Php AWS S3预签名请求缓存
我想将用户配置文件图片存储在S3存储桶中,但要将这些图片保密。为了做到这一点,每当需要图像时,我都会创建一个预先签名的url。但是,这每次都会创建一个唯一的url,这意味着浏览器永远不会缓存图像,并且我最终会在GET请求中支付更多的费用 下面是生成url的代码示例,我使用的是Laravel:Php AWS S3预签名请求缓存,php,amazon-web-services,caching,amazon-s3,aws-sdk,Php,Amazon Web Services,Caching,Amazon S3,Aws Sdk,我想将用户配置文件图片存储在S3存储桶中,但要将这些图片保密。为了做到这一点,每当需要图像时,我都会创建一个预先签名的url。但是,这每次都会创建一个唯一的url,这意味着浏览器永远不会缓存图像,并且我最终会在GET请求中支付更多的费用 下面是生成url的代码示例,我使用的是Laravel: $s3 = \Storage::disk('s3'); $client = $s3->getDriver()->getAdapter()->getClient(); $expiry = n
$s3 = \Storage::disk('s3');
$client = $s3->getDriver()->getAdapter()->getClient();
$expiry = new \DateTime('2017-07-25');
$command = $client->getCommand('GetObject', [
'Bucket' => \Config::get('filesystems.disks.s3.bucket'),
'Key' => $key
]);
$request = $client->createPresignedRequest($command, $expiry);
return (string) $request->getUri();
是否可以生成可重复的预签名请求url,以便用户浏览器可以缓存图像?如果不使用预签名url机制,您可以向应用程序添加经过身份验证的端点,并在所述端点内检索图像?在
imgAwsRequestOverrideConfiguration.builder()
.signer(new CustomAwsS3V4Signer())
.credentialsProvider(<You may need to provide a custom credential provider
here>)))
.build())
GetObjectRequest getObjectRequest =
GetObjectRequest.builder()
.bucket(getUserBucket())
.key(key)
.responseCacheControl("max-age="+(TimeUnit.DAYS.toSeconds(7)+ defaultIfNull(version,0L)))
.overrideConfiguration(overrideConfig)
.build();
public class CustomAwsS3V4Signer implements Presigner, Signer
{
private final AwsS3V4Signer awsSigner;
public CustomAwsS3V4Signer()
{
awsSigner = AwsS3V4Signer.create();
}
@Override
public SdkHttpFullRequest presign(SdkHttpFullRequest request, ExecutionAttributes executionAttributes)
{
Instant baselineInstant = Instant.now().truncatedTo(ChronoUnit.DAYS);
executionAttributes.putAttribute(AwsSignerExecutionAttribute.PRESIGNER_EXPIRATION,
baselineInstant.plus(3, ChronoUnit.DAYS));
类似于@Aragorn的概念,但这是更完整的代码。这又是Java。另外,由于我的应用程序是多区域的,所以我必须输入区域属性
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.core.signer.Signer;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import software.amazon.awssdk.services.s3.presigner.S3Presigner;
import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest;
import javax.annotation.PostConstruct;
import javax.validation.constraints.NotNull;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.time.Duration;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
@Component
@Slf4j
public class S3Operations {
@Autowired
private Signer awsSigner;
private final Map<Region, S3Presigner> presignerMap = new ConcurrentHashMap<>();
private S3Presigner buildPresignerForRegion(
AwsCredentialsProvider credentialsProvider,
Region region) {
return S3Presigner.builder()
.credentialsProvider(credentialsProvider)
.region(region)
.build();
}
/**
* Convert an S3 URI to a normal HTTPS URI that expires.
*
* @param s3Uri S3 URI (e.g. s3://bucketname/ArchieTest/フェニックス.jpg)
* @return https URI
*/
@SneakyThrows
public URI getExpiringUri(final URI s3Uri) {
final GetObjectRequest getObjectRequest =
GetObjectRequest.builder()
.bucket(s3Uri.getHost())
.key(s3Uri.getPath().substring(1))
.overrideConfiguration(builder -> builder.signer(awsSigner))
.build();
final Region bucketRegion = bucketRegionMap.computeIfAbsent(s3Uri.getHost(),
bucketName -> {
final GetBucketLocationRequest getBucketLocationRequest = GetBucketLocationRequest.builder()
.bucket(bucketName)
.build();
return Region.of(s3Client.getBucketLocation(getBucketLocationRequest).locationConstraint().toString());
});
final GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder()
.signatureDuration(Duration.ofSeconds(0)) // required, but ignored
.getObjectRequest(getObjectRequest)
.build();
return presignerMap.computeIfAbsent(bucketRegion, this::buildPresignerForRegion).presignGetObject(getObjectPresignRequest).url().toURI();
}
谢谢,这是我的第一个想法,但是我失去了完全绕过服务器获取资产的好处。你可以在这里检查我的答案:这是否回答了你的问题?extractPresignerParams未暴露。因此,底部部分无法正确编译。这篇文章也有同样的问题。正如CustomAwsS3V4Signer.java/*下的文章所提到的,这里只提到这些类的相关部分。您需要从AwsS3V4Signer复制更多的方法。这里*/。。。更准确地说,AwsS3V4Signer中有2个重载的extractPresignerParams(),因为不幸的是它被声明为final。我认为有一种方法可以解决这个问题,因为我记得我用了不同的方法,但我确实使用了您的答案作为起点。
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.core.signer.Signer;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import software.amazon.awssdk.services.s3.presigner.S3Presigner;
import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest;
import javax.annotation.PostConstruct;
import javax.validation.constraints.NotNull;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.time.Duration;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
@Component
@Slf4j
public class S3Operations {
@Autowired
private Signer awsSigner;
private final Map<Region, S3Presigner> presignerMap = new ConcurrentHashMap<>();
private S3Presigner buildPresignerForRegion(
AwsCredentialsProvider credentialsProvider,
Region region) {
return S3Presigner.builder()
.credentialsProvider(credentialsProvider)
.region(region)
.build();
}
/**
* Convert an S3 URI to a normal HTTPS URI that expires.
*
* @param s3Uri S3 URI (e.g. s3://bucketname/ArchieTest/フェニックス.jpg)
* @return https URI
*/
@SneakyThrows
public URI getExpiringUri(final URI s3Uri) {
final GetObjectRequest getObjectRequest =
GetObjectRequest.builder()
.bucket(s3Uri.getHost())
.key(s3Uri.getPath().substring(1))
.overrideConfiguration(builder -> builder.signer(awsSigner))
.build();
final Region bucketRegion = bucketRegionMap.computeIfAbsent(s3Uri.getHost(),
bucketName -> {
final GetBucketLocationRequest getBucketLocationRequest = GetBucketLocationRequest.builder()
.bucket(bucketName)
.build();
return Region.of(s3Client.getBucketLocation(getBucketLocationRequest).locationConstraint().toString());
});
final GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder()
.signatureDuration(Duration.ofSeconds(0)) // required, but ignored
.getObjectRequest(getObjectRequest)
.build();
return presignerMap.computeIfAbsent(bucketRegion, this::buildPresignerForRegion).presignGetObject(getObjectPresignRequest).url().toURI();
}