文档首页> 对象存储服务 OBS> Node.js> 临时授权访问> 使用临时URL进行授权访问
更新时间:2024-02-28 GMT+08:00

使用临时URL进行授权访问

开发过程中,您有任何问题可以在github上提交issue接口参考文档详细介绍了每个接口的参数和使用方法。

使用Method参数指定HTTP请求方法类型;使用Expires参数(单位:秒)指定生成的URL有效期;使用Headers参数指定请求的头信息;使用SpecialParam参数指定特殊操作符;使用QueryParams参数指定请求的查询参数。

OBS客户端支持通过访问密钥、请求方法类型、请求参数等信息生成一个在Query参数中携带鉴权信息的URL,可将该URL提供给其他用户进行临时访问。在生成URL时,您需要指定URL的有效期来限制访客用户的访问时长。

如果您想授予其他用户对桶或对象临时进行其他操作的权限(例如上传或下载对象),则需要生成带对应请求的URL后(例如使用生成PUT请求的URL上传对象),将该URL提供给其他用户。

通过该方式可支持的操作以及相关信息见下表:

操作名

HTTP请求方法

特殊操作符(子资源)

是否需要桶名

是否需要对象名

创建桶

PUT

N/A

获取桶列表

GET

N/A

删除桶

DELETE

N/A

列举桶内对象

GET

N/A

列举桶内多版本对象

GET

versions

列举分段上传任务

GET

uploads

获取桶元数据

HEAD

N/A

获取桶区域位置

GET

location

获取桶存量信息

GET

storageinfo

设置桶配额

PUT

quota

获取桶配额

GET

quota

设置桶存储类型

PUT

storagePolicy

获取桶存储类型

GET

storagePolicy

设置桶访问权限

PUT

acl

获取桶访问权限

GET

acl

开启/关闭桶日志

PUT

logging

查看桶日志

GET

logging

设置桶策略

PUT

policy

查看桶策略

GET

policy

删除桶策略

DELETE

policy

设置生命周期规则

PUT

lifecycle

查看生命周期规则

GET

lifecycle

删除生命周期规则

DELETE

lifecycle

设置托管配置

PUT

website

查看托管配置

GET

website

清除托管配置

DELETE

website

设置桶多版本状态

PUT

versioning

查看桶多版本状态

GET

versioning

设置跨域规则

PUT

cors

查看跨域规则

GET

cors

删除跨域规则

DELETE

cors

设置桶标签

PUT

tagging

查看桶标签

GET

tagging

删除桶标签

DELETE

tagging

上传对象

PUT

N/A

追加上传

POST

append

下载对象

GET

N/A

复制对象

PUT

N/A

删除对象

DELETE

N/A

批量删除对象

POST

delete

获取对象属性

HEAD

N/A

设置对象访问权限

PUT

acl

查看对象访问权限

GET

acl

初始化分段上传任务

POST

uploads

上传段

PUT

N/A

复制段

PUT

N/A

列举已上传的段

GET

N/A

合并段

POST

N/A

取消分段上传任务

DELETE

N/A

恢复归档存储对象

POST

restore

通过OBS Node.js SDK生成临时URL访问OBS的步骤如下:

  1. 通过ObsClient.createSignedUrlSync生成带签名信息的URL。
  2. 使用任意HTTP库发送HTTP/HTTPS请求,访问OBS服务。

如果遇到跨域报错、签名不匹配问题,请参考以下步骤排查问题:

  1. 未配置跨域,需要在控制台配置CORS规则,请参考配置桶允许跨域请求
  2. 签名计算问题,请参考URL中携带签名排查签名参数是否正确;比如上传对象功能,后端将Content-Type参与计算签名生成授权URL,但是前端使用授权URL时没有设置Content-Type字段或者传入错误的值,此时会出现跨域错误。解决方案为:Content-Type字段前后端保持一致。

以下代码展示了如何使用临时URL进行授权访问,包括:创建桶、上传对象、下载对象、列举对象、删除对象。

创建桶

// 引入obs库
// 使用npm安装
var ObsClient = require('esdk-obs-nodejs');
// 使用源码安装
// var ObsClient = require('./lib/obs');
var https = require('https');
var urlLib = require('url');
var crypto = require('crypto');

