CN113886803A

CN113886803A - Object storage system of instant messaging, object storage request method and device

Info

Publication number: CN113886803A
Application number: CN202111165012.6A
Authority: CN
Inventors: 窦志同; 覃建策; 王贵喜; 杨元
Original assignee: Perfect World Beijing Software Technology Development Co Ltd
Current assignee: Perfect World Beijing Software Technology Development Co Ltd
Priority date: 2021-09-30
Filing date: 2021-09-30
Publication date: 2022-01-04

Abstract

The application relates to an object storage system of instant messaging, an object storage request method and an object storage request device. The method comprises the following steps: under the condition of receiving an object storage request sent by a client, extracting a storage path and an authorization token carried in the object storage request, wherein the storage path is used for a server to store a target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, the server is used for providing instant messaging service for each client, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located; verifying the storage path according to the path information corresponding to the authorization token; and under the condition that the storage path verification passes, executing the object storage request and saving the result after the object storage request is executed. The method and the device solve the technical problem that the authority control in instant messaging is complex and various.

Description

Object storage system of instant messaging, object storage request method and device

Technical Field

The present application relates to the field of internet technologies, and in particular, to an object storage system for instant messaging, an object storage request method, and an object storage request device.

Background

Instant Messaging (IM) is a real-time communication system that allows two or more people to communicate text messages, files, voice and video in real time using a network. The instant communication message is transferred by the server, namely when the instant communication message is sent among a plurality of clients receiving the instant communication service, the instant communication message is firstly sent to the server for storage, and then other clients read the instant communication message from the server. However, how to store the instant messaging messages generated by the instant messaging service on the basis of ensuring mutual independence among the instant messaging services and simplify the authority control of the instant messaging service is a problem to be solved in the research of instant messaging.

Currently, in the related art, the message storage of instant messaging adopts a storage path divided according to a file type, or a storage path divided according to creation time and update time. However, although the above techniques can make the storage of the instant messaging messages look clear and organized, for the users participating in different instant messaging service groups, the information security cannot be guaranteed, that is, the users of other instant messaging service groups can see the messages of the group.

Aiming at the problem of complicated and various authority control in instant messaging, an effective solution is not provided at present.

Disclosure of Invention

The application provides an object storage system, an object storage request method and an object storage request device for instant messaging, and aims to solve the technical problem that authority control in instant messaging is complex and various.

According to an aspect of an embodiment of the present application, there is provided an object storage system for instant messaging, including:

the client is used for sending an object storage request to the server, wherein the object storage request carries a storage path of a target object and an authorization token, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located;

the server is used for acquiring path information corresponding to the authorization token to verify a storage path under the condition of receiving an object storage request sent by the client; and under the condition that the verification is passed, executing the object storage request and saving the result after the object storage request is executed.

According to another aspect of the embodiments of the present application, there is provided an object storage request method for instant messaging, applied to a server, including: under the condition of receiving an object storage request sent by a client, extracting a storage path and an authorization token carried in the object storage request, wherein the storage path is used for a server to store a target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, the server is used for providing instant messaging service for each client, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located; verifying the storage path according to the path information corresponding to the authorization token; and under the condition that the storage path verification passes, executing the object storage request and saving the result after the object storage request is executed.

Optionally, verifying the storage path according to the path information corresponding to the authorization token includes: searching a permission group matched with the authorization token; determining an authority path corresponding to the authorization token from the authority group under the condition that the authority group is found; and determining that the storage path passes the verification in the case that the authority path comprises the storage path.

Optionally, when the permission path includes a storage path, determining that the storage path is verified, specifically including: determining the corresponding operation authority of the authority path corresponding to the storage path under the condition that the authority path comprises the storage path; and determining that the storage path passes the verification in the case that the corresponding operation authority comprises the target operation of the object storage request.

Optionally, when the storage path verification passes, executing the object storage request and saving a result obtained after the object storage request is executed, which specifically includes: setting the target client to a modifiable state under the condition that the target operation is a modification operation so that the target client has the right to modify the target object; under the condition that the target operation is a reading operation, setting the target client to be in a readable state so that the target client has the right of reading the target object; and in the case that the target operation is a deletion operation, setting the target client to a deletable state so that the target client has the right to delete the target object.

