访问私有s3存储桶文件

时间:2016-11-05 04:44:35

标签: php codeigniter laravel amazon-web-services amazon-s3

我正在将文件从php上传到s3 bucket.its上传成功,但当我检索图像时出现以下错误

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<Expires>2006-03-09T07:25:20Z</Expires>
<ServerTime>2016-11-05T04:38:24Z</ServerTime>

如果我在上传文件时公开,那么我可以检索它,但我想保护免受未经授权的用户。

上传文件代码

try{
    $s3 = \Storage::disk('s3');
    $filePath = $file->getClientOriginalName();
    $s3->put($filePath, file_get_contents($val), 'private');

    } catch (Aws\Exception\S3Exception $e) {
        echo "There was an error uploading the file.\n"+$e;
    }

在提出问题之前,我已经审阅了很多网站,但它没有帮助我

Amazon S3 see private files

PHP Amazon S3 access private files through URL

How to access Amazon s3 private bucket object through Zend_Service_Amazon_S3

第三个链接对我有用,但

1.在url中传递访问密钥是否安全?

2.是否可以向经过身份验证的用户查看该文件?

public function get_s3_signed_url($bucket, $resource, $AWS_S3_KEY, $AWS_s3_secret_key, $expire_seconds) {
     $expires = time()+$expire_seconds;
     // S3 Signed URL creation
     $string_to_sign = "GET\n\n\n{$expires}\n/".str_replace(".s3.amazonAWS.com","", $bucket)."/$resource";
     $signature = urlencode(base64_encode((hash_hmac("sha1", utf8_encode($string_to_sign), $AWS_s3_secret_key, TRUE))));

     $authentication_params = "AWSAccessKeyId=".$AWS_S3_KEY;
     $authentication_params.= "&Expires={$expires}";
     $authentication_params.= "&Signature={$signature}";
     return $link = "http://s3.amazonAWS.com/{$bucket}/{$resource}?{$authentication_params}";
}

1 个答案:

答案 0 :(得分:1)

这里get_s3_signed_url函数返回具有访问密钥的url,不推荐使用。创建一个函数,它从存储桶中获取私有对象对象,并在服务器中本地创建文件/映像。使用新创建的图像的路径,并在完成后删除图像。

Zend中的代码:

require_once('Zend/Service/Amazon/S3.php');

$awsKey = 'your-key';
$awsSecretKey = 'your-secret-key';

$s3 = new Zend_Service_Amazon_S3($awsKey, $awsSecretKey);

$bucketName = 'your-bucket-name';
$objectName = $bucketName . '/image.jpg'; //image path

$info = $s3->getInfo($objectName);

if (is_array($info)) {
    header('Content-type: ' . $info['type']);
    header('Content-length: ' . $info['size']);

    file_put_contents('image.jpg', file_get_contents($s3->getObject($objectName)));

    header('Content-Description: File Transfer');
    header("Content-Disposition: attachment; filename=\"image.jpg\"");
    header('Content-Transfer-Encoding: binary');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Expires: 0');
    ob_clean();
    flush();
    readfile('image.jpg');
    unlink('image.jpg');
} else {
    header('HTTP/1.0 404 Not Found');
}


核心代码:

require_once('S3.php');

$awsKey = 'your-key';
$awsSecretKey = 'your-secret-key';

$s3 = new S3($awsKey, $awsSecretKey);

$bucketName = 'your-bucket-name';


** To store/download one image at a time**

$objectName = "image.jpg"; //s3 image path
$tempFile = "image.jpg"; //temporary/local image path

$s3->getObject($bucketName, $objectName, $tempFile); //stores the image 

if (filesize($tempFile)) {
    header('Content-Description: File Transfer');
    header('Content-Type: image/png');
    header("Content-Disposition: attachment; filename=\"" . $tempFile . "\"");
    header('Content-Transfer-Encoding: binary');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Expires: 0');
    header('Content-Length: ' . filesize($tempFile));
    ob_clean();
    flush();
    readfile($tempFile); //downloads the image
    unlink($tempFile); //deletes the image from local 
}

**To store/download 'n' images at a time**

$s3ImagesFolder = 'all_images/'; //folder where all the images are 

$bucketContents = $s3->getBucket($bucketName);

foreach ($bucketContents as $file) {

if ((strpos($file['name'], $s3ImagesFolder) > -1)) {
    $tempFile = end(explode("/", $file['name']));
    $s3->getObject($bucketName, $file['name'], $tempFile); // to store 

    //to download
    if ($file['size']) {
        header('Content-Description: File Transfer');
        header('Content-Type: image/png');
        header("Content-Disposition: attachment; filename=\"" . $tempFile . "\"");
        header('Content-Transfer-Encoding: binary');
        header('Cache-Control: must-revalidate');
        header('Pragma: public');
        header('Expires: 0');
        header('Content-Length: ' . $file['size']);
        ob_clean();
        flush();
        readfile($tempFile); //downloads the image
        unlink($tempFile); //deletes the image from local 
    }
  }
}