谷歌云存储签名网址——如何指定最大文件大小? [英] Google Cloud Storage Signed URLs -- How to specify a maximum file size?

问题描述

目标

我们希望用户能够将图片上传到 Google Cloud Storage.

We would like users to be able to upload images to Google Cloud Storage.

问题

我们可以通过我们的服务器作为中间人间接实现这一点——首先，用户上传到我们的服务器，然后我们的特权服务器可以上传到云存储.

We could achieve this indirectly with our server as a middle man -- first, the user uploads to our server, then our privileged server can upload to Cloud Storage.

但是，我们认为这不必要地慢，而是希望用户直接上传到 Cloud Storage.

However, we think this is unnecessarily slow, and instead would like the user to upload directly to Cloud Storage.

建议的解决方案

为了实现直接上传，我们会生成一个签名网址 在我们的服务器上.签名 URL 指定过期时间，并且只能与 HTTP PUT 动词一起使用.用户可以请求签名 URL，然后(仅在有限的时间内)将图像上传到签名 URL 指定的路径.

To achieve a direct upload, we generate a Signed URL on our server. The Signed URL specifies an expiration time, and can only be used with the HTTP PUT verb. A user can request a Signed URL, and then - for a limited time only - upload an image to the path specified by the Signed URL.

解决方案有问题

有没有办法强制规定最大文件上传大小?显然，我们希望避免用户在我们期望 <1MB 文件时尝试上传 20GB 文件.

Is there any way to enforce a maximum file upload size? Obviously we would like to avoid users attempting to upload 20GB files when we expect <1MB files.

这似乎是一个明显的漏洞，但我不知道如何在仍然使用 SignedURLs 的同时解决它.

It seems like this is an obvious vulnerability, yet I don't know how to address it while still using SignedURLs.

似乎有一种方法可以使用策略文档(堆栈溢出答案)，但问题已经超过 2 年了.

There seems to be a way to do this using Policy Documents (Stack Overflow answer), but the question is over 2 years old now.

推荐答案

政策文件仍然是正确的答案.它们记录在这里:https://cloud.google.com/storage/docs/xml-api/post-object#policydocument

Policy documents are still the right answer. They are documented here: https://cloud.google.com/storage/docs/xml-api/post-object#policydocument

您需要的政策文件的重要部分是:

The important part of the policy document you'll need is:

["content-length-range", <min_range>, <max_range>].

这篇关于谷歌云存储签名网址——如何指定最大文件大小?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！