生成的Amazon S3 CORS签名与Python [英] Generating Amazon S3 CORS signature with Python
问题描述
我有一个时间的地狱得到S3接受经由PhoneGap的生成CORS POST请求(科尔多瓦)FileTransfer.upload()上传。任何建议,我可能会丢失将AP preciated。目前,我得到使用下面的code 403 AccessDenied响应。我一直在它与S3的文档比较好多次了,想不通的问题。
下面是Python code生成的签名:
#为S3的政策文件。
policy_obj = {过期:2014-01-01T00:00:00Z
条件:
{斗:< my.bucket.name>},
[开始 - 用,$键,story_],
{以acl:大众阅读的},
[当量,$内容类型,音频/ MP4],
[内容长度范围,STR(0),STR(2097152)
]
}
政策= base64.b64en code(json.dumps(policy_obj))
#创建签名S3
签名= base64.b64en code(
hmac.new(
键=的app.config ['AWS_SECRET_KEY'],
味精=政策,
digestmod = hashlib.sha1
)。消化()
)
这个过程中产生的信号通过 S3签名仪产生的签名(匹配转换的base64政策成十六进制,然后运行,通过签名测试用的密钥)。
由此产生的政策和放大器;签名被传递给客户端,并且请求到S3是建立与此PhoneGap的文件传输呼叫:
//上传文件到Amazon S3
// r是由Python中生成的响应对象
VAR的选择=新FileUploadOptions();
options.chunkedMode = FALSE;
options.mimeType =音频/ MP4;
options.fileKey ='文件';
options.fileName ='story_'+唯一键+。M4A;
options.params = {
钥匙:$ {文件名},
以acl:公读,
AWSAccessKeyId:r.aws_access_key,
政策:r.policy,
签字:r.signature,
};
VAR英尺=新的文件传输();
ft.upload(路径,HTTP://< my.bucket.name> .s3.amazonaws.com /,uploadSuccess,uploadFail,期权);
这是CORS的配置(是的,我打算将其锁定,一旦我得到工作的上传):
< XML版本=1.0编码=UTF-8&GT?;
< CORSConfiguration的xmlns =http://s3.amazonaws.com/doc/2006-03-01/>
< CORSRule>
< AllowedOrigin> *< / AllowedOrigin>
< AllowedMethod> GET< / AllowedMethod>
< AllowedMethod> POST< / AllowedMethod>
< MaxAgeSeconds> 3000< / MaxAgeSeconds>
< AllowedHeader> *< / AllowedHeader>
< / CORSRule>
< / CORSConfiguration>
这是斗策略:
{
版本:2008-10-17,
ID:Policy1356975063803
声明: [
{
锡德:Stmt1357234455973
效果:允许,
主要: {
AWS:*
},
行动:S3:GetObject的,
资源:ARN:AWS:S3 :::< my.bucket.name> / *
},
{
锡德:Stmt1356975061658
效果:允许,
主要: {
AWS:ARN:AWS:IAM :: 293855469575:根
},
行动:S3:*,
资源:ARN:AWS:S3 :::< my.bucket.name>中
}
]
}
更新:
这是什么样的政策本身看起来像在Python转换的对象为JSON:
{
条件:
{
斗:< my.bucket.name>中
},
[
开始,以
$关键,
故事_
]
{
以acl:公共 - 读
},
[
EQ,
$内容类型,
音频/ MP4
]
[
内容长度范围,
0,
6291456
]
]
过期:2014-01-01T00:00:00Z
}
您是否尝试在策略中删除换行符?
下面是红宝石code的政策,礼貌 s3_file_upload :
Base64.en code64(policy_data.to_json).gsub(\ N,)
请让我知道如果你设法让你上传的工作,因为我试图做同样的事情。
I'm having a hell of a time getting S3 to accept uploads via CORS POST request generated by PhoneGap (Cordova) FileTransfer.upload(). Any suggestions as to what I may be missing would be appreciated. Currently I'm getting a 403 AccessDenied response using the code below. I've been over it many times comparing with S3's documentation, and can't figure out the problem.
Here is the Python code that generates the signature:
# Create policy document for S3.
policy_obj = {"expiration": "2014-01-01T00:00:00Z",
"conditions": [
{"bucket": "<my.bucket.name>"},
["starts-with", "$key", "story_"],
{"acl": "public-read"},
["eq", "$Content-Type", "audio/mp4"],
["content-length-range", str(0), str(2097152)]
]
}
policy = base64.b64encode(json.dumps(policy_obj))
# Create signature for S3
signature = base64.b64encode(
hmac.new(
key=app.config['AWS_SECRET_KEY'],
msg=policy,
digestmod=hashlib.sha1
).digest()
)
The signature generated by this process matches the signature produced by S3 Signature Tester (converting the base64 policy into Hex and then running that through the Signature Tester with the secret key).
The resulting policy & signature are passed to the client, and the request to S3 is built with this PhoneGap FileTransfer call:
// Upload file to Amazon S3
// r is the response object generated by Python
var options = new FileUploadOptions();
options.chunkedMode = false;
options.mimeType="audio/mp4";
options.fileKey='file';
options.fileName='story_' + uniqueKey + '.m4a';
options.params={
"key": "${filename}",
"acl": "public-read",
"AWSAccessKeyId": r.aws_access_key,
"Policy": r.policy,
"Signature": r.signature,
};
var ft = new FileTransfer();
ft.upload(path, "http://<my.bucket.name>.s3.amazonaws.com/", uploadSuccess, uploadFail, options);
This is the CORS configuration (yes, I plan to lock it down once I get the uploads working):
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
This is the bucket policy:
{
"Version": "2008-10-17",
"Id": "Policy1356975063803",
"Statement": [
{
"Sid": "Stmt1357234455973",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<my.bucket.name>/*"
},
{
"Sid": "Stmt1356975061658",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::293855469575:root"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::<my.bucket.name>"
}
]
}
UPDATE:
This is what the policy itself looks like after Python has converted the object into JSON:
{
"conditions": [
{
"bucket": "<my.bucket.name>"
},
[
"starts-with",
"$key",
"story_"
],
{
"acl": "public-read"
},
[
"eq",
"$Content-Type",
"audio/mp4"
],
[
"content-length-range",
"0",
"6291456"
]
],
"expiration": "2014-01-01T00:00:00Z"
}
Did you try removing newlines in your policy?
Here is the Ruby code for the policy, courtesy of s3_file_upload:
Base64.encode64(policy_data.to_json).gsub("\n", "")
Please let me know if you managed to get your upload to work, as I'm trying to do the same thing.
这篇关于生成的Amazon S3 CORS签名与Python的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
