philfreo · October 6, 2012 01:27 · Dec 18, 2012 · Dec 10, 2012 · Dec 10, 2012 · Dec 9, 2012
diff --git a/view.py b/view.py
@@ -1,4 +1,4 @@
-import os, json, base64, urllib, hmac, sha
+import time, os, json, base64, urllib, hmac, sha
 
 @app.route('/sign_s3_put/')
 @login_required

diff --git a/iam_policy.js b/iam_policy.js
@@ -1,6 +1,5 @@
 {
-    "Statement": [
-    {
+    "Statement": [{
         "Action": [
             "s3:GetObject",
             "s3:PutObject",

diff --git a/view.py b/view.py
@@ -1,4 +1,4 @@
-import json, base64, urllib, hmac, sha
+import os, json, base64, urllib, hmac, sha
 
 @app.route('/sign_s3_put/')
 @login_required

diff --git a/view.py b/view.py
@@ -0,0 +1,38 @@
+import json, base64, urllib, hmac, sha
+
+@app.route('/sign_s3_put/')
+@login_required
+def sign_s3_put():
+    """
+    Provide a temporary signature so that users can upload files directly from their
+    browsers to our AWS S3 bucket.
+    The authorization portion is taken from Example 3 on
+    http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
+    """
+    # don't give user full control over filename - avoid ability to overwrite files
+    random = base64.urlsafe_b64encode(os.urandom(2))
+    object_name = random+request.args.get('s3_object_name')
+    object_name = urllib.quote_plus(object_name) # make sure it works for filenames with spaces, etc.
+    mime_type = request.args.get('s3_object_type')
+
+    expires = int(time.time()+300) # PUT request to S3 must start within X seconds
+    amz_headers = "x-amz-acl:public-read" # set the public read permission on the uploaded file
+    resource = '%s/%s' % (app.config['AWS_EMAIL_ATTACHMENTS_BUCKET_NAME'], object_name)
+    str_to_sign = "PUT\n\n{mime_type}\n{expires}\n{amz_headers}\n/{resource}".format(
+        mime_type=mime_type,
+        expires=expires,
+        amz_headers=amz_headers,
+        resource=resource
+    )
+    sig = urllib.quote_plus(base64.encodestring(hmac.new(app.config['AWS_EMAIL_ATTACHMENTS_SECRET_ACCESS_KEY'], str_to_sign, sha).digest()).strip())
+
+    url = 'https://%s.s3.amazonaws.com/%s' % (app.config['AWS_EMAIL_ATTACHMENTS_BUCKET_NAME'], object_name)
+    return json.dumps({
+        'signed_request': '{url}?AWSAccessKeyId={access_key}&Expires={expires}&Signature={sig}'.format(
+            url=url,
+            access_key=app.config['AWS_EMAIL_ATTACHMENTS_ACCESS_KEY_ID'],
+            expires=expires,
+            sig=sig
+        ),
+        'url': url
+    })
diff --git a/client.js b/client.js
@@ -1,6 +1,6 @@
 // https://github.com/elasticsales/s3upload-coffee-javascript
 var s3upload = new S3Upload({
-  file_dom_selector: '#files',
+  file_dom_selector: '#files', // an <input type="file"> element
   s3_sign_put_url: '/sign_s3_put',
   onProgress: function(percent, message, publicUrl, file) { // Use this for live upload progress bars
     console.log('Upload progress: ', percent, message);

diff --git a/client.js b/client.js
@@ -0,0 +1,14 @@
+// https://github.com/elasticsales/s3upload-coffee-javascript
+var s3upload = new S3Upload({
+  file_dom_selector: '#files',
+  s3_sign_put_url: '/sign_s3_put',
+  onProgress: function(percent, message, publicUrl, file) { // Use this for live upload progress bars
+    console.log('Upload progress: ', percent, message);
+  },
+  onFinishS3Put: function(public_url, file) { // Get the URL of the uploaded file
+    console.log('Upload finished: ', public_url);
+  },
+  onError: function(status, file) {
+    console.log('Upload error: ', status);
+  }
+});
diff --git a/policy.js → bucket_policy.js b/policy.js → bucket_policy.js
@@ -7,7 +7,7 @@
         "AWS": "*"
       },
       "Action": "s3:GetObject",
-      "Resource": "arn:aws:s3:::your-bucket-name/*"
+      "Resource": "arn:aws:s3:::bucket_name_here/*"
     }
   ]
 }
diff --git a/iam_policy.js b/iam_policy.js
@@ -0,0 +1,14 @@
+{
+    "Statement": [
+    {
+        "Action": [
+            "s3:GetObject",
+            "s3:PutObject",
+            "s3:PutObjectAcl"
+        ],
+        "Effect": "Allow",
+        "Resource": [
+            "arn:aws:s3:::bucket_name_here/*"
+        ]
+    }]
+}
diff --git a/cors.xml b/cors.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+    <CORSRule>
+        <AllowedOrigin>*</AllowedOrigin>
+        <AllowedMethod>GET</AllowedMethod>
+        <MaxAgeSeconds>3000</MaxAgeSeconds>
+        <AllowedHeader>Authorization</AllowedHeader>
+    </CORSRule>
+    <CORSRule>
+        <AllowedOrigin>*</AllowedOrigin>
+        <AllowedMethod>PUT</AllowedMethod>
+        <MaxAgeSeconds>3000</MaxAgeSeconds>
+        <AllowedHeader>Content-Type</AllowedHeader>
+        <AllowedHeader>x-amz-acl</AllowedHeader>
+        <AllowedHeader>origin</AllowedHeader>
+    </CORSRule>
+</CORSConfiguration>
diff --git a/gistfile1.js → policy.js b/gistfile1.js → policy.js
diff --git a/gistfile1.js b/gistfile1.js
@@ -0,0 +1,13 @@
+{
+  "Statement": [
+    {
+      "Sid": "AllowPublicRead",
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "*"
+      },
+      "Action": "s3:GetObject",
+      "Resource": "arn:aws:s3:::your-bucket-name/*"
+    }
+  ]
+}
No results found