-
Notifications
You must be signed in to change notification settings - Fork 351
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for signed upload urls. #1661
base: main
Are you sure you want to change the base?
Conversation
All committers have signed the CLA. |
3d7696f
to
6bf10f5
Compare
export interface UploadUrlOptions { | ||
/** The expiration time of the url, in seconds from signing. The maximum | ||
* value is seven days */ | ||
ttl: number; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Options should typically be optional:
ttl: number; | |
ttl?: number; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
runtimes/js/src/objects.rs
Outdated
#[napi] | ||
pub async fn get_upload_url( | ||
&self, | ||
options: Option<UploadUrlOptions>, // TODO: can/should this be made non-optional, since ttl is required? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ttl shouldn't be required, right? The user-facing docs state the ttl defaults to 7 days if not provided
runtimes/js/src/objects.rs
Outdated
impl From<UploadUrlOptions> for core::UploadUrlOptions { | ||
fn from(value: UploadUrlOptions) -> Self { | ||
Self { | ||
ttl: value.ttl as u64, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Convert this to the default of 7 days here
runtimes/js/src/objects.rs
Outdated
#[napi(object)] | ||
#[derive(Debug, Default)] | ||
pub struct UploadUrlOptions { | ||
pub ttl: i64, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pub ttl: i64, | |
pub ttl: Option<i64>, |
|
||
// WithTtl is used for signed URLs, to specify the lifetime of the generated | ||
// URL, in seconds. The max value is seven days. | ||
func WithTtl(ttl uint64) withTtlOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Go convention is TTL
not Ttl
. Also make it take a time.Duration
instead of an uint64
func WithTtl(ttl uint64) withTtlOption { | |
func WithTTL(ttl time.Duration) withTTLOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
* Anyone with possession of the URL can write to the given object name | ||
* without any additional auth. | ||
*/ | ||
async getUploadUrl(name: string, options?: UploadUrlOptions): Promise<string> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's make this signedUploadUrl
, and have it return a SignedURL
object with just a single field {url: string}
async getUploadUrl(name: string, options?: UploadUrlOptions): Promise<string> { | |
async signedUploadUrl(name: string, options?: SignedUploadUrlOptions): Promise<SignedURL> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Although used SignedUploadUrl
instead of SignedUrl
. I think we ended up agreeing on making upload URLs more flexible, but not so far as folding in signed GET and PUT URLs in one type. But let me know if I got that wrong.
@@ -120,6 +120,7 @@ pub fn resolve_bucket_usage(data: &ResolveUsageData, bucket: Lrc<Bucket>) -> Opt | |||
"list" => Operation::ListObjects, | |||
"exists" | "attrs" => Operation::GetObjectMetadata, | |||
"upload" => Operation::WriteObject, | |||
"getUploadUrl" => Operation::WriteObject, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rename to signedUploadUrl
as per above. Also, let's introduce a new SignedUploadUrl
operation (needs to be done in legacymeta.rs as well)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
client: client, | ||
cfg: runtimeCfg, | ||
client: client, | ||
presign_client: s3.NewPresignClient(client), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instantiate in clientForProvider
instead so we can cache it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, thanks
client *s3.Client | ||
cfg *config.Bucket | ||
client *s3.Client | ||
presign_client *s3.PresignClient |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
presign_client *s3.PresignClient | |
presignClient *s3.PresignClient |
Bucket: &b.cfg.CloudName, | ||
Key: &object, | ||
} | ||
sign_opts := func(opts *s3.PresignOptions) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sign_opts := func(opts *s3.PresignOptions) { | |
signOpts := func(opts *s3.PresignOptions) { |
sign_opts := func(opts *s3.PresignOptions) { | ||
opts.Expires = time.Duration(data.Ttl) * time.Second | ||
} | ||
req, err := b.presign_client.PresignPutObject(data.Ctx, ¶ms, sign_opts) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do the error check here instead
req, err := b.presign_client.PresignPutObject(data.Ctx, ¶ms, sign_opts) | |
req, err := b.presign_client.PresignPutObject(data.Ctx, ¶ms, sign_opts) | |
if err != nil { | |
return "", mapErr(err) | |
} | |
return req.URL, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
3b6d7b6
to
f165bfd
Compare
No description provided.