s3fsr 1.4

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,221 @@
1
+ module AWS
2
+ module S3
3
+ # All authentication is taken care of for you by the AWS::S3 library. None the less, some details of the two types
4
+ # of authentication and when they are used may be of interest to some.
5
+ #
6
+ # === Header based authentication
7
+ #
8
+ # Header based authentication is achieved by setting a special <tt>Authorization</tt> header whose value
9
+ # is formatted like so:
10
+ #
11
+ # "AWS #{access_key_id}:#{encoded_canonical}"
12
+ #
13
+ # The <tt>access_key_id</tt> is the public key that is assigned by Amazon for a given account which you use when
14
+ # establishing your initial connection. The <tt>encoded_canonical</tt> is computed according to rules layed out
15
+ # by Amazon which we will describe presently.
16
+ #
17
+ # ==== Generating the encoded canonical string
18
+ #
19
+ # The "canonical string", generated by the CanonicalString class, is computed by collecting the current request method,
20
+ # a set of significant headers of the current request, and the current request path into a string.
21
+ # That canonical string is then encrypted with the <tt>secret_access_key</tt> assigned by Amazon. The resulting encrypted canonical
22
+ # string is then base 64 encoded.
23
+ #
24
+ # === Query string based authentication
25
+ #
26
+ # When accessing a restricted object from the browser, you can authenticate via the query string, by setting the following parameters:
27
+ #
28
+ # "AWSAccessKeyId=#{access_key_id}&Expires=#{expires}&Signature=#{encoded_canonical}"
29
+ #
30
+ # The QueryString class is responsible for generating the appropriate parameters for authentication via the
31
+ # query string.
32
+ #
33
+ # The <tt>access_key_id</tt> and <tt>encoded_canonical</tt> are the same as described in the Header based authentication section.
34
+ # The <tt>expires</tt> value dictates for how long the current url is valid (by default, it will expire in 5 minutes). Expiration can be specified
35
+ # either by an absolute time (expressed in seconds since the epoch), or in relative time (in number of seconds from now).
36
+ # Details of how to customize the expiration of the url are provided in the documentation for the QueryString class.
37
+ #
38
+ # All requests made by this library use header authentication. When a query string authenticated url is needed,
39
+ # the S3Object#url method will include the appropriate query string parameters.
40
+ #
41
+ # === Full authentication specification
42
+ #
43
+ # The full specification of the authentication protocol can be found at
44
+ # http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAuthentication.html
45
+ class Authentication
46
+ constant :AMAZON_HEADER_PREFIX, 'x-amz-'
47
+
48
+ # Signature is the abstract super class for the Header and QueryString authentication methods. It does the job
49
+ # of computing the canonical_string using the CanonicalString class as well as encoding the canonical string. The subclasses
50
+ # parameterize these computations and arrange them in a string form appropriate to how they are used, in one case a http request
51
+ # header value, and in the other case key/value query string parameter pairs.
52
+ class Signature < String #:nodoc:
53
+ attr_reader :request, :access_key_id, :secret_access_key, :options
54
+
55
+ def initialize(request, access_key_id, secret_access_key, options = {})
56
+ super()
57
+ @request, @access_key_id, @secret_access_key = request, access_key_id, secret_access_key
58
+ @options = options
59
+ end
60
+
61
+ private
62
+
63
+ def canonical_string
64
+ options = {}
65
+ options[:expires] = expires if expires?
66
+ CanonicalString.new(request, options)
67
+ end
68
+ memoized :canonical_string
69
+
70
+ def encoded_canonical
71
+ digest = OpenSSL::Digest::Digest.new('sha1')
72
+ b64_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret_access_key, canonical_string)).strip
73
+ url_encode? ? CGI.escape(b64_hmac) : b64_hmac
74
+ end
75
+
76
+ def url_encode?
77
+ !@options[:url_encode].nil?
78
+ end
79
+
80
+ def expires?
81
+ is_a? QueryString
82
+ end
83
+
84
+ def date
85
+ request['date'].to_s.strip.empty? ? Time.now : Time.parse(request['date'])
86
+ end
87
+ end
88
+
89
+ # Provides header authentication by computing the value of the Authorization header. More details about the
90
+ # various authentication schemes can be found in the docs for its containing module, Authentication.
