0
我需要保護我的文件,這些文件在瀏覽器中粘貼鏈接後不應直接播放或下載到瀏覽器中。如何使用cloudfront aws-sign確保s3文件與可信簽名用戶的身份?
下面是我的app.js文件:
var express = require('express'),
aws = require('aws-sdk'),
bodyParser = require('body-parser'),
multer = require('multer'),
multerS3 = require('multer-s3');
var cfUtil = require('aws-cloudfront-sign');
/**************************/
var cfPk =
'-----BEGIN RSA PRIVATE KEY-----\n' +
'MIIEogIBAAKCAQEAgBmGbFU3bxnZpqMQ2LwmFP4lq7RauurKCF623Snm1XGNQuF9\n' +
'XqDeK3TH3ZfYC6P4iQ+C+Ynw15UP/MGbULO2UCmLfkA30FyI/u46jdhdD7hvMqEj\n' +
'UOEBxVJGFhqrZyerd9A7dRqYS6DTbaz3Vb+aGNcBLuqPP9/TydkkqoFqQnft43W7\n' +
'mWPp7Cx+TDkY/untwF3TWJdiAeke3FBAB2mni+BlmrNQs3vfufhW2XMV8sSOY+cN\n' +
'7chQmruV1stS+KCGiFfkiel824KI/1yVUe7+ofDGJF7v1G6WD4XV2sBAz01EIWSK\n' +
'vo1txA1lSoRcFHmnNOB4d8dKncilxEjstq6J5QIDAQABAoIBAC/m26CJIUiXdw9c\n' +
'LQGPIgJ5oyaZM9kdfkskflfsddsdfldfksdfjlksdfkfdfdfjsdljdfsdfksd08G\n' +
'znfj3zT6UcmuhsdfkhsdkjfksdfkjsdfkjskjdfkjlszDfhkSJDFHksdjJj7U/TQ\n' +
'WFEla/9b7yJjhgdfjsdfkDfklDfkldkljfksjdhfkshdjsdfhksdfkjsdYqOIrnp\n' +
'67CzIc/U76qkT/hsgdfsdfklkghfksdfkhkdhfkdkksdhfklsdhfklskkGuZOBOn\n' +
'vbRyFdfsDfwajhflsdhfpoaSudfhahfhhgTA0yVFFkYOZ6z6xyqoT8Qs+eUVGXCP\n' +
'Au5h6WECgYEA/fjlmzHgMnyfsCugmd/Qbh4tyDVBET6jKKG/JI/K43DjTTLWthcx\n' +
'Rlse1B6LbvbdzvbzdghdfghdtrytyrtyrtyreTO7WQLAEtTUOngsXms33ZdHtzIj\n' +
'r6UW9yqiDG6wNHH3Ql8oJCMaKs8z/mrcPJut0JORLmqd68NeOyxeIi0CgYEAgR9a\n' +
'TG2L06zJZ2Zk6sFee/4nZ5HgMHavxt25/JJtLG4Rew/lb1N10QcSk3v4I7bl41uB\n' +
'QhlHfyYd1yb0a2iTckfdsdfsdfaDfAFAVx95NS0ti3tO1hsuPKVTrMTEpEB2lul3\n' +
'BQuZehOE9HCW2QlDnwBeM2SDA0kagknIh63XsZkCgYBgEkIQxfowPvJNOwOikYaP\n' +
'0TyySmrVsiMYIK9kjjxKcw6Yyk1sTjOk9FkWYP3SwHqfEs0L4hSn6u3F9/34bp+N\n' +
'fmtkUTW0WK3G0jtYV5XiegCEvZnelmxe9g1M7ESmfUyMWjwVUFen69tfLEhXymaL\n' +
'SryidN/rdgtM/vdrXOoy9QKBgAks4izGKAZ9o74uP4OTBBTJhaFNc2HePTVjciDp\n' +
'gsqCc8mL4qDbjGazGvXR/FsFVyalzPaddcweu0kaziZdm36Z1JPI4o1fMUijtVax\n' +
'voXJvfjVtWGgAbgj05NayZohX/14B9YG8fwDwRHhokZ/6wc0bn02ajzkh/a0KYTC\n' +
'rK4ZAoGAGqYbrwHYFFgAOhOaPdER9jK+MXWl1pUhdFTUbNETgF0Nay06GifY+1DA\n' +
'oTu2hg3k7z5464WANk/ixn5nlyRD/i8Ab4ENA56sFly9qOyEdWlXKNrocMd4wjJr\n' +
'ZVF3wvEieF2E1PTySKYNb0ZUm70nfzMj6sRFw9ow58LdpPVXIew=\n' +
'-----END RSA PRIVATE KEY-----'
/************************/
aws.config.update({
secretAccessKey: 'mysecretaccesss',
accessKeyId: 'myaccessKeyId'
});
var app = express(),
s3 = new aws.S3();
app.use(bodyParser.json());
var upload = multer({
storage: multerS3({
s3: s3,
bucket: 'my_buket',
key: function (req, file, cb) {
// console.log(file);
// console.log(req);
var newFileName = Date.now() + "-" + file.originalname;
var fullPath = '/'+ newFileName;
console.log(fullPath)
var cfKeypairId = 'HKASHDDAKSHDHSDKAJ';
var cfURL = 'http://smbhdshdb.cloudfront.net'+fullPath;
var signedUrl = cfUtil.getSignedUrl(cfURL, {
keypairId: cfKeypairId,
expireTime: Date.now() + 60000,
privateKeyString: cfPk
});
console.log(signedUrl);
// console.log(req);
cb(null, fullPath); //use Date.now() for unique file keys
}
})
});
app.get('/', function (req, res) {
res.sendFile(__dirname + '/index.html');
});
app.post('/upload', upload.any(), function (req, res, next) {
res.send("Uploaded!");
});
app.listen(3001, function() {
console.log('Example app listening on port 3001!');
});
下面是我的index.html文件:
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title></title>
</head>
<body>
Hey! Lets try uploading to s3 directly :)
<form method="post" enctype="multipart/form-data" action="/upload">
<p>
<input type="text" name="title" placeholder="optional title"/>
</p>
<p>
<input type="file" name="upl"/>
<!-- <input type="file" name="uplo"/> -->
</p>
<p>
<input type="submit"/>
</p>
</form>
</body>
</html>
下面是我的桶的政策是錯誤的校長。
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ESHJDAKSJFYU(SAMPLE ACCESS KEY)"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
有人可以告訴我如何給桶政策和如何啓用安全到我的文件? 我只需要這些文件只能通過簽名的URL進行流式傳輸或下載。
請幫忙嗎?