尝试使用HTTP POST执行基于浏览器的上载时拒绝访问(使用AWS签名版本4)

时间:2016-11-08 16:33:59

标签: javascript node.js amazon-web-services amazon-s3 cryptography

我正在使用这些资源来尝试实现这一目标:

我正在尝试通过签署表单将文件上传到我的s3存储桶。我已经根据文档将我的表单和策略减少到最基本的必需选项,我仍然得到" AccessDenied"。目前日期是简单的硬编码。

我的ExpressJS路由器中的代码

var accessKeyID = credentials.accessKeyId;
var secretAccessKey = credentials.secretAccessKey;

var bucket = 'images.mybucket.com';
var region = 'us-east-1';
var expiration = '2016-11-28T12:00:00.000Z';
var date = '20161108';
var serviceName = 's3';
var credentialUrl = accessKeyID + '/' + date + '/' + region + '/' + serviceName + '/aws4_request';
var amazonDate = '20161108T000000Z';

var s3Policy = {
    'expiration': expiration,
    'conditions': [
        {'bucket': bucket},
        ['starts-with', '$key', 'UserUploads/'],
        {'acl': 'public-read'},
        {'x-amz-server-side-encryption': 'AES256'},
        {'x-amz-credential': credentialUrl},
        {'x-amz-algorithm': 'AWS4-HMAC-SHA256'},
        {'x-amz-date': amazonDate}
    ]
};

var base64Policy = new Buffer(JSON.stringify(s3Policy), 'utf-8').toString('base64');

var signatureKey = getSignatureKey(secretAccessKey, date, region, serviceName);

var s3Signature = CryptoJS.HmacSHA256(base64Policy, signatureKey).toString(CryptoJS.enc.Hex);

function getSignatureKey(key, dateStamp, regionName, serviceName) {        
    var kDate = CryptoJS.HmacSHA256(dateStamp, 'AWS4' + key);
    var kRegion = CryptoJS.HmacSHA256(regionName, kDate);
    var kService = CryptoJS.HmacSHA256(serviceName, kRegion);
    var kSigning = CryptoJS.HmacSHA256('aws4_request', kService);
    return kSigning;
}

HTML

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<form action="http://images.mybucket.com.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
    <p>key to upload</p>
    <input type="input" name="key" value="UserUploads/${filename}">
    <input type="hidden" name="acl" value="public-read">
    <input type="hidden" name="x-amz-server-side-encryption" value="AES256">
    <input type="text" name="X-Amz-Credential" value="REDACTED-access-key-id/20161108/us-east-1/s3/aws4_request">
    <input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256">
    <input type="text" name="X-Amz-Date" value="20161108T000000Z">
    <p>tags for file</p>
    <input type="hidden" name="Policy" value="REDACTED-base64-encoded-policy">
    <input type="hidden" name="X-Amz-Signature" value="REDACTED-signature">
    <p>file</p>
    <input type="file" name="file"><input type="submit" value="Upload File to S3">
</form>

1 个答案:

答案 0 :(得分:0)

权限<?php $cat = get_terms('car_category'); // you can put your custom taxonomy name as place of category. foreach ($cat as $catVal) { echo '<b>'.$catVal->name.'</b>'; $postArg = array('post_type'=>'cars','posts_per_page'=>5,'order'=>'desc', 'tax_query' => array( array( 'taxonomy' => 'car_category', 'field' => 'term_id', 'terms' => $catVal->term_id ) )); $getPost = new wp_query($postArg); global $post; if($getPost->have_posts()){ $str = array(); while ( $getPost->have_posts()):$getPost->the_post(); $str[] = $post->post_title; endwhile; } echo '<div class="yearDiv">'; echo '<span>'.implode(', ', $str).'</span>'; echo '</div>' } ?> 是必需的,因为在您的存储分区政策中,您通过s3:PutObjectAcl设置了acl。