Optionally, before receiving the object storage request sent by the client, the method further includes granting an authorization token to the client as follows: determining a target session associated with a token acquisition request under the condition of receiving the token acquisition request corresponding to a client; calling an instant messaging service group of a target session from a database; generating an authorization token under the condition that the client is a member in the instant messaging service group, and generating an authority path and a corresponding operation authority for the client based on the session identification identifier of the target session and the client identification identifier of the client; the authority path and the corresponding operation authority form an authority group, and the authority group and the authorization token are mapped and stored; the authorization token is sent to the client.

According to another aspect of the embodiments of the present application, there is provided an object storage request method for instant messaging, applied to a client, including: the method comprises the steps that a storage path of a target object is obtained, wherein the storage path is used for a server side to store the target object according to the storage path, the target object is a file uploaded by a client side or other client sides based on instant messaging service, and the server side is used for providing instant messaging service for each client side; and sending an object storage request carrying a storage path and an authorization token to a server so that the server acquires path information corresponding to the authorization token to verify the storage path, and executing the object storage request and storing a result after the object storage request is executed under the condition that the verification is passed, wherein the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located, and is used for the server to verify the storage path.

Optionally, the storage path of the target object is determined by: determining a target application corresponding to a target object and a target session in the target application, wherein all clients in the same session are in the same instant messaging service group; and starting from a preset storage field, combining an application identification mark of the target application, a session identification mark of the target session, an object type mark of the target object, a client identification mark of the client, an uploading timestamp of the target object and a file name of the target object according to a preset format to obtain a storage path.

According to another aspect of the embodiments of the present application, there is provided an object storage request device for instant messaging, applied to a server, including: the system comprises an extraction module, a storage module and an authorization token, wherein the extraction module is used for extracting a storage path and an authorization token carried in an object storage request under the condition of receiving the object storage request sent by a client, the storage path is used for a server to store a target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, the server is used for providing instant messaging service for each client, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located; the verification module is used for verifying the storage path according to the path information corresponding to the authorization token; and the execution module is used for executing the object storage request and saving the result after the object storage request is executed under the condition that the storage path verification passes.

According to another aspect of the embodiments of the present application, there is provided an object storage request device for instant messaging, applied to a client, including: the system comprises a path acquisition module, a path acquisition module and a server side, wherein the path acquisition module is used for acquiring a storage path of a target object, the storage path is used for the server side to store the target object according to the storage path, the target object is a file uploaded by a client side or other client sides based on instant messaging service, and the server side is used for providing instant messaging service for each client side; the request sending module is used for sending an object storage request carrying a storage path and an authorization token to the server so that the server acquires path information corresponding to the authorization token to verify the storage path, and executes the object storage request and stores a result after the object storage request is executed under the condition that the verification is passed, wherein the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located, and the authorization token is used for the server to verify the storage path.

According to another aspect of the embodiments of the present application, there is provided an electronic device, including a memory, a processor, a communication interface, and a communication bus, where the memory stores a computer program executable on the processor, and the memory and the processor communicate with each other through the communication bus and the communication interface, and the processor implements the steps of the method when executing the computer program.

According to yet another aspect of the embodiments of the present application, there is also provided a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the above-mentioned method.

Compared with the related art, the technical scheme provided by the embodiment of the application has the following advantages:

the application provides an object storage system of instant messaging, including: the client is used for sending an object storage request to the server, wherein the object storage request carries a storage path of a target object and an authorization token, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located; the server is used for acquiring path information corresponding to the authorization token to verify a storage path under the condition of receiving an object storage request sent by the client; and under the condition that the verification is passed, executing the object storage request and saving the result after the object storage request is executed. The method and the system for storing the instant messaging data are based on an instant messaging service group, namely a chat group, a storage path of the instant messaging data is designed, when a client sends an object storage request, an authorization token pre-granted by a server and a storage path of the instant messaging data to be looked up need to be carried, the server verifies the storage path according to path information corresponding to the authorization token, and the object storage request is executed only after the verification passes through the server. Therefore, the data storage paths of different groups based on group design are simple to realize, the mutual independence of data among different groups can be ensured, and the storage paths are associated with the operation authority of the user, so that the data storage requirement is met, and the technical problem of complex and various authority control in instant messaging is solved.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.

In order to more clearly illustrate the technical solutions in the embodiments or related technologies of the present application, the drawings needed to be used in the description of the embodiments or related technologies will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings without any creative effort.

