@a1motion/aws-cloudfront-sign 中文文档教程
AWS CloudFront URL Signature Utility
为 CloudFront 链接生成签名 URL 比 S3 更棘手。 这是因为 S3 URL 的签名生成处理方式与 CloudFront URL 略有不同,aws-sdk< 目前不支持此功能/a> JavaScript 库。 如果您也需要这样做,我创建了这个简单的实用程序来简化操作。
Usage
Requirements
- Node.js >=0.10.0
- Active CloudFront distribution with origin configured
Configuring CloudFront
创建 CloudFront 分配
使用以下设置配置您的来源:
来源域名: {your-s3-bucket}
限制存储桶访问:是
授予对存储桶的读取权限:是的,更新存储桶策略创建 CloudFront 密钥对。 更多信息
Installing
npm install aws-cloudfront-sign
Upgrading from 1.x to 2.x
expireTime
now takes it's value as milliseconds, Date, or moment instead of seconds.
API
getSignedUrl(url, options)
@param {String} url
- Cloudfront URL to sign@param {Object} options
- URL signature options@return {String} signedUrl
- Signed CloudFrontUrl
getSignedRTMPUrl(domainName, s3key, options)
@param {String} domainName
- Domain name of your Cloudfront distribution@param {String} s3key
- Path to s3 object@param {Object} options
- URL signature options@return {Object} url.rtmpServerPath
- RTMP formatted server path@return {Object} url.rtmpStreamName
- Signed RTMP formatted stream name
getSignedCookies(url, options)
@param {String} url
- Cloudfront URL to sign@param {Object} options
- URL signature options@return {Object} cookies
- Signed AWS cookies
Options
expireTime
(Optional - Default: 1800 sec == 30 min) - The time when the URL should expire. Accepted values are- number - Time in milliseconds (
new Date().getTime() + 1800000
) - moment - Valid momentjs object (
moment().add(1, 'day')
) - Date - Javascript Date object (
new Date(2016, 0, 1)
) ipRange
(Optional) - IP address range allowed to make GET requests for your signed URL. This value must be given in standard IPv4 CIDR format (for example, 10.52.176.0/24).keypairId
- The access key ID from your Cloudfront keypairprivateKeyString
||privateKeyPath
- The private key from your Cloudfront keypair. It can be provided as either a string or a path to the .pem file. Note: When providing the private key as a string, ensure that the newline character is also included.
var privateKeyString =
'-----BEGIN RSA PRIVATE KEY-----\n'
'MIIJKAIBAAKCAgEAwGPMqEvxPYQIffDimM9t3A7Z4aBFAUvLiITzmHRc4UPwryJp\n'
'EVi3C0sQQKBHlq2IOwrmqNiAk31/uh4FnrRR1mtQm4x4IID58cFAhKkKI/09+j1h\n'
'tuf/gLRcOgAXH9o3J5zWjs/y8eWTKtdWv6hWRxuuVwugciNckxwZVV0KewO02wJz\n'
'jBfDw9B5ghxKP95t7/B2AgRUMj+r47zErFwo3OKW0egDUpV+eoNSBylXPXXYKvsL\n'
'AlznRi9xNafFGy9tmh70pwlGG5mVHswD/96eUSuLOZ2srcNvd1UVmjtHL7P9/z4B\n'
'KdODlpb5Vx+54+Fa19vpgXEtHgfAgGW9DjlZMtl4wYTqyGAoa+SLuehjAQsxT8M1\n'
'BXqfMJwE7D9XHjxkqCvd93UGgP+Yxe6H+HczJeA05dFLzC87qdM45R5c74k=\n'
'-----END RSA PRIVATE KEY-----'
此外,这里有一些示例,如果您更喜欢将您的私钥存储为字符串 但在环境变量中。
# Local env example
CF_PRIVATE_KEY="$(cat your-private-key.pem)"
# Heroku env
heroku config:set CF_PRIVATE_KEY="$(cat your-private-key.pem)"
Examples
Creating a signed URL
默认情况下,该 URL 将在半小时后过期。
var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedUrl = cf.getSignedUrl('http://xxxxxxx.cloudfront.net/path/to/s3/object', options);
console.log('Signed URL: ' + signedUrl);
Creating a signed RTMP URL
var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedRTMPUrlObj = cf.getSignedRTMPUrl('xxxxxxx.cloudfront.net', '/path/to/s3/object', options);
console.log('RTMP Server Path: ' + signedRTMPUrlObj.rtmpServerPath);
console.log('Signed Stream Name: ' + signedRTMPUrlObj.rtmpStreamName);
Creating signed cookies
var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedCookies = cf.getSignedCookies('http://xxxxxxx.cloudfront.net/*', options);
// You can now set cookies in your response header. For example:
for(var cookieId in signedCookies) {
res.cookie(cookieId, signedCookies[cookieId]);
}
AWS CloudFront URL Signature Utility
Generating signed URLs for CloudFront links is a little more tricky than for S3. It's because signature generation for S3 URLs is handled a bit differently than CloudFront URLs and this functionality is not currently supported by the aws-sdk library for JavaScript. In case you also need to do this, I've created this simple utility to make things easier.
