justinm1 / s3signeraws Goto Github PK
View Code? Open in Web Editor NEWPure Swift AWS S3 Signer, generates V4 Auth Headers and V4 presignedURLs
License: MIT License
Pure Swift AWS S3 Signer, generates V4 Auth Headers and V4 presignedURLs
License: MIT License
Hi. I have an issue where query parameters such as response-content-disposition on a s3 url that i want to presign leads to an invalid request.
let url = "https://s3.amazonaws.com/somebucket/resources/8fc67703-27e7-4717-aa2e-1b68cf1396b2_sketch.zip?response-content-disposition=attachment%3b+filename%3diPhone%20XS%203DSketch.zip"
return try signer.presignedURLV4(httpMethod: .get, urlString: url,
expiration: .thirtyMinutes, headers: [:])
generates this url:
https://s3.amazonaws.com/somebucket/resources/8fc67703-27e7-4717-aa2e-1b68cf1396b2_sketch.zip?response-content-disposition=attachment%3b+filename%3diPhone%20XS%203DSketch.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISXSCUIUV72UKPUQ%2F20181129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20181129T132601Z&X-Amz-Expires=1800&X-Amz-SignedHeaders=host&X-Amz-Signature=946680fadbd3637df79ce26c25fd3f5feaa4b1c530949b01e74552739143f479
which is clearly wrong since S3SignerAWS adds another ? to the query. I think the issue in question is caused by this line:
https://github.com/JustinM1/S3SignerAWS/blob/master/Sources/S3SignerAWS.swift#L302
Which should probably be appending the queryComponents instead.
It would be amazing to have Region.host public so the developer doesn't have to replicate the same enum on their side when building the S3 URL
Thanks,
Ondrej
It's not very clean to use it in other frameworks like perfect, because of the Vapor dependencies. Isn't it possible to use some 3rd party lib like CryptoSwift?
I am getting the following error from Amazon when generating a v4 signed url for a delete request:
Optional(Response
- Version: 1.1.0
- Status: 400
- Headers:
Connection: close
Transfer-Encoding: chunked
Server: AmazonS3
x-amz-id-2: !REDACTED!
x-amz-request-id: B14FD676248BDE17
Content-Type: application/xml
Date: Fri, 15 Sep 2017 13:35:43 GMT
- Body:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationQueryParametersError</Code><Message>X-Amz-Date must be in the ISO8601 Long Format "yyyyMMdd'T'HHmmss'Z'"</Message><RequestId>B14FD676248BDE17</RequestId><HostId>WT6L5j7KbXwRLZAUvoqpZhFvpdl7QrnSA3E0aBEAOcMY5hb2ZXj74Uaug7Isf6oJHESZ/dT/oV0=</HostId></Error>)
I am generating the url like this:
return try signer.presignedURLV4(httpMethod: .delete, urlString: url,
expiration: .thirtyMinutes, headers: [:])
It fails when uri(path name at aws S3) has special characters like "="(for Hive compatible partition name), thus I think it needs to encode this at "createStringToSign" method.
I Found this AWS guide
at http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
Using Base64 Encoding
HMAC request signatures must be Base64 encoded. Base64 encoding converts the signature into a simple ASCII string that can be attached to the request. Characters that could appear in the signature string like plus (+), forward slash (/), and equals (=) must be encoded if used in a URI. For example, if the authentication code includes a plus (+) sign, encode it as %2B in the request. Encode a forward slash as %2F and equals as %3D.
Guys, When I try to complete a project under Swift 4, using S3SignerAWS, Xcode suggests a code change in the following function:
internal func canonicalHeaders(
headers: [String: String])
-> String
{
let headerList = Array(headers.keys)
.map { "\($0.lowercased()):\(headers[$0]!)" }
.filter { $0 != "authorization" }
.sorted { $0.localizedCompare($1) == ComparisonResult.orderedAscending }
.joined(separator: "\n")
.appending("\n")
return headerList
}
to
internal func canonicalHeaders(
headers: [String: String])
-> String
{
let headerList = Array(headers.keys)
.map { "($0.lowercased()):(headers[$0]!)" }
.filter { $0 != "authorization" }
.sorted { $0.0.localizedCompare($0.1) == ComparisonResult.orderedAscending }
.joined(separator: "\n")
.appending("\n")
return headerList
}
This then causes other syntax issues.
Kind regards, Phil
I am tried to generate a valid V4 pre-signed url for uploading an image to S3.
I have checked and double-checked this:
-
or a .
Here is my code:
let path = generateUrlForAsset(withName: assetName, fileExtension: validated.fileExtension)
let requestHeaders = ["x-amz-acl": "public-read"]
let preSigned = try s3Signer.presignedURLV4(httpMethod: .put, urlString: path, expiration: .thirtyMinutes, headers: requestHeaders)
the generateUrlForAsset
function generates a url like https://s3.amazonaws.com/mybucketname/originals/5FBD0704-882B-4A8A-B931-8DB03D8DECBC.png
I've tried using the signed url both with a web form but also curl like so:
curl "https://s3.amazonaws.com/mybucketname/originals/5FBD0704-882B-4A8A-B931-8DB03D8DECBC.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYS3ISSUEDACCESSKEY%2F20170629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20170629T125701Z&X-Amz-Expires=1800&X-Amz-SignedHeaders=host;x-amz-acl&X-Amz-Signature=68c7d70b876a581bb581d23b159c2161dcc4f76343468dc5d805813ef1724b9c" --upload-file test.png -H "x-amz-acl: public-read"
I am out of options for debugging so far. Do you have any idea what I might be doing wrong?
Update 1:
I studied the generated url further and I saw that the query parameter for signed headers seperate the headers by ; which doesn't seem like a valid query parameter value to mee
X-Amz-SignedHeaders=host;x-amz-acl
Update 2:
I remove the x-amz-acl header from the list of headers and the url works now.
Update 3:
Escaping the ;
is unfortunately not enough.
I tried generating a url with the native aws-sdk for node.js and it generates the same url where the ;
is escaped, but it also appends &x-amz-acl=public-read
. This URL however works.
I'm getting the error "no such module 'Core'" and also on crypto. Where do these imports are coming from?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.