Override headers for presignedUrl

[ConnorMcF]

Hi,

I'm looking to use presignedUrl with the ability to change the host/port the function generates. Our Minio instance runs internally behind a proxy. The endpoint we provide to the library is the internal hostname which means that presigned URLs are also generated using that.

This wouldn't be such a problem if the Host header wasn't signed, as we could just swap it out -- however it is, and I don't see any interface to override this header when signing a URL besides what's inferred from the endpoint.

Minio server: minio.acme.internal
Reverse proxy: acme.org/bucket (proxy strips path)

const Minio = require('minio')
const minio = new Minio.Client({
  endPoint: 'minio.acme.internal',
  port: 9000,
  // ...
})

minio.presignedUrl('GET', 'example', 'test.pdf', 24 * 60 * 60, (err, url) => {
  console.log(url)
  // -> http://minio.acme.internal:9000/example/test.pdf?headers=...&X-Amz-Algorithm=...&X-Amz-Credential=...&X-Amz-Date=...&X-Amz-Expires=...&X-Amz-SignedHeaders=...&X-Amz-Signature=...
  //    Not externally accessible!
})

What I would like to see returned is:

https://acme.org/bucket/example/test.pdf?headers=...&X-Amz-Algorithm=...&X-Amz-Credential=...&X-Amz-Date=...&X-Amz-Expires=...&X-Amz-SignedHeaders=...&X-Amz-Signature=...

Is there an option I'm missing that can override the Host header and mutate the URL this way? If not, would it be feasible to add one?

I would think either something like a publicEndPoint option on the instance, or a way to pass headers into the presignedUrl function to be passed onto getRequestOptions.

minio-js/src/minio.js

Line 1243 in 16dcbbf

var reqOptions = this.getRequestOptions({ method, region, bucketName, objectName, query })

const minio = new Minio.Client({
  endPoint: 'minio.acme.internal',
  port: 9000,
  publicEndPoint: 'https://acme.org/bucket',
  // ...
})

and/or

minio.presignedUrl('GET', 'example', 'test.pdf', 24 * 60 * 60, undefined, undefined, {
  protocol: 'https',
  host: 'acme.org',
}, cb)

Apologies if I've missed anything, but this is what I think it might look like from my scan over the source.

Cheers.

[prakashsvmx]

host is a signed header. so not sure how it would work out.

have you checked the MINIO_SERVER_URL ?

Set MINIO_SERVER_URL to the proxy host FQDN of the MinIO Server (https://minio.example.net)

https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html#integrations-nginx-proxy

[ConnorMcF]

The idea is that I'd be after some interface into the library to define the Host header myself so that it'll work.

I tried setting the MINIO_SERVER_URL but it has no effect on the library, since it's still generating signed links for the endPoint option. I can't set this to the external address as it needs to communicate to Minio on an internal network, but then provide external URLs.

Canonical request:

GET
/example/test.pdf
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=uptV2Iv0NWcjJBFua3g1%2F20231108%2Fuk%2Fs3%2Faws4_request&X-Amz-Date=20231108T161425Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host
host:minio.acme.internal:9000
host
UNSIGNED-PAYLOAD

The canonical request is using the Host field from the endPoint, so even if I set MINIO_SERVER_URL or rewrite the URL, it won't work as the header doesn't match.