// 创建ObsClient实例
var obsClient = new ObsClient({
       //推荐通过环境变量获取AKSK,这里也可以使用其他外部引入方式传入,如果使用硬编码可能会存在泄露风险。
       //您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
       access_key_id: process.env.ACCESS_KEY_ID,
       secret_access_key: process.env.SECRET_ACCESS_KEY,
       server : 'https://your-endpoint'
});

let bucketName = 'bucketname';
let method = 'PUT';
let res = obsClient.createSignedUrlSync({Method : method, Bucket : bucketName});
let location = 'your-location';
let content  = `<CreateBucketConfiguration><LocationConstraint>${location}</LocationConstraint></CreateBucketConfiguration>`;

// 使用PUT请求创建桶
var url = urlLib.parse(res.SignedUrl);
var req = https.request({
       method : method,
       host : url.hostname,
       port : url.port,
       path : url.path,
       rejectUnauthorized : false,
       headers : res.ActualSignedRequestHeaders || {}
});


console.log('Creating bucket using url:' + res.SignedUrl);

req.on('response',   (serverback) => {
       var buffers = [];
       serverback.on('data', (data) => {
              buffers.push(data);
       }).on('end', () => {
              
              if(serverback.statusCode < 300){
                     console.log('Creating bucket using temporary signature succeed.');
              }else{
                     console.log('Creating bucket using temporary signature failed!');
                     console.log('status:' + serverback.statusCode);
                     console.log('\n');
              }
              buffers = Buffer.concat(buffers);
              if(buffers.length > 0){
                     console.log(buffers.toString());
              }
              console.log('\n');
       });
}).on('error',(err) => {
       console.log('Creating bucket using temporary signature failed!');
       console.log(err);
       console.log('\n');
});

if(content){
       req.write(content);
}
req.end();

上传对象

// 引入obs库
// 使用npm安装
var ObsClient = require('esdk-obs-nodejs');
// 使用源码安装
// var ObsClient = require('./lib/obs');
var https = require('https');
var urlLib = require('url');
var crypto = require('crypto');

// 创建ObsClient实例
var obsClient = new ObsClient({
       //推荐通过环境变量获取AKSK,这里也可以使用其他外部引入方式传入,如果使用硬编码可能会存在泄露风险。
       //您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
       access_key_id: process.env.ACCESS_KEY_ID,
       secret_access_key: process.env.SECRET_ACCESS_KEY,
       server : 'https://your-endpoint'
});

let bucketName = 'bucketname';
let objectKey = 'objectname';
let method = 'PUT';
let res = obsClient.createSignedUrlSync({Method : method, Bucket : bucketName, Key: objectKey, Expires: 3600});
let content  = 'Hello OBS';

// 使用PUT请求上传对象
var url = urlLib.parse(res.SignedUrl);
var req = https.request({
       method : method,
       host : url.hostname,
       port : url.port,
       path : url.path,
       rejectUnauthorized : false,
       headers : res.ActualSignedRequestHeaders || {}
});


console.log('Creating object using url:' + res.SignedUrl);

req.on('response',   (serverback) => {
       var buffers = [];
       serverback.on('data', (data) => {
              buffers.push(data);
       }).on('end', () => {
              
              if(serverback.statusCode < 300){
                     console.log('Creating object using temporary signature succeed.');
              }else{
                     console.log('Creating object using temporary signature failed!');
                     console.log('status:' + serverback.statusCode);
                     console.log('\n');
              }
              buffers = Buffer.concat(buffers);
              if(buffers.length > 0){
                     console.log(buffers.toString());
              }
              console.log('\n');
       });
}).on('error',(err) => {
       console.log('Creating object using temporary signature failed!');
       console.log(err);
       console.log('\n');
});

if(content){
       req.write(content);
}
req.end();

下载对象

// 引入obs库
// 使用npm安装
var ObsClient = require('esdk-obs-nodejs');
// 使用源码安装
// var ObsClient = require('./lib/obs');
var https = require('https');
var urlLib = require('url');
var crypto = require('crypto');

// 创建ObsClient实例
var obsClient = new ObsClient({
       //推荐通过环境变量获取AKSK,这里也可以使用其他外部引入方式传入,如果使用硬编码可能会存在泄露风险。
       //您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
       access_key_id: process.env.ACCESS_KEY_ID,
       secret_access_key: process.env.SECRET_ACCESS_KEY,
       server : 'https://your-endpoint'
});

let bucketName = 'bucketname';
let objectKey = 'objectname';
let method = 'GET';
let res = obsClient.createSignedUrlSync({Method : method, Bucket : bucketName, Key: objectKey, Expires: 3600});

