想象一下该应用程序能够由用户上传文件。只有作者(上传此文件的人)和作者的朋友才能看到此上传的文件。
我正在使用“载波”gem来处理上传文件。它使我能够获取文件 URL。
# models/user.rb
class User
mount_uploader :secret_file, SecretFileUploader
end
# uploaders/secret_file_uploader.rb
class SecretFileUploader < CarrierWave::Uploader::Base
include CarrierWave::MiniMagick
def extension_white_list
%w[txt]
end
def store_dir
"secret_files"
end
end
u = User.last.secret_file.url # => "https://bucket-name.s3.amazonaws.com/secret_files/secret_file_name.txt"
如果有人窃取了此 S3 URL,那么他们可以随时访问此文件。
遇到这种情况该如何处理?如何只授权作者和作者的朋友打开这个文件?
为了确保上传的内容仅对用户及其关联的朋友可见,您需要确保几件事 -
##in user.rb
has_many :images, :dependent => :destroy
##in image.rb
belongs_to :user
mount_uploader :image, ImageUploader
validates_presence_of :image
##to validate uploads - https://github.com/carrierwaveuploader/carrierwave/wiki/How-to%3A-Validate-uploads-with-Active-Record
validates_integrity_of :image
validates_processing_of :image
image_uploader.rb
class ImageUploader < CarrierWave::Uploader::Base
#Override the directory where uploaded files will be stored.
#This is a sensible default for uploaders that are meant to be mounted:
#this way you ensure the files are uploaded to each users folders
def store_dir
"inputs/images/#{model.user_id}/#{model.id}"
end
##in carrierwave.rb, you configure presigned urls using fog gem.
CarrierWave.configure do |config|
config.fog_credentials = {
:provider => 'AWS',
:aws_access_key_id => "xxxxxxxxxxxxxx",
:aws_secret_access_key => "xxxxxxxxxxxxxx",
:region => "any valid aws region"
}
#this is where you configure presigned urls
config.fog_directory = "dev-bucket"
config.fog_attributes = {
expires: 10.minutes.from_now.httpdate,
'Cache-Control': 'max-age=315576000',
server_side_encryption: 'aws:kms'
}
#default is 60 seconds
config.fog_authenticated_url_expiration = 60
end
尝试一下,如果有帮助请告诉我。
要了解有关如何避免对 AWS S3 中的文件进行不必要的访问的更多信息,检查此链接