You are viewing documentation for version 1 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: AWS::S3::PresignV4

Inherits:
Object
  • Object
show all
Defined in:
lib/aws/s3/presign_v4.rb

Overview

Utility class for building pre-signed URLs for Amazon S3 objects using signature version 4.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(object) ⇒ PresignV4

Returns a new instance of PresignV4

Parameters:



22
23
24
25
26
 
# File 'lib/aws/s3/presign_v4.rb', line 22

def initialize(object)
  @object = object
  @client = object.client
  @signer = object.client.send(:v4_signer)
end

Instance Attribute Details

#clientClient (readonly)

Returns:



32
33
34
 
# File 'lib/aws/s3/presign_v4.rb', line 32

def client
  @client
end

#objectS3Object (readonly)

Returns:



29
30
31
 
# File 'lib/aws/s3/presign_v4.rb', line 29

def object
  @object
end

#signerCore::Signers::Version4 (readonly)

Returns:

  • (Core::Signers::Version4) 


35
36
37
 
# File 'lib/aws/s3/presign_v4.rb', line 35

def signer
  @signer
end

Instance Method Details

#presign(method, options = {}) ⇒ URI::HTTP, URI::HTTPS

Parameters:

  • method (Symbol, String)

    The HTTP verb or object method for which the returned URL will be valid. Valid values:

    • :get or :read
    • :put or :write
    • :delete
    • :head
  • options (Hash) (defaults to: {})

    Additional options for generating the URL.

Options Hash (options):

  • :expires (Object)

    Sets the expiration time of the URL; after this time S3 will return an error if the URL is used. This can be an integer (to specify the number of seconds after the current time), a string (which is parsed as a date using Time#parse), a Time, or a DateTime object. This option defaults to one hour after the current time.

  • :secure (Boolean) — default: true

    Whether to generate a secure (HTTPS) URL or a plain HTTP url.

  • :content_type (String)

    Object content type for HTTP PUT. When provided, has to be also added to the request header as a 'content-type' field

  • :content_md5 (String)

    Object MD5 hash for HTTP PUT. When provided, has to be also added to the request header as a 'content-md5' field

  • :endpoint (String)

    Sets the hostname of the endpoint.

  • :port (Integer)

    Sets the port of the endpoint (overrides config.s3_port).

  • :force_path_style (Boolean) — default: false

    Indicates whether the generated URL should place the bucket name in the path (true) or as a subdomain (false).

  • :response_content_type (String)

    Sets the Content-Type header of the response when performing an HTTP GET on the returned URL.

  • :response_content_language (String)

    Sets the Content-Language header of the response when performing an HTTP GET on the returned URL.

  • :response_expires (String)

    Sets the Expires header of the response when performing an HTTP GET on the returned URL.

  • :response_cache_control (String)

    Sets the Cache-Control header of the response when performing an HTTP GET on the returned URL.

  • :response_content_disposition (String)

    Sets the Content-Disposition header of the response when performing an HTTP GET on the returned URL.

  • :acl (String)

    The value to use for the x-amz-acl.

  • :response_content_encoding (String)

    Sets the Content-Encoding header of the response when performing an HTTP GET on the returned URL.

  • :signature_version (:v3, :v4) — default: :v3

Returns:

  • (URI::HTTP, URI::HTTPS) 


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/aws/s3/presign_v4.rb', line 40

def presign(method, options = {})

  now = Time.now.utc
  one_week = 60 * 60 * 24 * 7
  if options[:expires] - now.to_i > one_week
    msg = "presigned URLs using sigv4 may not expire more than one week out"
    raise ArgumentError, msg
  end

  now = now.strftime("%Y%m%dT%H%M%SZ")

  request = build_request(method, options)

  request.headers.clear
  request.headers['host'] = request.host
  signed_headers = 'Host'

  if options[:acl]
    request.add_param("x-amz-acl", options[:acl].to_s.gsub(/_/, '-'))
  end

  # must be sent along with the PUT request headers
  if options[:content_md5]
    request.headers['Content-MD5'] = options[:content_md5]
    signed_headers << ';Content-MD5'
  end

  request_params = Core::Signers::S3::QUERY_PARAMS.map do |p|
    param = p.tr("-","_").to_sym
    if options.key?(param)
      request.add_param(p, options[param])
    end
  end

  token = client.credential_provider.session_token

  request.add_param("X-Amz-Algorithm", "AWS4-HMAC-SHA256")
  request.add_param("X-Amz-Date", now)
  request.add_param("X-Amz-SignedHeaders", signed_headers)
  request.add_param("X-Amz-Expires", seconds_away(options[:expires]))
  request.add_param('X-Amz-Security-Token', token) if token
  request.add_param("X-Amz-Credential", signer.credential(now))
  request.add_param("X-Amz-Signature", signature(request, now))

  build_uri(request, options)

end