From brettdgibson at gmail.com Sat Aug 18 18:47:39 2007 From: brettdgibson at gmail.com (brett gibson) Date: Sat, 18 Aug 2007 15:47:39 -0700 Subject: [s3-dev] url_for fails for virtual buckets Message-ID: <85c5f6f20708181547u3a633c4fu48edead0025a5649@mail.gmail.com> I just submitted path #13189 . Here's what I wrote: There's a problem with url_for. Whenever the buck is implicit in the hostname it cannot be in the url path as well. See: http://docs.amazonwebservices.com/AmazonS3/2006-03-01/VirtualHosting.html And compare: http://brettg.s3.amazonaws.com/argle.html http://brettg.s3.amazonaws.com/brettg/argle.html The easiest solution found was for Connection#url_for to check if there is a bucket implicit in the host and if so just strip any buckets in the paths it sees. This might seem less than ideal because in a perfect world we don't want Connection#url_for making any assumptions about the paths passed to it (viz. that they all start with a bucket name). But here's the kicker: for authentication Connection#url_for has to sign the full path including the bucket. So either Connection#url_for needs two paths passed in or it needs to assume the first part of the path is a bucket. My conscience is further eased by the fact that all S3 paths do indeed have buckets in them. I would even go so far as to have Connection#url_for throw an error if the bucket of the path passed to it does not match the bucket implicit in the hostname. The patch fixes the issue as discussed above. It also treats buckets that can be inferred from wholly different domain names the same as buckets inferred from s3.amazonaws.com subdomains (e.g. 'somebucket.com' yields the bucket 'somebucket.com' just as 'somebucket.s3.amazonaws.com' yields the bucket 'somebucket'). Please take a look. Any feedback is appreciated. Thanks, Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/amazon-s3-dev/attachments/20070818/87e79286/attachment.html From jeff at ministrycentered.com Tue Aug 21 16:51:47 2007 From: jeff at ministrycentered.com (Jeff Berg) Date: Tue, 21 Aug 2007 13:51:47 -0700 Subject: [s3-dev] SignatureDoesNotMatch error when accessing an object with a [ or ] in the name Message-ID: <767cd6eb0708211351v5c513b9p4be822ca00e45145@mail.gmail.com> Hello, I have an interesting problem. I am moving my site to use the aws-s3 gem but I am having problems using the url_for method to generate an authorized url for a file that contains a [ or ] character in the filename. If the file name does not have either a [ or ] it works fine. I tried several things to try to figure this one out but have not found a solution. Any help would be great! Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/amazon-s3-dev/attachments/20070821/a43af4f3/attachment.html From ni-di at web.de Wed Aug 22 10:18:33 2007 From: ni-di at web.de (Niko Dittmann) Date: Wed, 22 Aug 2007 16:18:33 +0200 Subject: [s3-dev] Authenticated PUT Message-ID: <5C92B1D8-DC3A-4244-97FD-9ADED025B733@web.de> Hi everybody. I'm currently working at a Rails application which needs authenticated upload and download of files. The clients of my Rails app are desktop applications. Only the admin interface is built as web application. Authenticated download from S3 is no problem at all thanks to the timed authentication via the query string of a GET request. I'd really like to use a direct authenticated upload to S3 without the Rails app as man in the middle. Unfortunately S3 doesn't provide an authenticated PUT. Therefor I hacked the AWS::S3 lib to store the request data within a global variable. It's just a single line at the end of the AWS::S3::Connection request method reading $request = request. Now my Rails app can make an empty PUT request and return the "Authorization" and the "Date" header (along with a filename) to my desktop application which can use it to upload large files directly to S3. The main benefit is that my Rails app servers don't have to handle large uploads and I don't have to run background processes to copy the files from my Rails server to S3. I'd really like to here comments on this approach. Especially: * Is the a better way to have valid PUT credentials returned from AWS::S3 than this hack and the strange empty PUT request? * Security wise this approach is certainly not Fort Knox. But as my the connection between desktop app and Rails app is via https it doesn't seem too bad, either. What do you think? Niko.