class Aws::S3::Presigner
url = signer.presigned_url(:get_object, bucket: “bucket”, key: “key”)
signer = Aws::S3::Presigner.new
Example Use:
Allows you to create presigned URLs for S3 operations.
def build_signer(cfg, unsigned_headers)
def build_signer(cfg, unsigned_headers) Aws::Sigv4::Signer.new( service: 's3', region: cfg.region, credentials_provider: cfg.credentials, unsigned_headers: unsigned_headers, uri_escape_path: false ) end
def expires_in(params)
def expires_in(params) if (expires_in = params.delete(:expires_in)) if expires_in > ONE_WEEK msg = "expires_in value of #{expires_in} exceeds one-week maximum" raise ArgumentError, msg end expires_in else FIFTEEN_MINUTES end end
def http_scheme(params, virtual_host)
def http_scheme(params, virtual_host) if params.delete(:secure) == false || virtual_host 'http' else @client.config.endpoint.scheme end end
def initialize(options = {})
(**options)-
:client(Client) -- Optionally provide an existing
def initialize(options = {}) @client = options[:client] || Aws::S3::Client.new end
def presigned_url(method, params = {})
-
(ArgumentError)- Raises an ArgumentError if `:expires_in`
Options Hash:
(**params)-
:whitelist_headers(Array) -- Additional -
:use_accelerate_endpoint(Boolean) -- When `true`, -
:virtual_host(Boolean) -- When `true`, the -
:secure(Boolean) -- When `false`, a HTTP URL -
:time(Time) -- The starting time for when the -
:expires_in(Integer) -- The number of seconds
Parameters:
-
method(Symbol) -- Symbolized method name of the operation you want
def presigned_url(method, params = {}) if params[:key].nil? or params[:key] == '' raise ArgumentError, ":key must not be blank" end virtual_host = !!params.delete(:virtual_host) time = params.delete(:time) whitelisted_headers = params.delete(:whitelist_headers) || [] unsigned_headers = BLACKLISTED_HEADERS - whitelisted_headers scheme = http_scheme(params, virtual_host) req = @client.build_request(method, params) use_bucket_as_hostname(req) if virtual_host sign_but_dont_send(req, expires_in(params), scheme, time, unsigned_headers) req.send_request.data end
def sign_but_dont_send(req, expires_in, scheme, time, unsigned_headers)
-
req(Seahorse::Client::Request) --
def sign_but_dont_send(req, expires_in, scheme, time, unsigned_headers) http_req = req.context.http_request req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler) req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler) req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler) signer = build_signer(req.context.config, unsigned_headers) req.context[:presigned_url] = true req.handle(step: :send) do |context| if scheme != http_req.endpoint.scheme endpoint = http_req.endpoint.dup endpoint.scheme = scheme endpoint.port = (scheme == 'http' ? 80 : 443) http_req.endpoint = URI.parse(endpoint.to_s) end # hoist x-amz-* headers to the querystring query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : [] http_req.headers.keys.each do |key| if key.match(/^x-amz/i) value = Aws::Sigv4::Signer.uri_escape(http_req.headers.delete(key)) key = Aws::Sigv4::Signer.uri_escape(key) query << "#{key}=#{value}" end end http_req.endpoint.query = query.join('&') unless query.empty? url = signer.presign_url( http_method: http_req.http_method, url: http_req.endpoint, headers: http_req.headers, body_digest: 'UNSIGNED-PAYLOAD', expires_in: expires_in, time: time ).to_s Seahorse::Client::Response.new(context: context, data: url) end end
def use_bucket_as_hostname(req)
def use_bucket_as_hostname(req) req.handlers.remove(Plugins::BucketDns::Handler) req.handle do |context| uri = context.http_request.endpoint uri.host = context.params[:bucket] uri.path.sub!("/#{context.params[:bucket]}", '') uri.scheme = 'http' uri.port = 80 @handler.call(context) end end