AkamaiSecureUrlBuilder creates not working urls for files

Question

AkamaiSecureUrlBuilder creates not working urls for files

sim1234 opened this issue 2 years ago · 5 comments

Describe the bug

AkamaiSecureUrlBuilder claims to follow secure delivery guidelines described in https://uploadcare.com/docs/security/secure-delivery/ but the urls generated by it don't work (HTTP 403).

Reference implementation uses Akamai EdgeAuth that differs a bit from what is implemented in this project:

Akamai implementation uses sha256 hash function while pypuloadcare uses sha1 by default. This isn't an issue since it can be overwritten.
Akamai doesn't use acl in hashed values, nor in the token itself.

Code / screenshots

Uploadcare(..., secure_url_builder=AkamaiSecureUrlBuilder(...)).generate_secure_url("<uuid>") results in https://mydomain.com/<uuid>/?token=exp=...~acl=/<uuid>/~hmac=...

while

EdgeAuth(...).generate_url_token("<uuid>") results in exp=.../~hmac=...

Environment

Library version: 3.1.0
Language/framework version: Python 3.8
OS version: macOS 13.0.1

Answer 1 · 2022-11-25T14:54:41.000Z

Hi!
This is a known issue, that is addressed in #220.
It'll be a part of version 4.0.

I'll try to introduce it to 3.2 as well.

Answer 2 · 2022-11-25T16:11:28.000Z

@sim1234 please check the newest version

Answer 3 · 2022-11-25T18:41:47.000Z

@dmitry-mukhin I don't think the acl issue was addressed there.

Answer 4 · 2022-11-25T19:02:21.000Z

Adding ACL is optional. We've decided to use it.

Answer 5 · 2022-11-25T19:15:14.000Z

feel free to send PR that makes this optional in pyuploadcare as well!