问题描述
在 azure 中,可以通过为存储桶创建临时签名来访问容器内的对象。
IBM 云存储是否可行?
我想使用 HMAC 签名临时访问存储桶内的多个对象,但根据文档,我可以获取对象详细信息或访问单个对象。为容器生成的签名不适用于访问/下载其中的对象。
例如,
存储桶 => 测试
Object1 => test1.jpg
Object2 => test2.jpg
所以在上面的例子中,两个对象应该可以使用相同的签名访问。
我正在使用以下 nodejs 代码来生成签名(这是 IBM 文档中提供的演示代码)-
const httpMethod = 'GET';
const host = 's3.us-east.cloud-object-storage.appdomain.cloud';
const region = '';
const endpoint = 'https://' + host;
const bucket = 'test';
const objectKey = '';
const expiration = 86400 // time in seconds
// hashing and signing methods
function hash(key,msg) {
var hmac = crypto.createHmac('sha256',key);
hmac.update(msg,'utf8');
return hmac.digest();
}
function hmacHex(key,'utf8');
return hmac.digest('hex');
}
function hashHex(msg) {
var hash = crypto.createHash('sha256');
hash.update(msg);
return hash.digest('hex');
}
// region is a wildcard value that takes the place of the AWS region value
// as COS doesn't use the same conventions for regions,this parameter can accept any string
function createSignatureKey(key,datestamp,region,service) {
keyDate = hash(('AWS4' + key),datestamp);
keyString = hash(keyDate,region);
keyService = hash(keyString,service);
keySigning = hash(keyService,'aws4_request');
return keySigning;
}
function createHexSignatureKey(key,service) {
keyDate = hashHex(('AWS4' + key),datestamp);
keyString = hashHex(keyDate,region);
keyService = hashHex(keyString,service);
keySigning = hashHex(keyService,'aws4_request');
return keySigning;
}
// assemble the standardized request
var time = moment().utc();
var timestamp = time.format('YYYYMMDDTHHmmss') + 'Z';
var datestamp = time.format('YYYYMMDD');
var standardizedQuerystring = 'X-Amz-Algorithm=AWS4-HMAC-SHA256' +
'&X-Amz-Credential=' + encodeURIComponent(accessKey + '/' + datestamp + '/' + region + '/s3/aws4_request') +
'&X-Amz-Date=' + timestamp +
'&X-Amz-Expires=' + expiration.toString() +
'&X-Amz-SignedHeaders=host';
var standardizedResource = '/' + bucket + '/' + objectKey;
//var standardizedResource = '/' + bucket + '/';
var payloadHash = 'UNSIGNED-PAYLOAD';
var standardizedHeaders = 'host:' + host;
var signedHeaders = 'host';
var standardizedRequest = httpMethod + '\n' +
standardizedResource + '\n' +
standardizedQuerystring + '\n' +
standardizedHeaders + '\n' +
'\n' +
signedHeaders + '\n' +
payloadHash;
// assemble string-to-sign
var hashingalgorithm = 'AWS4-HMAC-SHA256';
var credentialScope = datestamp + '/' + region + '/' + 's3' + '/' + 'aws4_request';
var sts = hashingalgorithm + '\n' +
timestamp + '\n' +
credentialScope + '\n' +
hashHex(standardizedRequest);
// generate the signature
signatureKey = createSignatureKey(secretKey,'s3');
signature = hmacHex(signatureKey,sts);
// create and send the request
// the 'requests' package autmatically adds the required 'host' header
var requestUrl = endpoint + '/' +
bucket + '/' +
objectKey + '?' +
standardizedQuerystring +
'&X-Amz-Signature=' +
signature;
console.log(`requestUrl: ${requestUrl}`);
console.log(`\nSending ${httpMethod} request to IBM COS -----------------------`);
console.log('Request URL = ' + requestUrl);
// create and send the request
console.log(`\nSending ${httpMethod} request to IBM COS -----------------------`);
console.log('Request URL = ' + requestUrl);
var request = https.get(requestUrl,function(response) {
console.log('\nResponse from IBM COS ----------------------------------');
console.log(`Response code: ${response.statusCode}\n`);
response.on('data',function(chunk) {
console.log('Response: ' + chunk);
printDebug();
});
});
request.end();
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)