直接从浏览器向S3发送文件,但更改文件名
[英]Sending file direct from browser to S3 but changing file name
问题描述
I am using signed authorized S3 uploads so that users can upload files directly from their browser to S3 bypassing my server. 
我使用已签名的授权S3上传,以便用户可以直接从浏览器上传文件到S3绕过我的服务器。 This presently works, but the file name is the same as on the user's machine. 这目前有效,但文件名与用户机器上的文件名相同。 I'd like to save it on S3 as a different name. 我想把它作为一个不同的名字保存在S3上。
The formdata I post to amazon looks like this: 我发布到亚马逊的formdata看起来像这样:
var formData = new FormData();
formData.append('key', targetPath); // e.g. /path/inside/bucket/myFile.mov
formData.append('AWSAccessKeyId', s3Auth.AWSAccessKeyId); // aws public key
formData.append('acl', s3Auth.acl); // e.g. 'public-read'
formData.append('policy', s3Auth.policy); // s3 policy including ['starts-with', '$key', '/path/inside/bucket/']
formData.append('signature', s3Auth.signature); // base64 sha1 hash of private key and base64 policy JSON
formData.append('success_action_status ', 200); // response code 200 on success
formData.append('file', file.slice()); // e.g. /path/on/user/computer/theirFile.mov
However instead of the file ending up at: https://s3.amazonaws.com/mybucket/path/inside/bucket/myFile.mov 但是,而不是文件结尾: https://s3.amazonaws.com/mybucket/path/inside/bucket/myFile.mov : https://s3.amazonaws.com/mybucket/path/inside/bucket/myFile.mov
It ends up as: https://s3.amazonaws.com/mybucket/path/inside/bucket/theirFile.mov 它最终为: https://s3.amazonaws.com/mybucket/path/inside/bucket/theirFile.mov : https://s3.amazonaws.com/mybucket/path/inside/bucket/theirFile.mov
Note it has their filename but my base path. 请注意它有自己的文件名,但我的基本路径。
I would like it to have the filename I specify as well. 我希望它也有我指定的文件名。
UPDATE: Update: this was working all along I simply had other code that copied from one bucket to another that restored the original file name and thus confusing me. 更新:更新:这一直在工作我只是有其他代码从一个桶复制到另一个桶恢复原始文件名,从而使我困惑。
1 个解决方案
解决方案1
5 已采纳 2014-10-16 00:50:36
Are you sure about the contents of targetPath and where that data comes from? 您确定targetPath的内容以及该数据的来源吗?
The behavior you are describing is what should happen in one particular case where targetPath doesn't actually contain /path/inside/bucket/myFile.mov . 您描述的行为是在targetPath实际上不包含/path/inside/bucket/myFile.mov特定情况下应该发生的行为。
I would suggest that targetPath actually contains the value /path/inside/bucket/${filename} -- and by that I mean, literally, the characters $ { filename } are at the end of that string, instead of the filename you intend. 我建议targetPath实际上包含值/path/inside/bucket/${filename} - 我的意思是,字面上,字符$ { filename }位于该字符串的末尾,而不是您想要的文件名。
If that's true, that's exactly how it's supposed to work. 如果这是真的,那就是它应该如何运作。
If you do not know the name of the file a user will upload, the key value can include the special variable
${filename}which will be replaced with the name of the uploaded file.${filename},该变量将替换为上载文件的名称。 For example, the key valueuploads/${filename}will become the object nameuploads/Birthday Cake.jpgif the user uploads a file calledBirthday Cake.jpg.Birthday Cake.jpg的文件,则键值uploads/${filename}将成为对象名称uploads/Birthday Cake.jpgBirthday Cake.jpg。— https://aws.amazon.com/articles/1434
If you populate that variable with the literal filename you want to see in S3, then the uploads should behave as you expect, using your filename instead of the filename on the uploader's computer. 如果使用要在S3中看到的文字文件名填充该变量,则上传应该按预期运行,使用文件名而不是上传者计算机上的文件名。
Also, a more secure approach would be to eliminate the key 'starts-with' logic in your policy, and instead explicitly sign a policy (dynamically) for each upload event, with the specific key you want the user to upload. 此外,更安全的方法是消除策略中的关键'starts-with'逻辑,而是使用您希望用户上载的特定密钥为每个上载事件明确签署策略(动态)。 Otherwise, it's not impossible to exploit this form to to overwrite other files within the same key prefix. 否则,利用此表单来覆盖同一密钥前缀中的其他文件并非不可能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.