Fig. 1 is a schematic diagram of an optional instant messaging object storage system according to an embodiment of the present application;

fig. 2 is a schematic flowchart of an object storage request method applied to server-side optional instant messaging according to an embodiment of the present disclosure;

fig. 3 is a schematic flowchart of an object storage request method applied to client-side optional instant messaging according to an embodiment of the present disclosure;

FIG. 4 is a schematic diagram of an alternative storage path according to an embodiment of the present application;

fig. 5 is a block diagram of an object storage request apparatus for server-side optional instant messaging according to an embodiment of the present disclosure;

FIG. 6 is a block diagram of an object storage request device for client-side optional instant messaging according to an embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of an alternative electronic device according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for the convenience of description of the present application, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.

In the related art, the message storage of instant messaging adopts a storage path divided according to a file type, or a storage path divided according to creation time and update time. However, although the above technologies can make the storage of the instant messaging data look clear and organized, for the users participating in different instant messaging service groups, the information security cannot be guaranteed, that is, the users of other instant messaging service groups can see the data of the group.

To solve the problems mentioned in the background, according to an aspect of the embodiments of the present application, there is provided an embodiment of an object storage system for instant messaging, the system including:

the client 101 is used for sending an object storage request to the server, wherein the object storage request carries a storage path of a target object and an authorization token, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located;

the server 103 is configured to, in a case that an object storage request sent by a client is received, obtain path information corresponding to the authorization token to verify a storage path; and under the condition that the verification is passed, executing the object storage request and saving the result after the object storage request is executed.

Optionally, a database 105 may be further provided for the server 103, so as to provide data access services for the server 103.

In the embodiment of the application, the server provides an instant messaging service for the client, and the target object is instant messaging data generated among a plurality of clients, such as text messages, voice messages, video messages, files, push links and the like. When a plurality of clients receive the same instant messaging service, the plurality of clients are in the same instant messaging service group, the clients are embodied as the same group of the same application, and the server is embodied as an instant messaging service group created by the server for the group. The server can grant an authorization token for each client in the group based on the instant messaging service set in advance, the client holds the authorization token, and can send an object storage request to the server, so as to check instant messaging data in the corresponding group, but cannot check instant messaging data in other groups based on the authorization token, that is, check instant messaging data of different groups, and need to obtain corresponding different authorization tokens. The object storage request carries a storage path and an authorization token of a target object, the server verifies the storage path by using path information corresponding to the authorization token, the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located, and the path information corresponding to the authorization token is stored in the server. The verification shows that the client has the right to execute the object storage request on the target object, and the server can execute the object storage request. If the verification fails, the client does not have the corresponding authority, and the server does not execute the object storage request.

In the embodiment of the application, when instant messaging data is transferred by the server, namely instant messaging data is looked up among a plurality of clients receiving instant messaging service, firstly, a storage path of the instant messaging data to be looked up and an authorization token are sent to the server for verification, and the instant messaging data can be looked up only after the verification is passed.

In the embodiment of the application, for the authorization tokens issued under the same group, the corresponding operation permissions are different, for example, the most basic permissions of the authorization tokens are to read the data of the group and add group data (e.g., files), and the permission to delete files is bound with a specific client in the authorization token, that is, only a file uploader can delete files, the authorization tokens issued under the same group can allow the client to modify the files in the group by default, and the files in the group can be modified under the authorization based on the file uploader.

The method and the system are based on an instant messaging service group, namely a chat group designs a storage path of instant messaging data, when a client sends an object storage request, an authorization token granted by a server in advance and the storage path of the instant messaging data to be looked up need to be carried, the server verifies the storage path according to path information corresponding to the authorization token, and the object storage request can be executed through the server only after the verification passes. Therefore, the data storage paths of different groups based on group design are simple to realize, the mutual independence of data among different groups can be ensured, and the storage paths are associated with the operation authority of the user, so that the data storage requirement is met, and the technical problem of complex and various authority control in instant messaging is solved.

According to another aspect of the embodiments of the present application, there is provided an object storage request method for instant messaging, which may be executed by a server 103, as shown in fig. 2, the method may include the following steps:

step S202, under the condition that an object storage request sent by a client is received, extracting a storage path and an authorization token carried in the object storage request, wherein the storage path is used for a server to store a target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, the server is used for providing instant messaging service for each client, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located;

step S204, verifying a storage path according to the path information corresponding to the authorization token;

in step S206, when the storage path verification passes, the object storage request is executed and the result after the execution of the object storage request is saved.

