dylanvaughn / aws_cf_signer Goto Github PK

View Code? Open in Web Editor NEW

100.0 100.0 36.0 27 KB

Ruby gem for signing AWS Cloudfront URLs for serving private content

License: MIT License

Ruby 100.00%

aws_cf_signer's People

Contributors

Stargazers

Watchers

Forkers

rixiform 58bits nerdrew cmather tigraine victorcreed conradirwin ovuxuandung rujmah mootpointer fredxinfan adil9 fanglang eyesnareinc prabhupuredla95 nahcy3224 djiit

aws_cf_signer's Issues

`sign` will used canned policy if `policy_options` only contains `:ending` and `:resource`

When using this gem to sign a CF URL for a resource with a wildcard and an expiration time, but no other options, the sign method will create a canned policy querystring, rather than a custom policy query string.

Custom policy not working

Got it working with canned policy:

signer.sign("http://d253c4ja9jigvu.cloudfront.net/header-logotype-2.png", :ending => Time.now + 3600)

But when I tried:

signer.sign("http://d253c4ja9jigvu.cloudfront.net/header-logotype-2.png", :ending => Time.now + 36000, :resource => "http://*", :ip_range => "10.52.176.0/24")

To get a custom policy ip based signature I got an url which gave me "Malformed Policy" error from cloudfront.

If the canned one works the custom shouldn't require any other kind of configuration on cloudfront, right?

Am I doing it wrong?

Error with Jruby

Hello I am not sure if this gem is unsupported on jruby. But i keep getting this error. No insight on Stackoverflow.

NoMethodError: undefined method `=' for #Pathname:0x79d63a4f
initialize at //.rvm/gems/jruby-1.7.19/gems/aws_cf_signer-0.1.3/lib/aws_cf_signer.rb:10

Signed Cookies

AWS announced signed cookies support a while back, a good use-case for them is to provide access to multiple restricted files.

The implementation is very similar to signed URLs, but trying to get the values from aws_cf_signer and sending them using cookies in Rails didn't work. I added some attr_readers to signer and:

Controller

domain = 'd1z0hf3p8j4xla.cloudfront.net'
key = 'pk-APKAJVJCJ35TMRTR5DYQ.pem'
signer = AwsCfSigner.new(Rails.root.join(key).to_s)
url = signer.sign("http://#{domain}/folder2/stealz_logo3.png", ending: 2.day.from_now)

{ 'CloudFront-Expires' => signer.expires_at,
  'CloudFront-Signature' => signer.signature,
  'CloudFront-Key-Pair-Id' => signer.key_pair_id }.each do |key, value|
  cookies[key] = { value: value, domain: domain, httponly: true, secure: true }
end

That url being set works as intended, the problem is solely when setting the cookies and trying to read the object without the signed url.

Response

Even I see the cookies coming down on the response (Google Chrome Developer Tools), I cannot find the cookies when I search for cloudfront.net in my cookies and I get a 403 Forbidden (<?xml version="1.0" encoding="UTF-8"?><Error><Code>MissingKey</Code><Message>Missing Key-Pair-Id query parameter or cookie value</Message></Error>) when linking to the image.

Headers

...
Set-Cookie:CloudFront-Signature=NhbepC75buSNRcMiBDvK1T724whA%7EX88pzmEHJ%7E98aVFNMr0KtF3TRWsoD%7ET6Hr%7EEvJqehl6oFUCav4mJUFiSmL4i6Yf6aWkuTqnWWqUyDGqlm9Uq%7EpzIBAXu9Xpt54r3qxwxqTYE7%7ENDyfa1CJiTg1u7sUY266vQPFQqjZ3k5TETupabYFm4udKZCcIkaGtz2Ut2v8qrnM-gg0sTrPoamKBGcv0sAoZMhm%7EG5rF5%7EiEuOz0swo7vHga2dhA06phXup-bGjsoLnd2la-n0Xj%7E8aV6bwpvPpMpPbMTsN4Gr6Cu06iijpUYEUQ4VhDwgYZ4GRSOQWhPC22GtlHLb9o1g__; domain=d1z0hf3p8j4xla.cloudfront.net; path=/; secure; HttpOnly

Set-Cookie:CloudFront-Key-Pair-Id=APKAJVJCJ35TMRTR5DYQ; domain=d1z0hf3p8j4xla.cloudfront.net; path=/; secure; HttpOnly

Set-Cookie:CloudFront-Expires=1428865213; domain=d1z0hf3p8j4xla.cloudfront.net; path=/; secure; HttpOnly
...

Body

...
<img src="http://d1z0hf3p8j4xla.cloudfront.net/folder2/stealz_logo3.png " alt="Stealz logo3">
...

UPDATE: Corrected response when requesting image.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.