Implement presigned URLs #96

Closed
opened 2021-07-28 07:03:02 +00:00 by lx · 3 comments
Owner

For things like presignedPutObject and temporary URLs that include a signature to get an object that is valid only during a certain period of time

https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/s3-example-presigned-urls.html

For things like `presignedPutObject` and temporary URLs that include a signature to get an object that is valid only during a certain period of time <https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/s3-example-presigned-urls.html>
lx added the
Improvement
S3 Compatibility
labels 2021-07-28 07:03:06 +00:00
Owner

presigned URLs are used by gitlab by default: https://docs.gitlab.com/ee/administration/object_storage.html#proxy-download (can be deactivated).

presigned URLs are used by gitlab by default: https://docs.gitlab.com/ee/administration/object_storage.html#proxy-download (can be deactivated).
Author
Owner

Message de Trinity sur Matrix:

quelqu'un sait si ce code est vraiment utilisé? Ça ressemble énormément à ce qu'il faut faire pour les presigned urls (Authenticate requests using query parameters), sauf que ça lit des headers http au lieu des query parameters, ce qui est surprenant pour une fonction appelée parse_query_authorization

Message de Trinity sur Matrix: > quelqu'un sait si [ce code](https://git.deuxfleurs.fr/Deuxfleurs/garage/src/branch/main/src/api/signature.rs#L167-L199) est vraiment utilisé? Ça ressemble énormément à ce qu'il faut faire pour les presigned urls ([Authenticate requests using query parameters](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html)), sauf que ça lit des headers http au lieu des query parameters, ce qui est surprenant pour une fonction appelée `parse_query_authorization`
trinity-1686a was assigned by lx 2022-01-10 11:26:55 +00:00
Author
Owner

Update: pre-signed requests work but the validity time is not checked by Garage, which is a security flaw. Adding this is the last thing before closing this issue.

Update: pre-signed requests work but the validity time is not checked by Garage, which is a security flaw. Adding this is the last thing before closing this issue.
lx closed this issue 2022-01-18 11:22:32 +00:00
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/garage#96
No description provided.