In the implementation of the application, the target object is instant messaging data generated among a plurality of clients, and the target object can be text messages, voice messages, video messages, files, push links and the like. The server establishes an association relation between the storage paths of the messages and the files and the authority control, and issues an authorization token to the client based on the instant communication service group where the client is located, so that the client obtains the authority for executing operations on the instant communication messages and the group files in the corresponding group after holding the authorization token, wherein the authorization token comprises sending the instant communication messages in the group, looking up the instant communication messages, uploading the group files and the like, the instant communication messages sent by the client and the uploaded files are stored in the server, and other clients hold storage paths based on the authorization token issued by the same group and the instant communication data to be looked up and send object storage requests to the server to apply for looking up the instant communication data. Similarly, the client needs to refer to the instant messaging data sent by other clients, and also needs to hold an authorization token issued based on the same group and a storage path of the instant messaging data to be referred to, and send an object storage request to the server to apply for referring to the instant messaging data.

In the embodiment of the application, the server side verifies the storage path by using the path information corresponding to the authorization token, the authorization token is granted to the client side by the server side in advance according to the instant messaging service group where the client side is located, and the path information corresponding to the authorization token is stored in the server side. The verification shows that the client has the right to execute the object storage request on the target object, and the server can execute the object storage request. If the verification fails, the client does not have the corresponding authority, and the server does not execute the object storage request. And after the server executes the object storage request, simultaneously storing the result of the execution of the object storage request.

Through the steps S202 to S206, in the present application, a storage path of instant messaging data is designed based on an instant messaging service set, that is, a chat group, when an object storage request is sent by a client, an authorization token granted in advance by a server and a storage path of instant messaging data to be referred to need to be carried, the server verifies the storage path according to path information corresponding to the authorization token, and the server executes the object storage request only after the verification passes. Therefore, the data storage paths of different groups based on group design are simple to realize, the mutual independence of data among different groups can be ensured, and the storage paths are associated with the operation authority of the user, so that the data storage requirement is met, and the technical problem of complex and various authority control in instant messaging is solved.

Optionally, before receiving the object storage request sent by the client, the method further includes granting an authorization token to the client as follows:

step 1, under the condition of receiving a token acquisition request corresponding to a client, determining a target session associated with the token acquisition request;

step 2, calling an instant messaging service group of the target session from a database;

step 3, generating an authorization token under the condition that the client is a member in the instant communication service group, and generating an authority path and a corresponding operation authority for the client based on the session identification identifier of the target session and the client identification identifier of the client;

step 4, the authority path and the corresponding operation authority form an authority group, and the authority group and the authorization token are mapped and stored;

and 5, sending the authorization token to the client.

In the embodiment of the present application, an instant messaging service group is created by a server for a target session, and is used to provide an instant messaging service for a same instant messaging service group, i.e., a client in the target session, so as to be different from other instant messaging service groups (other sessions). Therefore, the authorization token is associated with the session, the client holds the authorization token, the instant messaging data in the corresponding group can be checked, the instant messaging data in other groups cannot be checked based on the authorization token, namely the instant messaging data of different groups are checked, and the corresponding different authorization tokens need to be obtained.

In the embodiment of the application, after the client sends the token acquisition request, the server judges whether the client is in the requested target session, if so, authorization is carried out, otherwise, authorization is refused. When the client joins in a certain instant communication service group, the server can also automatically grant the authorization token of the instant communication service group for the client, and when the client exits the instant communication service group, the server automatically cancels the authorization token granted to the client. After the administrator in the instant messaging service group changes the access authority and the management authority of the client, the server automatically updates the corresponding authorization token for the client.

In the embodiment of the present application, the session identification is a unique identification of the target session and an instant messaging service group corresponding to the target session, and the client identification is a unique identification of the client, it should be noted that the client identification may include an identification of a hardware device specifically used by the user, and may also include a user identification.

In this embodiment of the present application, the permission set may be a binary set with a string as an element, where the string of the unary indicates a set of permission paths under the target session that the client may access, such as { picture }/{ sessionMd5}/{ uid }, { text }/{ sessionMd5}/{ uid }/{ video }/{ sessionMd5}/{ uid }, { file }/{ sessionMd5}/{ uid }, and { voice }/{ sessionMd5}/{ uid }, and the like, where sessionMd5 indicates a session identification and uid indicates a client identification. The character string of another element represents a set of corresponding operation rights (such as addition, modification, deletion, reading and the like) that can be executed by the client.

