Skip to content

GitLab

Commit b3c7a901 authored by Diederik van der Boor's avatar Diederik van der Boor
Browse files

Allow S3 objects to be streamed through the PrivateStorageView in the admin

parent a87f4f16
Hide whitespace changes
Inline Side-by-side
README.rst
View file @ b3c7a901
...@@ -89,6 +89,9 @@ The following settings are reused when they don't have an corresponding ``AWS_PR ...@@ -89,6 +89,9 @@ The following settings are reused when they don't have an corresponding ``AWS_PR
All other settings should be explicitly defined with ``AWS_PRIVATE_...`` settings. All other settings should be explicitly defined with ``AWS_PRIVATE_...`` settings.
By default, all URLs in the admin return the direct S3 bucket URls, with the `query parameter authentication`_ enabled.
When ``AWS_PRIVATE_QUERYSTRING_AUTH = False``, all file downloads are proxied through our ``PrivateFileView`` URL.
To have encryption either configure ``AWS_PRIVATE_S3_ENCRYPTION`` To have encryption either configure ``AWS_PRIVATE_S3_ENCRYPTION``
and ``AWS_PRIVATE_S3_SIGNATURE_VERSION`` or use: and ``AWS_PRIVATE_S3_SIGNATURE_VERSION`` or use:
...@@ -218,3 +221,4 @@ or think it's not flexible enough, please let us know. We'd love to improve it! ...@@ -218,3 +221,4 @@ or think it's not flexible enough, please let us know. We'd love to improve it!
.. _django-storages: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html .. _django-storages: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html
.. _query parameter authentication: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
private_storage/appconfig.py
View file @ b3c7a901
...@@ -7,3 +7,5 @@ PRIVATE_STORAGE_AUTH_FUNCTION = getattr(settings, 'PRIVATE_STORAGE_AUTH_FUNCTION ...@@ -7,3 +7,5 @@ PRIVATE_STORAGE_AUTH_FUNCTION = getattr(settings, 'PRIVATE_STORAGE_AUTH_FUNCTION
# For Nginx X-Accel-Redirect # For Nginx X-Accel-Redirect
PRIVATE_STORAGE_INTERNAL_URL = getattr(settings, 'PRIVATE_STORAGE_INTERNAL_URL', '/private-x-accel-redirect/') PRIVATE_STORAGE_INTERNAL_URL = getattr(settings, 'PRIVATE_STORAGE_INTERNAL_URL', '/private-x-accel-redirect/')
PRIVATE_STORAGE_S3_REVERSE_PROXY = getattr(settings, 'PRIVATE_STORAGE_S3_REVERSE_PROXY', False)
private_storage/storage/s3boto3.py
View file @ b3c7a901
from django.urls import reverse
from django.utils.deconstruct import deconstructible from django.utils.deconstruct import deconstructible
from storages.backends.s3boto3 import S3Boto3Storage from storages.backends.s3boto3 import S3Boto3Storage
from storages.utils import setting from storages.utils import setting
from private_storage import appconfig
@deconstructible @deconstructible
...@@ -35,6 +37,14 @@ class PrivateS3BotoStorage(S3Boto3Storage): ...@@ -35,6 +37,14 @@ class PrivateS3BotoStorage(S3Boto3Storage):
region_name = setting('AWS_PRIVATE_S3_REGION_NAME', S3Boto3Storage.region_name) # fallback to default region_name = setting('AWS_PRIVATE_S3_REGION_NAME', S3Boto3Storage.region_name) # fallback to default
use_ssl = setting('AWS_PRIVATE_S3_USE_SSL', True) use_ssl = setting('AWS_PRIVATE_S3_USE_SSL', True)
def url(self, name, *args, **kwargs):
if appconfig.PRIVATE_STORAGE_S3_REVERSE_PROXY or not self.querystring_auth:
# There is no direct URL possible, return our streaming view instead.
return reverse('serve_private_file', kwargs={'path': name})
else:
# The S3Boto3Storage can generate a presigned URL that is temporary available.
return super(PrivateS3BotoStorage, self).url(name, *args, **kwargs)
@deconstructible @deconstructible
class PrivateEncryptedS3BotoStorage(PrivateS3BotoStorage): class PrivateEncryptedS3BotoStorage(PrivateS3BotoStorage):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment