用于投放图片的临时S3存储桶URL
[英]Temporary S3 Bucket URL for serving Images
问题描述
Using "aws/aws-sdk-php": "^3.0@dev" 
使用“ aws / aws-sdk-php”:“ ^ 3.0@dev”
I am creating a image sharing website but do not want people to copy my URLs to another site to steal my content/bandwidth. 我正在创建一个图像共享网站,但不希望人们将我的URL复制到另一个网站上来窃取我的内容/带宽。
I was originally storing the objects as 我最初将对象存储为
return $s3->putObject([
'Bucket' => $bucket,
'Key' => $key,
'Body' => $file,
'ACL' => 'public-read',
]);
But I have removed 'public-read' so now the URL below no longer works 但是我已经删除了“公开阅读”,因此下面的网址不再有效
https://mybucket-images.s3.us-west-1.amazonaws.com/' . $key);
What do I need to do to create a temporary URL that can still be client side cached to access the object? 我需要做些什么来创建一个仍可以被客户端缓存以访问该对象的临时URL?
One thing I was thinking was to change the key once a week or month, but it would require me to update all objects with a cronjob. 我当时想的一件事是每周或每月更改一次密钥,但这需要我用cronjob更新所有对象。 There must be a way to create a temporary access URL? 必须有一种创建临时访问URL的方法吗?
3 个解决方案
解决方案1
1 已采纳 2018-08-22 04:38:04
Use your server to generate presigned url for the keys in the bucket. 使用您的服务器为存储桶中的密钥生成预签名的url。
//Creating a presigned request
$s3Client = new Aws\S3\S3Client([
'profile' => 'default',
'region' => 'us-east-2',
'version' => '2006-03-01',
]);
$cmd = $s3Client->getCommand('GetObject', [
'Bucket' => 'my-bucket',
'Key' => 'testKey'
]);
$request = $s3Client->createPresignedRequest($cmd, '+20 minutes');
$presignedUrl = (string) $request->getUri();
taken from https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/s3-presigned-url.html 取自https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/s3-presigned-url.html
But you'd have to do this every time there's a request to your page. 但是,每当页面有请求时,您都必须这样做。 And the link will be valid everywhere. 链接将在任何地方都有效。 You just minimize the period of its validity. 您只需最小化其有效期。
If your website is an API based and you retrieve the url via API , this may be relevant to you: 如果您的网站是基于API的,并且您通过API检索了网址 ,则可能与您有关:
If your website has a login function, you can check for the auth logic prior giving the presigned url.
如果您的网站具有登录功能,则可以在提供预签名的URL之前检查auth逻辑。 If not, you can use Http Referrer (which can be spoofed).
如果没有,则可以使用Http Referrer(可以被欺骗)。 Or an api key (like in API Gateway) 或api键(例如API Gateway中的键)
解决方案2
0 2018-08-22 03:50:07
If your intent is to make your content readable ONLY via a URL posted on your website - versus having the same web client using the same url accessed from another site NOT work, I think you are likely to find that rather difficult. 如果您的目的是仅通过发布在您网站上的URL来使您的内容可读-而不是让同一个Web客户端使用从另一个站点访问的同一个URL不起作用,那么我认为您可能会发现这很困难。 Most of the ways that come to mind are fairly spoofable. 我想到的大多数方式都是可恶的。
I would take a look at this and see if its good enough for you: 我会看一下,看看它是否对您足够好:
Restricting Access to a Specific HTTP Referrer 限制对特定HTTP引荐来源网址的访问
解决方案3
0 2019-08-27 15:45:54
You can use the following code: 您可以使用以下代码:
// initiate connection to your S3 bucket
$client = new S3Client(['credentials' => ['key' => 's3 key', 'secret' =>'s3 secrete'], 'region' => 's3 region', 'version' => 'latest']);
$object = $client->getCommand('GetObject', [
'Bucket' => 's3 bucket',
'Key' => 'images/image.png' // file
]);
$presignedRequest = $client->createPresignedRequest($object, '+20 minutes');
$presignedUrl = (string)$presignedRequest->getUri();
if ($presignedUrl) {
return $presignedUrl;//presigned URL
} else {
throw new FileNotFoundException();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.