Evaporate.js 使用 x-amz-security-token 上传文件:SignatureDoesNotMatch
Evaporate.js upload file with x-amz-security-token: SignatureDoesNotMatch
我想用 evaporate.js 和使用 x-amz-security-token 的 crypto-js 上传文件:
import * as Evaporate from 'evaporate';
import * as crypto from "crypto-js";
Evaporate.create({
aws_key: <ACCESS_KEY>,
bucket: 'my-bucket',
awsRegion: 'eu-west',
computeContentMd5: true,
cryptoMd5Method: data => crypto.algo.MD5.create().update(String.fromCharCode.apply(null, new Uint32Array(data))).finalize().toString(crypto.enc.Base64),
cryptoHexEncodedHash256: (data) => crypto.algo.SHA256.create().update(data as string).finalize().toString(crypto.enc.Hex),
logging: true,
maxConcurrentParts: 5,
customAuthMethod: (signParams: object, signHeaders: object, stringToSign: string, signatureDateTime: string, canonicalRequest: string): Promise<string> => {
const stringToSignDecoded = decodeURIComponent(stringToSign)
const requestScope = stringToSignDecoded.split("\n")[2];
const [date, region, service, signatureType] = requestScope.split("/");
const round1 = crypto.HmacSHA256(`AWS4${signParams['secret_key']}`, date);
const round2 = crypto.HmacSHA256(round1, region);
const round3 = crypto.HmacSHA256(round2, service);
const round4 = crypto.HmacSHA256(round3, signatureType);
const final = crypto.HmacSHA256(round4, stringToSignDecoded);
return Promise.resolve(final.toString(crypto.enc.Hex));
},
signParams: { secretKey: <SECRET_KEY> },
partSize: 1024 * 1024 * 6
}).then((evaporate) => {
evaporate.add({
name: 'my-key',
file: file, // file from <input type="file" />
xAmzHeadersCommon: { 'x-amz-security-token': <SECURITY_TOKEN> },
xAmzHeadersAtInitiate: { 'x-amz-security-token': <SECURITY_TOKEN> },
}).then(() => console.log('complete'));
},
(error) => console.error(error)
);
但它产生了这个输出
AWS Code: SignatureDoesNotMatch, Message:The request signature we calculated does not match the signature you provided. Check your key and signing method.status:403
我做错了什么
旁注
这是我在浏览器端使用的版本:
{
"crypto-js": "^4.1.1",
"evaporate": "^2.1.4"
}
你的 crypto.HmacSHA256 参数被颠倒了。他们应该都是相反的。上周我一直在用头撞墙试图蒸发 2.x 去工作,这非常令人沮丧。
我试过你上面的代码并查看了所有与此相关的文档和论坛帖子,我认为使用 Cognito 进行此身份验证不起作用或者它应该如何工作并不明显,即使AWS docs suggest it's possible.
最后我选择了使用 Lambda 身份验证,并在看到很多关于如何使用各种加密库来签署这些东西的错误信息后终于让它工作了。在严格检查了正在发生的每一件事之后,我昨晚让它工作了。阅读文档还帮助我在加密需要如何工作方面走上正确的道路,它提供了示例输入和输出,因此您可以测试确保您的加密方法正在按照 AWS 期望的方式工作:
https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
阅读和理解任务 1、2 和 3 尤为重要。
我想用 evaporate.js 和使用 x-amz-security-token 的 crypto-js 上传文件:
import * as Evaporate from 'evaporate';
import * as crypto from "crypto-js";
Evaporate.create({
aws_key: <ACCESS_KEY>,
bucket: 'my-bucket',
awsRegion: 'eu-west',
computeContentMd5: true,
cryptoMd5Method: data => crypto.algo.MD5.create().update(String.fromCharCode.apply(null, new Uint32Array(data))).finalize().toString(crypto.enc.Base64),
cryptoHexEncodedHash256: (data) => crypto.algo.SHA256.create().update(data as string).finalize().toString(crypto.enc.Hex),
logging: true,
maxConcurrentParts: 5,
customAuthMethod: (signParams: object, signHeaders: object, stringToSign: string, signatureDateTime: string, canonicalRequest: string): Promise<string> => {
const stringToSignDecoded = decodeURIComponent(stringToSign)
const requestScope = stringToSignDecoded.split("\n")[2];
const [date, region, service, signatureType] = requestScope.split("/");
const round1 = crypto.HmacSHA256(`AWS4${signParams['secret_key']}`, date);
const round2 = crypto.HmacSHA256(round1, region);
const round3 = crypto.HmacSHA256(round2, service);
const round4 = crypto.HmacSHA256(round3, signatureType);
const final = crypto.HmacSHA256(round4, stringToSignDecoded);
return Promise.resolve(final.toString(crypto.enc.Hex));
},
signParams: { secretKey: <SECRET_KEY> },
partSize: 1024 * 1024 * 6
}).then((evaporate) => {
evaporate.add({
name: 'my-key',
file: file, // file from <input type="file" />
xAmzHeadersCommon: { 'x-amz-security-token': <SECURITY_TOKEN> },
xAmzHeadersAtInitiate: { 'x-amz-security-token': <SECURITY_TOKEN> },
}).then(() => console.log('complete'));
},
(error) => console.error(error)
);
但它产生了这个输出
AWS Code: SignatureDoesNotMatch, Message:The request signature we calculated does not match the signature you provided. Check your key and signing method.status:403
我做错了什么
旁注
这是我在浏览器端使用的版本:
{
"crypto-js": "^4.1.1",
"evaporate": "^2.1.4"
}
你的 crypto.HmacSHA256 参数被颠倒了。他们应该都是相反的。上周我一直在用头撞墙试图蒸发 2.x 去工作,这非常令人沮丧。
我试过你上面的代码并查看了所有与此相关的文档和论坛帖子,我认为使用 Cognito 进行此身份验证不起作用或者它应该如何工作并不明显,即使AWS docs suggest it's possible.
最后我选择了使用 Lambda 身份验证,并在看到很多关于如何使用各种加密库来签署这些东西的错误信息后终于让它工作了。在严格检查了正在发生的每一件事之后,我昨晚让它工作了。阅读文档还帮助我在加密需要如何工作方面走上正确的道路,它提供了示例输入和输出,因此您可以测试确保您的加密方法正在按照 AWS 期望的方式工作:
https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
阅读和理解任务 1、2 和 3 尤为重要。