Fix #358 - migrate to S3 policy v4 to support AWS4-HMAC-SHA256

rubenvandeven · rubenvandeven · commit cf0cd3826915 · 2020-09-04T22:08:38.000+02:00
diff --git a/client/modules/IDE/actions/uploader.js b/client/modules/IDE/actions/uploader.js
@@ -77,9 +77,6 @@ export function dropzoneSendingCallback(file, xhr, formData) {
       Object.keys(file.postData).forEach((key) => {
         formData.append(key, file.postData[key]);
       });
-      formData.append('Content-type', file.type);
-      formData.append('Content-length', '');
-      formData.append('acl', 'public-read');
     }
   };
 }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -215,7 +215,7 @@
     "request": "^2.88.2",
     "request-promise": "^4.2.5",
     "reselect": "^4.0.0",
-    "s3-policy": "^0.2.0",
+    "s3-policy-v4": "0.0.3",
     "sass-extract": "^2.1.0",
     "sass-extract-js": "^0.4.0",
     "sass-extract-loader": "^1.1.0",
diff --git a/server/controllers/aws.controller.js b/server/controllers/aws.controller.js
@@ -1,5 +1,5 @@
 import uuid from 'node-uuid';
-import policy from 's3-policy';
+import S3Policy from 's3-policy-v4';
 import s3 from '@auth0/s3';
 import { getProjectsForUserId } from './project.controller';
 import { findUserByUsername } from './user.controller';
@@ -80,22 +80,19 @@ export function signS3(req, res) {
   }
   const fileExtension = getExtension(req.body.name);
   const filename = uuid.v4() + fileExtension;
-  const acl = 'public-read';
-  const p = policy({
+  const acl = 'private';
+  const policy = S3Policy.generate({
     acl,
-    secret: process.env.AWS_SECRET_KEY,
-    length: 5000000, // in bytes?
-    bucket: process.env.S3_BUCKET,
     key: filename,
-    expires: new Date(Date.now() + 60000),
+    bucket: process.env.S3_BUCKET,
+    contentType: req.body.type,
+    region: process.env.AWS_REGION,
+    accessKey: process.env.AWS_ACCESS_KEY,
+    secretKey: process.env.AWS_SECRET_KEY,
+    // metadata: {'x-amz-meta-lat': '41.891',...} (optional)
+    metadata: []
   });
-  const result = {
-    AWSAccessKeyId: process.env.AWS_ACCESS_KEY,
-    key: `${req.body.userId}/${filename}`,
-    policy: p.policy,
-    signature: p.signature
-  };
-  res.json(result);
+  res.json(policy);
 }
 
 export function copyObjectInS3(url, userId) {

Original file line number	Diff line number	Diff line change
`@@ -77,9 +77,6 @@ export function dropzoneSendingCallback(file, xhr, formData) {`
`77`	`77`	`Object.keys(file.postData).forEach((key) => {`
`78`	`78`	`formData.append(key, file.postData[key]);`
`79`	`79`	`});`
`80`		`- formData.append('Content-type', file.type);`
`81`		`- formData.append('Content-length', '');`
`82`		`- formData.append('acl', 'public-read');`
`83`	`80`	`}`
`84`	`81`	`};`
`85`	`82`	`}`