<?php
// 如何安装PHP依赖，参考文档：https://help.aliyun.com/document_detail/53111.html
require __DIR__.'/vendor/autoload.php'; 
use AlibabaCloud\Client\AlibabaCloud;
use AlibabaCloud\Sts\Sts;
use AlibabaCloud\Sts\V20150401\AssumeRole;
use AlibabaCloud\Client\Exception\ServerException;
use AlibabaCloud\Client\Exception\ClientException;

try {
    // 只允许子用户使用角色
    AlibabaCloud::accessKeyClient('<替换为实际的accessKeyId>', '<替换为实际的accessKeySecret>')
        ->regionId("cn-shanghai")
        ->asDefaultClient();

    // 如何设置sts访问日志服务请参考文档：https://help.aliyun.com/document_detail/47277.html
    $roleArn = "<roleArn名称>";
    $roleArnSession = "slsconsole-session";

    $response = Sts::v20150401()
        ->assumeRole()
        //指定角色ARN
        ->withRoleArn($roleArn)
        //RoleSessionName即临时身份的会话名称，用于区分不同的临时身份
        ->withRoleSessionName($roleArnSession)
        //设置权限策略以进一步限制角色的权限（如果不进行设置默认拥有角色的所有权限），设置权限为角色拥有权限的子集
        // 如何编写policy参考工具：https://help.aliyun.com/document_detail/155426.html
        //->withPolicy("<实际的权限policy>")
        // 连接超时时间60s
        ->connectTimeout(60)
        // 请求超时时间65s
        ->timeout(65)
        ->request();
    
    // construct get token url
    $signInHost = "https://signin.aliyun.com";
    $signInTokenUrl = $signInHost."/federation?Action=GetSigninToken"
        ."&AccessKeyId=".urlencode($response->Credentials->AccessKeyId)
        ."&AccessKeySecret=".urlencode($response->Credentials->AccessKeySecret)
        ."&SecurityToken=".urlencode($response->Credentials->SecurityToken)
        ."&TicketType=mini";

    // request signin
    $curlInit = curl_init();
    curl_setopt($curlInit, CURLOPT_URL, $signInTokenUrl);
    curl_setopt($curlInit, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec($curlInit);
    curl_close($curlInit);

    $signInTokenJson = json_decode($result);
    $signInToken = $signInTokenJson->SigninToken;

    // construct final url
    // Destination为最终嵌入的页面地址，构造说明参考：https://help.aliyun.com/document_detail/103028.html
    $signInUrl = $signInHost."/federation?Action=Login"
        ."&LoginUrl=".urlencode("https://www.aliyun.com")
        ."&Destination=".urlencode("<替换为实际嵌入的SLS控制台页面地址>")
        ."&SigninToken=".urlencode($signInToken);

    Header("Location: ".$signInUrl);

} catch(ServerException $e) {
        print "Error: " . $e->getErrorCode() . " Message: " . $e->getMessage() . "\n";
} catch(ClientException $e) {
        print "Error: " . $e->getErrorCode() . " Message: " . $e->getMessage() . "\n";
}

?>