91
+ class Header < Signature #:nodoc:
92
+ def initialize(*args)
93
+ super
94
+ self << "AWS #{access_key_id}:#{encoded_canonical}"
95
+ end
96
+ end
97
+
98
+ # Provides query string authentication by computing the three authorization parameters: AWSAccessKeyId, Expires and Signature.
99
+ # More details about the various authentication schemes can be found in the docs for its containing module, Authentication.
100
+ class QueryString < Signature #:nodoc:
101
+ constant :DEFAULT_EXPIRY, 300 # 5 minutes
102
+ def initialize(*args)
103
+ super
104
+ options[:url_encode] = true
105
+ self << build
106
+ end
107
+
108
+ private
109
+
110
+ # Will return one of three values, in the following order of precedence:
111
+ #
112
+ # 1) Seconds since the epoch explicitly passed in the +:expires+ option
113
+ # 2) The current time in seconds since the epoch plus the number of seconds passed in
114
+ # the +:expires_in+ option
115
+ # 3) The current time in seconds since the epoch plus the default number of seconds (60 seconds)
116
+ def expires
117
+ return options[:expires] if options[:expires]
118
+ date.to_i + expires_in
119
+ end
120
+
121
+ def expires_in
122
+ options.has_key?(:expires_in) ? Integer(options[:expires_in]) : DEFAULT_EXPIRY
123
+ end
124
+
125
+ # Keep in alphabetical order
126
+ def build
127
+ "AWSAccessKeyId=#{access_key_id}&Expires=#{expires}&Signature=#{encoded_canonical}"
128
+ end
129
+ end
130
+
131
+ # The CanonicalString is used to generate an encrypted signature, signed with your secrect access key. It is composed of
132
+ # data related to the given request for which it provides authentication. This data includes the request method, request headers,
133
+ # and the request path. Both Header and QueryString use it to generate their signature.
134
+ class CanonicalString < String #:nodoc:
135
+ class << self
136
+ def default_headers
137
+ %w(content-type content-md5)
138
+ end
139
+
140
+ def interesting_headers
141
+ ['content-md5', 'content-type', 'date', amazon_header_prefix]
142
+ end
143
+
144
+ def amazon_header_prefix
145
+ /^#{AMAZON_HEADER_PREFIX}/io
146
+ end
147
+ end
148
+
149
+ attr_reader :request, :headers
150
+
151
+ def initialize(request, options = {})
152
+ super()
153
+ @request = request
154
+ @headers = {}
155
+ @options = options
156
+ # "For non-authenticated or anonymous requests. A NotImplemented error result code will be returned if
157
+ # an authenticated (signed) request specifies a Host: header other than 's3.amazonaws.com'"
158
+ # (from http://docs.amazonwebservices.com/AmazonS3/2006-03-01/VirtualHosting.html)
159
+ request['Host'] = DEFAULT_HOST
160
+ build
161
+ end
162
+
163
+ private
164
+ def build
165
+ self << "#{request.method}\n"
166
+ ensure_date_is_valid
167
+
168
+ initialize_headers
169
+ set_expiry!
170
+
171
+ headers.sort_by {|k, _| k}.each do |key, value|
172
+ value = value.to_s.strip
173
+ self << (key =~ self.class.amazon_header_prefix ? "#{key}:#{value}" : value)
174
+ self << "\n"
175
+ end
176
+ self << path
177
+ end
178
+
179
+ def initialize_headers
180
+ identify_interesting_headers
181
+ set_default_headers
182
+ end
183
+
184
+ def set_expiry!
185
+ self.headers['date'] = @options[:expires] if @options[:expires]
186
+ end
187
+
188
+ def ensure_date_is_valid
189
+ request['Date'] ||= Time.now.httpdate
190
+ end
191
+
192
+ def identify_interesting_headers
193
+ request.each do |key, value|
194
+ key = key.downcase # Can't modify frozen string so no bang
195
+ if self.class.interesting_headers.any? {|header| header === key}
196
+ self.headers[key] = value.to_s.strip
197
+ end
198
+ end
199
+ end
200
+
201
+ def set_default_headers
202
+ self.class.default_headers.each do |header|
203
+ self.headers[header] ||= ''
204
+ end
205
+ end
206
+
207
+ def path
208
+ [only_path, extract_significant_parameter].compact.join('?')
