我需要保护我的文件,这些文件在浏览浏览器中的链接后,不应直接在浏览器中播放或下载。
以下是我的app.js文件:
var express = require('express'),
aws = require('aws-sdk'),
bodyParser = require('body-parser'),
multer = require('multer'),
multerS3 = require('multer-s3');
var cfUtil = require('aws-cloudfront-sign');
/**************************/
var cfPk =
'-----BEGIN RSA PRIVATE KEY-----\n' +
'MIIEogIBAAKCAQEAgBmGbFU3bxnZpqMQ2LwmFP4lq7RauurKCF623Snm1XGNQuF9\n' +
'XqDeK3TH3ZfYC6P4iQ+C+Ynw15UP/MGbULO2UCmLfkA30FyI/u46jdhdD7hvMqEj\n' +
'UOEBxVJGFhqrZyerd9A7dRqYS6DTbaz3Vb+aGNcBLuqPP9/TydkkqoFqQnft43W7\n' +
'mWPp7Cx+TDkY/untwF3TWJdiAeke3FBAB2mni+BlmrNQs3vfufhW2XMV8sSOY+cN\n' +
'7chQmruV1stS+KCGiFfkiel824KI/1yVUe7+ofDGJF7v1G6WD4XV2sBAz01EIWSK\n' +
'vo1txA1lSoRcFHmnNOB4d8dKncilxEjstq6J5QIDAQABAoIBAC/m26CJIUiXdw9c\n' +
'LQGPIgJ5oyaZM9kdfkskflfsddsdfldfksdfjlksdfkfdfdfjsdljdfsdfksd08G\n' +
'znfj3zT6UcmuhsdfkhsdkjfksdfkjsdfkjskjdfkjlszDfhkSJDFHksdjJj7U/TQ\n' +
'WFEla/9b7yJjhgdfjsdfkDfklDfkldkljfksjdhfkshdjsdfhksdfkjsdYqOIrnp\n' +
'67CzIc/U76qkT/hsgdfsdfklkghfksdfkhkdhfkdkksdhfklsdhfklskkGuZOBOn\n' +
'vbRyFdfsDfwajhflsdhfpoaSudfhahfhhgTA0yVFFkYOZ6z6xyqoT8Qs+eUVGXCP\n' +
'Au5h6WECgYEA/fjlmzHgMnyfsCugmd/Qbh4tyDVBET6jKKG/JI/K43DjTTLWthcx\n' +
'Rlse1B6LbvbdzvbzdghdfghdtrytyrtyrtyreTO7WQLAEtTUOngsXms33ZdHtzIj\n' +
'r6UW9yqiDG6wNHH3Ql8oJCMaKs8z/mrcPJut0JORLmqd68NeOyxeIi0CgYEAgR9a\n' +
'TG2L06zJZ2Zk6sFee/4nZ5HgMHavxt25/JJtLG4Rew/lb1N10QcSk3v4I7bl41uB\n' +
'QhlHfyYd1yb0a2iTckfdsdfsdfaDfAFAVx95NS0ti3tO1hsuPKVTrMTEpEB2lul3\n' +
'BQuZehOE9HCW2QlDnwBeM2SDA0kagknIh63XsZkCgYBgEkIQxfowPvJNOwOikYaP\n' +
'0TyySmrVsiMYIK9kjjxKcw6Yyk1sTjOk9FkWYP3SwHqfEs0L4hSn6u3F9/34bp+N\n' +
'fmtkUTW0WK3G0jtYV5XiegCEvZnelmxe9g1M7ESmfUyMWjwVUFen69tfLEhXymaL\n' +
'SryidN/rdgtM/vdrXOoy9QKBgAks4izGKAZ9o74uP4OTBBTJhaFNc2HePTVjciDp\n' +
'gsqCc8mL4qDbjGazGvXR/FsFVyalzPaddcweu0kaziZdm36Z1JPI4o1fMUijtVax\n' +
'voXJvfjVtWGgAbgj05NayZohX/14B9YG8fwDwRHhokZ/6wc0bn02ajzkh/a0KYTC\n' +
'rK4ZAoGAGqYbrwHYFFgAOhOaPdER9jK+MXWl1pUhdFTUbNETgF0Nay06GifY+1DA\n' +
'oTu2hg3k7z5464WANk/ixn5nlyRD/i8Ab4ENA56sFly9qOyEdWlXKNrocMd4wjJr\n' +
'ZVF3wvEieF2E1PTySKYNb0ZUm70nfzMj6sRFw9ow58LdpPVXIew=\n' +
'-----END RSA PRIVATE KEY-----'
/************************/
aws.config.update({
secretAccessKey: 'mysecretaccesss',
accessKeyId: 'myaccessKeyId'
});
var app = express(),
s3 = new aws.S3();
app.use(bodyParser.json());
var upload = multer({
storage: multerS3({
s3: s3,
bucket: 'my_buket',
key: function (req, file, cb) {
// console.log(file);
// console.log(req);
var newFileName = Date.now() + "-" + file.originalname;
var fullPath = '/'+ newFileName;
console.log(fullPath)
var cfKeypairId = 'HKASHDDAKSHDHSDKAJ';
var cfURL = 'http://smbhdshdb.cloudfront.net'+fullPath;
var signedUrl = cfUtil.getSignedUrl(cfURL, {
keypairId: cfKeypairId,
expireTime: Date.now() + 60000,
privateKeyString: cfPk
});
console.log(signedUrl);
// console.log(req);
cb(null, fullPath); //use Date.now() for unique file keys
}
})
});
app.get('/', function (req, res) {
res.sendFile(__dirname + '/index.html');
});
app.post('/upload', upload.any(), function (req, res, next) {
res.send("Uploaded!");
});
app.listen(3001, function () {
console.log('Example app listening on port 3001!');
});
以下是我的index.html文件:
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title></title>
</head>
<body>
Hey! Lets try uploading to s3 directly :)
<form method="post" enctype="multipart/form-data" action="/upload">
<p>
<input type="text" name="title" placeholder="optional title"/>
</p>
<p>
<input type="file" name="upl"/>
<!-- <input type="file" name="uplo"/> -->
</p>
<p>
<input type="submit"/>
</p>
</form>
</body>
</html>
以下是我的存储桶策略,它与主体有关。
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ESHJDAKSJFYU(SAMPLE ACCESS KEY)"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
有人可以告诉我如何提供存储桶策略以及如何为我的文件启用安全性? 我只需要使用签名的网址流式传输或下载文件。
请帮忙吗?
答案 0 :(得分:0)
有人可以告诉我如何提供存储桶策略以及如何启用 安全到我的文件?
如果您(1)为您的受信任签名者创建了CloudFront密钥对,(2)在中将限制存储区访问设置为是 Origins 标签和(3)确保您的存储分区政策不允许GetObject访问除原始访问标识,然后您的文件已使用签名网址(或Cookie)保护)。您可以尝试在浏览器中粘贴URL以查看它是否未下载。
每当客户需要下载您的私人文件时,都应使用您创建的应用的signedUrl。
请参阅:
Creating CloudFront Key Pairs for Your Trusted Signers
Creating an Origin Access Identity and Adding it to Your Distribution Using the CloudFront Console
我需要知道&#39; xxxxxxxxxxxxx&#39;的价值是什么?在下面的变量中。
这是第一次创建CloudFront分配时生成的随机字符串。它成为域名的一部分。例如:d7ip55b96n1wwe.cloudfront.net。