不确定这是否可行,因为我刚刚开始使用 Amazon S3。
我有一个应用程序,用户可以将图像文件上传到 S3。我希望这些图像文件只能由应用程序用户访问,因此如果用户登录并请求图像,它将显示但是当我尝试通过直接输入图像的 url 来访问图像时,我没有得到图片。
我正在使用这个s3 Coldfusion 处理程序,但我不确定如何正确设置它ACL,因为只有上传用户才能访问存储桶,并且将 ACL 设置为public read不会阻止非应用程序用户访问文件.
问题:
是否可以基于应用授予 ACL?
You can put buckets and objects which only allow access to the owner by passing an empty acl string. By owner i'm referering to the owning Amazon account, not the user in your application.
This example creates a single bucket then uploads an image into a sub folder.
<cfscript>
s3 = createobject("component", "s3").init(accessKeyId, secretAccessKey);
s3.putBucket("myapps-bucket", "");
s3.putObject(
bucketName="myapps-bucket",
fileKey="image.png",
contentType="image/png",
acl="",
keyName="user1234/image.png"
);
</cfscript>
To display the image to the user you must generate a signed link to the object othewrwise they will get an authorisation error from s3
<!--- signed link valid for 30 mins --->
<cfset link = s3.getObject(bucket, "user1234/image.png", 30) />
<cfoutput>
<img src="#link#" />
</cfoutput>
Currently it is only possible to have 100 buckets per Amazon account, so i would recommend using a folder per user rather than separate buckets.