In the embodiment of the application, the authorization behavior of the server side can be simplified by adopting a mode that the authority path and the corresponding operation authority form the authority group and are bound with the authorization token, the authorization token under the same session can be reused, and the client side does not need to apply for multiple times. For example, according to a file type storage mode, a picture tmp.jpg is sent in the session a, a storage path is "/picture/jpg/tmp.jpg", a text file text is sent in the session a, the storage path is "/text/txt/text.txt", when an authorization token is applied, two file paths of "/picture/jpg/tmp.jpg" and "/text/txt/text.txt" need to be applied for a token respectively, and according to the path design of the scheme, only one authorization token based on the session needs to be applied, and an authorization token of an authority path and corresponding operation authority is integrated.

The server side maps and stores the authority group and the authorization token, and actually establishes an association relationship between the path and the authority. Before sending an object storage request, a client needs to apply an authorization token of a session where an object is located to a server first. The client side has an authorization token, and also has the right to access the messages and files under the paths. The authorization tokens owned by the clients in the same group are based on the same session, the same session identification realizes that the clients can read the messages and files in the session, and only the clients in the session can read the files. Because there is a uid, only the creator of the message or file can delete the message or file.

And mapping and storing the authority group containing the authority path and the corresponding operation authority and the authorization token so that the storage path of the target object to be accessed by the client can be verified according to the authorization token held by the client after the path and the authority are associated.

In the embodiment of the application, the server side obtains the mapped authority group according to the authorization token, traverses the authority path and the corresponding operation authority in the authority group, compares the storage path with the authority path, and compares the target operation of the object storage request with the corresponding operation authority, if the storage path is in the authority path set range and the target operation of the object storage request is in the operation authority corresponding to the authority path, the storage path passes verification, and the server side executes the object storage request.

In the embodiment of the application, the target operation of the object storage request includes a modification operation, a read operation, a delete operation, and the like.

Specifically, in the case that the target operation is a modification operation, a path with a target session identification exists in the permission path, and the modification operation is included in the corresponding operation permission, the target client is set to a modifiable state so that the target client has the permission to modify the target object, wherein the target session identification is a session identification included in the storage path of the target object.

Specifically, in the case that the target operation is a read operation, a path with a target session identification exists in the permission path, and the corresponding operation permission includes the read operation, the target client is set to a readable state so that the target client has the permission to read the target object, wherein the target session identification is a session identification included in the storage path of the target object.

And under the conditions that the target operation is a deletion operation, a path with a target session identification and a target client identification exists in the permission path and the corresponding operation permission comprises the deletion operation, setting the target client to be in a deletable state so that the target client has the permission to delete the target object, wherein the target session identification and the target client identification are the session identification and the client identification included in the storage path of the target object.

Taking the reading and deleting operation as an example, for a client, the reading authority of the client is a path authority of a session where the client is located, such as "{ bucket }/{ appId }/{ type }/{ subType }/{ sessionMd5 }" level authority, and the uploading and deleting authority of the client is a client path authority of the session where the client is located, such as "{ bucket }/{ appId }/{ type }/{ subType }/{ sessionMd5}/{ uid }" level authority, where bucket is a field of an object storage block and represents a storage space, appId represents an application identification, and type represents a type of the session, such as single chat and group chat, and it is required to be noted that single chat is a group consisting of two clients, and a group consisting of more than two clients is chatted. The subType indicates a file type such as picture, video, text, and voice, etc.

For example, the instant messaging application App1 has three users a, B, and c in group chat session a, and the instant messaging application App2 has two users a and d in single chat session B. User b sends a picture tmp. jpg in session a at 3/1/2021, and uploads to the path "bucket/app 1/group chat/picture/session a/b/20210301/tmp. jpg". User d sends a text file text.txt in session a at 3, 2 and 2021, and uploads the text file text.txt to the path of "bucket/app 2/single chat/text/session B/d/20210302/text.txt". Since the user a is in both session a and session B, the user a has the reading authority of two paths of "bucket/app 1/group chat/picture/session a" and "bucket/app 2/single chat/text/session B", so the user a can read two files of tmp.jpg and test.txt, while the user B only has the path authority of "bucket/app 1/group chat/picture/session a" in session a, so the user B can only read the tmp.jpg file.

