Uploading Images to S3 Specify Content Type
To better the application server functioning we upload files to s3 using Browser-Based Http Mail service method.
For assuasive client to upload file to S3 client asking needs to be authenticated. So customer needs to send signature signed by aws User access secret with asking body. Besides this client needs to transport file upload security policy to restrict unwanted upload to s3 saucepan.
For calculating signature application server needs to do the post-obit
- Create a policy using UTF-8 encoding.
Think the credentials:
AWSAccessKeyId: AKIAIOSFODNN7EXAMPLE --> will be use in x-amz-credential AWSSecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ---> will be used in singing precess
{ "expiration": "2015-12-30T12:00:00.000Z", "conditions": [ {"bucket": "sigv4examplebucket"}, ["starts-with", "$key", "user/user1/"], {"acl": "public-read"}, {"success_action_redirect": "http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html"}, ["starts-with", "$Content-Blazon", "image/"], {"10-amz-meta-uuid": "14365123651274"}, {"ten-amz-server-side-encryption": "AES256"}, ["starts-with", "$x-amz-meta-tag", ""], {"ten-amz-credential": "AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request"}, {"x-amz-algorithm": "AWS4-HMAC-SHA256"}, {"ten-amz-date": "20151229T000000Z" } ] } here:
- The upload must occur earlier noon UTC on December 30, 2015.
- The content can be uploaded only to the sigv4examplebucket. The bucket must be in the region that you specified in the credential telescopic (x-amz-credential grade parameter), because the signature you provided is valid only inside this scope.
- You can provide whatsoever fundamental name that starts with user/user1. For instance, user/user1/MyPhoto.jpg.
- The ACL must be set to public-read.
- If the upload succeeds, the user's browser is redirected to http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html.
- The object must be an image file.
- The 10-amz-meta-uuid tag must be set to 14365123651274.
- The x-amz-meta-tag can contain any value.
2. Convert the UTF-8-encoded policy bytes to base64. The issue is the StringToSign.
3. Create a signing central.
iv. Use the signing key to sign the StringToSign using HMAC-SHA256 signing algorithm.
After calculating the signature you should send file to S3 using a post html form
<html> <caput> <meta http-equiv="Content-Type" content="text/html; charset=UTF-viii" /> </head> <body> <form activity="http://sigv4examplebucket.s3.amazonaws.com/" method="post" enctype="multipart/form-information"> Primal to upload: <input type="input" proper noun="key" value="user/user1/${filename}" /><br /> <input blazon="hidden" name="acl" value="public-read" /> <input blazon="hidden" name="success_action_redirect" value="http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html" /> Content-Blazon: <input type="input" name="Content-Type" value="epitome/jpeg" /><br /> <input type="hidden" proper name="ten-amz-meta-uuid" value="14365123651274" /> <input type="hidden" proper noun="x-amz-server-side-encryption" value="AES256" /> <input blazon="text" proper name="X-Amz-Credential" value="AKIAIOSFODNN7EXAMPLE/20151229/us-e-1/s3/aws4_request" /> <input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" /> <input blazon="text" name="X-Amz-Date" value="20151229T000000Z" /> Tags for File: <input type="input" name="10-amz-meta-tag" value="" /><br /> <input type="subconscious" name="Policy" value='<Base64-encoded policy string>' /> <input blazon="subconscious" name="X-Amz-Signature" value="<signature-value>" /> File: <input type="file" name="file" /> <br /> <!-- The elements after this volition be ignored --> <input type="submit" name="submit" value="Upload to Amazon S3" /> </form> </html> Some sdks exercise these things for y'all, but some do not.
