S3直接上传在JavaScript [英] S3 upload directly in JavaScript

问题描述

我试图完成简单的，并上传到Amazon S3直接的JavaScript。如何以及在哪里，我会隐藏我的访问和密钥关系吗？我没有看到在他们的文档，或在这个网站上回答了这个东西。

我使用他们推荐的方法来设置这在HTML中。我还使用骨干和凉亭。

 ＆LT;脚本SRC =htt​​ps://sdk.amazonaws.com/js/aws-sdk-2.0.25.min.js＆GT;＆LT; / SCRIPT＆GT;
＆LT;脚本类型=文/ JavaScript的＆GT;
  //查看配置部分配置在SDK凭证
  AWS.config.credentials = ...;

  //配置您的区域
  AWS.config.region ='美西2';
＆LT; / SCRIPT＆GT;
＆LT;输入类型=文件ID =文件选择/＆GT;
＆LT;按钮ID =上传按钮＆GT;上传到S3＆LT; /按钮＆GT;
＆LT; D​​IV ID =结果 -  GT;＆LT; / DIV＆GT;

＆LT;脚本类型=文/ JavaScript的＆GT;
  VAR桶=新AWS.S3（{params：一个{斗：myBucket'}}）;

  VAR文件选择器=的document.getElementById（'文件选择）;
  VAR键=的document.getElementById（'上传按钮'）;
  VAR的结果=的document.getElementById（'结果'）;
  button.addEventListener（'点击'，函数（）{
    var文件= fileChooser.files [0];
    如果（文件）{
      results.innerHTML ='';

      VAR PARAMS = {关键：file.name，则contentType：file.type，身体：文件};
      bucket.putObject（PARAMS，功能（ERR，数据）{
        results.innerHTML =犯错？ '错误！' ：上传。;
      }）;
    } 其他 {
      results.innerHTML ='没有上传。;
    }
  }， 假）;
＆LT; / SCRIPT＆GT;
 

解决方案

您可以使用的 STS 来生成每个上​​传短暂的临时凭证，并通过那些JS的SDK，让你永远不会透露你的长期的API密钥。

例使用AWS PHP SDK（作曲包：AWS / AWS-SDK-PHP：〜2.4），假设你的 access_key_id 和 secret_access_key 是ENV可用。

马虎例如：

 ＆LT; PHP
包括供应商/ autoload.php;

使用AWS \的STS \ StsClient;

/ **创建临时凭证* /
$ stsclient = StsClient ::厂（）;
$ temp_creds = $ stsclient-＆GT; getSessionToken（900） - ＆GT;获得（证书）; //15分钟到期

？＆GT;
＆LT;脚本＆GT;
AWS.config.credentials = {
    accessKeyId：'？＆LT; PHP的echo $ temp_creds ['AccessKeyId']; ？＆GT;'，
    secretAccessKey：'？＆LT; PHP的echo $ temp_creds ['SecretAccessKey']; ？＆GT;'，
    sessionToken：'？＆LT; PHP的echo $ temp_creds ['SessionToken']; ？＆GT;
};
AWS.config.region ='你的区域;
＆LT; / SCRIPT＆GT;
 

这样，你永远不会透露您的访问 access_key_id 和 secret_access_key 。该STS生成的密钥将在设定的时间间隔后失效。一定要按照最佳做法，如创建一个有限的角色IAM用户的长期存储的凭证。

参考：的http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_getSessionToken

I'm trying to accomplish the simple, and upload to Amazon S3 directly JavaScript. How and where would I hide my access and secret keys though? I'm not seeing anything in their documentation or on this site that answers this.

I'm using their recommended way to set this up in HTML. I'm also using Backbone and Bower.

<script src="https://sdk.amazonaws.com/js/aws-sdk-2.0.25.min.js"></script>
<script type="text/javascript">
  // See the Configuring section to configure credentials in the SDK
  AWS.config.credentials = ...;

  // Configure your region
  AWS.config.region = 'us-west-2';
</script>
<input type="file" id="file-chooser" /> 
<button id="upload-button">Upload to S3</button>
<div id="results"></div>

<script type="text/javascript">
  var bucket = new AWS.S3({params: {Bucket: 'myBucket'}});

  var fileChooser = document.getElementById('file-chooser');
  var button = document.getElementById('upload-button');
  var results = document.getElementById('results');
  button.addEventListener('click', function() {
    var file = fileChooser.files[0];
    if (file) {
      results.innerHTML = '';

      var params = {Key: file.name, ContentType: file.type, Body: file};
      bucket.putObject(params, function (err, data) {
        results.innerHTML = err ? 'ERROR!' : 'UPLOADED.';
      });
    } else {
      results.innerHTML = 'Nothing to upload.';
    }
  }, false);
</script>

解决方案

You can use STS to generate short lived temporary credentials for each upload, and pass those to the JS SDK so that you never have to reveal your long term API keys.

Example using AWS PHP SDK (composer package: "aws/aws-sdk-php":"~2.4"), assumes your access_key_id and secret_access_key are available in the ENV.

Sloppy example:

<?php 
include 'vendor/autoload.php';

use Aws\Sts\StsClient;

/** Create Temporary Credentials */
$stsclient = StsClient::factory();
$temp_creds = $stsclient->getSessionToken(900)->get('Credentials'); // 15 minute expiration

?>
<script>
AWS.config.credentials = {
    accessKeyId : '<?php echo $temp_creds['AccessKeyId']; ?>',
    secretAccessKey : '<?php echo $temp_creds['SecretAccessKey']; ?>',
    sessionToken : '<?php echo $temp_creds['SessionToken']; ?>'
};
AWS.config.region = 'your-region';
</script>

This way you never have to reveal your access access_key_id and secret_access_key. The STS generated keys will be invalidated after the set time interval. Be sure to follow best practices, like creating a limited-role IAM user for the long-term stored credentials.

Reference: http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_getSessionToken

这篇关于S3直接上传在JavaScript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！