Creating presigned urls

Question

Creating presigned urls

febg11 opened this issue 3 years ago · 5 comments

Hi

I am trying to create presigned urls for objects on digital ocean using your library. I cannot use the default aws package as i need the X-Amz-Date. to be in the future.

I have tried to just generate a url (which i get) but I always get permission denied. The urls are currently being generated in the browser.

Here is what I have tried

this.awsClient = new AwsClient({ accessKeyId: environment.ACCESS_KEY_ID, secretAccessKey: environment.SECRET_ACCESS_KEY });


const result = await this.awsClient.sign('https://[BUCKET_NAME].[REGION].digitaloceanspaces.com/[PATH]', {
    method: 'GET',
    aws: {
      signQuery: true,
    },
  },
)

result.url has a similar url to those generated using the aws sdk.

Futhermore, are we able to add expire params during the signing process. I guess they would go in the headers or body but wasnt sure.

Thanks a lot

Answer 1 · 2021-04-10T20:23:13.000Z

I'm not sure about Digital Ocean I'm afraid, but other ppl have had success with it. You'll just need to force the service to be s3. Closing as a dupe of #15 (comment)

Answer 2 · 2021-04-10T20:32:39.000Z

i saw that issue earlier and had no luck with it

Answer 3 · 2021-04-11T10:04:01.000Z

Hi again.

I have done some digging and have come up with a few questions.

I have tried generating a presigned url using your node library aws4 and it works fine. My code looks like this:

const options = {
  host: ‘<BUCKET_NAME>.<REGION>.digitaloceanspaces.com',
  region: <‘REGION>,
  service: 's3',
  path: “/pathToFile”,
  signQuery: true,
}


const url = aws4.sign(options, {
  secretAccessKey: “<SECRET>”,
  accessKeyId: “<ACCESS”_KEY>,
});

Now when I do the same thing in the aws4Fetch library I get signature does not match for everything I do.. here is my code

  const newMethod = await this.awsClient.sign('https://<BUCKEt>.<REGION>.digitaloceanspaces.com/<PATH_TO_FILE>', {
      method: 'GET',
      headers: {},
      aws: {
        signQuery: true,
      },
    },
  )

Now something I noticed that was different between the URLS generated by aws4 and aws4Fetch was the X-Amz-SignedHeaders were different.

Node aws4: X-Amz-SignedHeaders=host

Browser asw4Fetch: X-Amz-SignedHeaders=host%3Bx-amz-content-sha256

I have tried to remove this part of the aws4Fetch library

    if (this.service === 's3' && !this.headers.has('X-Amz-Content-Sha256')) {
        this.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');
      }

Could you explain what this is used for.and why it appends the X-Amz-Content-Sha256.

Possible related note:
I found someone experiencing a similar issue in the php library on stackoverflow ->
https://stackoverflow.com/questions/51943709/aws-s3-bucket-presigned-url
aws/aws-sdk-php#1609

Kind Regards

Answer 4 · 2021-06-04T13:13:44.000Z

Hi @febg11 , running into the same issue–how did you resolve this in the end?

Answer 5 · 2021-06-04T21:02:11.000Z

Didn't use this library. Ended up using the aws4 node version and making an server that returns them