AWS对S3桶里的文件设置签名验证，过期时间等-个人在线分享

当前位置：个人在线分享 > AWS对S3桶里的文件设置签名验证，过期时间等

文章介绍

有疑问？请点击复制链接咨询！

AWS 可以对S3桶的文件设置访问权限，当设置不公开访问的时候，又要让用户可以查看，那么就需要用到设置临时访问权限了

亚马逊 CloudFront 网址进行签名


/**
* CDN域名使用
* 给某个文件设置临时过期时间的url
* @param $filePath
* @return mixed|string
* @author wzb
* @data 2024/5/30
*/
static function ossAwsUrlSign($filePath = '', $expiresTime = 60)
{
if (empty($filePath)) {
return $filePath;
}
$configOss = config('aws_oss');
$configOss = $configOss['video'] ?? [];
$accessKeyId = $configOss['accessKeyId'] ?? '';  // 你的AccessKeyId
$accessKeySecret = $configOss['accessKeySecret'] ?? '';  // 你的AccessKeySecret
$region = $configOss['region'] ?? ''; // 你的Bucket所在地域的域名
$bucket = $configOss['bucket'] ?? ''; // 你的Bucket名字
$ossDomain = $configOss['oss_domain'] ?? '';  // CDN域名
if (empty($accessKeyId) || empty($accessKeySecret) || empty($region) || empty($bucket)) {
return '';
}
$resourceKey = $ossDomain . $filePath;
$expires = time() + $expiresTime; // 5 minutes (5 * 60 seconds) from now.
$privateKey = ROOT_PATH . "oss/aws_s3/private_key.pem";
$keyPairId = 'K2****ADPC';
$stsClient = new StsClient([
'version' => 'latest',//版本
'region' => $region,//区域
'credentials' => new Credentials(
$accessKeyId,//Access key ID
$accessKeySecret,//Secret access key
),
]);
$result = $stsClient->getSessionToken();
$cloudFrontClient = new CloudFrontClient([
'version' => 'latest',//版本
'region' => $region,//区域
'credentials' => [
'key' => $result['Credentials']['AccessKeyId'],
'secret' => $result['Credentials']['SecretAccessKey'],
'token' => $result['Credentials']['SessionToken']
]
]);
try {
$result = $cloudFrontClient->getSignedUrl([
'url' => $resourceKey,
'expires' => $expires,
'private_key' => $privateKey,
'key_pair_id' => $keyPairId
]);
return $result;
} catch (AwsException $e) {
return 'Error: ' . $e->getAwsErrorMessage();
}
}
// CDN域名使用
// 给用户临时的cookie访问权限
static function ossAwsUrlCookie($resourceKey)
{
if (empty($resourceKey)) {
return $resourceKey;
}
$configOss = config('aws_oss');
$configOss = $configOss['video'] ?? [];
$accessKeyId = $configOss['accessKeyId'] ?? '';  // 你的AccessKeyId
$accessKeySecret = $configOss['accessKeySecret'] ?? '';  // 你的AccessKeySecret
$region = $configOss['region'] ?? ''; // 你的Bucket所在地域的域名
$bucket = $configOss['bucket'] ?? ''; // 你的Bucket名字
$ossDomain = $configOss['oss_domain'] ?? '';
if (empty($accessKeyId) || empty($accessKeySecret) || empty($region) || empty($bucket)) {
return [];
}
$expires = time() + 300; // 5 minutes (5 * 60 seconds) from now.
$privateKey = ROOT_PATH . "oss/aws_s3/private_key.pem";
$keyPairId = 'K2CKP307JZADPC';
$stsClient = new StsClient([
'version' => 'latest',//版本
'region' => $region,//区域
'credentials' => new Credentials(
$accessKeyId,//Access key ID
$accessKeySecret,//Secret access key
),
]);
$result = $stsClient->getSessionToken();
$cloudFrontClient = new CloudFrontClient([
'version' => 'latest',//版本
'region' => $region,//区域
'credentials' => [
'key' => $result['Credentials']['AccessKeyId'],
'secret' => $result['Credentials']['SecretAccessKey'],
'token' => $result['Credentials']['SessionToken']
]
]);
try {
$result = $cloudFrontClient->getSignedCookie([
'url' => $ossDomain . $resourceKey,
'expires' => $expires,
'private_key' => $privateKey,
'key_pair_id' => $keyPairId
]);
// 需要把返回的数据写入cookie里
return $result;
} catch (AwsException $e) {
return ['Error' => $e->getAwsErrorMessage()];
}
}

Amazon S3 预签名 URL


/**
* S3桶自带的域名使用
* 生成临时链接-过期时间
* @return string
* @author wzb
* @data 2024/5/30
*/
static function ossAwsUrlExpires($filePath = '')
{
$configOss = config('aws_oss');
$configOss = $configOss['video'] ?? [];
$accessKeyId = $configOss['accessKeyId'] ?? '';  // 你的AccessKeyId
$accessKeySecret = $configOss['accessKeySecret'] ?? '';  // 你的AccessKeySecret
$region = $configOss['region'] ?? ''; // 你的Bucket所在地域的域名
$bucket = $configOss['bucket'] ?? ''; // 你的Bucket名字
if (empty($accessKeyId) || empty($accessKeySecret) || empty($region) || empty($bucket)) {
return '';
}
//实例化
$s3Client = new S3Client([
'version' => 'latest',//版本
'region' => $region,//区域
'credentials' => new Credentials(
$accessKeyId,//Access key ID
$accessKeySecret,//Secret access key
),
]);
$cmd = $s3Client->getCommand('GetObject', [
'Bucket' => $bucket,
'Key' => $filePath
]);
//        $request = $s3Client->createPresignedRequest($cmd, '+1 minutes');
$request = $s3Client->createPresignedRequest($cmd, '+20 second');
$presignedUrl = (string)$request->getUri();
return $presignedUrl;
}

本站无任何商业行为
个人在线分享 » AWS对S3桶里的文件设置签名验证，过期时间等

admin 钻石

分享到：

E-->