Python 如何创建AWS chime预签名URL以生成前端的web套接字URL?
我正在尝试生成一个预签名的web套接字URL,以获取前端AWS蜂鸣的实时消息通知,如图所示。我计划使用lambda将其部署为单独的后端API。我完全按照图中所示进行了操作,但在连接到前端生成的URL时,出现了“未经授权”错误。有谁能帮我用python生成这个预签名URL需要做些什么?我认为我使用了错误的主机/服务参数进行蜂鸣Python 如何创建AWS chime预签名URL以生成前端的web套接字URL?,python,amazon-web-services,pre-signed-url,aws-chime-sdk,amazon-chime,Python,Amazon Web Services,Pre Signed Url,Aws Chime Sdk,Amazon Chime,我正在尝试生成一个预签名的web套接字URL,以获取前端AWS蜂鸣的实时消息通知,如图所示。我计划使用lambda将其部署为单独的后端API。我完全按照图中所示进行了操作,但在连接到前端生成的URL时,出现了“未经授权”错误。有谁能帮我用python生成这个预签名URL需要做些什么?我认为我使用了错误的主机/服务参数进行蜂鸣 import json import boto3 import urllib.parse import requests import uuid import dateti
import json
import boto3
import urllib.parse
import requests
import uuid
import datetime
import sys, os, base64, datetime, hashlib, hmac
import os
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
def getSignatureKey(key, dateStamp, regionName, serviceName):
kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
return kSigning
def lambda_handler(event, context):
method = 'GET'
algorithm = 'AWS4-HMAC-SHA256'
service = 'chime'
host = client.get_messaging_session_endpoint()['Endpoint']['Url']
region = 'us-east-1'
#Getting the messaging endpoint using boto3
client = boto3.client('chime',region_name='us-east-1')
endpoint='wss://'+client.get_messaging_session_endpoint()['Endpoint']['Url']
user_id=event['queryStringParameters'].get('userId')
session_id=event['queryStringParameters'].get('sessionId')
user_id_arn=f'arn:aws:chime:us-east-1:11******:app-instance/03457-*****-412345-b3e4-123444/user/{user_id}'
access_key=os.environ['access_key']
secret_key=os.environ['secret_key']
#Following the steps as shown in the AWS documentation https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d')
credential_scope=urllib.parse.quote(f'{access_key}/{datestamp}/us-east-1/chime/aws4_request', safe='')
canonical_uri = '/connect'
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()
canonical_headers = 'host:' + host + '\n'
signed_headers = 'host'
credential_scope=urllib.parse.quote(f'{access_key}/{datestamp}/us-east-1/chime/aws4_request', safe='')
canonical_querystring=''
canonical_querystring+='?X-Amz-Algorithm=AWS4-HMAC-SHA256'
canonical_querystring+=f'&X-Amz-Credential={credential_scope}'
canonical_querystring += '&X-Amz-Date=' + amz_date
canonical_querystring += '&X-Amz-SignedHeaders=' + signed_headers
canonical_querystring += '&X-Amz-Expires=3600'
canonical_querystring += '&sessionId=' + session_id
canonical_querystring += '&userArn=' + user_id_arn
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
hashed_canonical_request=hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' + hashed_canonical_request
signing_key = getSignatureKey(secret_key, datestamp, region, service)
signature = hmac.new(signing_key, (string_to_sign).encode("utf-8"), hashlib.sha256).hexdigest()
canonical_querystring += '&X-Amz-Signature=' + signature
request_url = endpoint + canonical_uri+canonical_querystring
return_dict={'wssUrl':request_url}
return return dict
任何想知道问题是什么的人-我们必须将用户id作为
arn%3Aaws%3Achime%3Aus-east-1%3A123456789012%3app实例%2f5abcdefg-cc50-4a70-a88e-fd07351d3c2a%2Fuser%2fscustom user-id
而不是arn:aws:chime:us-east-1:123456789012:app实例/f5abcdefg-cc50-4a70-a88e-fd07351d3c2a/用户/自定义用户id
完整工作代码:
import json
import boto3
import urllib.parse
import requests
import uuid
import datetime
import sys, os, base64, datetime, hashlib, hmac
import os
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
def getSignatureKey(key, dateStamp, regionName, serviceName):
kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
