访问私人S3存储文件
问题描述:
我从PHP文件上传到S3 bucket.its成功上传但是当我检索图像我得到以下错误访问私人S3存储文件
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<Expires>2006-03-09T07:25:20Z</Expires>
<ServerTime>2016-11-05T04:38:24Z</ServerTime>
如果我设置公共上传文件的时候,然后我可以找回,但我想防止未经授权的用户。
上传文件代码
try{
$s3 = \Storage::disk('s3');
$filePath = $file->getClientOriginalName();
$s3->put($filePath, file_get_contents($val), 'private');
} catch (Aws\Exception\S3Exception $e) {
echo "There was an error uploading the file.\n"+$e;
}
之前问的问题,我已审阅许多网站,但它并没有帮助我
PHP Amazon S3 access private files through URL
How to access Amazon s3 private bucket object through Zend_Service_Amazon_S3
第三个链接正在为我工作,但
1.is它是安全的在URL中传递访问密钥?
2.is是否可以查看该文件以认证用户?
public function get_s3_signed_url($bucket, $resource, $AWS_S3_KEY, $AWS_s3_secret_key, $expire_seconds) {
$expires = time()+$expire_seconds;
// S3 Signed URL creation
$string_to_sign = "GET\n\n\n{$expires}\n/".str_replace(".s3.amazonAWS.com","", $bucket)."/$resource";
$signature = urlencode(base64_encode((hash_hmac("sha1", utf8_encode($string_to_sign), $AWS_s3_secret_key, TRUE))));
$authentication_params = "AWSAccessKeyId=".$AWS_S3_KEY;
$authentication_params.= "&Expires={$expires}";
$authentication_params.= "&Signature={$signature}";
return $link = "http://s3.amazonAWS.com/{$bucket}/{$resource}?{$authentication_params}";
}
答
这里get_s3_signed_url函数返回具有访问键的url,不推荐使用。创建一个函数,从桶中获取私有对象对象,并在服务器本地创建一个文件/图像。使用新建图像的路径并在完成后删除图像。
代码中的Zend:
require_once('Zend/Service/Amazon/S3.php');
$awsKey = 'your-key';
$awsSecretKey = 'your-secret-key';
$s3 = new Zend_Service_Amazon_S3($awsKey, $awsSecretKey);
$bucketName = 'your-bucket-name';
$objectName = $bucketName . '/image.jpg'; //image path
$info = $s3->getInfo($objectName);
if (is_array($info)) {
header('Content-type: ' . $info['type']);
header('Content-length: ' . $info['size']);
file_put_contents('image.jpg', file_get_contents($s3->getObject($objectName)));
header('Content-Description: File Transfer');
header("Content-Disposition: attachment; filename=\"image.jpg\"");
header('Content-Transfer-Encoding: binary');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Expires: 0');
ob_clean();
flush();
readfile('image.jpg');
unlink('image.jpg');
} else {
header('HTTP/1.0 404 Not Found');
}
代码在PHP核心:
require_once('S3.php');
$awsKey = 'your-key';
$awsSecretKey = 'your-secret-key';
$s3 = new S3($awsKey, $awsSecretKey);
$bucketName = 'your-bucket-name';
** To store/download one image at a time**
$objectName = "image.jpg"; //s3 image path
$tempFile = "image.jpg"; //temporary/local image path
$s3->getObject($bucketName, $objectName, $tempFile); //stores the image
if (filesize($tempFile)) {
header('Content-Description: File Transfer');
header('Content-Type: image/png');
header("Content-Disposition: attachment; filename=\"" . $tempFile . "\"");
header('Content-Transfer-Encoding: binary');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Expires: 0');
header('Content-Length: ' . filesize($tempFile));
ob_clean();
flush();
readfile($tempFile); //downloads the image
unlink($tempFile); //deletes the image from local
}
**To store/download 'n' images at a time**
$s3ImagesFolder = 'all_images/'; //folder where all the images are
$bucketContents = $s3->getBucket($bucketName);
foreach ($bucketContents as $file) {
if ((strpos($file['name'], $s3ImagesFolder) > -1)) {
$tempFile = end(explode("/", $file['name']));
$s3->getObject($bucketName, $file['name'], $tempFile); // to store
//to download
if ($file['size']) {
header('Content-Description: File Transfer');
header('Content-Type: image/png');
header("Content-Disposition: attachment; filename=\"" . $tempFile . "\"");
header('Content-Transfer-Encoding: binary');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Expires: 0');
header('Content-Length: ' . $file['size']);
ob_clean();
flush();
readfile($tempFile); //downloads the image
unlink($tempFile); //deletes the image from local
}
}
}
那么,你说,上传工作正常,但无法访问该对象之后?你使用什么凭证来访问上传的对象?他们是否有权从桶中读取对象?哦,是的,使用预先签名的URL是完全可以的 - 尽管它显示了访问密钥,但这是可接受的公共知识,因为签名是基于密钥和哈希算法生成的。 –
@ JohnRotenstein.using get_s3_signed_url方法我可以访问文件,但问题是我的访问密钥对公众可见,并在过期之前URL未经过身份验证的用户可以看到该图像或文件。正如你所说的访问密钥是好的。关于已验证的用户 – iCoders
@JohnRotenstein 。感谢info.now我只有认证用户的问题 – iCoders