Class: Aws::S3::Presigner

Inherits:

Object

• Object
• Aws::S3::Presigner

Defined in:

lib/aws-sdk-s3/presigner.rb

Overview

Allows you to create presigned URLs for S3 operations.

Example Use:

signer = Aws::S3::Presigner.new
url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")

Constant Summary

ONE_WEEK =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

60 * 60 * 24 * 7

FIFTEEN_MINUTES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

60 * 15

BLACKLISTED_HEADERS =

[
  'accept',
  'cache-control',
  'content-length', # due to a ELB bug
  'expect',
  'from',
  'if-match',
  'if-none-match',
  'if-modified-since',
  'if-unmodified-since',
  'if-range',
  'max-forwards',
  'pragma',
  'proxy-authorization',
  'referer',
  'te',
  'user-agent'
].freeze

Instance Method Summary

• #initialize(options = {}) ⇒ Presigner constructor

  A new instance of Presigner.

• #presigned_url(method, params = {}) ⇒ Object

Constructor Details

#initialize(options = {}) ⇒ Presigner

Returns a new instance of Presigner.

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :client (Client) —

  Optionally provide an existing S3 client

# File 'lib/aws-sdk-s3/presigner.rb', line 40

def initialize(options = {})
  @client = options[:client] || Aws::S3::Client.new
end

Instance Method Details

#presigned_url(method, params = {}) ⇒ Object

Parameters:

• method (Symbol) —

  Symbolized method name of the operation you want to presign.

• params (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (params):

• :expires_in (Integer) — default: 900 —

  The number of seconds before the presigned URL expires. Defaults to 15 minutes. As signature version 4 has a maximum expiry time of one week for presigned URLs, attempts to set this value to greater than one week (604800) will raise an exception.

• :time (Time) — default: Time.now —

  The starting time for when the presigned url becomes active.

• :secure (Boolean) — default: true —

  When ‘false`, a HTTP URL is returned instead of the default HTTPS URL.

• :virtual_host (Boolean) — default: false —

  When ‘true`, the bucket name will be used as the hostname. This will cause the returned URL to be ’http’ and not ‘https’.

• :use_accelerate_endpoint (Boolean) — default: false —

  When ‘true`, Presigner will attempt to use accelerated endpoint.

• :whitelist_headers (Array<String>) — default: [] —

  Additional headers to be included for the signed request. Certain headers beyond the authorization header could, in theory, be changed for various reasons (including but not limited to proxies) while in transit and after signing. This would lead to signature errors being returned, despite no actual problems with signing. (see BLACKLISTED_HEADERS)

Raises:

• (ArgumentError) —

  Raises an ArgumentError if ‘:expires_in` exceeds one week.

# File 'lib/aws-sdk-s3/presigner.rb', line 76

def presigned_url(method, params = {})
  if params[:key].nil? or params[:key] == ''
    raise ArgumentError, ":key must not be blank"
  end
  virtual_host = !!params.delete(:virtual_host)
  time = params.delete(:time)
  whitelisted_headers = params.delete(:whitelist_headers) || []
  unsigned_headers = BLACKLISTED_HEADERS - whitelisted_headers
  scheme = http_scheme(params, virtual_host)

  req = @client.build_request(method, params)
  use_bucket_as_hostname(req) if virtual_host

  sign_but_dont_send(req, expires_in(params), scheme, time, unsigned_headers)
  req.send_request.data
end