class Aws::S3::Presigner

def _presigned_request(method, params, hoist = true) 

def _presigned_request(method, params, hoist = true)
  virtual_host = params.delete(:virtual_host)
  time = params.delete(:time)
  unsigned_headers = unsigned_headers(params)
  secure = params.delete(:secure) != false
  expires_in = expires_in(params)
  req = @client.build_request(method, params)
  use_bucket_as_hostname(req) if virtual_host
  handle_presigned_url_context(req)
  x_amz_headers = sign_but_dont_send(
    req, expires_in, secure, time, unsigned_headers, hoist
  )
  [req.send_request.data, x_amz_headers]
end

def expires_in(params) 

def expires_in(params)
  if (expires_in = params.delete(:expires_in))
    if expires_in > ONE_WEEK
      raise ArgumentError,
            "expires_in value of #{expires_in} exceeds one-week maximum."
    elsif expires_in <= 0
      raise ArgumentError,
            "expires_in value of #{expires_in} cannot be 0 or less."
    end
    expires_in
  else
    FIFTEEN_MINUTES
  end
end

def handle_presigned_url_context(req)

handlers to perform decisions based on this flag if need.
Store context information as early as possible, to allow

Used for excluding presigned_urls from API request count. 
def handle_presigned_url_context(req)
  req.handle(step: :initialize, priority: 98) do |context|
    context[:presigned_url] = true
    @handler.call(context)
  end
end

def initialize(options = {})

Options Hash: (**options)
  • :client (Client) -- Optionally provide an existing 
def initialize(options = {})
  @client = options[:client] || Aws::S3::Client.new
end

def presigned_request(method, params = {})

Returns:
  • (String, Hash) - A tuple with a presigned URL and headers that

Raises:
  • (ArgumentError) - Raises an ArgumentError if `:expires_in`

Options Hash: (**params)
  • :whitelist_headers (Array) -- Additional
  • :use_accelerate_endpoint (Boolean) -- When `true`,
  • :virtual_host (Boolean) -- When `true`, the
  • :secure (Boolean) -- When `false`, a HTTP URL
  • :time (Time) -- The starting time for when the
  • :expires_in (Integer) -- The number of seconds

Parameters:
  • method (Symbol) -- Symbolized method name of the operation you want 
def presigned_request(method, params = {})
  _presigned_request(method, params, false)
end

def presigned_url(method, params = {})

Returns:
  • (String) - a presigned url

Raises:
  • (ArgumentError) - Raises an ArgumentError if `:expires_in`

Options Hash: (**params)
  • :whitelist_headers (Array) -- Additional
  • :use_accelerate_endpoint (Boolean) -- When `true`,
  • :virtual_host (Boolean) -- When `true`, the
  • :secure (Boolean) -- When `false`, a HTTP URL
  • :time (Time) -- The starting time for when the
  • :expires_in (Integer) -- The number of seconds

Parameters:
  • method (Symbol) -- Symbolized method name of the operation you want 
def presigned_url(method, params = {})
  url, _headers = _presigned_request(method, params)
  url
end

def sign_but_dont_send(

Parameters:
  • req (Seahorse::Client::Request) -- 
def sign_but_dont_send(
  req, expires_in, secure, time, unsigned_headers, hoist = true
)
  x_amz_headers = {}
  http_req = req.context.http_request
  req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
  req.handlers.remove(Aws::Rest::ContentTypeHandler)
  req.handlers.remove(Aws::Plugins::ChecksumAlgorithm::OptionHandler)
  req.handlers.remove(Aws::Plugins::ChecksumAlgorithm::ChecksumHandler)
  req.handlers.remove(Aws::Plugins::InvocationId::Handler)
  req.handlers.remove(Aws::Plugins::Sign::Handler)
  req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
  req.handle(step: :send) do |context|
    # if an endpoint was not provided, force secure or insecure
    if context.config.regional_endpoint
      http_req.endpoint.scheme = secure ? 'https' : 'http'
      http_req.endpoint.port = secure ? 443 : 80
    end
    query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
    http_req.headers.each do |key, value|
      next unless key =~ /^x-amz/i
      if hoist
        value = Aws::Sigv4::Signer.uri_escape(value)
        key = Aws::Sigv4::Signer.uri_escape(key)
        # hoist x-amz-* headers to the querystring
        http_req.headers.delete(key)
        query << "#{key}=#{value}"
      else
        x_amz_headers[key] = value
      end
    end
    http_req.endpoint.query = query.join('&') unless query.empty?
    auth_scheme = context[:auth_scheme]
    scheme_name = auth_scheme['name']
    region = if scheme_name == 'sigv4a'
               auth_scheme['signingRegionSet'].first
             else
               auth_scheme['signingRegion']
             end
    signer = Aws::Sigv4::Signer.new(
      service: auth_scheme['signingName'] || 's3',
      region: context[:sigv4_region] || region || context.config.region,
      credentials_provider: context[:sigv4_credentials] || context.config.credentials,
      signing_algorithm: scheme_name.to_sym,
      uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
      normalize_path: !!!auth_scheme['disableNormalizePath'],
      unsigned_headers: unsigned_headers,
      apply_checksum_header: false
    )
    url = signer.presign_url(
      http_method: http_req.http_method,
      url: http_req.endpoint,
      headers: http_req.headers,
      body_digest: 'UNSIGNED-PAYLOAD',
      expires_in: expires_in,
      time: time
    ).to_s
    Seahorse::Client::Response.new(context: context, data: url)
  end
  # Return the headers
  x_amz_headers
end

def unsigned_headers(params) 

def unsigned_headers(params)
  whitelist_headers = params.delete(:whitelist_headers) || []
  BLACKLISTED_HEADERS - whitelist_headers
end

def use_bucket_as_hostname(req) 

def use_bucket_as_hostname(req)
  req.handle(priority: 35) do |context|
    uri = context.http_request.endpoint
    uri.host = context.params[:bucket]
    uri.path.sub!("/#{context.params[:bucket]}", '')
    @handler.call(context)
  end
end