AWS S3 Bucket Django 3.0 用户个人资料图像上传访问错误

tag-icon tag-icon amazon-web-services python amazon-s3 django
AWS S3 Bucket Django 3.0 用户个人资料图像上传访问错误

介绍

  • 我正在关注按照指南推荐,这里是指南的 GitHub 存储库
  • 我也为它创建了一个 AmazonS3FullAccess
  • 我使用指南中的第三个例子”公共资产与私人资产混合“具有静态、媒体公开、媒体、私人版本。
  • 如果用户登录(本地开发环境),他可以从网站上传文件,但他无法从网站访问这些文件,只能从 AWS S3 管理网站访问它们。
  • 目前我正在阻止所有公共访问,因为它在指南中(AWS S3 管理面板设置)
  • 我已经将这些行添加到我的CORS 配置编辑器其他指南
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
  • 切换到对我来说更本地的中央欧盟服务器。没有用,我得到了同样的错误。

存储后端.py

from django.conf import settings
from storages.backends.s3boto3 import S3Boto3Storage

class StaticStorage(S3Boto3Storage):
    location = settings.AWS_STATIC_LOCATION

class PublicMediaStorage(S3Boto3Storage):
    location = settings.AWS_PUBLIC_MEDIA_LOCATION
    file_overwrite = False

class PrivateMediaStorage(S3Boto3Storage):
    location = settings.AWS_PRIVATE_MEDIA_LOCATION
    default_acl = 'private'
    file_overwrite = False
    custom_domain = False

设置.py

AWS_ACCESS_KEY_ID = 'DSHUGASGHLASF678FSHAFH'
AWS_SECRET_ACCESS_KEY = 'uhsdgahsfgskajgjkafgjkdfjkgkjdfgfg'
AWS_STORAGE_BUCKET_NAME = 'MYSTORAGE289377923'
AWS_S3_CUSTOM_DOMAIN = '%s.s3.amazonaws.com' % AWS_STORAGE_BUCKET_NAME

AWS_S3_OBJECT_PARAMETERS = {
    'CacheControl': 'max-age=86400',
}

AWS_STATIC_LOCATION = 'static'
STATICFILES_STORAGE = 'mysite.storage_backends.StaticStorage'
STATIC_URL = "https://%s/%s/" % (AWS_S3_CUSTOM_DOMAIN, AWS_STATIC_LOCATION)

AWS_PUBLIC_MEDIA_LOCATION = 'media/public'
DEFAULT_FILE_STORAGE = 'mysite.storage_backends.PublicMediaStorage'

AWS_PRIVATE_MEDIA_LOCATION = 'media/private'
PRIVATE_FILE_STORAGE = 'mysite.storage_backends.PrivateMediaStorage'

AWS_S3_HOST = "s3.eu-central-1.amazonaws.com"
S3_USE_SIGV4 = True
AWS_S3_REGION_NAME = "eu-central-1"

模型.py

from django.db import models
from django.conf import settings
from django.contrib.auth.models import User

from mysite.storage_backends import PrivateMediaStorage


class Document(models.Model):
    uploaded_at = models.DateTimeField(auto_now_add=True)
    upload = models.FileField()


class PrivateDocument(models.Model):
    uploaded_at = models.DateTimeField(auto_now_add=True)
    upload = models.FileField(storage=PrivateMediaStorage())
    user = models.ForeignKey(User, related_name='documents')

视图.py

from django.contrib.auth.decorators import login_required
from django.views.generic.edit import CreateView
from django.urls import reverse_lazy
from django.utils.decorators import method_decorator

from .models import Document, PrivateDocument


class DocumentCreateView(CreateView):
    model = Document
    fields = ['upload', ]
    success_url = reverse_lazy('home')

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        documents = Document.objects.all()
        context['documents'] = documents
        return context


@method_decorator(login_required, name='dispatch')
class PrivateDocumentCreateView(CreateView):
    model = PrivateDocument
    fields = ['upload', ]
    success_url = reverse_lazy('profile')

    def form_valid(self, form):
        self.object = form.save(commit=False)
        self.object.user = self.request.user
        self.object.save()
        return super().form_valid(form)

错误

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>56fg67dfg56df7g67df</RequestId>
<HostId>
hsiugYIGYfhuieHF7weg68g678dsgds78g67dsg86sdg68ds7g68ds7yfsd8f8hd7
</HostId>
</Error>

到目前为止我尝试过的事情

  • 中间有一段时期,它创建了 AWS 链接,并将文件添加到本地“媒体”文件夹。但由于我删除了“媒体文件夹”,它只创建了 URL 链接,并实际将它们上传到 S3 存储桶
  • 我也发现了同样的情况问题在 aws 论坛上,但尚未得到答复
  • 访问权https://stackoverflow.com/questions/21609842/django-aws-s3-bucket-authenticated-access-to-s3-bucket(我不明白这个答案https://stackoverflow.com/a/21614550/10270590
  • “使用 AWS4-HMAC-SHA256”
    • 指定 S3 主机的区域以正确使用https://github.com/aws/aws-sdk-js/issues/829
    • 查找您所在地区的网站 -https://docs.aws.amazon.com/general/latest/gr/rande.html
    • 我也收到了这样的建议“大多数新区域仅支持AWS4-HMAC-SHA256- 如果您的代码不支持此身份验证方案并且仅创建“v2 签名”在旧区域之一创建存储桶,例如在欧洲似乎只有爱尔兰- 请查看此处:https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html
    • 我在欧盟与我的测试机器 - 我设置了一个美国基地的 S3 存储桶- 我如何配置 Django 应用程序或 AWS S3 Bucket,以便允许从任何地方访问它(应用程序的部署尤其重要,世界各地的人们都可以访问它)。来自同一个视频评论区评论如下Steve D Great video series, just to say I am using an S3 bucket in Europe and needed to add additional settings AWS_S3_HOST = "s3.eu-west-2.amazonaws.com" and AWS_S3_REGION_NAME="eu-west-2" to make it work
  • 这是我添加到设置中的确切代码基于并补充了原始指南的代码。当我切换图像时,它可以工作,但当我离开配置文件设置并返回时,图像消失并显示原始错误):
AWS_S3_HOST = "s3.eu-central-1.amazonaws.com"
S3_USE_SIGV4 = True
AWS_S3_REGION_NAME = "eu-central-1"

答案1

大多数新区域仅支持AWS4-HMAC-SHA256- 如果您的代码不支持此身份验证方案并且仅创建“v2 签名”在旧区域之一创建存储桶,例如在欧洲似乎只有爱尔兰- 请查看此处:https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html

顺便说一句,你的 S3 上传/下载代码应该使用一些标准的 AWS SDK - 对于 Python 来说博托3。这些官方 SDK 支持所有正确的身份验证方法、新区域等。不要推出您自己的 SDK。

希望有帮助:)

相关内容