This topic describes how to use POST policies to add signatures on the server in various programming languages, configure upload callback, and directly transfer data to OSS through form upload.

Background

When you upload data by using the solution described in Direct transfer after adding a signature on the server, the application server must identify the objects you have uploaded and the names of the objects. If images are uploaded, the application server must identify the sizes of the images. To address this need, OSS provides the upload callback function. After OSS callback is complete, the application server returns the response to the user through OSS. This allows the application server to identify what objects you have uploaded.

Process

The following section describes the process of configuring upload callback.
  1. The user requests the upload policy and callback configurations from the application server.
  2. The application server returns the upload policy and callback configurations to the user.
  3. The user sends an object upload request directly to OSS.
  4. OSS sends a callback request to the application server based on the callback configurations of the user.
  5. The application server returns a response to OSS.
  6. OSS sends the response that is returned by the application server to the user.

If the user wants to upload an object to OSS and expects the application server to receive the upload result, the user must configure a callback function so that OSS can send the request to the application server. After the user has uploaded the object, the result is not sent directly to the user. Instead, the result is sent to the application server and then forwarded to the user.

Process analysis

The services of adding signatures on the server, configuring upload callback, and directly transferring data are available in PHP, Java, Python, Go, and Ruby. The process is as follows.

  1. The user requests the upload policy and callback configurations from the application server.
  2. The application server returns the upload policy and the callback code to the user.

    The services of adding signatures on the application server and directly transferring data process the GET request from the client. You can configure the corresponding code so that the application server returns a correct message to the client. The configuration documents for different programming languages provide clear instructions for your reference.

  3. The user sends an object upload request directly to OSS.
  4. OSS sends a callback request to the application server based on the callback configurations of the user.

    After the client completes uploading the object to OSS, OSS analyzes the upload callback configurations of the client, and sends the POST callback request to the application server.

  5. The application server returns a response to OSS.

    The application server verifies the identification information based on the authorization field in the message from OSS. If the verification is successful, the application server returns the following message in JSON format to OSS.

    String value: OK
    Key: Status
  6. OSS sends the message that is returned by the application server to the user.

Client source code analysis

The client source code is available at aliyun-oss-appserver-js-master.zip.
Note Plupload is used for the client JavaScript code. Plupload is a simple, easy-to-use, and powerful file uploading tool with extensive functions. It provides multiple upload methods, including uploads by using HTML 4, HTML 5, Flash, and Silverlight. Plupload detects the current environment to select the most suitable upload method. HTML 5 is prioritized. For more information about Plupload, visit Plupload.com.

The following section provides the example code to implement some key functions.

  • Specify that the names of uploaded objects are randomly specified by the system

    To instruct the system to randomly specify the name of an uploaded object without changing the file extension, you can modify the function as follows:

    function check_object_radio() {
        g_object_name_type = 'random_name';
    }
  • Specify that the names of uploaded objects remain unchanged

    To retain the original names of the uploaded objects, modify the function as follows:

    function check_object_radio() {
        g_object_name_type = 'local_name';
    }
  • Configure the destination directory
    The destination directory is specified by the server. You can only upload objects to a specified directory. The following code provides an example on how to set the destination directory to abc/ in PHP. The destination directory must end with a forward slash (/).
    $dir ='abc/';
  • Set upload conditions

    You can use Plupload filters to set upload conditions, such as uploading images only, sizes of objects to upload, or repeated uploading of the same object not allowed.

    var uploader = new plupload.Uploader({
        ……
        filters: {
            mime_types : [ //Only images and .zip files can be uploaded.
            { title : "Image files", extensions : "jpg,gif,png,bmp" },
            { title : "Zip files", extensions : "zip" }
            ], 
            max_file_size : '400kb', //Only objects with a maximum size of 400 KB can be uploaded.
            prevent_duplicates : true //Objects cannot be uploaded repeatedly.
        },
    • mime_types: specifies the file extensions of the objects to upload.
    • max_file_size: specifies the maximum size of the objects to upload.
    • prevent_duplicates: specifies that the same object cannot be uploaded repeatedly.
  • Obtain the names of uploaded objects

    You can call the FileUploaded operation in Plupload to obtain the name of an uploaded object.

