使用 JavaScript 的云 API(亚马逊、Azure) [英] Cloud API with JavaScript (Amazon, Azure)
问题描述
我正在研究直接从客户端 JavaScript 使用某些云存储的可能性.但是,我遇到了两个问题:
I'm researching a possibility of using some cloud storage directly from client-side JavaScript. However, I ran into two problems:
安全性 - 该架构通常基于每个云客户端构建,因此只有一个 API 密钥(例如).这是有问题的,因为我需要每个 my 用户的安全性.我无法向所有用户提供相同的 API 密钥.
Security - the architecture is usually build on per cloud client basis, so there is one API key (for example). This is problematic, since I need a security per my user. I can't give the same API key to all my users.
跨域 AJAX. 浏览器可以使用 HTTP 标头来进行跨域请求,但这意味着我必须能够在云边.但是,我唯一需要的就是能够添加自定义 HTTP 响应标头:Access-Control-Allow-Origin: otherdomain.com.
Cross-domain AJAX. There are HTTP headers that browsers can use to be able to do cross domain requests, but this means that I would have to be able to set them on the cloud-side. But, the only thing I need for this to work is to be able to add a custom HTTP response header: Access-Control-Allow-Origin: otherdomain.com.
我的场景涉及来自 JS 客户端的大量简单队列消息,我想我会使用云来摆脱来自我的主要托管服务提供商的这些流量.Windows Azure 有这个Queue Service 部分,看起来和我需要的很接近,只是不知道这些问题能不能解决.
My scenario involves a lots of simple queue messages from JS client and I thought I would use cloud to get rid of this traffic from my main hosting provider. Windows Azure has this Queue Service part, which seems quite near to what I need, except that I don't know if these problems can be solved.
有什么想法吗?在我看来,云服务的 JavaScript 客户端在不久的将来是不可避免的.
Any thoughts? It seems to me that JavaScript clients for cloud services are unavoidable scenarios in the near future.
那么,是否有一些带有 REST API 的云存储可以管理客户的身份验证,但不向他们提供 API 密钥?
推荐答案
Windows Azure Blob Storage 具有 共享访问签名 (SAS) 可以在服务器端发布,本质上是一个特殊的 URL,客户端可以写入而无需直接访问到存储帐户 API 密钥.这是 Windows Azure 存储中唯一允许在不访问存储帐户密钥的情况下写入数据的机制.
Windows Azure Blob Storage has the notion of a Shared Access Signature (SAS) which could be issued on the server-side and is essentially a special URL that a client could write to without having direct access to the storage account API key. This is the only mechanism in Windows Azure Storage that allows writing data without access to the storage account key.
SAS 可以过期(例如,给用户 10 分钟的时间来使用 SAS URL 进行上传)并且可以设置为允许在发布后取消访问.此外,SAS 可用于限时读取访问(例如,给用户 1 天的时间观看此视频).
A SAS can be expired (e.g., give user 10 minutes to use the SAS URL for an upload) and can be set up to allow for canceling access even after issue. Further, a SAS can be useful for time-limited read access (e.g., give user 1 day to watch this video).
如果您的 JavaScript 客户端也在浏览器中运行,则您可能确实存在跨域问题.我有两个想法 - 都没有经过测试!一种想法是 JSONP 风格的方法(尽管这将仅限于 HTTP GET 调用).另一个(更有希望的)想法是将 .js 文件与数据文件一起托管在 blob 存储中,以便它们位于同一域中(希望能让您的网络浏览器满意).
If your JavaScript client is also running in a browser, you may indeed have cross-domain issues. I have two thoughts - neither tested! One thought is JSONP-style approach (though this will be limited to HTTP GET calls). The other (more promising) thought is to host the .js files in blob storage along with your data files so they are on same domain (hopefully making your web browser happy).
真正的"解决方案可能是跨源资源共享(CORS)支持,但这在 Windows Azure Blob 存储中不可用,并且仍在浏览器中出现(与其他 HTML 5 优点一起).
The "real" solution might be Cross-Origin Resource Sharing (CORS) support, but that is not available in Windows Azure Blob Storage, and still emerging (along with other HTML 5 goodness) in browsers.
这篇关于使用 JavaScript 的云 API(亚马逊、Azure)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
