Creating presigned urls
febg11 opened this issue · 5 comments
Hi
I am trying to create presigned urls for objects on digital ocean using your library. I cannot use the default aws package as i need the X-Amz-Date. to be in the future.
I have tried to just generate a url (which i get) but I always get permission denied. The urls are currently being generated in the browser.
Here is what I have tried
this.awsClient = new AwsClient({ accessKeyId: environment.ACCESS_KEY_ID, secretAccessKey: environment.SECRET_ACCESS_KEY });
const result = await this.awsClient.sign('https://[BUCKET_NAME].[REGION].digitaloceanspaces.com/[PATH]', {
method: 'GET',
aws: {
signQuery: true,
},
},
)
result.url has a similar url to those generated using the aws sdk.
Futhermore, are we able to add expire params during the signing process. I guess they would go in the headers or body but wasnt sure.
Thanks a lot
I'm not sure about Digital Ocean I'm afraid, but other ppl have had success with it. You'll just need to force the service to be s3
. Closing as a dupe of #15 (comment)
i saw that issue earlier and had no luck with it
Hi again.
I have done some digging and have come up with a few questions.
I have tried generating a presigned url using your node library aws4 and it works fine. My code looks like this:
const options = {
host: ‘<BUCKET_NAME>.<REGION>.digitaloceanspaces.com',
region: <‘REGION>,
service: 's3',
path: “/pathToFile”,
signQuery: true,
}
const url = aws4.sign(options, {
secretAccessKey: “<SECRET>”,
accessKeyId: “<ACCESS”_KEY>,
});
Now when I do the same thing in the aws4Fetch library I get signature does not match for everything I do.. here is my code
const newMethod = await this.awsClient.sign('https://<BUCKEt>.<REGION>.digitaloceanspaces.com/<PATH_TO_FILE>', {
method: 'GET',
headers: {},
aws: {
signQuery: true,
},
},
)
Now something I noticed that was different between the URLS generated by aws4 and aws4Fetch was the X-Amz-SignedHeaders were different.
Node aws4: X-Amz-SignedHeaders=host
Browser asw4Fetch: X-Amz-SignedHeaders=host%3Bx-amz-content-sha256
I have tried to remove this part of the aws4Fetch library
if (this.service === 's3' && !this.headers.has('X-Amz-Content-Sha256')) {
this.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');
}
Could you explain what this is used for.and why it appends the X-Amz-Content-Sha256.
Possible related note:
I found someone experiencing a similar issue in the php library on stackoverflow ->
https://stackoverflow.com/questions/51943709/aws-s3-bucket-presigned-url
aws/aws-sdk-php#1609
Kind Regards
Didn't use this library. Ended up using the aws4 node version and making an server that returns them