    FileUploaded: function(up, file, info) {
                if (info.status == 200)
                {
                    document.getElementById(file.id).getElementsByTagName('b')[0].innerHTML = 'upload to oss success, object name:' + get_uploaded_object_name(file.name);
                }
                else
                {
                    document.getElementById(file.id).getElementsByTagName('b')[0].innerHTML = info.response;
                }
        }

    You can use the get_uploaded_object_name(file.name) function to obtain the name of the object that is uploaded to OSS, where the file.name parameter is the name of the object before upload.

  • Upload the signature

    You can obtain the policyBase64, accessid, and signature variables from the server. The core code is as follows.

    function get_signature()
    {
        // Determine whether the value of the expire parameter exceeds the current time. If the value is within three seconds after the current time, you can still obtain the signature.
        now = timestamp = Date.parse(new Date()) / 1000; 
        if (expire < now + 3)
        {
            body = send_request()
            var obj = eval ("(" + body + ")");
            host = obj['host']
            policyBase64 = obj['policy']
            accessid = obj['accessid']
            signature = obj['signature']
            expire = parseInt(obj['expire'])
            callbackbody = obj['callback'] 
            key = obj['dir']
            return true;
        }
        return false;
    };

    Analysis of the message returned by the server:

    Note The message does not have a specific format. However, the accessid, policy, and signature fields are required in the message.
    {"accessid":"6MKO******4AUk44",
    "host":"http://post-test.oss-cn-hangzhou.aliyuncs.com",
    "policy":"eyJleHBpcmF0aW9uIjoiMjAxNS0xMS0wNVQyMDoyMzoyM1oiLCJjxb25kaXRpb25zIjpbWyJjcb250ZW50LWxlbmd0aC1yYW5nZSIsMCwxMDQ4NTc2MDAwXSxbInN0YXJ0cy13aXRoIiwiJGtleSIsInVzZXItZGlyXC8iXV19",
    "signature":"I2u57FWjTKqX/AE6doIdyff151E=",
    "expire":1446726203,"dir":"user-dir/"}
    • accessid: specifies the AccessKey ID that you request.
    • host: specifies the endpoint to which you send the upload request.
    • policy: specifies the form upload policy, which is a string encoded in Base64. For more information, see POST policy.
    • signature: specifies the string that is obtained after signature parameters are added to the policy variable.
    • expire: specifies the time when the upload policy expires. The value of this parameter is specified by the server. Before the expiration time, you can repeatedly use the policy to upload objects. You do not need to obtain signatures from the server for each upload.
    Note To minimize the pressure on the server side, obtain the signature for each object that you upload for the first time. When you upload the object again, compare the current time with the expiration time of the signature to verify whether the signature has expired. If the signature has expired, you must obtain the signature again. If the signature has not expired, you can use the existing signature.

    Policy analysis:

    {"expiration":"2015-11-05T20:23:23Z",
    "conditions":[["content-length-range",0,1048576000],
    ["starts-with","$key","user-dir/"]]

    In the preceding example, the starts-with field is added to the policy to specify that the object name must start with user-dir. You can also customize this field. The reason for adding the starts-with field is that in most scenarios, one application corresponds to one bucket. To prevent data from being overwritten, objects uploaded to OSS by users can be assigned a prefix. However, because the user can upload multiple objects as long as the policy is valid, the user can manually modify the prefix of the object, and upload the object to the directory of another user. To resolve this problem, the prefix of the object is specified by the application server. This way, even if the user obtains the policy, the user cannot upload the object to the directory of another user. This ensures data security.

  • Configure the URL of the application server

    In the upload.js file in the client source code, the value of the serverUrl variable in the following code segment can be used to configure the URL of the application server. After the URL of the application server is configured, the client sends a GET request to the serverUrl to obtain required information.

    // serverUrl specifies the URL of the application server used to obtain information such as the signature and policy. Replace the IP address and port number with your actual information.
    serverUrl = 'http://88.88.88.88:8888'

FAQ

How do I upload multiple objects to OSS at the same time?

No API operation is available for uploading multiple objects to OSS at the same time. To upload multiple objects to OSS at the same time, you can use cyclic code to repeat the process described in this topic, that is, add signatures on the server, configure upload callback, and directly transfer data to OSS. The operation is the same as that for uploading a single object.