s3_policy 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2c5d0222981fa5af54e2f07e1a30e3fdad43b784
+  data.tar.gz: 7c938b25040d556549b972df4db20cb434df9c01
+SHA512:
+  metadata.gz: d0ab17188060124eb1fc3213a7ef2b840d9f0eb53678f1c3e8292ec2474dcb77ee86ef0c6310f282a0af8e4e106c1ea938fa9a5d5b51cc35144727cf26227291
+  data.tar.gz: b31f09b45b19f311a223aea5f9d898987cf200abfe93174c80b809345c2d0a372d0ac81c2618eaf124ee8fa2e436fdcc8eaac425c0258e4b561cc2aa717f3d38

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in s3_policy.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Daniel X Moore
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,45 @@
+# S3Policy
+
+Generate a signed S3 policy document for namespaced clientside uploads.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 's3_policy'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install s3_policy
+
+## Usage
+
+```ruby
+require 's3_policy'
+
+policy = S3Policy.generate_policy_document(
+  bucket: "my_awesome_bucket",
+  namespace: "users/#{user_id}/"
+)
+
+signature = S3Policy.sign_document(policy, aws_secret_key)
+
+# Give this to the client
+{
+  aws_access_key_id: aws_access_key_id,
+  policy: policy,
+  signature: signature
+}
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/lib/s3_policy.rb

@@ -0,0 +1,60 @@
+require "s3_policy/version"
+
+require "base64"
+require "date"
+require "digest/sha1"
+require "json"
+require "openssl"
+require "time"
+
+module S3Policy
+  class << self
+    def generate_policy_document(options={})
+      # Required
+      bucket = options[:bucket]
+
+      # Optional
+      acl = options[:acl] || "public-read"
+      content_type = options[:content_type] || ""
+      expiration = options[:expiration] || one_week_from_now
+      max_size = options[:max_size] || 1024 * 1024 * 10
+      namespace = options[:namespace] || ""
+
+      # TODO: ACL Option
+
+      policy_document = {
+        expiration: expiration,
+        conditions: [
+          { bucket: bucket},
+          ["starts-with", "$key", namespace],
+          { acl: acl},
+          ["starts-with", "$Cache-Control", ""],
+          ["starts-with", "$Content-Type", content_type],
+          ["content-length-range", 0, max_size]
+        ]
+      }
+    end
+
+    def one_week_from_now
+      (DateTime.now + 7).to_time.utc.iso8601
+    end
+
+    def encode_document(policy_document)
+      Base64.strict_encode64(policy_document.to_json)
+    end
+
+    def sign_document(policy_document, secret_key)
+      sign_encoded_document(encode_document(policy_document), secret_key)
+    end
+
+    def sign_encoded_document(encoded_policy_document, secret_key)
+      Base64.strict_encode64(
+        OpenSSL::HMAC.digest(
+          OpenSSL::Digest::Digest.new('sha1'),
+          secret_key,
+          encoded_policy_document
+        )
+      )
+    end
+  end
+end

data/lib/s3_policy/version.rb

@@ -0,0 +1,3 @@
+module S3Policy
+  VERSION = "0.1.0"
+end

data/s3_policy.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 's3_policy/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "s3_policy"
+  spec.version       = S3Policy::VERSION
+  spec.authors       = ["Daniel X Moore"]
+  spec.email         = ["yahivin@gmail.com"]
+  spec.description   = %q{S3 Policy Document Generator}
+  spec.summary       = %q{Generate a signed S3 policy document for namespaced clientside uploads.}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/test/test_s3_policy.rb

