问题描述
限时送ChatGPT账号..我是编写 Rails 和 API 的新手.我需要一些有关 S3 存储解决方案的帮助.这是我的问题.
I am new to writing Rails and APIs. I need some help with S3 storage solution. Here's my problem.
我正在为 iOS 应用编写 API,用户可以在其中使用 iOS 上的 Facebook API 登录.服务器根据 Facebook 向 iOS 用户发出的令牌验证用户,并发出临时会话令牌.此时,用户需要下载存储在 S3 中的内容.此内容仅属于用户及其朋友的子集.该用户可以向 S3 添加更多内容,供同一群人访问.我想这类似于将文件附加到 Facebook 群组...
I am writing an API for an iOS app where the users login with the Facebook API on iOS. The server validates the user against the token Facebook issues to the iOS user and issues a temporary Session token. From this point the user needs to download content that is stored in S3. This content only belongs to the user and a subset of his friends. This user can add more content to S3 which can be accessed by the same bunch of people. I guess it is similar to attaching a file to a Facebook group...
用户可以通过 2 种方式与 S3 交互...将其留给服务器或让服务器发出临时 S3 令牌(不确定此处的可能性)并且用户可以直接点击内容 URL到 S3.我发现这个问题在谈论这些方法,但是,它确实过时了(2 年前):有关从 iPhone 应用程序和 S3 上传照片的架构和设计问题
There are 2 ways a user can interact with S3... leave it to the server or get the server to issue a temporary S3 token (not sure of the possibilities here) and the user can hit up on the content URLs directly to S3. I found this question talking about the approaches, however, it is really dated (2 yrs ago): Architectural and design question about uploading photos from iPhone app and S3
问题:
在颁发临时令牌时,有没有办法限制用户只能访问 S3 上的某些内容?我怎样才能做到这一点?假设有……比如 100,000 或更多用户.让 iOS 设备直接拉出这些内容是个好主意吗?还是应该让服务器控制所有的内容传递(这当然是解决安全问题的)?这是否意味着我必须先将所有内容下载到服务器,然后才能将其交给连接的用户?如果您了解 Rails...我可以使用回形针和 aws-sdk gems 来实现这种设置吗?对多个问题深表歉意,感谢您对问题的任何洞察.谢谢:)
Apologies for multiple questions and I appreciate any insight into the problem. Thanks :)
推荐答案
使用 aws-sdkgem,您可以通过调用 url_for:
Using the aws-sdk gem, you can get a temporary signed url for any S3 object by calling url_for:
s3 = AWS::S3.new(
:access_key_id => 1234,
:secret_access_key => abcd
)
object = s3.buckets['bucket'].objects['path/to/object']
object.url_for(:get, { :expires => 20.minutes.from_now, :secure => true }).to_s
这将为您提供一个签名的临时使用 URL,仅用于 S3 中的该对象.它在 20 分钟后过期(在本例中),并且只对那个对象有用.
This will give you a signed, temporary use URL for only that object in S3. It expires after 20 minutes (in this example), and it's only good for that one object.
如果您有大量客户需要的对象,则需要发布大量签名 URL.
If you have lots of objects the client needs, you'll need to issue lots of signed URLs.
还是应该让服务器控制所有的内容传递(这当然是解决安全问题的)?这是否意味着我必须先将所有内容下载到服务器,然后才能将其交给连接的用户?
Or should let the server control all content passing (this solves security of course)? Does this mean I have to download all content to server before handing it down to the connected users?
请注意,这并不意味着服务器需要下载每个对象,它只需要对特定客户端进行身份验证和授权以访问 S3 中的特定对象.
Note that this doesn't mean the server needs to download each object, it only needs to authenticate and authorize specific clients to access specific objects in S3.
来自亚马逊的 API 文档:https://docs.aws.amazon/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth
API docs from Amazon: https://docs.aws.amazon/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth
这篇关于如何在 S3 中存储数据并允许用户使用 Rails API/iOS 客户端以安全的方式访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
更多推荐
[db:关键词]
发布评论