使用S3 Presigned-URL上传文件,然后该文件将具有公共读取权限 [英] Using S3 Presigned-URL for upload a file that will then have public-read access
问题描述
我正在使用Ruby on Rails和AWS gem. 我可以获取预先签名的URL以进行上传和下载. 但是,当我获得URL时,没有文件,因此将acl设置为"public-read" 在下载网址上无效.
I am using Ruby on Rails and AWS gem. I can get pre-signed URL for upload and download. But when I get the URL there is no file, and so setting acl to 'public-read' on the download-url doesn't work.
用例是这样的:1,服务器为用户提供了一个将内容上传到我的存储桶的路径,如果没有凭据,该路径是不可读的. 2,该内容需要稍后公开:任何人都可以阅读.
Use case is this: 1, server provides the user a path to upload content to my bucket that is not readable without credentials. 2, And that content needs to be public later: readable by anyone.
要澄清: 我没有上传文件,而是提供URL供我的用户上传.当时,我还想给用户提供一个公众可以读取的URL.如果我自己上传文件,看起来会更容易.另外,读取URL永不过期.
To clarify: I am not uploading the file, I am providing URL for my users to upload. At that time, I also want to give the user a URL that is readable by the public. It seems like it would be easier if I uploaded the file by myself. Also, read URL needs to never expire.
推荐答案
为PUT对象请求生成预签名的URL时,可以指定上传者必须使用的密钥和ACL.如果我希望用户使用键"files/hello.txt"将对象上传到我的存储桶中,并且该文件应该是可公开读取的,则可以执行以下操作:
When you generate a pre-signed URL for a PUT object request, you can specify the key and the ACL the uploader must use. If I wanted the user to upload an objet to my bucket with the key "files/hello.txt" and the file should be publicly readable, I can do the following:
s3 = Aws::S3::Resource.new
obj = s3.bucket('bucket-name').object('files/hello.text')
put_url = obj.presigned_url(:put, acl: 'public-read', expires_in: 3600 * 24)
#=> "https://bucket-name.s3.amazonaws.com/files/hello.text?X-Amz-..."
obj.public_url
#=> "https://bucket-name.s3.amazonaws.com/files/hello.text"
我可以将put_url
交给其他人.此URL将允许他们将对象放入URL.它具有以下条件:
I can give the put_url
to someone else. This URL will allow them to PUT an object to the URL. It has the following conditions:
- 必须在给定的有效期内提出PUT请求.在上面的示例中,我指定了24小时.
:expires_in
选项不能超过1周. - PUT请求必须将HTTP标头"x-amz-acl"指定为"public-read".
- The PUT request must be made within the given expiration. In the example above I specified 24 hours. The
:expires_in
option may not exceed 1 week. - The PUT request must specify the HTTP header of 'x-amz-acl' with the value of 'public-read'.
使用put_url
,我可以使用Ruby的Net :: HTTP:
Using the put_url
, I can upload any an object using Ruby's Net::HTTP:
require 'net/http'
uri = URI.parse(put_url)
request = Net::HTTP::Put.new(uri.request_uri, 'x-amz-acl' => 'public-read')
request.body = 'Hello World!'
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
resp = http.request(request)
现在该对象已由其他人上传,我可以向#public_url
发出普通的GET请求.这可以通过浏览器,curl,wget等完成.
Now the object has been uploaded by someone else, I can make a vanilla GET request to the #public_url
. This could be done by a browser, curl, wget, etc.
这篇关于使用S3 Presigned-URL上传文件,然后该文件将具有公共读取权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!