BestHub
Sign in
Backend Development 3 min read

Implementing Direct OSS Upload Signature in PHP

This tutorial explains how to create a lightweight PHP class for generating OSS direct‑upload signatures, describes the advantages of client‑side uploads without server bandwidth, provides the full source code, and highlights common pitfalls such as bucketHost configuration and policy newline handling.

php中文网 Courses
php中文网 Courses
php中文网 Courses
Implementing Direct OSS Upload Signature in PHP

Direct upload to OSS allows files to be sent from the front‑end straight to the storage service, eliminating the need for a server intermediary, reducing bandwidth consumption, and speeding up user uploads.

The article presents a minimal, extension‑free solution for generating upload signatures in PHP, suitable for projects that only require direct upload functionality.

The implementation is based on the open‑source flysystem‑oss repository and can be adapted for other OSS‑related features if needed.

Creating OssUploadSignature.php

<?php
namespace Service;
class OssUploadSignature {
    private $accessKeyId;
    private $accessKeySecret;
    private $expire = 300; // 5 minutes validity
    private $bucketHost; // Bucket domain
    private $conditions = [ // restrictions
        [
            'content-length-range', // content limit
            0,                  // minimum upload size
            10 * 1024 * 1024    // maximum 10 MB
        ], [
            0 => 'starts-with',
            1 => '$key', // must contain key
            2 => 'images/', // only allow files under /images
        ]
    ];

    public function setBucketHost($bucketHost) {
        $this->bucketHost = $bucketHost;
        return $this;
    }

    public function setAccessKeyId($accessKeyId) {
        $this->accessKeyId = $accessKeyId;
        return $this;
    }

    public function setAccessKeySecret($accessKeySecret) {
        $this->accessKeySecret = $accessKeySecret;
        return $this;
    }

    public function signatureConfig() {
        $end = time() + $this->expire;
        $arr = [
            'expiration' => $this->gmt_iso8601($end),
            'conditions' => $this->conditions,
        ];
        $base64Policy = base64_encode(json_encode($arr));
        $signature = base64_encode(hash_hmac('sha1', $base64Policy, $this->accessKeySecret, true));
        return [
            'OSSAccessKeyId' => $this->accessKeyId,
            'policy' => $base64Policy,
            'signature' => $signature,
            'expire' => $end,
            'bucketHost' => $this->bucketHost
        ];
    }

    // fix bug https://connect.console.aliyun.com/connect/detail/162632
    public function gmt_iso8601($time) {
        return (new \DateTime(null, new \DateTimeZone('UTC')))->setTimestamp($time)->format('Y-m-d\TH:i:s\Z');
    }
}

The article then shows how to run the script, with screenshots of the command‑line output, Postman test results, and the generated policy and signature.

Beware of bugs

The bucketHost value must match the one shown in the OSS console, and when copying the policy string be careful not to introduce hidden newline characters, which can cause signature verification failures.

For a complete walkthrough, click the “Read Original” link at the bottom of the page.

backendPHPOSSSignatureuploaddirect-upload
php中文网 Courses
Written by

php中文网 Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment