Asked  7 Months ago    Answers:  5   Viewed   43 times

A newbie question but I have googled abit and can't seem to find any solution.

I want to allow users to directly upload files to S3, not via my server first. By doing so, is there any way the files can be checked for size limit and permitted types before actually uploading to S3? Preferably not to use flash but javascript.

 Answers

83

If you are talking about security problem (people uploading huge file to your bucket), yes, You CAN restrict file size with browser-based upload to S3.

Here is an example of the "policy" variable, where "content-length-range" is the key point.

"expiration": "'.date('Y-m-dTG:i:sZ', time()+10).'",
"conditions": [
    {"bucket": "xxx"},
    {"acl": "public-read"},
    ["starts-with","xxx",""],
    {"success_action_redirect": "xxx"},
    ["starts-with", "$Content-Type", "image/jpeg"],
    ["content-length-range", 0, 10485760]
]

In this case, if the uplaoding file size > 10mb, the upload request will be rejected by Amazon.

Of course, before starting the upload process, you should use javascript to check the file size and make some alerts if it does.

getting file size in javascript

Wednesday, March 31, 2021
 
BenOfTheNorth
answered 7 Months ago
36
public class Helpher extends AsyncTask<String, Void, String> {
    Context context;
    JSONObject json;
    ProgressDialog dialog;
    int serverResponseCode = 0;
    DataOutputStream dos = null;
    FileInputStream fis = null;
    BufferedReader br = null;


    public Helpher(Context context) {
        this.context = context;
    }

    protected void onPreExecute() {

        dialog = ProgressDialog.show(Main2Activity.this, "ProgressDialog", "Wait!");
    }

    @Override
    protected String doInBackground(String... arg0) {

        try {
            File f = new File(arg0[0]);
            URL url = new URL("http://localhost:8888/imageupload.php");
            int bytesRead;
            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn.setDoOutput(true);
            conn.setDoInput(true);
            conn.setUseCaches(false);
            conn.setRequestProperty("Content-Type", "multipart/form-data; boundary=" + BOUNDARY);

            String contentDisposition = "Content-Disposition: form-data; name="keyValueForFile"; filename=""
                    + f.getName() + """;
            String contentType = "Content-Type: application/octet-stream";


            dos = new DataOutputStream(conn.getOutputStream());
            fis = new FileInputStream(f);


            dos.writeBytes(SPACER + BOUNDARY + NEW_LINE);
            dos.writeBytes(contentDisposition + NEW_LINE);
            dos.writeBytes(contentType + NEW_LINE);
            dos.writeBytes(NEW_LINE);
            byte[] buffer = new byte[MAX_BUFFER_SIZE];
            while ((bytesRead = fis.read(buffer)) != -1) {
                dos.write(buffer, 0, bytesRead);
            }
            dos.writeBytes(NEW_LINE);
            dos.writeBytes(SPACER + BOUNDARY + SPACER);
            dos.flush();

            int responseCode = conn.getResponseCode();
            if (responseCode != 200) {
                Log.w(TAG,
                        responseCode + " Error: " + conn.getResponseMessage());
                return null;
            }

            br = new BufferedReader(
                    new InputStreamReader(conn.getInputStream()));
            StringBuilder sb = new StringBuilder();
            String line = null;
            while ((line = br.readLine()) != null) {
                sb.append(line + "n");
            }
            Log.d(TAG, "Sucessfully uploaded " + f.getName());

        } catch (MalformedURLException e) {
        } catch (IOException e) {
        } finally {
            try {
                dos.close();
                if (fis != null)
                    fis.close();
                if (br != null)
                    br.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        return String.valueOf(serverResponseCode);
    }


    @Override
    protected void onPostExecute(String result) {
        dialog.dismiss();

    }

}

This is the AsyncTask "Helpher" class used for upload image from Android. To call this class use like syntax below.

new Main2Activity.Helpher(this).execute(fileUri.getPath());

Here fileUri.getPath() local image location.

Wednesday, March 31, 2021
 
TecHunter
answered 7 Months ago
91

I'd highly advise against this, but you could create a script on your own server that pulls the image via the API, caches it and serves. You can then restrict access however you like without making the images public.

Example pass through script:

$headers = get_headers($realpath); // Real path being where ever the file really is

foreach($headers as $header) {
    header($header);
}
$filename = $version->getFilename();

// These lines if it's a download you want to do
// header('Content-Description: File Transfer');
// header("Content-Disposition: attachment; filename={$filename}");

$file = fopen($realpath, 'r');
fpassthru($file);
fclose($file);
exit;

This will barely "touch the sides" and shouldn't delay the appearance of your files too much, but t's still going to take some resources and bandwidth.

Saturday, May 29, 2021
 
daniel__
answered 5 Months ago
63

Try with below code you need to change region only

<?php
header('Content-Type: text/plain; charset=utf-8');

// Include the SDK using the Composer autoloader
require 'vendor/autoload.php';

$s3 = new AwsS3S3Client([
'region'  => 'us-west-2',
'version' => 'latest',
'credentials' => [
    'key'    => 'Enter the key',
    'secret' => 'Enter the Secret key'
]
]);

// Send a PutObject request and get the result object.
$key = 'hello_world.txt';

$result = $s3->putObject([
'Bucket' => 'my-buekct-test',
'Key'    => $key,
'Body'   => 'this is the body!'
]);

// Print the body of the result by indexing into the result object.
echo $result['Body'];

'region' => 'us-west-2', // this thing i only updated

you can find region information of aws from here : http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

Hope this will help!

Saturday, May 29, 2021
 
TheFrack
answered 5 Months ago
34

I figured out what I was doing wrong. After setting up django logging, I was able to see where it was crashing. It was crashing when I tried to retrieve the "server_id" variable. I ended up adding that variable to the multipart entity as a string body rather than setting it as a header.

Friday, September 17, 2021
 
JimDel
answered 1 Month ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share