AWSS3GetPreSignedURLRequest上传，自定义标题为403

Question

我的AWSS3GetPreSignedURLRequest和AFNetworking的NSMutableURLRequest遇到了一些问题。我可以使用Content-Type标题成功上传文件。但是，如果我添加x-amz-acl和x-amz-server-side-encryption，则上传将失败，并显示403 - 无权限错误。我能做什么？这是亚马逊方面的问题，使用服务器端加密或ACL不允许使用预先签名的URL，或者更改请求是否有效？我对AWS文档和iOS SDK参考资料非常深入，但没有任何内容。顺便说一句，我正在使用AWS iOS SDK v2。有人怎么怎么做？

    NSString *keyName;
    NSString *fileContentTypeStr;
    NSDateFormatter *formatter = [[NSDateFormatter alloc] init];
    [formatter setDateFormat:@"MM.d.h.mm.ss"];
    if([multipleFileType isEqualToString:@"PNG"])
    {
        fileContentTypeStr = @"image/png";
        keyName = [NSString stringWithFormat:@"image_%@.png", [formatter stringFromDate:[NSDate date]]];
    }
    else if([multipleFileType isEqualToString:@"JPG"])
    {
        fileContentTypeStr = @"image/jpeg";
        keyName = [NSString stringWithFormat:@"image_%@.jpg", [formatter stringFromDate:[NSDate date]]];
    }
    self.imageUploadURL = [NSURL fileURLWithPath:[NSTemporaryDirectory() stringByAppendingPathComponent:@"image"]];

    [imageData writeToURL:self.imageUploadURL atomically:YES];
    AWSS3GetPreSignedURLRequest *getPreSignedURLRequest = [AWSS3GetPreSignedURLRequest new];
    getPreSignedURLRequest.bucket = [NSString stringWithFormat:@"BUCKET-NAME/%@",  folderObject.objectId];
    getPreSignedURLRequest.key = keyName;
    getPreSignedURLRequest.HTTPMethod = AWSHTTPMethodPUT;
    getPreSignedURLRequest.expires = [NSDate dateWithTimeIntervalSinceNow:3600];
    getPreSignedURLRequest.contentType = fileContentTypeStr;

    [[[AWSS3PreSignedURLBuilder defaultS3PreSignedURLBuilder] getPreSignedURL:getPreSignedURLRequest]
     continueWithBlock:^id(BFTask *task) {
         if (task.error) {
             NSLog(@"Error: %@",task.error);
         } else {
             NSURL *presignedURL = task.result;
             NSMutableURLRequest *URLRequest = [NSMutableURLRequest requestWithURL:presignedURL];
             [URLRequest setValue:fileContentTypeStr forHTTPHeaderField:@"Content-Type"];
             [URLRequest setValue:@"AES-256" forHTTPHeaderField:@"x-amz-server-side-encryption"];
             [URLRequest setValue:@"private" forHTTPHeaderField:@"x-amz-acl"];
             URLRequest.HTTPMethod = @"PUT";
             URLRequest.HTTPBody = imageData;

             AFURLSessionManager *manager = [[AFURLSessionManager alloc] initWithSessionConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
             NSProgress *progress;
             NSURLSessionUploadTask *uploadTask = [manager uploadTaskWithStreamedRequest:URLRequest progress:&progress completionHandler:^(NSURLResponse *response, id responseObject, NSError *error) {
             if(!error){
             NSLog(@"File was successfully uploaded.");
             }
             }];
             [uploadTask resume];
         }
         return nil;
     }];

注意：那里的代码示例缺少全局标题上的一些内容，还有一些其他完成块+代理，但我相信每个人都会明白这一点。

预期的感谢，

Answer 1

正如@YosukeMatsuda在评论中注意到的，您可以使用putObjectAcl:方法。

我把上传对象的ACL放在了URLSession didCompleteWithError：委托方法上，如下所示：

//
self.awss3 = [[AWSS3 alloc] initWithConfiguration:__your_config__];
//

- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didCompleteWithError:(NSError *)error
{
    if (error)
    {
        NSLog(@"S3 UploadTask: %@ completed with error: %@", task, [error localizedDescription]);
    }
    else
    {
//      AWSS3GetPreSignedURLRequest does not contain ACL property, so it has to be set after file was uploaded to bucket
        AWSS3PutObjectAclRequest *aclRequest = [AWSS3PutObjectAclRequest new];
        aclRequest.bucket = @"your_bucket";
        aclRequest.key = @"your_key";
        aclRequest.ACL = AWSS3ObjectCannedACLPublicRead;

        [[self.awss3 putObjectAcl:aclRequest] continueWithBlock:^id(BFTask *bftask) {
            if (bftask.error)
            {
                NSLog(@"Error putObjectAcl: %@", [bftask.error localizedDescription]);
            }
            else
            {
                AWSEndpoint *endpoint =  self.awss3.configuration.endpoint;
                NSURL *publicReadURL = [[endpoint.URL URLByAppendingPathComponent:backgroundUploadTask.bucket] URLByAppendingPathComponent:backgroundUploadTask.key];
            }
            return nil;
        }];
    }
}

Answer 2

我们向AWSS3GetPreSignedURLRequest添加了- setValue:forRequestParameter:。您可以使用此方法添加ACL和加密标头。

另外，我们引入了一个新的AWSS3TransferUtility来简化后台传输。有关详细信息，请参阅我们的blog post。