如何使用基于浏览器的S3上传来验证文件的内容?
[英]How can I validate the contents of a file with browser based S3 uploads?
问题描述
I'm working on a project where all user image uploads are stored on S3. 
我正在一个项目中,所有用户图像上载都存储在S3上。 To save bandwidth and avoid the upload going through our servers, we're using HTML Form based uploads (see http://docs.amazonwebservices.com/AmazonS3/latest/dev/HTTPPOSTForms.html ). 为了节省带宽并避免上传通过我们的服务器,我们使用基于HTML表单的上传(请参阅http://docs.amazonwebservices.com/AmazonS3/latest/dev/HTTPPOSTForms.html )。
What are the best practices for validating the contents of the upload to avoid non-image/malicious files sneaking onto and being served from my account? 验证上传内容的最佳方法是什么,以避免非图像/恶意文件偷偷溜进我的帐户并从我的帐户提供服务? Is there a way to do this out of the box with S3? 有没有办法使用S3开箱即用? Or do I need to validate this on my server, after the file has been uploaded (which would pretty much defeat the purpose of going direct to s3 in the first place)? 还是在文件上传之后需要在我的服务器上对此进行验证(这几乎完全违背了直接转到s3的目的)?
1 个解决方案
解决方案1
0 2013-05-01 06:55:21
If you use jquery file upload combined with the html5 s3 form you can use some code similar to below to handle the uploading proccess. 如果结合使用jQuery文件上传和html5 s3表单,则可以使用类似于以下代码的代码来处理上传过程。 Before the file is uploaded you can check the file type and also the size with file.size < 50000000 before the file hits the server. 在上传文件之前,您可以检查文件类型以及在文件到达服务器之前使用file.size < 50000000进行检查的大小。
jQuery ->
$('#fileupload').fileupload
add: (e, data) ->
types = /(\.|\/)(gif|jpe?g|png)$/i
file = data.files[0]
if types.test(file.type) || types.test(file.name)
data.context = $(tmpl("template-upload", file))
$('#fileupload').append(data.context)
data.submit()
else
alert("#{file.name} is not a gif, jpeg, or png image file")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.