如何使用 Curl 命令请求 TOS 中的私有对象--火山引擎入门实验-火山引擎

文档中心

立即注册

火山引擎入门实验

存储

如何使用 Curl 命令请求 TOS 中的私有对象

本文介绍使用Curl 请求 TOS 私有对象的过程。

前言

在本教程中，您将学习如何使用 Curl 命令通过添加认证 Header 的方式请求 TOS 中的私有对象。

关于实验

预计部署时间：20分钟
级别：初级
相关产品：ECS TOS
受众：通用

环境说明

如果还没有火山引擎账号，点击此链接注册账号。
如果您还没有VPC，请先点击链接创建VPC。
云服务器ECS：Centos 7。

实验步骤

步骤1：在 ECS 安装 python3 环境

具体安装部署参考官网文档

步骤2：使用签名脚本生成 Authorization header

import sys, os, base64, datetime, hashlib, hmac
import requests  # pip install requests
import json

# ************* REQUEST VALUES *************
method = 'GET'
host = 'lxb-bucket.tos-cn-beijing.volces.com'
region = 'cn-beijing'
endpoint = 'https://lxb-bucket.tos-cn-beijing.volces.com/sizetest'


def sign(key, msg):
    return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()


def getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = sign(key.encode('utf-8'), dateStamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'request')
    return kSigning


def sigv4(access_key, secret_key, service, request_parameters):
    if access_key is None or secret_key is None:
        print('No access key is available.')
        sys.exit()
    t = datetime.datetime.utcnow()
    current_date = t.strftime('%Y%m%dT%H%M%SZ')
    datestamp = t.strftime('%Y%m%d')  # Date w/o time, used in credential scope
    canonical_uri = '/sizetest'
    canonical_querystring = request_parameters
    signed_headers = 'host;range;x-tos-content-sha256;x-tos-date'
    payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()
    content_type = 'bytes=0-10'
    # 注意：将需要参与签名的header的key全部转成小写， 然后以ASCII排序后以key-value的方式组合后换行构建。
    canonical_headers = 'host:' + host + '\n' + 'range:' + content_type + '\n' + 'x-tos-content-sha256:' + payload_hash + '\n' + 'x-tos-date:' + current_date + '\n'
    canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
    print("1.创建规范请求示例" + '\n', canonical_request)

    algorithm = 'TOS4-HMAC-SHA256'
    credential_scope = datestamp + '/' + region + '/' + service + '/' + 'request'
    string_to_sign = algorithm + '\n' + current_date + '\n' + credential_scope + '\n' + hashlib.sha256(
        canonical_request.encode('utf-8')).hexdigest()
    print("2.创建待签字符串示例" + '\n', string_to_sign)

    signing_key = getSignatureKey(secret_key, datestamp, region, service)
    signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()
    print("3.Signature示例" + '\n', signature)

    authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
    print("4.Authorization示例" + '\n', authorization_header)

    headers = {'x-tos-date': current_date,
               'Authorization': authorization_header,
               'x-tos-Content-sha256': payload_hash,
               'range': content_type,
               }

    # ************* SEND THE REQUEST *************
    request_url = endpoint

    print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
    print('Request URL = ' + request_url)
    r = requests.get(request_url, headers=headers)

    print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
    print('Response code: %d\n' % r.status_code)
    print(r.text)



if __name__ == "__main__":
    access_key = '$AK'
    secret_key = '$SK'
    service = 'tos'
    formatted_parameters = ''
    sigv4(access_key, secret_key, service, formatted_parameters)

注意

1.用于标记签名的版本及算法，当前只支持 TOS4-HMAC-SHA256
2.canonical_headers 中的 Header 信息需要再 curl 请求的时候全部带上

步骤3：运行脚本拿到签名出来的 Authorization 头信息

host:lxb-bucket.tos-cn-beijing.volces.com
range:bytes=0-10
x-tos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-tos-date:20230816T062337Z

TOS4-HMAC-SHA256 Credential=AKLTMzUyYTBlNGM2N2ExNGU2Yjk5NWRhYTYxMGVmN2I3ZTQ/20230816/cn-beijing/tos/request, SignedHeaders=host;range;x-tos-content-sha256;x-tos-date, Signature=b1e7257ddb562df824d3ace2e3dad08e86f939b7583d9c9d5e81355d86b1dceb

步骤4：命令行进行请求

[root@lxb-jms ~]# curl -X GET -H 'x-tos-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' -H 'x-tos-date:20230816T062337Z' -H 'range:bytes=0-10' -H 'Authorization:TOS4-HMAC-SHA256 Credential=AKLTMzUyYTBlNGM2N2ExNGU2Yjk5NWRhYTYxMGVmN2I3ZTQ/20230816/cn-beijing/tos/request, SignedHeaders=host;range;x-tos-content-sha256;x-tos-date, Signature=c7dfbafbad1ee4763a5fbd5fea80a4f4f416ba345f46572e3600862b4f85264c' https://lxb-bucket.tos-cn-beijing.volces.com/sizetest
dfafafadfad

参考连接

https://www.volcengine.com/docs/6349/74839

最近更新时间：2024.01.03 10:42:07

这个页面对您有帮助吗？

有用

无用