search

http4k / http4k-connect

Featherweight API libraries for connecting to popular third-party cloud services
https://connect.http4k.org
Apache License 2.0
37 stars 16 forks source link

Amazon Presigner #335

Closed oharaandrew314 closed 10 months ago

oharaandrew314 commented 11 months ago

It would be nice to have some sort of amazon presigner; particularly for S3 GET and PUT.

daviddenton commented 11 months ago

It's very possible - I'm sure we've done it before as a filter and using the signing we've already got in the Aws module of the core.

oharaandrew314 commented 11 months ago

It seems to me the biggest/only difference between a signed request and pre-signed request is that in a pre-signed request you can customize the validity duration of the signature. If I can find the documentation (or reverse-engineer one of the SDKs) I should be able to come up with an extension to the AwsSignatureV4Signer to add the additional properties.

oharaandrew314 commented 11 months ago

I think all I need to do is add the X-Amz-Expires header to the canonical request, and the AwsSignatureV4Signer should work out of the box.

oharaandrew314 commented 11 months ago

I'm tantalizingly close. I'm no longer getting SignatureDoesNotMatch, but now I'm getting AccessDenied, which is frustratingly vague.

oharaandrew314 commented 11 months ago

Bingo. I've made a PR in the main http4k repo to add a common pre-signer.

daviddenton commented 11 months ago

Closing as releasing in main http4k-aws module

oharaandrew314 commented 11 months ago

I was going to make an additional helper in this repo, but now that it's possible with the main module, you can close this if you want.

daviddenton commented 11 months ago

Intersting - how did you envisage that helper being used?

oharaandrew314 commented 11 months ago

Something like

fun S3Bucket.presign(action: S3BucketAction<*>): PresignedRequest

so you could do 

val s3Bucket = S3Bucket.Http("foo", "ca-central-1")
val signed = s3Bucket.presign(GetObject("foo.txt"))
daviddenton commented 11 months ago

ok - sounds good. If you can do it I'll hold off on the connect release until it's donr

oharaandrew314 commented 11 months ago

Timing for me will be tight, but I'll try to have it done by your next morning. If not, I'll be AFK for a week, so you should release without it.

daviddenton commented 11 months ago

don;t worry actually - there's nothing else to go in so will hold off :)

oharaandrew314 commented 11 months ago

This now depends on https://github.com/http4k/http4k/pull/1015

daviddenton commented 10 months ago

we're now running with that latest http4k which has that change in it you need 😄

daviddenton commented 10 months ago

Merged and awaiting release.