通过预签名URL 403错误将文件上传到s3

时间:2018-12-17 23:48:08

标签: amazon-web-services amazon-s3 aws-lambda dropzone.js

我有以下lambda签名代码:

var AWS = require('aws-sdk')
var s3 = new AWS.S3()

var bucketName = 'xxxx'

const {
  withStatusCode
} = require('../../utils/response.util')

const ok = withStatusCode(200, JSON.stringify)

const busboy = require('busboy')

const parseForm = (body, headers) => new Promise((resolve, reject) => {
  const contentType = headers['Content-Type'] || headers['content-type']
  const bb = new busboy({
    headers: {
      'content-type': contentType
    }
  })

  var data = {}

  bb.on('field', (fieldname, val) => {
    data[fieldname] = val
  }).on('finish', () => {
    resolve(data)
  }).on('error', err => {
    reject(err)
  })

  bb.end(body)
})


exports.handler = (event, context, callback) => {
  parseForm(event.body, event.headers).then((data) => {
    if (!data.contentType) {
      callback(new Error(`Missing contentType`))
    }

    if (!data.filePath) {
      callback(new Error(`Missing filePath`))
    }
    const key = data.filePath
    const params = {
      Bucket: bucketName,
      Expires: 3600,
      Key: key,
      Conditions: [
        // This depicts the ACL the file will have when uploaded
        { 'acl': 'public-read-write' },
        { 'success_action_status': '201' },
        ['starts-with', '$Content-Type', ''],
        ['starts-with', '$key', ''],
      ],
    }


    s3.createPresignedPost(params, (err, res) => {
      if (err) {
        callback(err)
      } else {
        callback(null, ok({
          signature: {
            'Content-Type': data.contentType,
            'acl': 'public-read-write',
            'success_action_status': '201',
            'Key': key,
            ...res.fields, // Additional fields submitted as headers to S3
          },
          postEndpoint: res.url,
        }))
      }
    })
  }, (error) => {
    callback(error)
  })
}

它正确地将符号数据返回到dropzone。然后将dropzone提交到我的s3存储桶中,但它返回Access Denied 403错误。

此处是通过vue-dropzone https://github.com/rowanwins/vue-dropzone提交给s3的数据样本的屏幕。

data submitted

S3政策

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::jktuploads/*"
        }
    ]
}

未成功通过的签名或提交有什么问题?我试图删除所有条件部分,但这没什么作用

0 个答案:

没有答案
相关问题
最新问题