Securely Signed S3 Links With Expiration

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import hmac
import time
import base64
import urllib
import hashlib


class SecureS3(object):
    def __init__(self, key, secret_key):
        ''' key: S3 Access Key (login)
            secret_key: S3 Secret Access Key (password)
        '''
        self.key = key
        self.secret_key = secret_key

    def gen_signature(self, string_to_sign):
        return base64.encodestring(
            hmac.new(
                self.secret_key,
                string_to_sign,
                hashlib.sha1
            ).digest()
        ).strip()

    def get_auth_link(self, bucket, filename, expires=300, timestamp=None):
        ''' Return a secure S3 link with an expiration on the download.

            bucket: Bucket name
            filename: file path
            expires: Seconds from NOW the link expires
            timestamp: Epoch timestamp. If present, "expires" will not be used.
        '''
        filename = urllib.quote_plus(filename)
        filename = filename.replace('%2F', '/')
        path = '/%s/%s' % (bucket, filename)

        if timestamp is not None:
            expire_time = float(timestamp)
        else:
            expire_time = time.time() + expires

        expire_str = '%.0f' % (expire_time)
        string_to_sign = u'GET\n\n\n%s\n%s' % (expire_str, path)
        params = {
            'AWSAccessKeyId': self.key,
            'Expires': expire_str,
            'Signature': self.gen_signature(string_to_sign.encode('utf-8')),
        }

        return 'http://%s.s3.amazonaws.com/%s?%s' % (
                                    bucket, filename, urllib.urlencode(params))

Comments

(Forgotten your password?)

You may use Markdown syntax here, but raw HTML will be removed.