209
+ end
210
+
211
+ def extract_significant_parameter
212
+ request.path[/[&?](acl|torrent|logging)(?:&|=|$)/, 1]
213
+ end
214
+
215
+ def only_path
216
+ request.path[/^[^?]*/]
217
+ end
218
+ end
219
+ end
220
+ end
221
+ end
@@ -0,0 +1,236 @@
1
+ module AWS #:nodoc:
2
+ # AWS::S3 is a Ruby library for Amazon's Simple Storage Service's REST API (http://aws.amazon.com/s3).
3
+ # Full documentation of the currently supported API can be found at http://docs.amazonwebservices.com/AmazonS3/2006-03-01.
4
+ #
5
+ # == Getting started
6
+ #
7
+ # To get started you need to require 'aws/s3':
8
+ #
9
+ # % irb -rubygems
10
+ # irb(main):001:0> require 'aws/s3'
11
+ # # => true
12
+ #
13
+ # The AWS::S3 library ships with an interactive shell called <tt>s3sh</tt>. From within it, you have access to all the operations the library exposes from the command line.
14
+ #
15
+ # % s3sh
16
+ # >> Version
17
+ #
18
+ # Before you can do anything, you must establish a connection using Base.establish_connection!. A basic connection would look something like this:
19
+ #
20
+ # AWS::S3::Base.establish_connection!(
21
+ # :access_key_id => 'abc',
22
+ # :secret_access_key => '123'
23
+ # )
24
+ #
25
+ # The minimum connection options that you must specify are your access key id and your secret access key.
26
+ #
27
+ # (If you don't already have your access keys, all you need to sign up for the S3 service is an account at Amazon. You can sign up for S3 and get access keys by visiting http://aws.amazon.com/s3.)
28
+ #
29
+ # For convenience, if you set two special environment variables with the value of your access keys, the console will automatically create a default connection for you. For example:
30
+ #
31
+ # % cat .amazon_keys
32
+ # export AMAZON_ACCESS_KEY_ID='abcdefghijklmnop'
33
+ # export AMAZON_SECRET_ACCESS_KEY='1234567891012345'
34
+ #
35
+ # Then load it in your shell's rc file.
36
+ #
37
+ # % cat .zshrc
38
+ # if [[ -f "$HOME/.amazon_keys" ]]; then
39
+ # source "$HOME/.amazon_keys";
40
+ # fi
41
+ #
42
+ # See more connection details at AWS::S3::Connection::Management::ClassMethods.
43
+ module S3
44
+ constant :DEFAULT_HOST, 's3.amazonaws.com'
45
+
46
+ # AWS::S3::Base is the abstract super class of all classes who make requests against S3, such as the built in
47
+ # Service, Bucket and S3Object classes. It provides methods for making requests, inferring or setting response classes,
48
+ # processing request options, and accessing attributes from S3's response data.
49
+ #
50
+ # Establishing a connection with the Base class is the entry point to using the library:
51
+ #
52
+ # AWS::S3::Base.establish_connection!(:access_key_id => '...', :secret_access_key => '...')
53
+ #
54
+ # The <tt>:access_key_id</tt> and <tt>:secret_access_key</tt> are the two required connection options. More
55
+ # details can be found in the docs for Connection::Management::ClassMethods.
56
+ #
57
+ # Extensive examples can be found in the README[link:files/README.html].
58
+ class Base
59
+ class << self
60
+ # Wraps the current connection's request method and picks the appropriate response class to wrap the response in.
61
+ # If the response is an error, it will raise that error as an exception. All such exceptions can be caught by rescuing
62
+ # their superclass, the ResponseError exception class.
63
+ #
64
+ # It is unlikely that you would call this method directly. Subclasses of Base have convenience methods for each http request verb
65
+ # that wrap calls to request.
66
+ def request(verb, path, options = {}, body = nil, attempts = 0, &block)
67
+ Service.response = nil
68
+ process_options!(options, verb)
69
+ response = response_class.new(connection.request(verb, path, options, body, attempts, &block))
70
+ Service.response = response
71
+
72
+ Error::Response.new(response.response).error.raise if response.error?
