All Products
Search
Document Center

Object Storage Service:Obtain signature information from the application server and upload data to OSS

Last Updated:Jan 22, 2024

You send a request to the application server to obtain the upload policy, and the application server returns the upload policy and a signature. You use the signature to upload an object to Object Storage Service (OSS). This method does not expose the AccessKey pair on the frontend page. This method is more secure compared with adding signatures on the client and uploading data to OSS. This topic describes how to obtain signature information from the application server and upload data to OSS.

Request process

The following figure shows the request process.

image

Code parsing

The following section describes the process.

  1. You send a request to the application server to obtain the upload policy.

    In the upload.js file of the client source code package, set the serverUrl variable in the following snippet to the URL of the application server:

    // serverUrl specifies the URL of the application server that returns information about the signature and upload policy. Replace the sample IP address and port number with actual values in your business scenario. 
    serverUrl = 'http://88.88.XX.XX:8888'

    After you configure the URL of the application server, the client sends a GET request to serverUrl to obtain the required information.

    Upload callbacks are not involved in the scenario described in this topic. Therefore, you must comment out the 'callback' : callbackbody field in the upload.js file of the client source code package to disable the upload callback feature. Example:

    {
      'key' : key + '${filename}',
      'policy': policyBase64,
      'OSSAccessKeyId': accessid,
      // Set the HTTP status code returned by the application server to 200. By default, the HTTP status code 204 is returned. 
      'success_action_status' : '200', 
      // 'callback' : callbackbody,  
      'signature': signature,
    }
  2. The application server returns the upload policy and a signature.

    A service is deployed on the application server to respond to the GET request sent by the client. Then, the application server returns the signature information that is required to upload the object. You can modify the code to ensure that the application server returns correct information to the client.

    The following sample code provides an example of the message body content returned to the client by the application server:

    {
      "accessid":"LTAI5tBDFVar1hoq****",
      "host":"https://post-test.oss-cn-hangzhou.aliyuncs.com",
      "policy":"eyJleHBpcmF0aW9uIjoiMjAxNS0xMS0wNVQyMDoyMzoyM1oiLCJjxb25kaXRpb25zIjpbWyJjcb250ZW50LWxlbmd0aC1yYW5nZSIsMCwxMDQ4NTc2MDAwXSxbInN0YXJ0cy13aXRoIiwiJGtleSIsInVzZXItZGlyXC8i****",
      "signature":"VsxOcOudx******z93CLaXPz+4s=",
      "expire":1446727949,
      "dir":"user-dirs/"
    }

    The following table describes the fields that are included in the message body.

    Field

    Description

    accessid

    The AccessKey ID that is used to send the request.

    host

    The domain name to which the upload request is sent.

    Note

    Custom domain names are not supported.

    policy

    The policy for form upload. The policy is a Base64-encoded string. For more information, see Appendix: Policy.

    signature

    The signature string of the policy. For more information, see Appendix: Signature.

    expire

    The expiration time of the policy specified by the server. The timestamp follows the UNIX time format. It is the number of seconds that have elapsed since 00:00:00 on January 1, 1970.

    dir

    The prefix contained in the names of the objects that you want to upload.

  3. You call the PostObject operation to upload data to OSS.

    Note
    • Except for the file form field, the size of all form fields, including key, cannot exceed 8 KB.

    • By default, an existing object that has the same name as the object that you want to upload is overwritten. If you do not want to overwrite an existing object that has the same name, include the x-oss-forbid-overwrite header in the upload request and set the x-oss-forbid-overwrite header to true. This way, if you upload an object whose name is the same as an existing object, the upload fails and OSS returns the FileAlreadyExists error code.

    new_multipart_params = {
         // key specifies the full path of the object in the bucket. Example: exampledir/exampleobject.txtObject. Do not include the bucket name in the full path. 
         // filename specifies the name of the local file that you want to upload. 
         'key' : key + '${filename}',
         'policy': policyBase64,
         'OSSAccessKeyId': accessid,
         // Set the HTTP status code that is returned by the application server to 200. If you do not configure this parameter, the HTTP status code 204 is returned. 
         'success_action_status' : '200',    
         'signature': signature,
     };

Procedure

Quick deployment

You can use Resource Orchestration Service (ROS) to configure an Elastic Compute Service (ECS) instance and an OSS bucket, and deploy application server source code and client source code on the ECS instance. To use ROS to obtain signature information from the application server and upload data to OSS, perform the following steps:

  1. Deploy cloud resources with a few clicks.

    1. Go to the Create Stack wizard in the ROS console.

    2. In the Select Template step of the Create Stack wizard in the ROS console, enter a stack name and the name of an OSS bucket that you want to create. Specify the zone, instance type, system disk category, and password for the ECS instance that you want to purchase, and then click Create.

      On the Stack Information tab of the page that appears, the status of the stack is Creating.

    3. After the status of the stack becomes Created, click the Outputs tab to view the resources, such as the ECS instance and OSS bucket, that are deployed with a few clicks.

  2. Obtain signature information from the application server and upload data to OSS.

    1. On the Outputs tab, copy the value of OssClientAddress and open it in your browser.

    2. On the Transfer Data from Web Client to OSS page, click Select File, select a file of a specific type, and then click Upload.

  3. Release test resources to avoid unnecessary costs.

    1. In the upper-right corner of the stack page, click Delete.

    2. In the Delete Stack dialog box, set Method to Delete the Stack to Release Resources and click OK.

References

In most cases, the application server needs to be informed of the information about uploaded objects, such as the names of the uploaded objects. If you upload an image, the application server needs to be informed of the image size. You can configure upload callbacks to meet the preceding requirements. For more information, see Overview.