# HG changeset patch # User Gustavo Andres Morero # Date 1525809883 10800 # Tue May 08 17:04:43 2018 -0300 # Node ID 8e28084a2d636e07dbb4f695f340cee018e798a6 # Parent 29de1fcd2e5cf37549f221a84fd511db24f83092 updating aws get_auth_link to use boto3. diff --git a/webutils/aws/secures3.py b/webutils/aws/secures3.py --- a/webutils/aws/secures3.py +++ b/webutils/aws/secures3.py @@ -1,5 +1,6 @@ import hmac import time +import boto3 import base64 import hashlib try: @@ -53,8 +54,8 @@ return (bucket, filename, s.scheme) - def get_auth_link(self, bucket, filename, - scheme='http', expires=300, timestamp=None): + def get_auth_link(self, bucket, filename, scheme='http', + expires=300, timestamp=None): ''' Return a secure S3 link with an expiration on the download. key: S3 Access Key (login) @@ -66,23 +67,23 @@ ''' filename = quote_plus(filename) filename = filename.replace('%2F', '/') - path = '/%s/%s' % (bucket, filename) if timestamp is not None: - expire_time = float(timestamp) + expires_in = int(timestamp - time.time()) else: - expire_time = time.time() + expires + expires_in = expires - expire_str = '%.0f' % (expire_time) - string_to_sign = u'GET\n\n\n%s\n%s' % (expire_str, path) - params = { - 'AWSAccessKeyId': self.key, - 'Expires': expire_str, - 'Signature': self.gen_signature(string_to_sign.encode('utf-8')), - } - - return '%s://s3.amazonaws.com/%s/%s?%s' % ( - scheme, bucket, filename, urlencode(params)) + s3_client = boto3.client( + 's3', + aws_access_key_id=self.key, + aws_secret_access_key=self.secret_key, + ) + url = s3_client.generate_presigned_url( + ClientMethod='get_object', + Params={'Bucket': bucket, 'Key': filename}, + ExpiresIn=expires_in, + ) + return url def get_easy_auth_link(self, url, expires=600): ''' url should be the full URL to the secure file hosted on S3.