73
+ response
74
+ # Once in a while, a request to S3 returns an internal error. A glitch in the matrix I presume. Since these
75
+ # errors are few and far between the request method will rescue InternalErrors the first three times they encouter them
76
+ # and will retry the request again. Most of the time the second attempt will work.
77
+ rescue *retry_exceptions
78
+ attempts == 3 ? raise : (attempts += 1; retry)
79
+ end
80
+
81
+ [:get, :post, :put, :delete, :head].each do |verb|
82
+ class_eval(<<-EVAL, __FILE__, __LINE__)
83
+ def #{verb}(path, headers = {}, body = nil, &block)
84
+ request(:#{verb}, path, headers, body, &block)
85
+ end
86
+ EVAL
87
+ end
88
+
89
+ # Called when a method which requires a bucket name is called without that bucket name specified. It will try to
90
+ # infer the current bucket by looking for it as the subdomain of the current connection's address. If no subdomain
91
+ # is found, CurrentBucketNotSpecified will be raised.
92
+ #
93
+ # MusicBucket.establish_connection! :server => 'jukeboxzero.s3.amazonaws.com'
94
+ # MusicBucket.connection.server
95
+ # => 'jukeboxzero.s3.amazonaws.com'
96
+ # MusicBucket.current_bucket
97
+ # => 'jukeboxzero'
98
+ #
99
+ # Rather than infering the current bucket from the subdomain, the current class' bucket can be explicitly set with
100
+ # set_current_bucket_to.
101
+ def current_bucket
102
+ connection.subdomain or raise CurrentBucketNotSpecified.new(connection.http.address)
103
+ end
104
+
105
+ # If you plan on always using a specific bucket for certain files, you can skip always having to specify the bucket by creating
106
+ # a subclass of Bucket or S3Object and telling it what bucket to use:
107
+ #
108
+ # class JukeBoxSong < AWS::S3::S3Object
109
+ # set_current_bucket_to 'jukebox'
110
+ # end
111
+ #
112
+ # For all methods that take a bucket name as an argument, the current bucket will be used if the bucket name argument is omitted.
113
+ #
114
+ # other_song = 'baby-please-come-home.mp3'
115
+ # JukeBoxSong.store(other_song, open(other_song))
116
+ #
117
+ # This time we didn't have to explicitly pass in the bucket name, as the JukeBoxSong class knows that it will
118
+ # always use the 'jukebox' bucket.
119
+ #
120
+ # "Astute readers", as they say, may have noticed that we used the third parameter to pass in the content type,
121
+ # rather than the fourth parameter as we had the last time we created an object. If the bucket can be inferred, or
122
+ # is explicitly set, as we've done in the JukeBoxSong class, then the third argument can be used to pass in
123
+ # options.
124
+ #
125
+ # Now all operations that would have required a bucket name no longer do.
126
+ #
127
+ # other_song = JukeBoxSong.find('baby-please-come-home.mp3')
128
+ def set_current_bucket_to(name)
129
+ raise ArgumentError, "`#{__method__}' must be called on a subclass of #{self.name}" if self == AWS::S3::Base
130
+ instance_eval(<<-EVAL)
131
+ def current_bucket
132
+ '#{name}'
133
+ end
134
+ EVAL
135
+ end
136
+ alias_method :current_bucket=, :set_current_bucket_to
137
+
138
+ private
139
+
140
+ def response_class
141
+ FindResponseClass.for(self)
142
+ end
143
+
144
+ def process_options!(options, verb)
145
+ options.replace(RequestOptions.process(options, verb))
146
+ end
147
+
148
+ # Using the conventions layed out in the <tt>response_class</tt> works for more than 80% of the time.
149
+ # There are a few edge cases though where we want a given class to wrap its responses in different
150
+ # response classes depending on which method is being called.
