A command line application and Node.JS library for creating AWS CloudFront signed URLs.
Signed URL Generator is a command line application and dependency-free library written in TypeScript, to help you generate signed URLs for your AWS CloudFront distribution service. It can be used as a Node.JS module, in a browser, or as a cross-platform standalone application, with support for Adobe Flash Player compatibility! A demonstration is available here.
Windows (MSI Installer)
| Platform | Link |
|---|---|
| 32-bit | Download |
| 64-bit | Download |
Linux
| Platform | Link |
|---|---|
| 64-bit | Download |
| armv6 | Download |
| armv7 | Download |
Mac OSX
| Platform | Link |
|---|---|
| 64-bit | Download |
Node.JS
Via NPM
npm i signed-url-generatorVia Yarn
yarn add signed-url-generatorBrowser
| Platform | Link |
|---|---|
| Latest | Download |
For other versions, see releases.
MD5 Checksums (Latest)
| Platform | MD5 Sum |
|---|---|
| Windows (32-bit) Installer | |
| Windows (64-bit) Installer | |
| Linux (64-bit) Executable | |
| Linux (armv6) Executable | |
| Linux (armv7) Executable | |
| Mac OSX (64-bit) Installer |
--canned: Create a signed url using a canned policy.
--custom: Create a signed url using a custom policy.
--policy: File path or JSON string of the policy statement[1].
--key-pair-id: The CloudFront key pair ID.
--query (optional): Query parameters to be appended to the URL. Each parameter can be defined as foo=bar. Parameters without an explicit value will be given the value of true by default.
--key: The file path of the private key[2].
--expire-time: An epoch timestamp used to expire a link after the desired time has lapsed.
--is-flash (optional): Whether the hashed Signature needs to have special characters replaced for Adobe Flash Player.
--help: Displays a list of available arguments.
--version: The current version of the software.
Notes:
signed-url-generator call signature is written in node style to maintain familiarity for developers.
- policy:
object[1] - baseURL:
string - keyPairId:
string - privateKey:
Buffer[2] - options:
object(optional)
Returns a string as a signed URL using a canned policy.
- policy:
object[1] - baseURL:
string - keyPairId:
string - privateKey:
Buffer[2] - options:
object(optional)
Returns a string as a signed URL using a custom policy.
Options
This parameter can be used to append parameters to the URL. Depending on whether a canned policy or a custom policy is used, some of the parameters may be required.
- query :
object - expireTime :
number - isFlash :
boolean
Notes:
-
Creating A Signed URL Using A Canned Policy From Command Line
-
Creating A Signed URL Using A Custom Policy From Command Line
-
Creating A Signed URL Using A Canned Policy In Node (Server-Side)
-
Creating A Signed URL Using A Custom Policy In Node (Server-Side)
signed-url-generator --canned --policy "/path/to/policy.json" --base-url "https://my-cloudfront-domain.net" --key-pair-id "ABCDEFGHIJHLMN" --key "/path/to/private/key.pem" --query size=medium --query size=large --query "something else"Notes:
- Query parameters containing a space (character U+0020) should be encased in double quotes (
"") or single quotes ('') .- Query parameters are encoded as
application/x-www-urlencodedMIME type. Therefore, parameters containg a space, (character U+0020) will be converted to '+'.- Multiple
--queryparameters are allowed.--queryparameters which are not assigned a value (for example,--query foo) are given the value oftrueby default (foo=true).
signed-url-generator --custom --policy "/path/to/policy.json" --base-url "https://my-cloudfront-domain.net" --key-pair-id "ABCDEFGHIJHLMN" --key "/path/to/private/key.pem" --query size=medium --query size=large --query "something else"Notes:
- Query parameters containing a space (character U+0020) should be encased in double quotes (
"") or single quotes ('') .- Query parameters are encoded as
application/x-www-urlencodedMIME type. Therefore, parameters containg a space, (character U+0020) will be converted to '+'.- Multiple
--queryparameters are allowed.--queryparameters which are not assigned a value (for example,--query foo) are given the value oftrueby default (foo=true).
CommonJS (Node v8+)
const readFileSync = require('fs').readFileSync,
generate = require('signed-url-generator').generate
// Read your key as a buffer.
const key = readFileSync('/path/to/key.pem'),
// baseURL of your CloudFront domain
baseURL = 'https://my-cloudfront-domain.net',
// Your CloudFront key pair ID
keyPairId = 'ABCDEFGHIJHLMN',
// declare your policy statement
policy = {
Statement:[{
Resource:'https://my-cloudfront-domain.net/my-s3-bucket/*',
Condition:{
DateLessThan:{
'AWS:EpochTime': Date.now().getTime()
}
}
}]
},
query = {
size:medium,
dpi:['lo','hi']
}
let url = generate(policy, baseUrl, keyPairId, privateKey, query).canned()
console.log(url)ES6+
import { readFileSync } from 'fs'
import { generate } from 'signed-url-generator'
// Read your key as a buffer.
