生成policy和签名：

import crypto from 'crypto';

// 签名
function signPolicy(policy, accessKeySecret) {
    const base64Policy = Buffer.from(JSON.stringify(policy)).toString('base64');
    const signature = crypto
        .createHmac('sha1', accessKeySecret)
        .update(base64Policy)
        .digest('base64');
    return { base64Policy, signature };
}

// 生成policy
const createPolicy = (ossConfig) => {
    const accessKeyId = ossConfig.accessKeyID;
    const accessKeySecret = ossConfig.accessKeySecret;
    const bucket = ossConfig.bucket;
    const region = ossConfig.region;
    const expiration = new Date();
    expiration.setMinutes(expiration.getMinutes() + 60); // 策略有效期 60 分钟

    const policy = {
        expiration: expiration.toISOString(),
        conditions: [
            ['content-length-range', 0, 1048576000], // 限制文件大小为 1GB
        ],
    };

    const { base64Policy, signature } = signPolicy(policy, accessKeySecret);

    return {
        accessKeyId,
        policy: base64Policy,
        signature,
        url: `https://${bucket}.${region}.aliyuncs.com`
    }
}

export default {
    createPolicy
}

调用：

const policy = useOSS.createPolicy(ossConfig);

生成 policy 的时候需要用到 accessKeyID 等敏感信息，所以只能在服务端进行。