从 Node.js 中的 AWS S3 getSignedUrl 对 URL 执行获取请求时出现 SignatureDoesNotMatch 错误
SignatureDoesNotMatch error when performing get request on URL from AWS S3 getSignedUrl in Node.js
我正在尝试访问我使用来自 AWS.S3 API http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#getSignedUrl-property 的 getSignedUrl 方法放置的数据。当我使用方法返回的 url 时出现错误。
将数据放入S3 bucket的代码
var params = {
Bucket: BUCKET_NAME,
Key: 'testing132',
Body: 'tasdfasfasdfs',
Expires: EXPIRATION_TIME,
ACL: 'public-read'
};
$log.info('test s3 dep', this);
s3.getSignedUrl('putObject', params, function (err, url) {
if (err) return cb(err);
return cb(null, url);
});
当对返回的 URL 执行来自 POSTMAN 的 GET 请求时,我收到以下页面,为了安全起见删除了一些信息
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>ASIAJ.....</AWSAccessKeyId>
<StringToSign>GET
1467833494
x-amz-acl:public-read
x-amz-security-token:FQoDYXdzEKz//////////wEaDBW+iL+gqGBqn2qxcyKcA1etzJzOZV33H3ND2hxQcm5MsJuZiHuEz5EvODXvDD7IfnlsbgNmLs70WAJ.................=
/s3test_test/testing132</StringToSign>
<SignatureProvided>sNNramN6fDo+sf......=</SignatureProvided>
<StringToSignBytes>47 45 54 0a 0a 0a 31 34 36 37 38 33 33 34 39 34 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 78 2d 61 6d 7a 2d 73 65 63 75 72 69 74 ..............</StringToSignBytes>
<RequestId>2404FC0B........</RequestId>
<HostId>u5CapGu...............=</HostId>
</Error>
所以有一些困惑,我没有足够仔细地阅读文档。我假设 getSignedUrl 方法中的 'putObject' 参数意味着我正在将一个对象上传到指定的键,然后将 url 检索到该对象。这个假设是错误的,基本上 putObject 参数意味着您指定了用户正在生成的 url 的对象的特征。使用 getObject 解决了这个问题。来自文档 You can use this functionality [putObject] to generate pre-signed PUT operations that require a specific payload to be uploaded by the consumer of the URL.
我正在尝试访问我使用来自 AWS.S3 API http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#getSignedUrl-property 的 getSignedUrl 方法放置的数据。当我使用方法返回的 url 时出现错误。
将数据放入S3 bucket的代码
var params = {
Bucket: BUCKET_NAME,
Key: 'testing132',
Body: 'tasdfasfasdfs',
Expires: EXPIRATION_TIME,
ACL: 'public-read'
};
$log.info('test s3 dep', this);
s3.getSignedUrl('putObject', params, function (err, url) {
if (err) return cb(err);
return cb(null, url);
});
当对返回的 URL 执行来自 POSTMAN 的 GET 请求时,我收到以下页面,为了安全起见删除了一些信息
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>ASIAJ.....</AWSAccessKeyId>
<StringToSign>GET
1467833494
x-amz-acl:public-read
x-amz-security-token:FQoDYXdzEKz//////////wEaDBW+iL+gqGBqn2qxcyKcA1etzJzOZV33H3ND2hxQcm5MsJuZiHuEz5EvODXvDD7IfnlsbgNmLs70WAJ.................=
/s3test_test/testing132</StringToSign>
<SignatureProvided>sNNramN6fDo+sf......=</SignatureProvided>
<StringToSignBytes>47 45 54 0a 0a 0a 31 34 36 37 38 33 33 34 39 34 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 78 2d 61 6d 7a 2d 73 65 63 75 72 69 74 ..............</StringToSignBytes>
<RequestId>2404FC0B........</RequestId>
<HostId>u5CapGu...............=</HostId>
</Error>
所以有一些困惑,我没有足够仔细地阅读文档。我假设 getSignedUrl 方法中的 'putObject' 参数意味着我正在将一个对象上传到指定的键,然后将 url 检索到该对象。这个假设是错误的,基本上 putObject 参数意味着您指定了用户正在生成的 url 的对象的特征。使用 getObject 解决了这个问题。来自文档 You can use this functionality [putObject] to generate pre-signed PUT operations that require a specific payload to be uploaded by the consumer of the URL.