And since the user a only has the deletion permissions of two paths of 'bucket/app 1/group chat/picture/session A/a' and 'bucket/app 2/single chat/text/session B/a', and does not have the deletion permission of a path of 'bucket/app 1/group chat/picture/session A/B', the deletion operation of the tmp.jpg file cannot be performed, and only the user B can delete tmp.jpg.

According to another aspect of the embodiments of the present application, there is provided an object storage request method for instant messaging, which may be executed by a client 101, as shown in fig. 3, and the method may include the following steps:

step S302, a storage path of a target object is obtained, wherein the storage path is used for a server to store the target object according to the storage path, the target object is a file uploaded by a client or other clients based on instant messaging service, and the server is used for providing instant messaging service for each client;

step S304, sending an object storage request carrying a storage path and an authorization token to the server, so that the server obtains path information corresponding to the authorization token to verify the storage path, and executing the object storage request and storing a result after the object storage request is executed under the condition that the verification is passed, wherein the authorization token is granted to the client by the server in advance according to the instant messaging service group where the client is located, and the authorization token is used for the server to verify the storage path.

Through the steps S302 to S304, the instant messaging data storage path is designed based on the instant messaging service set, that is, the chat group, when the client sends the object storage request, the client needs to carry the authorization token granted in advance by the server and the storage path of the instant messaging data to be referred to, the server verifies the storage path according to the path information corresponding to the authorization token, and the server executes the object storage request after the verification passes. Therefore, the data storage paths of different groups based on group design are simple to realize, the mutual independence of data among different groups can be ensured, and the storage paths are associated with the operation authority of the user, so that the data storage requirement is met, and the technical problem of complex and various authority control in instant messaging is solved.

The present application may set the path in the manner shown in fig. 4. The bucket is a field of the object storage block, and represents a storage space, the appId represents an application identification, and the type represents a type of a session, such as a single chat and a group chat, it should be noted that the single chat is a group consisting of two clients, and the group chat is a group consisting of more than two clients. The subType indicates a file type such as picture, video, text, and voice, etc. sessionMd5 is a session identification, uid is a client identification, and may include a hardware identification used by a user, and may also include a user identification, yyymmdd is an upload timestamp, and file is a file name.

According to another aspect of the embodiments of the present application, as shown in fig. 5, there is provided an object storage request device for instant messaging, applied to a server, including:

the system comprises an extraction module 501, a storage module and an authorization token, wherein the extraction module is used for extracting a storage path and an authorization token carried in an object storage request under the condition that the object storage request sent by a client is received, the storage path is used for a server to store a target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, the server is used for providing instant messaging service for each client, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located;

the verification module 503 is configured to verify the storage path according to the path information corresponding to the authorization token;

and the executing module 505 is configured to execute the object storage request and save a result after the object storage request is executed, when the storage path verification passes.

It should be noted that the extracting module 501 in this embodiment may be configured to execute the step S202 in this embodiment, the verifying module 503 in this embodiment may be configured to execute the step S204 in this embodiment, and the executing module 505 in this embodiment may be configured to execute the step S206 in this embodiment.

It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. The modules may be operated in a system as shown in fig. 1 as a part of a device, and may be implemented by software or hardware.

Optionally, the verification module is specifically configured to: searching a permission group matched with the authorization token; determining an authority path corresponding to the authorization token from the authority group under the condition that the authority group is found; and determining that the storage path passes the verification in the case that the authority path comprises the storage path.

Optionally, the verification module is further configured to: determining the corresponding operation authority of the authority path corresponding to the storage path under the condition that the authority path comprises the storage path; and determining that the storage path passes the verification in the case that the corresponding operation authority comprises the target operation of the object storage request.

Optionally, the execution module is specifically configured to: setting the target client to a modifiable state under the condition that the target operation is a modification operation so that the target client has the right to modify the target object; under the condition that the target operation is a reading operation, setting the target client to be in a readable state so that the target client has the right of reading the target object; and in the case that the target operation is a deletion operation, setting the target client to a deletable state so that the target client has the right to delete the target object.

