Amazon S3 POST api,并使用 NodeJS 签署策略

我正在尝试构建一个允许用户从 NodeJS 支持的网站将文件直接上传到我的 Amazon S3 存储桶的构建.除了 实际的亚马逊文档 都非常过时.

I'm trying to get an built that allows users to upload a file directly to my Amazon S3 bucket, from a NodeJS powered website. It seems the only tutorials out there, other than the actual amazon docs for this are all very out of date.

我一直在关注本教程,对于基本信息,但它又过时了.它没有正确调用 crypto 的方法,因为它试图将原始 JavaScript 对象传递给 update 方法,该方法会抛出错误,因为它不是字符串或缓冲区.

I've been following this tutorial, for the basic info, but again it's out dated. It doesn't have the method calls to crypto correct, as it tries to pass a raw JavaScript object to the update method, which throws an error because it's not a string or buffer.

我也一直在寻找 knox npm 包的源代码.它没有内置 POST 支持 - 我完全理解,因为一旦它具有正确的字段,它就是浏览器在执行 POST.Knox 似乎确实拥有签署政策的正确代码,我试图让我的代码基于此工作......但再次无济于事.

I've also been looking at the source for the knox npm package. It doesn't have POST support built in - which I totally understand, because it's the browser doing the POST once it has the right fields. Knox does appear to have the right code to sign a policy, and I've tried to get my code working based on this... but again to no avail.

这是我想出的代码.它会生成一个 base64 编码的策略,并创建一个签名……但是当我尝试上传文件时,根据亚马逊的说法,它是错误的签名.

Here is what I've come up with, for code. It produces a base64 encoded policy, and it creates a signature... but it's the wrong signature according to Amazon, when I try to do a file upload.


var crypto = require("crypto");
var config = require("../../amazonConfig.json");

exports.createS3Policy = function(callback) {
  var date = new Date();

  var s3Policy = {
    "expiration": "2014-12-01T12:00:00.000Z",
    "conditions": [
      {"acl": "public-read"}, 
      ["content-length-range", 0, 2147483648],
      {"bucket": "signalleaf"}, 
      ["starts-with", "$Cache-Control", ""],
      ["starts-with", "$Content-Type", ""],
      ["starts-with", "$Content-Disposition", ""],
      ["starts-with", "$Content-Encoding", ""],
      ["starts-with", "$Expires", ""],
      ["starts-with", "$key", "/myfolder/"], 
      {"success_action_redirect": "http://example.com/uploadsuccess"},
    ]
  };

  var stringPolicy = JSON.stringify(s3Policy).toString("utf-8");
  var buffer = Buffer(stringPolicy, "utf-8");

  var encoded = buffer.toString("base64");
  var signature = crypto.createHmac("sha1", config.secretKey)
    .update(new Buffer(stringPolicy, "utf-8")).digest("base64");


  var s3Credentials = {
    s3PolicyBase64: encoded,
    s3Signature: signature
  };

  GLOBAL.s3creds = s3Credentials;

  callback(s3Credentials);
};

我显然做错了什么,在这里.但我不知道是什么.谁能帮助确定我做错了什么?我的问题在哪里?是否有人提供有关如何从 NodeJS v0.10.x 生成带有签名的正确 Amazon S3 策略的工作教程,用于 POST 到 s3 REST api?

I'm obviously doing something wrong, here. But I have no idea what. Can anyone help identify what I'm doing wrong? Where my problem is? Does anyone have a working tutorial for how to generate a proper Amazon S3 Policy, with signature, from NodeJS v0.10.x, for a POST to the s3 REST api?

推荐答案

好吧,我终于想通了.在玩了很长时间的随机猜谜游戏后,我心想

Ok, I finally figured it out. After playing the random guessing game for a VERY long time, I thought to myself

也许我需要签署 base64 编码策略" - 我

"maybe i need to sign the base64 encoded policy" - me

和 BAM 就是这样.

我还重新排序了条件以匹配表单的发布方式,但我不确定这会有所不同.

I also re-ordered the conditions to match how the form is posting, though I'm not sure this makes a difference.

var crypto = require("crypto");
var config = require("../../amazonConfig.json");

exports.createS3Policy = function(contentType, callback) {
  var date = new Date();

  var s3Policy = {
    "expiration": "2014-12-01T12:00:00.000Z", // hard coded for testing
    "conditions": [
      ["starts-with", "$key", "somefolder/"], 
      {"bucket": "my-bucket-name"}, 
      {"acl": "public-read"}, 
      ["starts-with", "$Content-Type", contentType],
      {"success_action_redirect": "http://example.com/uploadsuccess"},
    ]
  };

  // stringify and encode the policy
  var stringPolicy = JSON.stringify(s3Policy);
  var base64Policy = Buffer(stringPolicy, "utf-8").toString("base64");

  // sign the base64 encoded policy
  var signature = crypto.createHmac("sha1", config.secretKey)
    .update(new Buffer(base64Policy, "utf-8")).digest("base64");

  // build the results object
  var s3Credentials = {
    s3Policy: base64Policy,
    s3Signature: signature
  };

  // send it back
  callback(s3Credentials);
};

希望这能帮助遇到同样问题的其他人.

Hopefully this will help others that run in to the same problem.

相关文章