Amazon S3 POST api,并使用NodeJS签署策略
Der*_*ley 21 javascript cryptography amazon-s3 amazon-web-services node.js
我正在尝试构建一个允许用户从NodeJS驱动的网站直接将文件上传到我的Amazon S3存储桶的内置版本.它似乎是唯一的教程,除了实际的亚马逊文档之外都是非常过时的.
我一直在关注本教程,了解基本信息,但同样它已经过时了.它没有方法调用来crypto纠正,因为它试图将原始JavaScript对象传递给update方法,因为它不是字符串或缓冲区而抛出错误.
我也一直在寻找knox npm包的来源.它没有内置的POST支持 - 我完全理解,因为它是浏览器在拥有正确的字段后进行POST.诺克斯似乎有正确的代码签署一个政策,我试图让我的代码基于此工作......但再次无济于事.
以下是我提出的代码.它产生一个base64编码的策略,并创建一个签名......但是当我尝试进行文件上传时,根据亚马逊的说法,它是错误的签名.
var crypto = require("crypto");
var config = require("../../amazonConfig.json");
exports.createS3Policy = function(callback) {
var date = new Date();
var s3Policy = {
"expiration": "2014-12-01T12:00:00.000Z",
"conditions": [
{"acl": "public-read"},
["content-length-range", 0, 2147483648],
{"bucket": "signalleaf"},
["starts-with", "$Cache-Control", ""],
["starts-with", "$Content-Type", ""],
["starts-with", "$Content-Disposition", ""],
["starts-with", "$Content-Encoding", ""],
["starts-with", "$Expires", ""],
["starts-with", "$key", "/myfolder/"],
{"success_action_redirect": "http://example.com/uploadsuccess"},
]
};
var stringPolicy = JSON.stringify(s3Policy).toString("utf-8");
var buffer = Buffer(stringPolicy, "utf-8");
var encoded = buffer.toString("base64");
var signature = crypto.createHmac("sha1", config.secretKey)
.update(new Buffer(stringPolicy, "utf-8")).digest("base64");
var s3Credentials = {
s3PolicyBase64: encoded,
s3Signature: signature
};
GLOBAL.s3creds = s3Credentials;
callback(s3Credentials);
};
在这里,我显然做错了什么.但我不知道是什么.任何人都可以帮助确定我做错了什么吗?我的问题在哪里?有没有人有一个工作教程,如何使用来自NodeJS v0.10.x的签名生成适当的Amazon S3策略,用于POST到s3 REST api?
Der*_*ley 36
好吧,我终于明白了.在玩了随机猜谜游戏很长一段时间后,我心想
"也许我需要签署base64编码的政策" - 我
和BAM就是这样.
我还重新订购了条件以匹配表单的发布方式,但我不确定这会有所不同.
var crypto = require("crypto");
var config = require("../../amazonConfig.json");
exports.createS3Policy = function(contentType, callback) {
var date = new Date();
var s3Policy = {
"expiration": "2014-12-01T12:00:00.000Z", // hard coded for testing
"conditions": [
["starts-with", "$key", "somefolder/"],
{"bucket": "my-bucket-name"},
{"acl": "public-read"},
["starts-with", "$Content-Type", contentType],
{"success_action_redirect": "http://example.com/uploadsuccess"},
]
};
// stringify and encode the policy
var stringPolicy = JSON.stringify(s3Policy);
var base64Policy = Buffer(stringPolicy, "utf-8").toString("base64");
// sign the base64 encoded policy
var signature = crypto.createHmac("sha1", config.secretKey)
.update(new Buffer(base64Policy, "utf-8")).digest("base64");
// build the results object
var s3Credentials = {
s3Policy: base64Policy,
s3Signature: signature
};
// send it back
callback(s3Credentials);
};
希望这将有助于其他遇到同样问题的人.
- @Zugwalt,你可以通过内置的格式来简化这一点.`moment.utc(EXPIRATIONDATE).toISOString()` (4认同)
sca*_*aza 16
我修改了一些前面的例子,因为它对我不起作用:亚马逊返回了一个关于破签名的错误.
以下是如何使用POST为AWS浏览器上传创建签名(AWS签名版本4)
http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-authentication-HTTPPOST.html
var CryptoJS = require("crypto-js");
var accessKeyID = "PUT YOUR DATA";
var secretAccessKey = "PUT YOUR DATA";
var bucket = "PUT YOUR BUCKET NAME";
var region = "eu-central-1"; // overwrite with your region
var folder = "users/"; // overwrite with your folder
var expiration = "2015-09-28T12:00:00.000Z"; // overwrite date
var date = "20150927"; // overwrite date
var serviceName = "s3";
function getSignatureKey(key, dateStamp, regionName, serviceName) {
var kDate = CryptoJS.HmacSHA256(dateStamp, "AWS4" + key);
var kRegion = CryptoJS.HmacSHA256(regionName, kDate);
var kService = CryptoJS.HmacSHA256(serviceName, kRegion);
var kSigning = CryptoJS.HmacSHA256("aws4_request", kService);
return kSigning;
}
var s3Policy = {"expiration": expiration,
"conditions": [
{"bucket": bucket},
["starts-with", "$key", folder],
{"acl": "public-read"},
["starts-with", "$Content-Type", "image/"],
{"x-amz-meta-uuid": "14365123651274"},
["starts-with", "$x-amz-meta-tag", ""],
{"x-amz-credential": accessKeyID + "/" + date + "/" + region + "/" + serviceName +"/aws4_request"},
{"x-amz-algorithm": "AWS4-HMAC-SHA256"},
{"x-amz-date": date + "T000000Z" }
]
};
var base64Policy = new Buffer(JSON.stringify(s3Policy), "utf-8").toString("base64");
console.log('base64Policy:', base64Policy);
var signatureKey = getSignatureKey(secretAccessKey, date, region, serviceName);
var s3Signature = CryptoJS.HmacSHA256(base64Policy, signatureKey).toString(CryptoJS.enc.Hex);
console.log('s3Signature:', s3Signature);
接下来生成的base64Policy和s3Signature我在表单中用于上传.示例如下:http: //docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
非常重要的是检查html表单和策略中是否包含相同的字段和值.
| 归档时间: |
|
| 查看次数: |
7320 次 |
| 最近记录: |