Optionally, the object storage requesting device for instant messaging further includes an authorization module, configured to: determining a target session associated with a token acquisition request under the condition of receiving the token acquisition request corresponding to a client; calling an instant messaging service group of a target session from a database; generating an authorization token under the condition that the client is a member in the instant messaging service group, and generating an authority path and a corresponding operation authority for the client based on the session identification identifier of the target session and the client identification identifier of the client; the authority path and the corresponding operation authority form an authority group, and the authority group and the authorization token are mapped and stored; the authorization token is sent to the client.

According to another aspect of the embodiments of the present application, as shown in fig. 6, there is provided an object storage request device for instant messaging, applied to a client, including:

the path obtaining module 601 is configured to obtain a storage path of a target object, where the storage path is used for a server to store the target object according to the storage path, the target object is a file uploaded by a client or other clients based on an instant messaging service, and the server is used to provide an instant messaging service for each client;

the request sending module 603 is configured to send an object storage request carrying a storage path and an authorization token to the server, so that the server obtains path information corresponding to the authorization token to verify the storage path, and executes the object storage request and stores a result after the object storage request is executed when the verification is passed, where the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located, and the authorization token is used for the server to verify the storage path.

It should be noted that the path obtaining module 601 in this embodiment may be configured to execute step S302 in this embodiment, and the request sending module 603 in this embodiment may be configured to execute step S304 in this embodiment.

Optionally, the object storage requesting device for instant messaging further includes a path determining module, configured to: determining a target application corresponding to a target object and a target session in the target application, wherein all clients in the same session are in the same instant messaging service group; and starting from a preset storage field, combining an application identification mark of the target application, a session identification mark of the target session, an object type mark of the target object, a client identification mark of the client, an uploading timestamp of the target object and a file name of the target object according to a preset format to obtain a storage path.

According to another aspect of the embodiments of the present application, an electronic device is provided, as shown in fig. 7, and includes a memory 701, a processor 703, a communication interface 705, and a communication bus 707, where the memory 701 stores a computer program that is executable on the processor 703, the memory 701 and the processor 703 communicate with each other through the communication interface 705 and the communication bus 707, and the processor 703 implements the steps of the method when executing the computer program.

The memory and the processor in the electronic equipment are communicated with the communication interface through a communication bus. The communication bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc.

The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.

The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.

There is also provided, in accordance with yet another aspect of an embodiment of the present application, a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the steps of any of the embodiments described above.

Optionally, in an embodiment of the present application, a computer readable medium is configured to store program code for the processor to perform the following steps:

under the condition of receiving an object storage request sent by a client, extracting a storage path and an authorization token carried in the object storage request, wherein the storage path is used for a server to store a target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, the server is used for providing instant messaging service for each client, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located;

verifying the storage path according to the path information corresponding to the authorization token;

and under the condition that the storage path verification passes, executing the object storage request and saving the result after the object storage request is executed.

Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.

When the embodiments of the present application are specifically implemented, reference may be made to the above embodiments, and corresponding technical effects are achieved.

Optionally, in an embodiment of the present application, the computer readable medium may be further configured to store program code for the processor to perform the following steps:

the method comprises the steps that a storage path of a target object is obtained, wherein the storage path is used for a server side to store the target object according to the storage path, the target object is a file uploaded by a client side or other client sides based on instant messaging service, and the server side is used for providing instant messaging service for each client side;

and sending an object storage request carrying a storage path and an authorization token to a server so that the server acquires path information corresponding to the authorization token to verify the storage path, and executing the object storage request and storing a result after the object storage request is executed under the condition that the verification is passed, wherein the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located, and is used for the server to verify the storage path.

It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the Processing units may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units configured to perform the functions described herein, or a combination thereof.

For a software implementation, the techniques described herein may be implemented by means of units performing the functions described herein. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and in actual implementation, there may be other divisions, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or make a contribution to the prior art, or may be implemented in the form of a software product stored in a storage medium and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk. It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. An instant messaging object storage system, comprising:

the system comprises a client, a server and a server, wherein the client is used for sending an object storage request to the server, wherein the object storage request carries a storage path of a target object and an authorization token, and the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located;

the server is used for acquiring path information corresponding to the authorization token to verify the storage path under the condition of receiving an object storage request sent by a client; and under the condition that the verification is passed, executing the object storage request and saving the result after the object storage request is executed.

2. An object storage request method of instant messaging is applied to a server side, and is characterized by comprising the following steps:

and under the condition that the storage path passes the verification, executing the object storage request and saving the result after the object storage request is executed.