// 使用GET请求下载对象
var url = urlLib.parse(res.SignedUrl);
var req = https.request({
       method : method,
       host : url.hostname,
       port : url.port,
       path : url.path,
       rejectUnauthorized : false,
       headers : res.ActualSignedRequestHeaders || {}
});


console.log('Creating object using url:' + res.SignedUrl);

req.on('response',   (serverback) => {
       var buffers = [];
       serverback.on('data', (data) => {
              buffers.push(data);
       }).on('end', () => {
              
              if(serverback.statusCode < 300){
                     console.log('Getting object using temporary signature succeed.');
              }else{
                     console.log('Getting object using temporary signature failed!');
                     console.log('status:' + serverback.statusCode);
                     console.log('\n');
              }
              buffers = Buffer.concat(buffers);
              if(buffers.length > 0){
                     console.log(buffers.toString());
              }
              console.log('\n');
       });
}).on('error',(err) => {
       console.log('Getting object using temporary signature failed!');
       console.log(err);
       console.log('\n');
});

req.end();

列举对象

// 引入obs库
// 使用npm安装
var ObsClient = require('esdk-obs-nodejs');
// 使用源码安装
// var ObsClient = require('./lib/obs');
var https = require('https');
var urlLib = require('url');
var crypto = require('crypto');

// 创建ObsClient实例
var obsClient = new ObsClient({
       //推荐通过环境变量获取AKSK,这里也可以使用其他外部引入方式传入,如果使用硬编码可能会存在泄露风险。
       //您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
       access_key_id: process.env.ACCESS_KEY_ID,
       secret_access_key: process.env.SECRET_ACCESS_KEY,
       server : 'https://your-endpoint'
});

let bucketName = 'bucketname';
let method = 'GET';
let res = obsClient.createSignedUrlSync({Method : method, Bucket : bucketName, Expires: 3600});

// 使用GET请求获取对象列表
var url = urlLib.parse(res.SignedUrl);
var req = https.request({
       method : method,
       host : url.hostname,
       port : url.port,
       path : url.path,
       rejectUnauthorized : false,
       headers : res.ActualSignedRequestHeaders || {}
});


console.log('Listing object using url:' + res.SignedUrl);

req.on('response',   (serverback) => {
       var buffers = [];
       serverback.on('data', (data) => {
              buffers.push(data);
       }).on('end', () => {
              
              if(serverback.statusCode < 300){
                     console.log('Listing object using temporary signature succeed.');
              }else{
                     console.log('Listing object using temporary signature failed!');
                     console.log('status:' + serverback.statusCode);
                     console.log('\n');
              }
              buffers = Buffer.concat(buffers);
              if(buffers.length > 0){
                     console.log(buffers.toString());
              }
              console.log('\n');
       });
}).on('error',(err) => {
       console.log('Listing object using temporary signature failed!');
       console.log(err);
       console.log('\n');
});

req.end();

删除对象

// 引入obs库
// 使用npm安装
var ObsClient = require('esdk-obs-nodejs');
// 使用源码安装
// var ObsClient = require('./lib/obs');
var https = require('https');
var urlLib = require('url');
var crypto = require('crypto');

// 创建ObsClient实例
var obsClient = new ObsClient({
       //推荐通过环境变量获取AKSK,这里也可以使用其他外部引入方式传入,如果使用硬编码可能会存在泄露风险。
       //您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
       access_key_id: process.env.ACCESS_KEY_ID,
       secret_access_key: process.env.SECRET_ACCESS_KEY,
       server : 'https://your-endpoint'
});

let bucketName = 'bucketname';
let objectKey = 'objectname';
let method = 'DELETE';
let res = obsClient.createSignedUrlSync({Method : method, Bucket : bucketName, Key: objectKey, Expires: 3600});

// 使用DELETE请求删除对象
var url = urlLib.parse(res.SignedUrl);
var req = https.request({
       method : method,
       host : url.hostname,
       port : url.port,
       path : url.path,
       rejectUnauthorized : false,
       headers : res.ActualSignedRequestHeaders || {}
});


console.log('Deleting object using url:' + res.SignedUrl);

req.on('response',   (serverback) => {
       var buffers = [];
       serverback.on('data', (data) => {
              buffers.push(data);
       }).on('end', () => {
              
              if(serverback.statusCode < 300){
                     console.log('Deleting object using temporary signature succeed.');
              }else{
                     console.log('Deleting object using temporary signature failed!');
                     console.log('status:' + serverback.statusCode);
                     console.log('\n');
              }
              buffers = Buffer.concat(buffers);
              if(buffers.length > 0){
                     console.log(buffers.toString());
              }
              console.log('\n');
       });
}).on('error',(err) => {
       console.log('Deleting object using temporary signature failed!');
       console.log(err);
       console.log('\n');
});

req.end();