search

odysseyscience / react-s3-uploader

React component that renders an <input type="file"/> and automatically uploads to an S3 bucket
MIT License
829 stars 240 forks source link

The request signature we calculated does not match the signature you provided. Check your key and signing method. #98

Open mateodelnorte opened 8 years ago

mateodelnorte commented 8 years ago

Hi there.

I'm getting The request signature we calculated does not match the signature you provided. Check your key and signing method. back from AWS when trying to submit files. I'm on version "react-s3-uploader": "^3.3.0".

Any ideas what may be happening?

Here's my setup:

express:

  app.use('/s3', require('react-s3-uploader/s3router')({
    bucket: "my-queue-name",
    region: 'us-east-1',
    signatureVersion: 'v4', 
    headers: {'Access-Control-Allow-Origin': '*'}, 
    ACL: 'private',
  }));

react: (I'm using DropzoneS3Uploader, which just wraps the S3Upload component.)


        const style = {
            className: "uploadNew"
        }

        const uploaderProps = {
            style, 
            server: 'http://localhost:3000', 
            s3Url: 'https://dotbc-queue.s3.amazonaws.com/', 
            signingUrl: "/s3/sign",
            uploadRequestHeaders: { 'x-amz-acl': 'public-read' },
            contentDisposition: "auto",
        }

    return (
        <div className="filesDocs">
            <label>Files & Documents</label>
            <div className="uploaded">
                <ul className="unstyled">

                </ul>
            </div>
            <DropzoneS3Uploader {...uploaderProps}>

Here's the complete error I'm getting back. I notice the CanonicalRequest is labeled as UNSIGNED-PAYLOAD. Not sure if that's indicative of what's going on...

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>
<AWSAccessKeyId>AKIAI7O2H3HADOMOS3MA</AWSAccessKeyId>
<StringToSign>
AWS4-HMAC-SHA256 20161114T033436Z 20161114/us-east-1/s3/aws4_request 41fe70bff8e3ba4abbcb046361064f9a8dab17cd2b4de89d640a23f0e4a9268c
</StringToSign>
<SignatureProvided>
5dc341cd1d9d240be19cc9284aee38fbe00c93c54743dbf7f2c98740bb82d396
</SignatureProvided>
<StringToSignBytes>
41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 36 31 31 31 34 54 30 33 33 34 33 36 5a 0a 32 30 31 36 31 31 31 34 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 34 31 66 65 37 30 62 66 66 38 65 33 62 61 34 61 62 62 63 62 30 34 36 33 36 31 30 36 34 66 39 61 38 64 61 62 31 37 63 64 32 62 34 64 65 38 39 64 36 34 30 61 32 33 66 30 65 34 61 39 32 36 38 63
</StringToSignBytes>
<CanonicalRequest>
GET /28fad916-9cee-4116-93aa-f80461d77e41_Getting_Started.rtf Content-Type=text%2Frtf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAI7O2H3HADOMOS3MA%2F20161114%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20161114T033436Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host%3Bx-amz-acl&x-amz-acl=private host:dotbc-queue.s3.amazonaws.com x-amz-acl:private host;x-amz-acl UNSIGNED-PAYLOAD
</CanonicalRequest>
<CanonicalRequestBytes>
47 45 54 0a 2f 32 38 66 61 64 39 31 36 2d 39 63 65 65 2d 34 31 31 36 2d 39 33 61 61 2d 66 38 30 34 36 31 64 37 37 65 34 31 5f 47 65 74 74 69 6e 67 5f 53 74 61 72 74 65 64 2e 72 74 66 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3d 74 65 78 74 25 32 46 72 74 66 26 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 49 37 4f 32 48 33 48 41 44 4f 4d 4f 53 33 4d 41 25 32 46 32 30 31 36 31 31 31 34 25 32 46 75 73 2d 65 61 73 74 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 31 36 31 31 31 34 54 30 33 33 34 33 36 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 36 30 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 25 33 42 78 2d 61 6d 7a 2d 61 63 6c 26 78 2d 61 6d 7a 2d 61 63 6c 3d 70 72 69 76 61 74 65 0a 68 6f 73 74 3a 64 6f 74 62 63 2d 71 75 65 75 65 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 72 69 76 61 74 65 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 61 63 6c 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44
</CanonicalRequestBytes>
<RequestId>B81DDBE145ECAA39</RequestId>
<HostId>
l+kVUQMe4jrC8EM88iML42PLRxiKhG1XmxdFkEt9k7C8lPbVmlsTQURN3ZFRe7FoEe+9IcK7g48=
</HostId>
</Error>
seanadkinson commented 8 years ago

Can you verify that your AWS credentials are correctly configured in Node? For example, are you able to make any other requests to any AWS service?

dgrosenblatt commented 7 years ago

I got a very similar looking error message, and it was due to the CORS policy on my AWS bucket. This might be the case if you can use curl to successfully upload to the presigned url that your server is generating.

tim-phillips commented 7 years ago

@dgrosenblatt For the rest of us, what was the problem with your CORS config in AWS? What did you do to fix it?

dgrosenblatt commented 7 years ago

If you select the bucket and go to Properties > Permissions > Edit CORS Configuration, add something like

</CORSConfiguration>
    <CORSRule>
        <AllowedOrigin>Your-Base-Domain-Here</AllowedOrigin>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>
tim-phillips commented 7 years ago

Thanks @dgrosenblatt, however that didn't turn out to be my issue.

After futzing around for a while I ended up creating a new user with the exact same policy and voila, 🍾 .

Here's the policy for reference:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::bucket_name/*"
        }
    ]
}