In Scala nosotros can practise the signing -- (Demo code)
import java.security.{InvalidKeyException, NoSuchAlgorithmException} import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec import org.apache.eatables.codec.binary.Hex import coffee.util.Base64 import coffee.io.UnsupportedEncodingException @throws[NoSuchAlgorithmException] @throws[InvalidKeyException] @throws[IllegalStateException] @throws[UnsupportedEncodingException] def computeHmacSHA256(key: Array[Byte], information: String): Assortment[Byte] = { val algorithm = "HmacSHA256" val charsetName = "UTF-eight" val sha256_HMAC = Mac.getInstance(algorithm) val secret_key = new SecretKeySpec(key, algorithm) sha256_HMAC.init(secret_key) sha256_HMAC.doFinal(data.getBytes(charsetName)) } @throws[NoSuchAlgorithmException] @throws[InvalidKeyException] @throws[IllegalStateException] @throws[UnsupportedEncodingException] def computeHmacSHA256(key: String, data: String): Array[Byte] = computeHmacSHA256(key.getBytes, data) @throws[InvalidKeyException] @throws[NoSuchAlgorithmException] @throws[IllegalStateException] @throws[UnsupportedEncodingException] def getSignatureV4(accessSecretKey: Cord, date: Cord, region: String, regionService: String, signing: Cord, stringToSign: String): Cord = { val dateKey = computeHmacSHA256(accessSecretKey, appointment) val dateRegionKey = computeHmacSHA256(dateKey, region) val dateRegionServiceKey = computeHmacSHA256(dateRegionKey, regionService) val signingKey = computeHmacSHA256(dateRegionServiceKey, signing) val signature = computeHmacSHA256(signingKey, stringToSign) Hex.encodeHexString(signature) } val fileName= "johnny.jpg" // ane byte to 100kb range val policy = s"""{ "expiration": "2021-03-31T12:00:00.000Z", | "conditions": [ | {"bucket": "examplebucket"}, | ["starts-with", "$key", "$fileName"], | {"acl": "public-read"}, | {"success_action_redirect": "https://exampleexampe.com"}, | ["starts-with", "$Content-Type", "prototype/"], | ["content-length-range", 1, 100000], | {"ten-amz-server-side-encryption": "AES256"}, | {"x-amz-credential": "accessKeyId/20210330/ap-south-ane/s3/aws4_request"}, | {"10-amz-algorithm": "AWS4-HMAC-SHA256"}, | {"10-amz-date": "20210330T000000Z" } | ] |}""".stripMargin val accessSecretKey: String = "AWS4" + "accessSecrate" val date = "20210330" val region = "ap-s-one" val regionService = "s3" val signing = "aws4_request" val stringToSign = Base64.getEncoder.encodeToString(policy.getBytes) val signature = getSignatureV4(accessSecretKey, date, region, regionService, signing, stringToSign) The html file will be (demo code)
@(fileName:Cord,policy:String,signature:String) <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> </caput> <torso> <class activeness="http://examplebucket.s3.amazonaws.com/" method="postal service" enctype="multipart/form-data"> Primal to upload: <input type="input" name="key" value="@fileName" /><br /> <input type="subconscious" proper name="acl" value="public-read" /> <input type="hidden" proper name="success_action_redirect" value="https://exampleexampe.com" /> Content-Type: <input type="input" proper name="Content-Type" value="image/" /><br /> <input type="hidden" name="x-amz-server-side-encryption" value="AES256" /> <input type="text" name="X-Amz-Credential" value="xxxxxxx/20210330/ap-southward-1/s3/aws4_request" /> <input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" /> <input type="text" proper noun="Ten-Amz-Appointment" value="20210330T000000Z" /> Tags for File: <input type="hidden" name="Policy" value="@policy" /> <input blazon="subconscious" name="X-Amz-Signature" value="@signature" /> File: <input type="file" name="file" /> <br /> <!-- The elements subsequently this volition exist ignored --> <input type="submit" name="submit" value="Upload to Amazon S3" /> </course> </html>
Past doing this we tin can create browser based http post asking to S3 to upload file.
pattersonitth1992.blogspot.com
Source: https://www.linkedin.com/pulse/s3-browser-based-uploads-using-http-post-md-mahadi-hossain
0 Response to "Uploading Images to S3 Specify Content Type"
Post a Comment