扶手:允许存储在S3上的文件下载,而不显示实际的S3网址用户 [英] Rails: allow download of files stored on S3 without showing the actual S3 URL to user
问题描述
我有托管在Heroku上Rails应用程序。该应用程序生成并存储在Amazon S3的PDF文件。用户可以下载这些文件,观看他们的浏览器或保存在电脑上。
I have a Rails application hosted on Heroku. The app generates and stores PDF files on Amazon S3. Users can download these files for viewing in their browser or to save on their computer.
我遇到的问题是,虽然这些文件的下载通过S3 URL是可能的(如https://s3.amazonaws.com/my-bucket/F4D8CESSDF.pdf),这显然不是一个好办法做到这一点。这是不可取的,以暴露给用户这么多的信息有关后端,更不用说上升的安全问题。
The problem I am having is that although downloading of these files is possible via the S3 URL (like "https://s3.amazonaws.com/my-bucket/F4D8CESSDF.pdf"), it is obviously NOT a good way to do it. It is not desirable to expose to the user so much information about the backend, not to mention the security issues that rise.
时有可能有我的应用程序以某种方式检索S3文件数据在控制器,然后创建一个下载流对于用户来说,让亚马逊网址不外露?
Is it possible to have my app somehow retrieve the file data from S3 in a controller, then create a download stream for the user, so that the Amazon URL is not exposed?
推荐答案
是的,这是可能的 - 只是获取远程文件使用Rails,要么临时存储在服务器上,或者直接由缓冲区发送。这个问题当然是,你首先需要获取该文件,然后才能将之提供给用户的事实。请参见这个线程一商量,他们的解决方案是这样的:
Yes, this is possible - just fetch the remote file with Rails and either store it temporarily on your server or send it directly from the buffer. The problem with this is of course the fact that you need to fetch the file first before you can serve it to the user. See this thread for a discussion, their solution is something like this:
#environment.rb
require 'open-uri'
#controller
def index
data = open(params[:file])
send_data data, :filename => params[:name], ...
end
这篇关于扶手:允许存储在S3上的文件下载,而不显示实际的S3网址用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
