class Aws::S3::Presigner

Allows you to create presigned URLs for S3 operations.

Example Use:

signer = Aws::S3::Presigner.new
url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")

Constants

FIFTEEN_MINUTES

@api private

ONE_WEEK

@api private

Public Class Methods

new(options = {}) click to toggle source

@option options [Client] :client Optionally provide an existing

S3 client
# File lib/aws-sdk-core/s3/presigner.rb, line 21
def initialize(options = {})
  @client = options[:client] || Aws::S3::Client.new
end

Public Instance Methods

presigned_url(method, params = {}) click to toggle source

@param [Symbol] method Symbolized method name of the operation you want

to presign.

@option params [Integer] :expires_in (900) The number of seconds

before the presigned URL expires. Defaults to 15 minutes.

@option params [Boolean] :secure (true) When `false`, a HTTP URL

is returned instead of the default HTTPS URL.

@option params [Boolean] :virtual_host (false) When `true`, the

{#bucket} name will be used as the hostname. This will cause
the returned URL to be 'http' and not 'https'.

@raise [ArgumentError] Raises an ArgumentError if `:expires_in`

exceeds one week.
# File lib/aws-sdk-core/s3/presigner.rb, line 41
def presigned_url(method, params = {})
  virtual_host = !!params.delete(:virtual_host)
  scheme = http_scheme(params, virtual_host)

  req = @client.build_request(method, params)
  use_bucket_as_hostname(req) if virtual_host
  sign_but_dont_send(req, expires_in(params), scheme)
  req.send_request.data
end

Private Instance Methods

expires_in(params) click to toggle source
# File lib/aws-sdk-core/s3/presigner.rb, line 61
def expires_in(params)
  if expires_in = params.delete(:expires_in)
    if expires_in > ONE_WEEK
      msg = "expires_in value of #{expires_in} exceeds one-week maximum"
      raise ArgumentError, msg
    end
    expires_in
  else
    FIFTEEN_MINUTES
  end
end
http_scheme(params, virtual_host) click to toggle source
# File lib/aws-sdk-core/s3/presigner.rb, line 53
def http_scheme(params, virtual_host)
  if params.delete(:secure) == false || virtual_host
    'http'
  else
    'https'
  end
end
sign_but_dont_send(req, expires_in, scheme) click to toggle source
# File lib/aws-sdk-core/s3/presigner.rb, line 83
def sign_but_dont_send(req, expires_in, scheme)
  req.handlers.remove(Plugins::S3RequestSigner::SigningHandler)
  req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
  req.handle(step: :send) do |context|
    context.http_request.endpoint.scheme = scheme
    signer = Signers::V4.new(
      context.config.credentials, 's3',
      context.config.region
    )
    url = signer.presigned_url(
      context.http_request,
      expires_in: expires_in,
      body_digest: "UNSIGNED-PAYLOAD"
    )
    Seahorse::Client::Response.new(context: context, data: url)
  end
end
use_bucket_as_hostname(req) click to toggle source
# File lib/aws-sdk-core/s3/presigner.rb, line 73
def use_bucket_as_hostname(req)
  req.handlers.remove(Plugins::S3BucketDns::Handler)
  req.handle do |context|
    uri = context.http_request.endpoint
    uri.host = context.params[:bucket]
    uri.path = uri.path.sub("/#{context.params[:bucket]}", '')
    @handler.call(context)
  end
end