AWS 预签名 URL

Posted 2023-02-19

【中文标题】AWS 预签名 URL

【英文标题】：AWS Pre signed URL

【发布时间】：2018-02-01 22:04:44

【问题描述】：

我正在尝试使用 php/javascript 将图像/视频上传到 AWS S3

这是我的 PHP 代码

<?php
use Aws\S3\Exception\S3Exception;


    $filename = isset($_GET['file']) ? $_GET['file'] : '';
    $mime = isset($_GET['mime']) ? $_GET['mime'] : '';

    function getSignedUrl($filename, $mime) 


        require $_SERVER['DOCUMENT_ROOT'].'/ibrainmart/start.php';

        $BUCKET = $config['S3']['bucket'];
        $tmp_name = $filename;



        try 
            $command= $S3->getCommand('PutObject', array(
                    'Bucket'      => $BUCKET,
                    'Key'         => $tmp_name,
                    'ContentType' => $mime,
                    'Body'        => ''

            ));
            $signedUrl = $S3->createPresignedRequest($command, "1 week");
         catch (S3Exception $e) 
            echo $e->getMessage() . "\n";
        
        echo $signedUrl->getUri();
        return $signedUrl->getUri();
    


    echo getSignedUrl($filename,$mime);

?>

这是我的 Java 脚本代码

$(function()
    // run onLoad

    $("#profilePic").uploadHandler("headerupload.php");
);

// Upload image to S3
$.fn.uploadHandler = function(s3presignedApiUri) 

    $(document).ready(function (e) 
        $("#profilePic").on('change',(function(e) 
        e.preventDefault();

        console.log("ajax going to start..!");
        var fileupload = $('input[name=file]');
        var fileToUpload = fileupload[0].files[0];
           if(fileToUpload !="undefined")
            var formData = new FormData();
            formData.append("file", fileToUpload);
           
        console.log("fileToUpload.name"+fileToUpload.name);
        $.ajax(
                url: s3presignedApiUri, // Url to which the request is send
                type: "GET",             // Type of request to be send, called as method

                data: 'file='+ fileToUpload.name + '&mime=' + fileToUpload.type , // Data sent to server, a set of key/value pairs (i.e. form fields and values)


                cache: false,             // To unable request pages to be cached
                )       


                .done(function(data)   // A function to be called if request succeeds
                

                    console.log("data ............"+data);

                    $.ajax(
                        url : data.url,
                        type : "PUT",
                        data : fileToUpload,
                        cache : false,
                        contentType : fileToUpload.type,
                        processData : false
                    )
                    .done(function() 

                        console.info("s3-upload done: "); // REMOVE ME FOR PRODUCTION USE

                    )
                    .fail(function(e) 
                        console.error("s3-upload failed",e); // REMOVE ME FOR PRODUCTION USE
                    );
                )
                .fail(function(e)
                        
                        console.log("file passing error.!");
                    )

                ));

    );

所有这些功能都很好，我想即使在执行之后它也会给我文件上传成功消息。但是当我检查 s3 时什么都没有。

即使在控制台中，它也会生成 Presignrd URL，如下所示。但是当我尝试单击它时，它会给我 SignatureDoesNotMatch 错误。（请单击 URL）。可能是什么错误..？

https://ibrainmartstorage.s3.us-east-2.amazonaws.com/DSC_1595.JPG?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJZBWQOXKKPC7UXDQ%2F20170824%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20170824T062933Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a4384c737f191c6a516611f67a322ebf98b8e9e0aff65bbcd84e74c87637fb3dhttps://ibrainmartstorage.s3.us-east-2.amazonaws.com/DSC_1595.JPG?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJZBWQOXKKPC7UXDQ%2F20170824%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20170824T062933Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a4384c737f191c6a516611f67a322ebf98b8e9e0aff65bbcd84e74c87637fb3d

【问题讨论】：

参考以下文档docs.aws.amazon.com/aws-sdk-php/v3/guide/service/…并检查它是否工作？

【参考方案1】：

经过几天的尝试，找到了这个解决方案。

使用 AWS Cognito Federate 池生成与 AWS S3 的会话并使用临时生成的密钥、accessID 和 Session 上传文件。下面我列出了代码示例。

getAuthenticateUser().getSession(function(err,session)
     if (err) 
        console.log("Error"+err);
        return;
    
    if(session.isValid())
    

        const authenticator = 'cognito-idp.us-east-2.amazonaws.com/us-east-2_cfmOv3jSL';
        AWS.config.region = 'us-east-2'; // Region
        AWS.config.credentials = new AWS.CognitoIdentityCredentials(
        IdentityPoolId: 'us-east-2:XXXXX-d2b7-XXXX-85c7-929aadf450b2',
        Logins: 
            [authenticator]: session.getIdToken().getJwtToken()
          

    );
     AWS.config.credentials.refresh((error) => 
         if (error) 
             console.error(error);
          else 
             console.log('Successfully logged!');
         
    );


    AWS.config.getCredentials(function(err) 
      if (err) console.log(err.stack); // credentials not loaded
      else  
        console.log("Access Key:", AWS.config.credentials.accessKeyId);
      console.log("Access Key:", AWS.config.credentials.secretAccessKey);
     console.log("Access Key:", AWS.config.credentials);

    AWS.config.update(
        AccessKeyId : AWS.config.credentials.AccessKeyId,
        SecretAccessKey : AWS.config.credentials.SecretAccessKey ,
        SessionToken : AWS.config.credentials.SessionToken

    );
      

    );
    

    if(!session.isValid())
    
        console.log("Session is not valid..!");
         //Please Login to Continue
    

    );