云API使用JavaScript(亚马逊,天青) [英] Cloud API with JavaScript (Amazon, Azure)
问题描述
我研究直接从客户端JavaScript使用一些云存储的可能性。然而,我遇到了两个问题:
I'm researching a possibility of using some cloud storage directly from client-side JavaScript. However, I ran into two problems:
-
安全 - 该架构通常每个的云的客户基础,所以有一个API密钥(例如)的基础上。这是有问题的,因为我需要每次的我的用户的安全性。我不能给同样的API密钥给我所有的用户。
Security - the architecture is usually build on per cloud client basis, so there is one API key (for example). This is problematic, since I need a security per my user. I can't give the same API key to all my users.
跨域Ajax。有HTTP标头的浏览器可以使用能够做跨域请求,但这意味着我将不得不能够设置他们在云边。但是,我需要这个工作的唯一一件事就是以可以添加自定义HTTP响应头:访问控制 - 允许 - 产地:otherdomain.com
Cross-domain AJAX. There are HTTP headers that browsers can use to be able to do cross domain requests, but this means that I would have to be able to set them on the cloud-side. But, the only thing I need for this to work is to be able to add a custom HTTP response header: Access-Control-Allow-Origin: otherdomain.com.
我的方案涉及JS客户端许多简单的队列中的消息,我想我会用云来摆脱这种交通从我的主要的托管服务提供商。 Windows Azure中有这样队列服务的一部分,这似乎很接近我所需要的,只是我不知道,如果这些问题能够得到解决。
My scenario involves a lots of simple queue messages from JS client and I thought I would use cloud to get rid of this traffic from my main hosting provider. Windows Azure has this Queue Service part, which seems quite near to what I need, except that I don't know if these problems can be solved.
有什么想法?在我看来,对于云服务的JavaScript客户端在不久的将来不可避免的情景。
Any thoughts? It seems to me that JavaScript clients for cloud services are unavoidable scenarios in the near future.
因此,有一些云存储与REST API,提供客户身份验证管理,不给的API密钥给他们?
推荐答案
Windows Azure的Blob存储具有的共享访问签名(SAS),它可以在服务器端发出,本质上是一个客户端可以写在没有一个特殊的URL直接访问存储帐户的API密钥。这是允许写入数据,而无需访问存储的账号密码在Windows Azure存储的唯一机制。
Windows Azure Blob Storage has the notion of a Shared Access Signature (SAS) which could be issued on the server-side and is essentially a special URL that a client could write to without having direct access to the storage account API key. This is the only mechanism in Windows Azure Storage that allows writing data without access to the storage account key.
一个的SAS可过期(例如,给用户10分钟,以使用的SAS网址上载),并且可以设置以允许甚至问题后,解除访问。此外,SAS可以有时间限制的读访问(例如,给用户1天观看此视频)是有用的。
A SAS can be expired (e.g., give user 10 minutes to use the SAS URL for an upload) and can be set up to allow for canceling access even after issue. Further, a SAS can be useful for time-limited read access (e.g., give user 1 day to watch this video).
如果您的JavaScript客户端也是在浏览器中运行,你可能确实有跨域问题。我有两个想法 - 没有经过测试!其中一个想法是 JSONP 式的方法(虽然这将仅限于HTTP GET调用)。其他(更有前途的)想法是举办中的BLOB存储的.js文件以及数据文件,使他们在同一个域(希望让你的浏览器快乐)。
If your JavaScript client is also running in a browser, you may indeed have cross-domain issues. I have two thoughts - neither tested! One thought is JSONP-style approach (though this will be limited to HTTP GET calls). The other (more promising) thought is to host the .js files in blob storage along with your data files so they are on same domain (hopefully making your web browser happy).
真实的解决方案可能是跨域资源共享( CORS )的支持,但是,是不是在Windows Azure的Blob存储可用,并且还在不断出现(连同其他HTML 5善良)的浏览器。
The "real" solution might be Cross-Origin Resource Sharing (CORS) support, but that is not available in Windows Azure Blob Storage, and still emerging (along with other HTML 5 goodness) in browsers.
这篇关于云API使用JavaScript(亚马逊,天青)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