Usage
Requirements
- Node.js >=0.10.0
- Active CloudFront distribution with origin configured
Configuring CloudFront
Create a CloudFront distribution
Configure your origin with the following settings:
Origin Domain Name: {your-s3-bucket}
Restrict Bucket Access: Yes
Grant Read Permissions on Bucket: Yes, Update Bucket PolicyCreate CloudFront Key Pair. more info
Installing
npm install aws-cloudfront-sign
Upgrading from 1.x to 2.x
expireTime
now takes it's value as milliseconds, Date, or moment instead of seconds.
API
getSignedUrl(url, options)
@param {String} url
- Cloudfront URL to sign@param {Object} options
- URL signature options@return {String} signedUrl
- Signed CloudFrontUrl
getSignedRTMPUrl(domainName, s3key, options)
@param {String} domainName
- Domain name of your Cloudfront distribution@param {String} s3key
- Path to s3 object@param {Object} options
- URL signature options@return {Object} url.rtmpServerPath
- RTMP formatted server path@return {Object} url.rtmpStreamName
- Signed RTMP formatted stream name
getSignedCookies(url, options)
@param {String} url
- Cloudfront URL to sign@param {Object} options
- URL signature options@return {Object} cookies
- Signed AWS cookies
Options
expireTime
(Optional - Default: 1800 sec == 30 min) - The time when the URL should expire. Accepted values are- number - Time in milliseconds (
new Date().getTime() + 1800000
) - moment - Valid momentjs object (
moment().add(1, 'day')
) - Date - Javascript Date object (
new Date(2016, 0, 1)
) ipRange
(Optional) - IP address range allowed to make GET requests for your signed URL. This value must be given in standard IPv4 CIDR format (for example, 10.52.176.0/24).keypairId
- The access key ID from your Cloudfront keypairprivateKeyString
||privateKeyPath
- The private key from your Cloudfront keypair. It can be provided as either a string or a path to the .pem file. Note: When providing the private key as a string, ensure that the newline character is also included.
var privateKeyString =
'-----BEGIN RSA PRIVATE KEY-----\n'
'MIIJKAIBAAKCAgEAwGPMqEvxPYQIffDimM9t3A7Z4aBFAUvLiITzmHRc4UPwryJp\n'
'EVi3C0sQQKBHlq2IOwrmqNiAk31/uh4FnrRR1mtQm4x4IID58cFAhKkKI/09+j1h\n'
'tuf/gLRcOgAXH9o3J5zWjs/y8eWTKtdWv6hWRxuuVwugciNckxwZVV0KewO02wJz\n'
'jBfDw9B5ghxKP95t7/B2AgRUMj+r47zErFwo3OKW0egDUpV+eoNSBylXPXXYKvsL\n'
'AlznRi9xNafFGy9tmh70pwlGG5mVHswD/96eUSuLOZ2srcNvd1UVmjtHL7P9/z4B\n'
'KdODlpb5Vx+54+Fa19vpgXEtHgfAgGW9DjlZMtl4wYTqyGAoa+SLuehjAQsxT8M1\n'
'BXqfMJwE7D9XHjxkqCvd93UGgP+Yxe6H+HczJeA05dFLzC87qdM45R5c74k=\n'
'-----END RSA PRIVATE KEY-----'
Also, here are some examples if prefer to store your private key as a string but within an environment variable.
# Local env example
CF_PRIVATE_KEY="$(cat your-private-key.pem)"
# Heroku env
heroku config:set CF_PRIVATE_KEY="$(cat your-private-key.pem)"
Examples
Creating a signed URL
By default the URL will expire after half an hour.
var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedUrl = cf.getSignedUrl('http://xxxxxxx.cloudfront.net/path/to/s3/object', options);
console.log('Signed URL: ' + signedUrl);
Creating a signed RTMP URL
var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedRTMPUrlObj = cf.getSignedRTMPUrl('xxxxxxx.cloudfront.net', '/path/to/s3/object', options);
console.log('RTMP Server Path: ' + signedRTMPUrlObj.rtmpServerPath);
console.log('Signed Stream Name: ' + signedRTMPUrlObj.rtmpStreamName);
Creating signed cookies
var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedCookies = cf.getSignedCookies('http://xxxxxxx.cloudfront.net/*', options);
// You can now set cookies in your response header. For example:
for(var cookieId in signedCookies) {
res.cookie(cookieId, signedCookies[cookieId]);
}