}
  const tencent_credentials_read = JSON.parse(data)
- if (Date.now() / 1000 - tencent_credentials_read.timestamp <= 7000) {
- tencent.tencent_secret_id = tencent_credentials_read.tencent_secret_id
- tencent.tencent_secret_key = tencent_credentials_read.tencent_secret_key
- tencent.tencent_appid = tencent_credentials_read.tencent_appid
- tencent.token = tencent_credentials_read.tencent_token
- tencent.timestamp = tencent_credentials_read.timestamp
+ if (Date.now() / 1000 - tencent_credentials_read.timestamp <= 6000) {
+ return tencent_credentials_read
+ }
+ const login = new TencentLogin()
+ const tencent_credentials_flush = await login.flush(
+ tencent_credentials_read.uuid,
+ tencent_credentials_read.expired,
+ tencent_credentials_read.signature,
+ tencent_credentials_read.tencent_appid
+ )
+ if (tencent_credentials_flush) {
+ tencent.tencent_secret_id = tencent_credentials_flush.secret_id
+ tencent.tencent_secret_key = tencent_credentials_flush.secret_key
+ tencent.tencent_appid = tencent_credentials_flush.appid
+ tencent.token = tencent_credentials_flush.token
+ tencent.expired = tencent_credentials_flush.expired
+ tencent.signature = tencent_credentials_flush.signature
+ tencent.uuid = tencent_credentials_read.uuid
+ tencent.timestamp = Date.now() / 1000
+ await fs.writeFileSync('./.env_temp', JSON.stringify(tencent))
  return tencent
  }
  return await that.doLogin()