-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
159 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import hmac | ||
import json | ||
import sha | ||
from base64 import b64encode | ||
from datetime import datetime | ||
from datetime import timedelta | ||
from uuid import uuid4 | ||
|
||
from flask import Blueprint | ||
from flask import current_app | ||
from flask import jsonify | ||
|
||
s3 = Blueprint('s3', __name__) | ||
|
||
|
||
def make_policy(): | ||
bucket = current_app.config.get('S3_BUCKET') | ||
assert bucket is not None, "S3 upload is not configured" | ||
now = datetime.now() | ||
delta = timedelta(hours=1) | ||
expiration = (now + delta).strftime('%Y-%m-%dT%H:%M:%S.000Z') | ||
conditions = [{'bucket': bucket}, | ||
{'acl': 'public-read'}, | ||
["starts-with", "$key", "uploads/"], | ||
{'success_action_status': '201'}, | ||
] | ||
policy = {'expiration': expiration, | ||
'conditions': conditions, | ||
} | ||
return b64encode(json.dumps(policy).replace('\n', '').replace('\r', '')) | ||
|
||
|
||
def sign_policy(policy): | ||
key = current_app.config.get('AWS_SECRET_ACCESS_KEY') | ||
assert key is not None, "S3 upload is not configured" | ||
return b64encode(hmac.new(key, policy, sha).digest()) | ||
|
||
|
||
@s3.route('/s3_sign') | ||
def sign(): | ||
key = "uploads/" + uuid4().hex | ||
policy = make_policy() | ||
signature = sign_policy(policy) | ||
return jsonify(key=key, policy=policy, signature=signature) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
init = -> | ||
|
||
class S3Uploader | ||
constructor: (params) -> | ||
@paramsUrl = params.paramsUrl | ||
@$status = params.$status | ||
@$form = params.$form | ||
@$uploadBtn = params.$uploadBtn | ||
|
||
log: (status) -> | ||
@$status.html status | ||
|
||
start: -> | ||
@$upload_button.click -> | ||
@$form.find("input[type=file]").click() | ||
@$form.fileupload | ||
autoUpload: true | ||
dataType: "xml" | ||
add: (event, data) -> | ||
log "fetching params" | ||
$.get(@paramsUrl).done (params) => | ||
@$form.find('input[name=key]').val(params.key) | ||
@$form.find('input[name=policy]').val(params.policy) | ||
@$form.find('input[name=signature]').val(params.signature) | ||
data.submit() | ||
send: (event, data) -> | ||
log "sending" | ||
progress: (event, data) -> | ||
@$progress_bar.css "width", "#{Math.round((event.loaded / event.total) * 1000) / 10}%" | ||
fail: (event, data) -> | ||
log "failure" | ||
success: (event, data) -> | ||
log "success" | ||
done: (event, data) -> | ||
log "done" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
upload_init = -> | ||
s3u = new S3Uploader | ||
paramsUrl: '/params' | ||
$status: $('#status') | ||
$form: $("#upload_form") | ||
$uploadBtn: $("#upload_button") | ||
s3u.start() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
import hmac | ||
import json | ||
import sha | ||
from base64 import b64decode | ||
from base64 import b64encode | ||
from datetime import datetime | ||
from datetime import timedelta | ||
from time import strptime | ||
|
||
from flask import url_for | ||
|
||
from common import RankoTestCase | ||
|
||
|
||
class S3TestCase(RankoTestCase): | ||
|
||
def setUp(self): | ||
self.app.config['S3_BUCKET'] = 'my-awesome-bucket' | ||
self.app.config['AWS_SECRET_ACCESS_KEY'] = 'my-awesome-key' | ||
|
||
def test_sign(self): | ||
r = self.client.get(url_for('s3.sign')) | ||
params = r.json | ||
|
||
self.assertTrue(params['key'].startswith('uploads/')) | ||
|
||
encoded_policy = params['policy'] | ||
policy = json.loads(b64decode(encoded_policy)) | ||
now = datetime.now() | ||
expiration = policy['expiration'] | ||
expiration_time = strptime(expiration, '%Y-%m-%dT%H:%M:%S.000Z') | ||
expiration_datetime = datetime(*expiration_time[:6]) | ||
delta = expiration_datetime - now | ||
self.assertLess(delta, timedelta(hours=1)) | ||
|
||
conditions = policy['conditions'] | ||
self.assertIn({'acl': 'public-read'}, conditions) | ||
self.assertIn(["starts-with", "$key", "uploads/"], conditions) | ||
self.assertIn({'bucket': 'my-awesome-bucket'}, conditions) | ||
self.assertIn({'success_action_status': '201'}, conditions) | ||
|
||
signature = params['signature'] | ||
key = 'my-awesome-key' | ||
expected = b64encode(hmac.new(key, encoded_policy, sha).digest()) | ||
self.assertEqual(signature, expected) |