使用预先签名的URL

时间:2018-07-07 21:02:44

标签: amazon-web-services amazon-s3 elixir absinthe

在具有Elixir / Phoenix后端的React Native应用程序中,我试图让用户创建照片,该照片将使用AWS预签名的URL推送到S3存储桶。我正在使用十六进制包ex_aws公开API。虽然我是Elixir的新手,但我仍然关注文档,并且代码生成了上传URL,没有任何问题。

配置:

config :ex_aws,
  access_key_id: System.get_env("AWS_ACCESS_KEY_ID"),
  secret_access_key: System.get_env("AWS_SECRET_ACCESS_KEY"),
s3: [
 scheme: "https://",
 host: "my-bucket.s3.amazonaws.com",
 region: "us-east-1"
]

函数生成上传URL:

def get_presign_url do
uuid = UUID.uuid4()
bucket = "photos"
config = %{region: "us-east-1"}
query_params = [{"ContentType", "image/jpeg"}, {"ACL", "public-read"}]
presign_options = [virtual_host: false, query_params: query_params]

{:ok, url} =
  ExAws.Config.new(:s3, config)
  |> ExAws.S3.presigned_url(:put, bucket, "#{uuid}.jpg", presign_options)

%{upload_url: url, url: get_image_url(bucket, uuid)}
end

     defp get_image_url(bucket, uuid) do
    "http://s3.amazonaws.com/my-bucket/#{bucket}/#{uuid}.jpg"
end

并添加为对象类型:

 object :presign_url do
 field(:url, non_null(:string))
 field(:upload_url, non_null(:string))
end

我正在使用通过苦艾酒实现的GraphQL,我已添加到解析器中,如下所示:

def presign_url(_, _, _) do
{:ok, Server.Posts.get_presign_url()}
 end

这是生成的上传URL:

        {
      "data": {
        "presignUrl": {
       "url": "http://s3.amazonaws.com/my-bucket/photos/3c55bf4c-               cc9f-4ef4-bb53-f7b4190594e1.jpg", 
    "uploadUrl": "https://my-bucket.s3.amazonaws.com/photos/3c55bf4c-  cc9f-4ef4-bb53-f7b4190594e1.jpg?ACL=public-read&ContentType=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIELM4UKGWPA4JINA%2F20180707%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180707T192017Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=acl%3Bcontenttype%3Bhost&X-Amz-Signature=f731765ccc12dc497050acf9578dcd375116b75a73cf4069beb6c3a46ed37535"
    }
  }
}

这些也是组成ex_awspackage的服务:

   {:ex_aws, "~> 2.0"},
   {:ex_aws_s3, "~> 2.0"},
   {:hackney, "~> 1.9"},
   {:sweet_xml, "~> 0.6"},

我创建了一个附加了AmazonS3FullAccess策略的IAM用户。我还尝试向具有完全管理权限并且I3桶完全公开的IAM用户发送该图像。我尝试使用UUID和不使用UUID,并且尝试删除查询参数中的内容类型。秘密密钥和访问密钥在.env文件中导出,我检查了它们是否与AWS匹配,并检查了是否有空白错误。我确保.env文件的来源。我还尝试过将密钥直接添加到Postman中的授权类型。最后,我两次删除并重新创建了IAM用户和S3存储桶,都无济于事。使用指定的Put方法,这是返回值:

      <?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>SignatureDoesNotMatch</Code>
        <Message>The request signature we calculated does not match   the   signature you provided. Check your key and signing method.  </Message>
    <AWSAccessKeyId><MyAccessKey></AWSAccessKeyId>
     <StringToSign>AWS4-HMAC-SHA256
20180707T192017Z
20180707/us-east-1/s3/aws4_request
20d99c7ca8361bdf1a22207490e60f15a24181dbb1a6f3242a5a6fc99580bbf6</StringTo  Sign>
 <SignatureProvided>f731765ccc12dc497050acf9578dcd375116b75a73cf4069beb6c3a46ed37535"</SignatureProvided>
<StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 38 30 37 30 37 54 31 39 32 30 31 37 5a 0a 32 30 31 38 30 37 30 37 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 32 30 64 39 39 63 37 63 61 38 33 36 31 62 64 66 31 61 32 32 32 30 37 34 39 30 65 36 30 66 31 35 61 32 34 31 38 31 64 62 62 31 61 36 66 33 32 34 32 61 35 61 36 66 63 39 39 35 38 30 62 62 66 36</StringToSignBytes>
<CanonicalRequest>PUT
    /photos/3c55bf4c-cc9f-4ef4-bb53-f7b4190594e1.jpg
   ACL=public-read&amp;ContentType=image%2Fjpeg&amp;X-Amz-Algorithm=AWS4-      HMAC-SHA256&amp;X-Amz-Credential=AKIAIELM4UKGWPA4JINA%2F20180707%2Fus-`enter code here`east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20180707T192017Z&amp;X-Amz-Expires=3600&amp;X-Amz-SignedHeaders=acl%3Bcontenttype%3Bhost
acl:
contenttype:
host:my-bucket.s3.amazonaws.com

acl;contenttype;host
UNSIGNED-PAYLOAD</CanonicalRequest>
    <CanonicalRequestBytes>50 55 54 0a 2f 70 68 6f 74 6f 73 2f 33 63 35 35 62 66 34 63 2d 63 63 39 66 2d 34 65 66 34 2d 62 62 35 33 2d 66 37 62 34 31 39 30 35 39 34 65 31 2e 6a 70 67 0a 41 43 4c 3d 70 75 62 6c 69 63 2d 72 65 61 64 26 43 6f 6e 74 65 6e 74 54 79 70 65 3d 69 6d 61 67 65 25 32 46 6a 70 65 67 26 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 49 45 4c 4d 34 55 4b 47 57 50 41 34 4a 49 4e 41 25 32 46 32 30 31 38 30 37 30 37 25 32 46 75 73 2d 65 61 73 74 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 31 38 30 37 30 37 54 31 39 32 30 31 37 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 61 63 6c 25 33 42 63 6f 6e 74 65 6e 74 74 79 70 65 25 33 42 68 6f 73 74 0a 61 63 6c 3a 0a 63 6f 6e 74 65 6e 74 74 79 70 65 3a 0a 68 6f 73 74 3a 73 61 67 61 2d 62 65 74 61 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 61 63 6c 3b 63 6f 6e 74 65 6e 74 74 79 70 65 3b 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44</CanonicalRequestBytes>
    <RequestId>217EC822CDAB80C8</RequestId>
    <HostId>m39utFRVAH61JVNNeYPET1ztudrRWy3qsaIGHl9lh5/2Arjfr1L+EcZ3S8UDqcOEB3hIAP5pMOM=</HostId>
</Error>

我相信AWS方面肯定存在权限问题,我只是没看到,但是我浏览了文档,却找不到任何东西,在第二天进行此工作,我们将不胜感激任何帮助

0 个答案:

没有答案
相关问题
最新问题