3. The method of claim 2, wherein verifying the storage path according to the path information corresponding to the authorization token comprises:

searching a permission group matched with the authorization token;

determining an authority path corresponding to the authorization token from the authority group under the condition that the authority group is found;

and determining that the storage path is verified in the case that the permission path comprises the storage path.

4. The method according to claim 3, wherein, in a case that the permission path includes the storage path, determining that the storage path is verified, specifically includes:

determining corresponding operation authority of an authority path corresponding to the storage path under the condition that the authority path comprises the storage path;

and determining that the storage path passes verification under the condition that the corresponding operation authority comprises the target operation of the object storage request.

5. The method according to claim 4, wherein, when the storage path is verified, executing the object storage request and storing a result of the execution of the object storage request includes:

if the target operation is a modification operation, setting the target client to a modifiable state so that the target client has the right to modify the target object;

under the condition that the target operation is a reading operation, setting the target client to be in a readable state so that the target client has the right of reading the target object;

and if the target operation is a deleting operation, setting the target client to be in a deletable state so that the target client has the right to delete the target object.

6. The method of any of claims 3 to 5, wherein prior to receiving the object store request sent by the client, the method further comprises granting the authorization token to the client as follows:

determining a target session associated with the token acquisition request under the condition that the token acquisition request corresponding to the client is received;

calling an instant messaging service group of the target session from a database;

generating the authorization token under the condition that the client is a member in the instant messaging service group, and generating an authority path and a corresponding operation authority for the client based on the session identification identifier of the target session and the client identification identifier of the client;

the permission path and the corresponding operation permission form the permission group, and the permission group and the authorization token are mapped and stored;

and sending the authorization token to the client.

7. An object storage request method of instant messaging is applied to a client, and is characterized by comprising the following steps:

acquiring a storage path of a target object, wherein the storage path is used for a server to store the target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, and the server is used for providing instant messaging service for each client;

and sending an object storage request carrying the storage path and an authorization token to the server, so that the server acquires path information corresponding to the authorization token to verify the storage path, and executes the object storage request and stores a result after the object storage request is executed under the condition that the verification is passed, wherein the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located, and the authorization token is used for the server to verify the storage path.

8. The method of claim 7, wherein the storage path of the target object is determined by:

determining a target application corresponding to the target object and a target session in the target application, wherein all clients in the same session are in the same instant messaging service group;

and starting with a preset storage field, combining the application identification of the target application, the session identification of the target session, the object type identification of the target object, the client identification of the client, the uploading timestamp of the target object and the file name of the target object according to a preset format to obtain the storage path.

9. An object storage request device for instant messaging, applied to a server, comprising:

the system comprises an extraction module and an authorization token module, wherein the extraction module is used for extracting a storage path and an authorization token carried in an object storage request under the condition of receiving the object storage request sent by a client, the storage path is used for a server to store a target object according to the storage path, the target object is a file uploaded by the client or other clients based on instant messaging service, the server is used for providing instant messaging service for each client, and the authorization token is granted to the client for the server in advance according to an instant messaging service group where the client is located;

the verification module is used for verifying the storage path according to the path information corresponding to the authorization token;

and the execution module is used for executing the object storage request and storing the result after the object storage request is executed under the condition that the storage path passes the verification.

10. An object storage request device for instant messaging, applied to a client, comprising:

the system comprises a path acquisition module, a storage path acquisition module and a storage module, wherein the storage path is used for a server side to store a target object according to the storage path, the target object is a file uploaded by the client side or other client sides based on the instant messaging service, and the server side is used for providing the instant messaging service for each client side;

and the request sending module is used for sending an object storage request carrying the storage path and an authorization token to the server so that the server acquires path information corresponding to the authorization token to verify the storage path, and executes the object storage request and stores a result after the object storage request is executed under the condition that the verification is passed, wherein the authorization token is granted to the client by the server in advance according to an instant messaging service group where the client is located, and the authorization token is used for the server to verify the storage path.

11. An electronic device comprising a memory, a processor, a communication interface and a communication bus, wherein the memory stores a computer program operable on the processor, and the memory and the processor communicate via the communication bus and the communication interface, wherein the processor implements the steps of the method according to any of the claims 2 to 6 or 7 to 8 when executing the computer program.

12. A computer readable medium having non-volatile program code executable by a processor, wherein the program code causes the processor to perform the method of any of claims 2 to 6 or 7 to 8.