Django + AWS S3存储桶:对S3存储桶的身份验证访问 [英] Django + AWS S3 Bucket: Authenticated Access to S3 Bucket

问题描述

我有一个带有特殊目录的S3存储桶，用于转储我想限制通过身份验证的用户的用户上传图像.它不仅应限于上传图像的用户.我真的在努力避免为此设置数据库模型.反正有什么办法阻止匿名成员阻止用户上传图片?

I have a S3 bucket with a special directory that I'm dumping user uploaded images that I want to restrict to authenticated users. It shouldn't be restricted to just the user that uploaded the image. I'm really trying to avoid setting up a db model for this. Is there anyway to block anonymous members from the user uploaded images?

因此，我有两个问题: 如何设置匿名用户阻止的S3存储桶? 和 我应该如何在is_authenticated条件内访问该存储桶?

So, I have two questions: How do I go about setting up an anonymous-user-blocked S3 bucket? AND How should I access this bucket within a is_authenticated conditional?

推荐答案

1. 将存储桶ACL设置为私有.这将阻止除您(存储桶所有者)以外的任何人访问对象.
2. 检查用户是否已通过身份验证，以及他们是否...
3. 生成一个签名的URL ，这基本上是一个预先验证的请求，并将其提供给用户，然后用户可以在一段时间内请求该对象.

1. Set the bucket ACL to private. This will stop anyone but you (the bucket owner) from accessing the objects.
2. Check if the user is_authenticated and if they are...
3. Generate a signed URL which is basically a pre authenticated request and give it to the user who can then request the object for some period of time.

这篇关于Django + AWS S3存储桶:对S3存储桶的身份验证访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！