Rails：允许下载存储在S3上的文件，而不向用户显示实际的S3 URL [英] Rails: allow download of files stored on S3 without showing the actual S3 URL to user

问题描述

我有一个Rails应用程序在Heroku上托管。该应用程序在Amazon S3上生成并存储PDF文件。用户可以下载这些文件供浏览器查看或保存在电脑上。

我遇到的问题是尽管可以通过S3 URL下载这些文件（如https://s3.amazonaws.com/my-bucket/F4D8CESSDF.pdf），这显然不是一个好办法。不太可能向用户暴露关于后台的大量信息，更不用说安全问题上升了。

有可能让我的应用程序以某种方式检索文件数据来自控制器中的S3，然后为用户创建一个下载流，以便Amazon网站不被公开？

解决方案

是的，这是可能的 - 只需使用Rails获取远程文件，并将其临时存储在服务器上或直接从缓冲区发送。这样做的问题当然是您需要先获取文件，然后才能将其提供给用户。请参阅此主题进行讨论，其解决方案如下：

 ＃environment.rb 
 require'open-uri'
 
 #controller 
 def index 
 data = open（params [：file]）
 send_data data，：filename => params [：name]，... 
 end 
  

这个问题也是有些相关的。

I have a Rails application hosted on Heroku. The app generates and stores PDF files on Amazon S3. Users can download these files for viewing in their browser or to save on their computer.

The problem I am having is that although downloading of these files is possible via the S3 URL (like "https://s3.amazonaws.com/my-bucket/F4D8CESSDF.pdf"), it is obviously NOT a good way to do it. It is not desirable to expose to the user so much information about the backend, not to mention the security issues that rise.

Is it possible to have my app somehow retrieve the file data from S3 in a controller, then create a download stream for the user, so that the Amazon URL is not exposed?

解决方案

Yes, this is possible - just fetch the remote file with Rails and either store it temporarily on your server or send it directly from the buffer. The problem with this is of course the fact that you need to fetch the file first before you can serve it to the user. See this thread for a discussion, their solution is something like this:

#environment.rb
require 'open-uri'

#controller
def index
  data = open(params[:file])
  send_data data, :filename => params[:name], ...
end

This issue is also somewhat related.

这篇关于Rails：允许下载存储在S3上的文件，而不向用户显示实际的S3 URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！