@@ -0,0 +1,40 @@
+require 'test/unit'
+require 's3_policy'
+
+class S3PolicyTest < Test::Unit::TestCase
+  def test_signing_document
+    aws_access_key_id = "AKIAIOSFODNN7EXAMPLE"
+
+    policy_document = {
+      "expiration"=> "2013-08-06T12:00:00.000Z",
+      "conditions"=> [
+        {"bucket"=> "examplebucket"},
+        ["starts-with", "$key", "user/user1/"],
+        {"acl"=> "public-read"},
+        {"success_action_redirect"=> "http://acl6.s3.amazonaws.com/successful_upload.html"},
+        ["starts-with", "$Content-Type", "image/"],
+        {"x-amz-meta-uuid"=> "14365123651274"},
+        ["starts-with", "$x-amz-meta-tag", ""],
+        {"x-amz-credential"=> "AKIAIOSFODNN7EXAMPLE/20130806/us-east-1/s3/aws4_request"},
+        {"x-amz-algorithm"=> "AWS4-HMAC-SHA256"},
+        {"x-amz-date"=> "20130806T000000Z" }
+      ]
+    }
+
+    assert_equal "eyJleHBpcmF0aW9uIjoiMjAxMy0wOC0wNlQxMjowMDowMC4wMDBaIiwiY29uZGl0aW9ucyI6W3siYnVja2V0IjoiZXhhbXBsZWJ1Y2tldCJ9LFsic3RhcnRzLXdpdGgiLCIka2V5IiwidXNlci91c2VyMS8iXSx7ImFjbCI6InB1YmxpYy1yZWFkIn0seyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6Imh0dHA6Ly9hY2w2LnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCJ9LFsic3RhcnRzLXdpdGgiLCIkQ29udGVudC1UeXBlIiwiaW1hZ2UvIl0seyJ4LWFtei1tZXRhLXV1aWQiOiIxNDM2NTEyMzY1MTI3NCJ9LFsic3RhcnRzLXdpdGgiLCIkeC1hbXotbWV0YS10YWciLCIiXSx7IngtYW16LWNyZWRlbnRpYWwiOiJBS0lBSU9TRk9ETk43RVhBTVBMRS8yMDEzMDgwNi91cy1lYXN0LTEvczMvYXdzNF9yZXF1ZXN0In0seyJ4LWFtei1hbGdvcml0aG0iOiJBV1M0LUhNQUMtU0hBMjU2In0seyJ4LWFtei1kYXRlIjoiMjAxMzA4MDZUMDAwMDAwWiJ9XX0=",
+      S3Policy.encode_document(policy_document)
+
+  end
+
+  def test_signing_encoded_document
+    aws_secret_key = "uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o"
+    encoded_document = "eyAiZXhwaXJhdGlvbiI6ICIyMDA3LTEyLTAxVDEyOjAwOjAwLjAwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAiam9obnNtaXRoIiB9LAogICAgWyJzdGFydHMtd2l0aCIsICIka2V5IiwgInVzZXIvZXJpYy8iXSwKICAgIHsiYWNsIjogInB1YmxpYy1yZWFkIiB9LAogICAgeyJyZWRpcmVjdCI6ICJodHRwOi8vam9obnNtaXRoLnMzLmFtYXpvbmF3cy5jb20vc3VjY2Vzc2Z1bF91cGxvYWQuaHRtbCIgfSwKICAgIFsic3RhcnRzLXdpdGgiLCAiJENvbnRlbnQtVHlwZSIsICJpbWFnZS8iXSwKICAgIHsieC1hbXotbWV0YS11dWlkIjogIjE0MzY1MTIzNjUxMjc0In0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiR4LWFtei1tZXRhLXRhZyIsICIiXSwKICBdCn0K"
+
+    assert_equal "2qCp0odXe7A9IYyUVqn0w2adtCA=",
+      S3Policy.sign_encoded_document(encoded_document, aws_secret_key)
+  end
+
+  def test_generate_policy_document
+    assert S3Policy.generate_policy_document(bucket: 'yolo')
+  end
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: s3_policy
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Daniel X Moore
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-07-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: S3 Policy Document Generator
+email:
+- yahivin@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/s3_policy.rb
+- lib/s3_policy/version.rb
+- s3_policy.gemspec
+- test/test_s3_policy.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Generate a signed S3 policy document for namespaced clientside uploads.
+test_files:
+- test/test_s3_policy.rb