admin管理员组

文章数量:1418074

I'm trying to set up a local minio instance for me to upload and read files. I'm using pre-signed urls to retrieve and upload files. The problem is that when I make a request to the url I'm getting a SignatureDoesNotMatch response. But when I get a pre-signed url from the minio admin ui I am able to download an image. It works when I connect to a Cloudflare R2 instance but I don't want to use it my local machine neither do I want to use it in the CI. Is maybe my configuration wrong? I can't seem to find the issue.

My .env file

STORAGE_ENDPOINT="http://localhost:9000"
STORAGE_ACCESS_KEY_ID="user"
STORAGE_SECRET_ACCESS_KEY="password"

My docker-pose.yaml file

services:
  storage:
    container_name: coespace-storage
    image: minio/minio
    ports:
      - "9000:9000"
      - "9001:9001"
    volumes:
      - coespace-storage:/data
    environment:
      MINIO_ACCESS_KEY: user
      MINIO_SECRET_KEY: password
      MINIO_DEFAULT_BUCKETS: 'coespace-studio'
    mand: server --address 0.0.0.0:9000 --console-address 0.0.0.0:9001 /
# more unrelated services...

function createClient() {
  return new S3Client({
    region: 'auto',
    endpoint: process.env.STORAGE_ENDPOINT,
    forcePathStyle: true,
    credentials: {
      accessKeyId: process.env.STORAGE_ACCESS_KEY_ID,
      secretAccessKey: process.env.STORAGE_SECRET_ACCESS_KEY,
    },
  });
}

const s3 = createClient();

export function getPreSignedDownloadUrl(key: string) {
  return getSignedUrl(
    s3,
    new GetObjectCommand({
      Bucket: 'my-bucket',
      Key: key,
    }),
    {
      expiresIn: 60 * 60, // expires in an hour
    }
  );
}

export function getPreSignedUploadUrl(key: string) {
  return getSignedUrl(
    s3,
    new PutObjectCommand({
      Bucket: 'my-bucket',
      Key: key,
    }),
    {
      expiresIn: 60 * 60, // expires in an hour
    }
  );
}

I'm trying to set up a local minio instance for me to upload and read files. I'm using pre-signed urls to retrieve and upload files. The problem is that when I make a request to the url I'm getting a SignatureDoesNotMatch response. But when I get a pre-signed url from the minio admin ui I am able to download an image. It works when I connect to a Cloudflare R2 instance but I don't want to use it my local machine neither do I want to use it in the CI. Is maybe my configuration wrong? I can't seem to find the issue.

My .env file

STORAGE_ENDPOINT="http://localhost:9000"
STORAGE_ACCESS_KEY_ID="user"
STORAGE_SECRET_ACCESS_KEY="password"

My docker-pose.yaml file

services:
  storage:
    container_name: coespace-storage
    image: minio/minio
    ports:
      - "9000:9000"
      - "9001:9001"
    volumes:
      - coespace-storage:/data
    environment:
      MINIO_ACCESS_KEY: user
      MINIO_SECRET_KEY: password
      MINIO_DEFAULT_BUCKETS: 'coespace-studio'
    mand: server --address 0.0.0.0:9000 --console-address 0.0.0.0:9001 /
# more unrelated services...

function createClient() {
  return new S3Client({
    region: 'auto',
    endpoint: process.env.STORAGE_ENDPOINT,
    forcePathStyle: true,
    credentials: {
      accessKeyId: process.env.STORAGE_ACCESS_KEY_ID,
      secretAccessKey: process.env.STORAGE_SECRET_ACCESS_KEY,
    },
  });
}

const s3 = createClient();

export function getPreSignedDownloadUrl(key: string) {
  return getSignedUrl(
    s3,
    new GetObjectCommand({
      Bucket: 'my-bucket',
      Key: key,
    }),
    {
      expiresIn: 60 * 60, // expires in an hour
    }
  );
}

export function getPreSignedUploadUrl(key: string) {
  return getSignedUrl(
    s3,
    new PutObjectCommand({
      Bucket: 'my-bucket',
      Key: key,
    }),
    {
      expiresIn: 60 * 60, // expires in an hour
    }
  );
}
  • javascript
  • amazon-s3
  • cloud
  • minio
  • pre-signed-url
Share Improve this question asked Aug 19, 2022 at 17:59 Nils HaberkampNils Haberkamp 593 silver badges5 bronze badges
Add a ment  | 

2 Answers 2

Reset to default 3

It looks like you are using the AWS SDK to access the minio service with the port. When aws SDK is signed, there is a bug that ignores the port, resulting in incorrect authorization in the header. presigning an endpoint with port doesn't work

This is a way for me to bypass this bug.(add a custom signer to sign host with port)

import { SignatureV4 } from '@aws-sdk/signature-v4'
import { Sha256 } from '@aws-crypto/sha256-browser'
import { HttpRequest } from '@aws-sdk/types'
import {
  S3Client,
  ListBucketsCommand
} from '@aws-sdk/client-s3'
const s3 = new S3Client({
  region: "us-east-1",
  credentials: {
    accessKeyId: 'xxxxxx',
    secretAccessKey: 'xxxxxx',
  },
  endpoint: "http://127.0.0.1:9000",
  forcePathStyle: true,
  signer: async () => ({
    sign: async (request: HttpRequest) => {
      request.headers['host'] = `${request.hostname}:${request.port}`

      const signatureV4 = new SignatureV4({
        credentials: {
          accessKeyId: 'xxxxxx',
          secretAccessKey: 'xxxxxx',
        },
        region: 'us-east-1',
        service: 's3',
        sha256: Sha256,
      });

      const authorizatedRequest = await signatureV4.sign(request);

      return authorizatedRequest
    }
  })
});

This is resolved in some aws version, see https://github./minio/minio/issues/15693

本文标签: javascriptSignatureDoesNotMatch on S3 Minio when uploading file with presigned urlStack Overflow

版权声明:本文标题:javascript - SignatureDoesNotMatch on S3 Minio when uploading file with pre-signed url - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745240530a2649301.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。