我有一个AWS S3存储桶,我将AWS SES移动到原始电子邮件。我的问题是这些电子邮件默认情况下不公开,我需要一个php脚本,我可以从这个S3存储桶中获取原始文件并将其放入mysql中,以便能够这样做,而无需手动将文件标记为公共在文件夹中。
因此,使用我使用IAM密钥和IAM密码的下面的代码,如何将我的下面的脚本加载到具有正确权限的AWS桶中,以便能够获取原始文件?
//mysql connection
$servername = "***>rds.amazonaws.com";
$username = "****";
$password ="***";
$databasename ="***";
$rightnowdatetimeis = date('Y-m-d H:i:s');
$rightnowdateis = date('Y-m-d');
$con = mysqli_connect("$servername","$username","$password","$databasename");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//load the php mime parse library
require_once __DIR__.'/vendor/autoload.php';
$Parser = new PhpMimeMailParser\Parser();
//Include the AWS SDK using the Composer autoloader.
require 'awssdk/aws-autoloader.php';
use Aws\S3\S3Client;
use Aws\S3\Exception\S3Exception;
// AWS Info
$bucketName = 'pipedemail';
$IAM_KEY = '****';
$IAM_SECRET = '***';
// Connect to AWS
try {
// You may need to change the region. It will say in the URL when the bucket is open
// and on creation. us-east-2 is Ohio, us-east-1 is North Virgina
$s3 = S3Client::factory(
array(
'credentials' => array(
'key' => $IAM_KEY,
'secret' => $IAM_SECRET
),
'version' => 'latest',
'region' => 'us-east-1'
)
);
} catch (Exception $e) {
// We use a die, so if this fails. It stops here. Typically this is a REST call so this would
// return a json object.
die("Error: " . $e->getMessage());
}
// Use the high-level iterators (returns ALL of your objects).
$objects = $s3->getIterator('ListObjects', array('Bucket' => $bucketName));
foreach ($objects as $object)
{
$objectkey = $object['Key'];
// Get the object
$result = $s3->getObject(array(
'Bucket' => $bucketName,
'Key' => $objectkey
));
//lets get the raw email file to parse it
//$Parser->setText($result['Body']);
//echo "$objectkey";
$path = "*****";
//lets get the raw email file to parse it
$Parser->setText(file_get_contents($path));
// Once we've indicated where to find the mail, we can parse out the data
//$to = $Parser->getHeader('to'); // "test" <test@example.com>, "test2" <test2@example.com>
$addressesTo = $Parser->getAddresses('to'); //Return an array : [[test, test@example.com, false],[test2, test2@example.com, false]]
$tobrand = $addressesTo[0]['address'];
$to_brand_domainname = explode("@", "$tobrand", 2)[1];
//lets get the brandid based on the to domain name
$brandsql = mysqli_query($con, "SELECT brandid FROM brands WHERE branddomainname='$to_brand_domainname' LIMIT 1");
$brandrow = mysqli_fetch_array($brandsql);
$brandid = $brandrow['brandid'];
$from = $Parser->getHeader('from'); // John Smith
//lets break the full name into a lastname and firstname veriable
$namepieces = explode(" ", $from);
$first_name = $namepieces[0];
$last_name = $namepieces[1];
$addressesFrom = $Parser->getAddresses('from'); //Return an array : test, test@example.com, false
$fromname = $addressesFrom[0]['display']; //not sure what this returns yet
$fromemail = $addressesFrom[0]['address'];
$subject = $Parser->getHeader('subject');
//html of email body
$html_emailbody = $Parser->getMessageBody('html');
// $htmlEmbedded = $Parser->getMessageBody('htmlEmbedded'); //HTML Body included data
//First lets see if this email address exists within the database
$emailsql = mysqli_query($con, "SELECT cid FROM customer_profiles WHERE email_address='$fromemail' LIMIT 1");
$erow = mysqli_fetch_assoc($emailsql);
$cid = $erow['cid'];
//if customer does not exists
if($cid < 1)
{
$customsql = mysqli_query($con, "INSERT into customer_profiles(first_name, last_name, email_address, last_contact_date)
VALUES('$first_name','$last_name','$fromemail','$rightnowdateis')");
$cid = mysqli_insert_id($con);
}
//create the support issue
$sql = mysqli_query($con, "INSERT into product_issues(cid, date_created, brandid) VALUES('$cid','$rightnowdatetimeis','$brandid')");
$issueid = mysqli_insert_id($con);
mysqli_query($con, "INSERT into customer_notes(cid, date_written, note_body, issueid, note_type, brandid, note_subject, note_status)
VALUES('$cid','$rightnowdatetimeis','$html_emailbody','$issueid','email','$brandid','$subject','unread')");
$noteid = mysqli_insert_id($con);
//Pass in a writeable path to save attachments
$attach_dir = 'email_attachments/'; // Be sure to include the trailing slash
//$include_inline = false; // Optional argument to include inline attachments (default: true)
//$Parser->saveAttachments($attach_dir [,$include_inline]);
// $Parser->saveAttachments($attach_dir);
// Get an array of Attachment items from $Parser
// $attachments = $Parser->getAttachments([$include_inline]);
// Loop through all the Attachments
// if(count($attachments) > 0)
// {
// foreach ($attachments as $attachment)
// {
// $fileattachmentname = $attachment->getFilename();
// $attachment_filetype = $attachment->getContentType();
//save file attachement name to database
// mysqli_query($con, "INSERT into email_attachments(attachment_name, attachment_filetype, cid, noteid, issueid)
// VALUES('$fileattachmentname','$attachment_filetype','$cid','$noteid','$issueid')");
//echo 'Filename : '.$attachment->getFilename().'<br />'; // logo.jpg
//echo 'Filesize : '.filesize($attach_dir.$attachment->getFilename()).'<br />'; // 1000
//echo 'Filetype : '.$attachment->getContentType().'<br />'; // image/jpeg
//echo 'MIME part string : '.$attachment->getMimePartStr().'<br />'; // (the whole MIME part of the attachment)
// }
// }
//now lets delete the object since we already took the email and saved it into mysql
$s3->deleteObject(array('Bucket' => $bucketName, 'Key' => $objectkey));
}
答案 0 :(得分:3)
如果您希望对您的存储分区进行公开读取访问,则此策略将执行此操作
SOAPEnvelope但是您想要对您的电子邮件做什么,即对桶对象的公共读取访问是在 ACL 的帮助下完成的,即访问控制列表,以及您不需要提供对桶的公共读取访问权限,因为您的案例需要对对象的公共读取访问权限,即仅限电子邮件。
在将对象存储到s3时,您可以在代码中将该对象的ACL设置为 public-read 以进行工作
在python中使用 ACL
上传具有公共读取权限的图像的示例{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::examplebucket/*"]
}
]
}
您可以在此链接上了解有关ACL的更多信息
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
答案 1 :(得分:2)
我知道您已经提到了安全方面的问题,但我想重新判断您是不是只是提供公开读取权限,但似乎您试图允许任何 s3动作。您不仅可以向阅读数据的人(您似乎并不关心)开放自己,还可以编写自己的数据或操纵您的数据。你确实不想要一个可以扩展到无限大小的存储桶可以写给整个公众,而且如果你要处理那里写的任何内容那么加倍。
您应该认真检查存储区ACL的工作方式,并考虑使用IAM凭据或instance roles (if the server processing data is also on AWS)来安全地处理电子邮件数据。没有什么可以阻止您使用IAM策略来允许处理此数据的任何内容安全地读取和写入此存储桶。 AWS在其文档中粘贴不警告的原因有很多。