return kSigning
def handler():
# TODO: Replace with your info
session_id= # <session_id>
user_id_arn= # <user_id_arn>
access_key= # <access_key>
secret_key= # <secret_key>
# Following the steps as shown in the AWS documentation https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d')
# Getting the messaging endpoint using boto3
client = boto3.client('chime',region_name='us-east-1')
hostname = client.get_messaging_session_endpoint()['Endpoint']['Url']
method = 'GET'
service = 'chime'
region = 'us-east-1'
canonical_uri = '/connect'
canonical_headers = 'host:' + hostname + '\n'
signed_headers = 'host'
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
canonical_querystring = ''
canonical_querystring += 'X-Amz-Algorithm=AWS4-HMAC-SHA256'
canonical_querystring += '&X-Amz-Credential=' + urllib.parse.quote_plus(access_key + '/' + credential_scope)
canonical_querystring += '&X-Amz-Date=' + amz_date
canonical_querystring += '&X-Amz-Expires=3600'
canonical_querystring += '&X-Amz-Security-Token=' + urllib.parse.quote(session_token, safe='')
canonical_querystring += '&X-Amz-SignedHeaders=' + signed_headers
canonical_querystring += '&sessionId=' + urllib.parse.quote(session_id, safe='')
canonical_querystring += '&userArn=' + urllib.parse.quote(user_id_arn, safe='')
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' + hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
signing_key = getSignatureKey(secret_key, datestamp, region, service)
signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()
canonical_querystring += '&X-Amz-Signature=' + signature
request_url = 'wss://' + hostname + canonical_uri + '?' + canonical_querystring
return_dict={'wssUrl':request_url}
return return_dict
导入json
进口boto3
导入urllib.parse
导入请求
导入uuid
导入日期时间
导入sys、os、base64、datetime、hashlib、hmac
导入操作系统
def标志(键,消息):
返回hmac.new(key,msg.encode('utf-8'),hashlib.sha256.digest()
def getSignatureKey(密钥、日期戳、regionName、serviceName):
kDate=符号(('AWS4'+键)。编码('utf-8'),日期戳)
kRegion=符号(kDate,regionName)
K服务=标志(kRegion,serviceName)
kSigning=sign(kService,“aws4\U请求”)
返回信号
def处理程序():
#TODO:替换为您的信息
会话_id=#
用户id\u arn=#
访问密钥=#
秘密密钥=#
#遵循AWS文档中所示的步骤https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
t=datetime.datetime.utcnow()
amz_date=t.strftime(“%Y%m%dT%H%m%SZ”)
datestamp=t.strftime(“%Y%m%d”)
#使用boto3获取消息传递端点
客户=boto3.客户('chime',地区名称='us-east-1')
hostname=client.get_messaging_session_endpoint()['endpoint']['Url']
方法='GET'
服务=‘钟声’
地区='us-east-1'
规范的_uri='/connect'
规范_头='主机:'+主机名+'\n'
签名的\u头='host'
算法='AWS4-HMAC-SHA256'
凭证\范围=日期戳+'/'+区域+'/'+服务+'/'+'aws4\请求'
规范_查询字符串=“”
标准_querystring+=“X-Amz-Algorithm=AWS4-HMAC-SHA256”
规范的_querystring+='&X-Amz-Credential='+urllib.parse.quote_plus(访问_key+'/'+Credential_范围)
规范查询字符串+='&X-Amz-Date='+Amz\U日期
规范_querystring+='&X-Amz-Expires=3600'
规范的_querystring+='&X-Amz-Security-Token='+urllib.parse.quote(会话_-Token,safe='')
规范的_querystring+='&X-Amz-SignedHeaders='+signed_头
规范的_querystring+='&sessionId='+urllib.parse.quote(session_id,safe='')
规范的\u querystring+='&userArn='+urllib.parse.quote(用户\u id\u arn,safe='')
payload_hash=hashlib.sha256(“”).encode('utf-8')).hexdigest()
canonical_请求=方法+'\n'+规范_uri+'\n'+规范_查询字符串+'\n'+规范_头+'\n'+签名_头+'\n'+有效负载\u哈希
string_to_sign=algorithm+'\n'+amz_date+'\n'+credential_scope+'\n'+hashlib.sha256(规范的请求.encode('utf-8')).hexdigest()
签名密钥=getSignatureKey(密钥、日期戳、区域、服务)
signature=hmac.new(signing_key,(string_to_sign).encode('utf-8'),hashlib.sha256).hexdigest()
规范_querystring+='&X-Amz-Signature='+签名
请求\u url='wss://'+主机名+规范\u uri+'?'+规范\u查询字符串
返回\u dict={'wssUrl':请求\u url}
返回命令