My scenario: I need to generate a secure url to hand to a client. That client will use the url to post a file directly to S3. The file should then be available to the public.
I am currently trying to figure out all the moving parts via unit test. I am using the knox module's implementation to generate secure URLs.
Here is my test:
'use strict';
var fs = require('fs'),
knox = require('knox'),
request = require('request'),
config = require('../config');
var s3 = new knox.createClient({
key : config.aws.accessKey,
secret : config.aws.secretKey,
bucket : 'poopdart'
});
exports.url_generation = {
put_object: function(test) {
var file = '/foo/' + new Date().valueOf() + '.json';
var qs = {
'x-amz-acl': 'public-read'
};
var signedUrl = s3.signedUrl(file, new Date(new Date().getTime() + 5 * 60 * 1000), {
verb: 'PUT',
contentType: 'application/json'
// qs: qs
});
console.log(signedUrl);
var body = JSON.stringify({ date: new Date() });
var options = {
url: signedUrl,
method: 'PUT',
body: body,
headers: {
'Content-Type': 'application/json',
'Content-Length': body.length,
'x-amz-acl': 'public-read'
}
};
request(options, function (err, response, data) {
if(response.statusCode !== 200) console.log(data);
test.equals(response.statusCode, 200);
request.get('https://print-template-images.s3.amazonaws.com' + file, function (err, response, data) {
test.equals(response.statusCode, 200); // fails with 403
test.done();
});
});
}
};
Note: If i add the x-amz-acl header to my post request the key validation fails. If I add it to the querystring of the signed url it is ignored and the file is left private.
Anyone have pointers?
Do you want all files in this bucket(or bucket prefix) to be publically readable?
Instead of setting authorization in the request you can use a bucket policy: https://forums.aws.amazon.com/thread.jspa?messageID=185968#185968