Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generate presigned url using the specified hash #798

Open
Zazck opened this issue Sep 16, 2019 · 4 comments
Open

generate presigned url using the specified hash #798

Zazck opened this issue Sep 16, 2019 · 4 comments
Assignees
@kanagarajkm
Labels
priority: medium triage

Comments

@Zazck
Copy link

Zazck commented Sep 16, 2019

minio-js/src/main/signing.js

Line 257 in 6459c82

var hashedPayload = 'UNSIGNED-PAYLOAD'

currently presigned put request has a fixed 'UNSIGNED-PAYLOAD' which should be replaced by a real file hash when ' X-Amz-Content-Sha256' was precaculated by browser

I didn't found any other way to change it without modifying the source.

for myself, I wrote following code:

var unsignedPayload = 'UNSIGNED-PAYLOAD';
var hashedPayload;
var reqParams = querystring.parse(query);
if ('X-Amz-Content-Sha256' in reqParams) {
  hashedPayload = reqParams['X-Amz-Content-Sha256'];
} else {
  hashedPayload = unsignedPayload;
}

and for usage:

const presigned = await minio.presignedUrl('PUT', 'data', 'testfile.jpg', 5 * 60, {
  'X-Amz-Content-Sha256': 'adf879c749266508e488791329a41f74a5a093196ed9f57489eed9676549ae26',
});

I think it's very ugly.
@nitisht
Copy link
Contributor

nitisht commented Sep 16, 2019

thanks we'll take a look @Zazck

@kanagarajkm
Copy link
Collaborator

AWS S3 doc recommends having UNSIGNED-PAYLOAD for presigned requests https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

You don't include a payload hash in the Canonical Request, because when you create a presigned URL, you don't know the payload content because the URL is used to upload an arbitrary payload. Instead, you use a constant string UNSIGNED-PAYLOAD.

@Zazck
Copy link
Author

Zazck commented Sep 30, 2019

@kanagarajkm
The basic idea is, I would let user browser caculate the file hash before they upload, the filename will be the previously calculated hash, and then send those hashes to other participants who are waiting for the file. They should be able to get the file link(generated by hash) immediately even it's not available, The uploader must then upload the file content that has precalculated hash posted before, other participants will receive a signal upon completion of the upload.

Since the message containing the file hash should have some text content that should not be blocked by the file upload, and the sent message must contain a file hash for the local history, it seems reasonable to use a presigned url to resolve the problem.

And in this case, UNSIGNED-PAYLOAD won't work.

@gcuellar
Copy link

gcuellar commented Nov 2, 2022
edited
Loading

Something new about this @Zazck ? I've the same problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kanagarajkm kanagarajkm

Labels
priority: medium triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gcuellar @nitisht @Zazck @kanagarajkm