Implement SSE support

service.toml

@@ -17,7 +17,7 @@ optional = ["list_mode"]
 optional = ["offset", "io_callback", "size"]
 
 [namespace.storage.op.write]
-optional = ["content_md5", "content_type", "io_callback", "storage_class"]
+optional = ["content_md5", "content_type", "io_callback", "storage_class", "server_side_encryption", "server_side_data_encryption", "server_side_encryption_key_id"]
 
 [pairs.default_service_pairs]
 type = "DefaultServicePairs"
@@ -30,5 +30,23 @@ description = "set default pairs for storager actions"
 [pairs.storage_class]
 type = "string"
 
+[pairs.server_side_encryption]
+type = "string"
+description = "specifies the encryption algorithm. Can be AES256, KMS or SM4.\n\nFor Chinese users, refer to https://help.aliyun.com/document_detail/31871.html for details.\n\nFor global users, refer to https://www.alibabacloud.com/help/doc-detail/31871.htm for details, and double-check whether SM4 can be used."
+
+[pairs.server_side_data_encryption]
+type = "string"
+description = "specifies the encryption algorithm when server_side_encryption is KMS. Can only be set to SM4. If this is not set, AES256 will be used.\n\nFor Chinese users, refer to https://help.aliyun.com/document_detail/31871.html for details.\n\nFor global users, refer to https://www.alibabacloud.com/help/doc-detail/31871.htm for details, and double-check whether SM4 can be used."
+
+[pairs.server_side_encryption_key_id]
+type = "string"
+description = "is the KMS-managed user master key. Only valid when server_side_encryption is KMS."
+
 [infos.object.meta.storage-class]
+type = "string"
+
+[infos.object.meta.server_side_encryption]
+type = "string"
+
+[infos.object.meta.server_side_encryption_key_id]
 type = "string"

storage.go

@@ -189,6 +189,12 @@ func (s *Storage) stat(ctx context.Context, path string, opt pairStorageStat) (o
 	if v := output.Get(storageClassHeader); v != "" {
 		sm[MetadataStorageClass] = v
 	}
+	if v := output.Get(serverSideEncryptionHeader); v != "" {
+		sm[MetadataServerSideEncryption] = v
+	}
+	if v := output.Get(serverSideEncryptionKeyIdHeader); v != "" {
+		sm[MetadataServerSideEncryptionKeyID] = v
+	}
 	o.SetServiceMetadata(sm)
 
 	return o, nil
@@ -209,6 +215,15 @@ func (s *Storage) write(ctx context.Context, path string, r io.Reader, size int6
 	if opt.HasStorageClass {
 		options = append(options, oss.StorageClass(oss.StorageClassType(opt.StorageClass)))
 	}
+	if opt.HasServerSideEncryption {
+		options = append(options, oss.ServerSideEncryption(opt.ServerSideEncryption))
+	}
+	if opt.HasServerSideDataEncryption {
+		options = append(options, oss.ServerSideDataEncryption(opt.ServerSideDataEncryption))
+	}
+	if opt.HasServerSideEncryptionKeyID {
+		options = append(options, oss.ServerSideEncryptionKeyID(opt.ServerSideEncryptionKeyID))
+	}
 
 	err = s.bucket.PutObject(rp, r, options...)
 	if err != nil {

utils.go

@@ -266,3 +266,15 @@ func (s *Storage) formatFileObject(v oss.ObjectProperties) (o *typ.Object, err e
 func (s *Storage) newObject(done bool) *typ.Object {
 	return typ.NewObject(s, done)
 }
+
+// All available encryption algorithms are listed here.
+const (
+	serverSideEncryptionHeader      = "x-oss-server-side-encryption"
+	serverSideEncryptionKeyIdHeader = "x-oss-server-side-encryption-key-id"
+
+	ServerSideEncryptionAES256 = "AES256"
+	ServerSideEncryptionKMS    = "KMS"
+	ServerSideEncryptionSM4    = "SM4"
+
+	ServerSideDataEncryptionSM4 = "SM4"
+)