AWS签名的URL太长而无法缩短 [英] AWS signed URL too long to shorten
问题描述
我正在使用AWS创建一个签名URL,因此我可以安全地将此URL传递给另一个API以供临时使用.签名的URL指向S3资源.问题是其他API不接受如此长的链接.因此,我试图将其缩短.我尝试使用 goo.gl 或 AWS url shorter ),但存在相同的问题:网站重定向位置的长度不能超过2,048个字符."
I am creating a signed URL with AWS so I can safely pass this URL to another API for temporary use. The signed URL points to a S3 resource. The problem is the other API does not accept such long links. Therefore I am trying to shorten it. I tried to use shorteners like goo.gl or bit.ly to no avail because the URL was too long for them. I even built my own private shortener with AWS (AWS url shortener) but it had the same problem: "The length of website redirect location cannot exceed 2,048 characters.".
我正在使用AWSS3PreSignedURLBuilder.default().getPreSignedURL(preSignedURLRequest)在iOS(Swift)中创建签名的URL,同时使用AWS Cognito作为未授权用户.
I am creating the signed URLs in iOS (Swift) with AWSS3PreSignedURLBuilder.default().getPreSignedURL(preSignedURLRequest) while using AWS Cognito as an unauthorised user.
我尝试了以下操作,但无济于事:
I have tried the following things to no avail:
- 用3个字符选择尽可能短的S3存储桶名称
- 尽可能缩短文件名.我将文件名限制为10个字符加文件扩展名(总共14个字符).较短的文件名对我而言不可行,因为它们在一定程度上应该是唯一的.
但是,即使进行了所有这些小的调整,AWS返回的签名URL有时仍然太长.特别是令牌参数(X-Amz-Security-Token)似乎很长.通过一些细微的调整,我有时获得的URL短于2,048个字符,但有时却略长.我想找到一个可以保证URL不会太长且可以缩短的解决方案.
But even with all these minor tweaks the signed URL returned by AWS is sometimes too long. Especially the token parameter (X-Amz-Security-Token) seems to be really long. With my minor tweaks I sometimes get URLs shorter than 2,048 characters but sometimes slightly longer. I would like to find a solution which guarantees me that the URL is not too long and can be shortened.
在我自己的私有AWS URL缩短器中,以下代码段创建了S3对象,该对象重定向到实际的长URL.
In my own private AWS URL shortener the following code snippet creates the S3 object which redirects to the actual long URL.
s3.putObject({
Bucket: s3_bucket,
Key: key_short,
Body: "",
WebsiteRedirectLocation: url_long,
ContentType: "text/plain"
},
(err, data) => {
if (err) {
console.log(err);
done("", err.message);
} else {
const ret_url = "https://" + cdn_prefix + "/" + id_short;
console.log("Success, short_url = " + ret_url);
done(ret_url, "");
}
});
方法返回以下错误
网站重定向位置的长度不能超过2,048 字符.
The length of website redirect location cannot exceed 2,048 characters.
对象元数据中标头"x-amz-website-redirect-location"的putObject文档说明如下(
The documentation of putObject for the header "x-amz-website-redirect-location" in the object meta states the following (see: put object documentation):
该值的长度限制为2 KB
The length of the value is limited to 2 KB
如何确保初始AWS签名URL对于URL缩短器而言不会太长?
我发现的问题之一是,我在AWS Cognito中将签名的URL创建为未经身份验证的用户.因此,签名的URL包含了这个荒谬的长标记作为参数.我不想将我的accessKey和shortKey嵌入到iOS应用程序中,这就是为什么我切换到AWS Cognito的原因(请参阅
One of the problems I have identified is that I create the signed URL as an unauthenticated user in AWS Cognito. Therefore the signed URL includes this ridiculously long token as a parameter. I did not want to embed my accessKey and shortKey in the iOS App thats why I switched to AWS Cognito (see aws cognito). But currently there are no authorised users just unauthorised ones and I need to create the signed URL as an unauthorised AWS Cognito user. If I create the signed URL with with a regular credentials using accessKey and shortKey I get a much shorter URL. But for that I would have to embed my accessKey and shortKey in the iOS app which is not recommended.
推荐答案
我通过创建一个AWS lambda来创建预签名URL并返回该预签名URL来解决了该问题.预先签名的URL允许调用者访问(getObject)S3资源.对此有两种选择:
I solved the problem by creating an AWS lambda for creating a presigned URL and returning the presigned URL. The presigned URL allows the caller to access (getObject) the S3 resource. There are two options regarding this:
- 分配给AWS lambda的角色具有getObject的S3权限.与使用AWS Cognito在iOS应用中发布的临时凭证创建的预签名URL相比,所生成的预签名URL包含的令牌要短得多.
- 将具有getObject的S3权限的角色的访问密钥和秘密密钥直接嵌入到AWS lambda中,这将为您提供更短的URL,因为在生成的预签名URL中不包含任何令牌. (例如示例AWS代码)
我以未授权的认知用户从iOS应用程序中将此lambda称为.从AWS lambda接收到预签名的URL后,我可以将其缩短,因为使用此方法,预签名的URL要短得多.
I call this lambda from within my iOS app as an unauthorised cognito user. After receiving the presigned URL from the AWS lambda I am able to shorten it because with this method the presigned URLs are much shorter.
这篇关于AWS签名的URL太长而无法缩短的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
