如何将自定义元数据添加到预签名后 s3 上传？

Question

下面这个问题不完整的答案仍然悬而未决。

我一直在查看文档，从我从 aws s3 文档收集到的内容是添加自定义元数据添加以 x-amz-meta- 开头的自定义字段

所以如果我想添加一个值为 3 的用户元数据对象，那就是

x-amz-meta-user : 3

在我的前端表单数据中实践我有

let fd = new FormData();
    fd.append('acl', req.fields.acl);
    fd.append('key', req.fields.key);
    fd.append('content-type', req.fields['content-type']);
    fd.append('policy', req.fields.policy);
    fd.append('x-amz-meta-user', req.fields['x-amz-meta-user']);
    fd.append('x-amz-meta-contentpost', req.fields['x-amz-meta-contentpost']);
    fd.append('x-amz-algorithm', req.fields['x-amz-algorithm']);
    fd.append('x-amz-credential', req.fields['x-amz-credential']);
    fd.append('x-amz-date', req.fields['x-amz-date']);
    fd.append('x-amz-signature', req.fields['x-amz-signature']);

但我收到此错误：

 error: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code>
<Message>Invalid according to Policy: Extra input fields: x-amz-meta-user</Message><RequestId>HJC06ARY0MDRCCTM</RequestId>
<HostId>73sCuIaxYp+Y3o8DOpTai1Abtji4Gaz0GEbLo1tr80t57VohzFTFStJlaUavVilh3FAKkfjEmyM=</HostId></Error>"

类 PrivateGeneratePresignedUrlResource(APIView)：

def get(self, request, *args, **kwargs):
    userid = kwargs.get('userid')
    contentpostid = kwargs.get('contentpostid')
    if checkIfUserIsContentCreator(request.user):
        if checkIfUserIsActive(request.user):
            user = getUserObject(request.user)
            if user.id == int(userid):
                contentcreatorobject = user.contentcreatoruserid
                contentpost = get_object_or_404(ContentFeedPost, id = int(contentpostid), contentcreator= contentcreatorobject)
                keytime = datetime.now().strftime('%H%M%S%f')
                randomkey = random.randrange(10000000000000, 99999999999999)
                awskey = keytime + str(randomkey)
                fields = {'acl': 'bucket-owner-full-control',
                          'x-amz-meta-user': int(userid),
                          'x-amz-meta-contentpost': int(contentpostid),
                          'content-type': '*'}
                conditions = [
                    {
                        'acl': 'bucket-owner-full-control'
                    },
                    {
                        'content-type': '*'
                    }
                ]
                s3 = boto3.client('s3',
                                  aws_access_key_id=AWS_ACCESS_KEY_ID,
                                  aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
                                  region_name=AWS_REGION_NAME)
                post = s3.generate_presigned_post(
                    Bucket=AWS_S3_MOD_BUCKET_NAME,
                    Key=awskey,
                    Fields=fields,
                    Conditions=conditions
                )
                return Response({
                    'url': post['url'],
                    'fields': post['fields'],
                    'uriroot': AWS_S3_MOD_BUCKET_ROOT_URI
                })
            context = {'param userid is not request user id'}
            return Response(context, status=HTTP_401_UNAUTHORIZED )
        context = {'content creator is not active'}
        return Response(context, status=HTTP_401_UNAUTHORIZED)
    context = {'user is not content creator'}
    return Response(context, status=HTTP_401_UNAUTHORIZED)

这让我觉得我遗漏了一些东西，或者我读错了文档。 有一个缺失的部分对某人来说很明显吗？

Answer 1

您需要在generate_presigned_post 的Fields 参数中包含x-amz-meta-user 以批准其使用 - 请参阅http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html 和https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html。