const key = readFileSync('/path/to/key.pem'),
// baseURL of your CloudFront domain
baseURL = 'https://my-cloudfront-domain.net',
// Your CloudFront key pair ID
keyPairId = 'ABCDEFGHIJHLMN'
// declare your policy statement
policy = {
Statement:[
Resource:'https://my-cloudfront-domain.net/my-s3-bucket/*',
Condition:{
DateLessThan:{
'AWS:EpochTime': Date.now().getTime()
}
}
]
},
query = {
size:medium,
dpi:['lo','hi']
}
let url = generate(policy, baseUrl, keyPairId, privateKey, query).canned()CommonJS (Node v8+)
const readFileSync = require('fs').readFileSync,
generate = require('signed-url-generator').generate
// Read your key as a buffer.
const key = readFileSync('/path/to/key.pem'),
// baseURL of your CloudFront domain
baseURL = 'https://my-cloudfront-domain.net',
// Your CloudFront key pair ID
keyPairId = 'ABCDEFGHIJHLMN',
// declare your policy statement
policy = {
Statement:[
Resource:'https://my-cloudfront-domain.net/my-s3-bucket/*',
Condition:{
DateLessThan:{
'AWS:EpochTime': Date.now().getTime()
}
}
]
},
query = {
size:medium,
dpi:['lo','hi']
}
let url = generate(policy, baseUrl, keyPairId, privateKey, query).custom()
console.log(url)ES6+
import { readFileSync } from 'fs'
import { generate } from 'signed-url-generator'
// Read your key as a buffer.
const key = readFileSync('/path/to/key.pem'),
// baseURL of your CloudFront domain
baseURL = 'https://my-cloudfront-domain.net',
// Your CloudFront key pair ID
keyPairId = 'ABCDEFGHIJHLMN'
// declare your policy statement
policy = {
Statement:[
Resource:'https://my-cloudfront-domain.net/my-s3-bucket/*',
Condition:{
DateLessThan:{
'AWS:EpochTime': Date.now().getTime()
}
}
]
},
query = {
size:medium,
dpi:['lo','hi']
}
let url = generate(policy, baseUrl, keyPairId, privateKey, query).custom()
console.log(url)<input id="fileInput" type="file" />
<script src="" />
<script>
// Instansiate a new FileReader
var fileReader = new FileReader(),
fileInput = document.getElementById('fileInput')
fileReader.onload = function(event){
// Retreive the array buffer of the private key
var privateKey = event.target.value
// baseURL of your CloudFront domain
baseURL = 'https://my-cloudfront-domain.net',
// Your CloudFront key pair ID
keyPairId = 'ABCDEFGHIJHLMN',
// declare your policy statement
policy = {
Statement:[
Resource:'https://my-cloudfront-domain.net/my-s3-bucket/*',
Condition:{
DateLessThan:{
'AWS:EpochTime': Date.now().getTime()
}
}
]
},
query = {
size:medium,
dpi:['lo','hi']
}
var url = SignedUrl.generate(policy, baseUrl, keyPairId, privateKey, query).canned()
window.alert(url)
}
fileInput.onchange = function(){
/* fileReader will retain a list of files that have been
selected, using a FileList object. We will retrieve this
by referencing to the object stored within key 0 of files,
as pass it into the fileReader as an array buffer. For more
information, see https://developer.mozilla.org/en-US/docs/Web/API/FileReader
*/
fileReader.readAsArrayBuffer(this.files[0])
}
</script><input id="fileInput" type="file" />
<script src="" />
<script>
// Instansiate a new FileReader
var fileReader = new FileReader(),
fileInput = document.getElementById('fileInput')
fileReader.onload = function(event){
// Retreive the array buffer of the private key
var privateKey = event.target.value
// baseURL of your CloudFront domain
baseURL = 'https://my-cloudfront-domain.net',
// Your CloudFront key pair ID
keyPairId = 'ABCDEFGHIJHLMN',
// declare your policy statement
policy = {
Statement:[
Resource:'https://my-cloudfront-domain.net/my-s3-bucket/*',
Condition:{
DateLessThan:{
'AWS:EpochTime': Date.now().getTime()
}
}
]
},
query = {
size:medium,
dpi:['lo','hi']
}
var url = SignedUrl.generate(policy, baseUrl, keyPairId, privateKey, query).custom()
window.alert(url)
}
fileInput.onchange = function(){
/* fileReader will retain a list of files that have been
selected, using a FileList object. We will retrieve this
by referencing to the object stored within key 0 of files,
as pass it into the fileReader as an array buffer. For more
information, see https://developer.mozilla.org/en-US/docs/Web/API/FileReader
*/
fileReader.readAsArrayBuffer(this.files[0])
}
</script>No.
Just kidding!
You may download the type definitions by using the following command:
npm i -D @types/signed-url-generatorThanks! Please see Contributing section.
Found a problem? Got a solution? Check out the Reporting Bugs.
Found a problem and fixed it yourself? Had a good idea you think would be a useful feature to have? Great! Thank you very much! After signing the Contributer Licence Agreement, please open a new pull request.
Before submitting a pull request, please make sure the following criteria are met:
- All tests are passing.
- Any additional licences are updated in Licence.txt
If a problem has arisen using signed-url-generator, take a look on the issues page to see if a solution has been found. Should no such answer warrant a sufficient answer, a new issue may be raised. Where possible, it is recommended to retain relevance to the guidelines set out by the reporting bugs section.
Licence: BSD-3-Clause. © MyWebula, 2019.