Skip to content

feat: support signed urls #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: 08-29-refactor_migrate_to_esm_use_pkg-utils_for_build_switch_tests_to_vitest
Choose a base branch
from
Open

feat: support signed urls #85

wants to merge 2 commits into from
+1,051 −1,334

Conversation

rdunk
Copy link
Member

@rdunk rdunk commented Aug 29, 2025
edited
Loading

The Media Library introduces the concept of Protected assets, which can only be accessed via an authenticated session or signed URLs. To support Protected assets in user applications, we need to provide tooling to simplify the DX for actually generating signed URLs.

This package currently ships with no dependencies, however we now require some small crypto dependencies to handle generating signatures. As this feature will only be used by a small subset of users, and to avoid adding extraneous dependencies to user bundles, it seemed to make sense to provide an extended image URL builder with some extra signing specific methods at a different export path.

These extra methods are:

expiry​ - for defining an expiry
signingKey​ - for providing a key ID and private key
signedUrl​ - for generating a signed URL with expiry​ (optional), keyid​ and signature​ params.

The extended builder still exposes the url​ method, which will omit any signing specific parameters even if they have been provided.

To facilitate this, I refactored the ImageUrlBuilder​ class slightly to better support extending it.

I’ve also added tests to cover the new functionality.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 29, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 1d5caee

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sanity/image-url Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@rdunk Graphite App
Copy link
Member Author

rdunk commented Aug 29, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

@rdunk rdunk mentioned this pull request Aug 29, 2025
Open
@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch from 15b38f9 to e023476 Compare August 29, 2025 14:43
@rdunk rdunk force-pushed the 08-29-refactor_migrate_to_esm_use_pkg-utils_for_build_switch_tests_to_vitest branch from 05bed0c to e0fdb42 Compare August 29, 2025 14:43
@socket-security Socket Security
Copy link

socket-security bot commented Aug 29, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​types/​node@​24.3.0 ⏵ 24.5.1100 +110081 +196100
Updated@​changesets/​cli@​2.29.6 ⏵ 2.29.797 +1100100 +193 -1100
Updated@​sanity/​pkg-utils@​8.1.3 ⏵ 8.1.1296 +1100100100 +1100

View full report

@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch from e023476 to 463af15 Compare August 29, 2025 16:06
@rdunk rdunk force-pushed the 08-29-refactor_migrate_to_esm_use_pkg-utils_for_build_switch_tests_to_vitest branch from e0fdb42 to d2aec21 Compare August 29, 2025 16:06
@rdunk rdunk marked this pull request as ready for review August 29, 2025 16:27
@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch from 463af15 to cacea62 Compare August 29, 2025 16:28
@rdunk rdunk marked this pull request as draft September 4, 2025 20:42
@rdunk
Copy link
Member Author

rdunk commented Sep 4, 2025

Moving to draft until @sanity/signed-urls is published.

@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch 2 times, most recently from 7bac3b9 to ab747dc Compare September 9, 2025 11:13
@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch 3 times, most recently from 35b44c3 to 3654954 Compare September 23, 2025 12:24
@rdunk rdunk mentioned this pull request Sep 23, 2025
Open
@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch from 3654954 to d5b6cc8 Compare September 23, 2025 12:42
@rdunk rdunk force-pushed the 08-29-refactor_migrate_to_esm_use_pkg-utils_for_build_switch_tests_to_vitest branch from f80b5ba to 826e441 Compare September 23, 2025 13:11
@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch 3 times, most recently from 2cd545d to 5ab286b Compare September 23, 2025 13:17
@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch from 5ab286b to dd6faa1 Compare September 23, 2025 13:21
@rdunk
Copy link
Member Author

rdunk commented Sep 23, 2025

Blocked by sanity-io/signed-urls#23

@rdunk rdunk force-pushed the 08-29-feat_support_signed_urls branch from dd6faa1 to 1d5caee Compare September 23, 2025 14:30
@rdunk
Copy link
Member Author

rdunk commented Sep 23, 2025

sanity-io/signed-urls#23 merged with an upstream fix, so this one is ready now. 🥳

@rdunk rdunk marked this pull request as ready for review September 23, 2025 14:32
@rdunk rdunk requested review from a team and jmswrnr September 23, 2025 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmswrnr jmswrnr Awaiting requested review from jmswrnr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rdunk