151
+ def respond_with(klass)
152
+ eval(<<-EVAL, binding, __FILE__, __LINE__)
153
+ def new_response_class
154
+ #{klass}
155
+ end
156
+
157
+ class << self
158
+ alias_method :old_response_class, :response_class
159
+ alias_method :response_class, :new_response_class
160
+ end
161
+ EVAL
162
+
163
+ yield
164
+ ensure
165
+ # Restore the original version
166
+ eval(<<-EVAL, binding, __FILE__, __LINE__)
167
+ class << self
168
+ alias_method :response_class, :old_response_class
169
+ end
170
+ EVAL
171
+ end
172
+
173
+ def bucket_name(name)
174
+ name || current_bucket
175
+ end
176
+
177
+ def retry_exceptions
178
+ [InternalError, RequestTimeout]
179
+ end
180
+
181
+ class RequestOptions < Hash #:nodoc:
182
+ attr_reader :options, :verb
183
+
184
+ class << self
185
+ def process(*args, &block)
186
+ new(*args, &block).process!
187
+ end
188
+ end
189
+
190
+ def initialize(options, verb = :get)
191
+ @options = options.to_normalized_options
192
+ @verb = verb
193
+ super()
194
+ end
195
+
196
+ def process!
197
+ set_access_controls! if verb == :put
198
+ replace(options)
199
+ end
200
+
201
+ private
202
+ def set_access_controls!
203
+ ACL::OptionProcessor.process!(options)
204
+ end
205
+ end
206
+ end
207
+
208
+ def initialize(attributes = {}) #:nodoc:
209
+ @attributes = attributes
210
+ end
211
+
212
+ private
213
+ attr_reader :attributes
214
+
215
+ def connection
216
+ self.class.connection
217
+ end
218
+
219
+ def http
220
+ connection.http
221
+ end
222
+
223
+ def request(*args, &block)
224
+ self.class.request(*args, &block)
225
+ end
226
+
227
+ def method_missing(method, *args, &block)
228
+ case
229
+ when attributes.has_key?(method.to_s): attributes[method.to_s]
230
+ when attributes.has_key?(method): attributes[method]
231
+ else super
232
+ end
233
+ end
234
+ end
235
+ end
236
+ end
@@ -0,0 +1,58 @@
1
+ module AWS
2
+ module S3
3
+ # Objects on S3 can be distributed via the BitTorrent file sharing protocol.
4
+ #
5
+ # You can get a torrent file for an object by calling <tt>torrent_for</tt>:
6
+ #
7
+ # S3Object.torrent_for 'kiss.jpg', 'marcel'
8
+ #
9
+ # Or just call the <tt>torrent</tt> method if you already have the object:
10
+ #
11
+ # song = S3Object.find 'kiss.jpg', 'marcel'
12
+ # song.torrent
13
+ #
14
+ # Calling <tt>grant_torrent_access_to</tt> on a object will allow anyone to anonymously
15
+ # fetch the torrent file for that object:
16
+ #
17
+ # S3Object.grant_torrent_access_to 'kiss.jpg', 'marcel'
18
+ #
19
+ # Anonymous requests to
20
+ #
21
+ # http://s3.amazonaws.com/marcel/kiss.jpg?torrent
22
+ #
23
+ # will serve up the torrent file for that object.
24
+ module BitTorrent
25
+ def self.included(klass) #:nodoc:
26
+ klass.extend ClassMethods
27
+ end
28
+
29
+ # Adds methods to S3Object for accessing the torrent of a given object.
30
+ module ClassMethods
31
+ # Returns the torrent file for the object with the given <tt>key</tt>.
32
+ def torrent_for(key, bucket = nil)
33
+ get(path!(bucket, key) << '?torrent').body
34
+ end
35
+ alias_method :torrent, :torrent_for
36
+
37
+ # Grants access to the object with the given <tt>key</tt> to be accessible as a torrent.
38
+ def grant_torrent_access_to(key, bucket = nil)
39
+ policy = acl(key, bucket)
40
+ return true if policy.grants.include?(:public_read)
41
+ policy.grants << ACL::Grant.grant(:public_read)
42
+ acl(key, bucket, policy)
43
+ end
44
+ alias_method :grant_torrent_access, :grant_torrent_access_to
45
+ end
46
+
47
+ # Returns the torrent file for the object.
48
+ def torrent
49
+ self.class.torrent_for(key, bucket.name)
50
+ end
51
+
52
+ # Grants torrent access publicly to anyone who requests it on this object.
53
+ def grant_torrent_access
54
+ self.class.grant_torrent_access_to(key, bucket.name)
55
+ end
56
+ end
57
+ end
58
+ end