使用S3 Presigned-URL上传文件，然后该文件将具有公共读取权限 [英] Using S3 Presigned-URL for upload a file that will then have public-read access

问题描述

我正在使用Ruby on Rails和AWS gem. 我可以获取预先签名的URL以进行上传和下载. 但是，当我获得URL时，没有文件，因此将acl设置为"public-read" 在下载网址上无效.

I am using Ruby on Rails and AWS gem. I can get pre-signed URL for upload and download. But when I get the URL there is no file, and so setting acl to 'public-read' on the download-url doesn't work.

用例是这样的:1，服务器为用户提供了一个将内容上传到我的存储桶的路径，如果没有凭据，该路径是不可读的. 2，该内容需要稍后公开:任何人都可以阅读.

Use case is this: 1, server provides the user a path to upload content to my bucket that is not readable without credentials. 2, And that content needs to be public later: readable by anyone.

要澄清: 我没有上传文件，而是提供URL供我的用户上传.当时，我还想给用户提供一个公众可以读取的URL.如果我自己上传文件，看起来会更容易.另外，读取URL永不过期.

To clarify: I am not uploading the file, I am providing URL for my users to upload. At that time, I also want to give the user a URL that is readable by the public. It seems like it would be easier if I uploaded the file by myself. Also, read URL needs to never expire.

推荐答案

为PUT对象请求生成预签名的URL时，可以指定上传者必须使用的密钥和ACL.如果我希望用户使用键"files/hello.txt"将对象上传到我的存储桶中，并且该文件应该是可公开读取的，则可以执行以下操作:

When you generate a pre-signed URL for a PUT object request, you can specify the key and the ACL the uploader must use. If I wanted the user to upload an objet to my bucket with the key "files/hello.txt" and the file should be publicly readable, I can do the following:

s3 = Aws::S3::Resource.new
obj = s3.bucket('bucket-name').object('files/hello.text')

put_url = obj.presigned_url(:put, acl: 'public-read', expires_in: 3600 * 24)
#=> "https://bucket-name.s3.amazonaws.com/files/hello.text?X-Amz-..."

obj.public_url
#=> "https://bucket-name.s3.amazonaws.com/files/hello.text"

我可以将put_url交给其他人.此URL将允许他们将对象放入URL.它具有以下条件:

I can give the put_url to someone else. This URL will allow them to PUT an object to the URL. It has the following conditions:

• 必须在给定的有效期内提出PUT请求.在上面的示例中，我指定了24小时. :expires_in选项不能超过1周.
• PUT请求必须将HTTP标头"x-amz-acl"指定为"public-read".

• The PUT request must be made within the given expiration. In the example above I specified 24 hours. The :expires_in option may not exceed 1 week.
• The PUT request must specify the HTTP header of 'x-amz-acl' with the value of 'public-read'.

使用put_url，我可以使用Ruby的Net :: HTTP:

Using the put_url, I can upload any an object using Ruby's Net::HTTP:

require 'net/http'

uri = URI.parse(put_url)

request = Net::HTTP::Put.new(uri.request_uri, 'x-amz-acl' => 'public-read')
request.body = 'Hello World!'

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true   
resp = http.request(request)

现在该对象已由其他人上传，我可以向#public_url发出普通的GET请求.这可以通过浏览器，curl，wget等完成.

Now the object has been uploaded by someone else, I can make a vanilla GET request to the #public_url. This could be done by a browser, curl, wget, etc.

这篇关于使用S3 Presigned-URL上传文件，然后该文件将具有公共读取权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！