Skip to content

Fix #358 - migrate to S3 policy v4 to support AWS4-HMAC-SHA256 #1603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Sep 11, 2020
Merged

Fix #358 - migrate to S3 policy v4 to support AWS4-HMAC-SHA256 #1603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
cf0cd38
Fix #358 - migrate to S3 policy v4 to support AWS4-HMAC-SHA256
rubenvandeven Sep 4, 2020
dd5e46c
Merge branch 'develop' into fix/s3v4
catarak Sep 8, 2020
304c26f
[#358] add userId to object key
catarak Sep 8, 2020
055b83f
[#358] update acl and remove comment
catarak Sep 8, 2020
ff5b95f
[#358] Update getObjectKey to work for different url formats
catarak Sep 8, 2020
8134d67
Merge branch 'develop' into fix/s3v4
catarak Sep 11, 2020
669b58e
[#358] Test and update getObjectKey
catarak Sep 11, 2020
de8f990
[#358] Remove unused variables
catarak Sep 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions client/modules/IDE/actions/uploader.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,6 @@ export function dropzoneSendingCallback(file, xhr, formData) {
Object.keys(file.postData).forEach((key) => {
formData.append(key, file.postData[key]);
});
formData.append('Content-type', file.type);
formData.append('Content-length', '');
formData.append('acl', 'public-read');
}
};
}
Expand Down
29 changes: 25 additions & 4 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@
"request": "^2.88.2",
"request-promise": "^4.2.5",
"reselect": "^4.0.0",
"s3-policy": "^0.2.0",
"s3-policy-v4": "0.0.3",
"sass-extract": "^2.1.0",
"sass-extract-js": "^0.4.0",
"sass-extract-loader": "^1.1.0",
Expand Down
39 changes: 17 additions & 22 deletions server/controllers/aws.controller.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
import uuid from 'node-uuid';
import policy from 's3-policy';
import S3Policy from 's3-policy-v4';
import s3 from '@auth0/s3';
import mongoose from 'mongoose';
import { getProjectsForUserId } from './project.controller';
import { findUserByUsername } from './user.controller';

const { ObjectId } = mongoose.Types;

const client = s3.createClient({
maxAsyncS3: 20,
s3RetryCount: 3,
Expand All @@ -18,7 +21,7 @@ const client = s3.createClient({
});

const s3Bucket = process.env.S3_BUCKET_URL_BASE ||
`https://s3-${process.env.AWS_REGION}.amazonaws.com/${process.env.S3_BUCKET}/`;
`https://s3-${process.env.AWS_REGION}.amazonaws.com/${process.env.S3_BUCKET}/`;

function getExtension(filename) {
const i = filename.lastIndexOf('.');
Expand All @@ -27,14 +30,10 @@ function getExtension(filename) {

export function getObjectKey(url) {
const urlArray = url.split('/');
let objectKey;
if (urlArray.length === 5) {
const key = urlArray.pop();
const userId = urlArray.pop();
objectKey = `${userId}/${key}`;
} else {
const key = urlArray.pop();
objectKey = key;
const objectKey = urlArray.pop();
const userId = urlArray.pop();
if (ObjectId.isValid(userId) && userId === new ObjectId(userId).toString()) {
return `${userId}/${objectKey}`;
}
return objectKey;
}
Expand Down Expand Up @@ -81,21 +80,17 @@ export function signS3(req, res) {
const fileExtension = getExtension(req.body.name);
const filename = uuid.v4() + fileExtension;
const acl = 'public-read';
const p = policy({
const policy = S3Policy.generate({
acl,
secret: process.env.AWS_SECRET_KEY,
length: 5000000, // in bytes?
key: `${req.body.userId}/${filename}`,
bucket: process.env.S3_BUCKET,
key: filename,
expires: new Date(Date.now() + 60000),
contentType: req.body.type,
region: process.env.AWS_REGION,
accessKey: process.env.AWS_ACCESS_KEY,
secretKey: process.env.AWS_SECRET_KEY,
metadata: []
});
const result = {
AWSAccessKeyId: process.env.AWS_ACCESS_KEY,
key: `${req.body.userId}/${filename}`,
policy: p.policy,
signature: p.signature
};
res.json(result);
res.json(policy);
}

export function copyObjectInS3(url, userId) {
Expand Down