shrine 3.1.0 → 3.4.0

data/doc/refile.md

@@ -1,5 +1,5 @@
 ---
-title: Shrine for Refile Users
+title: Upgrading from Refile
 ---
 
 This guide is aimed at helping Refile users transition to Shrine, and it consists
@@ -110,13 +110,6 @@ into separate columns.
 Shrine provides on-the-fly processing via the
 [`derivation_endpoint`][derivation_endpoint] plugin:
 
-```rb
-# config/routes.rb (Rails)
-Rails.application.routes.draw do
-  # ...
-  mount ImageUploader.derivation_endpoint => "/derivations/image"
-end
-```
 ```rb
 require "image_processing/mini_magick"
 
@@ -132,8 +125,15 @@ class ImageUploader < Shrine
   end
 end
 ```
+```rb
+# config/routes.rb (Rails)
+Rails.application.routes.draw do
+  # ...
+  mount ImageUploader.derivation_endpoint => "/derivations/image"
+end
+```
 
-Shrine also support processing up front using the [`derivatives`][derivatives]
+Shrine also support eager processing using the [`derivatives`][derivatives]
 plugin.
 
 ### Validation

data/doc/release_notes/2.8.0.md

@@ -1,5 +1,5 @@
 ---
-title: Shrine 2.9.0
+title: Shrine 2.8.0
 ---
 
 ## New Features

data/doc/release_notes/3.0.0.md

@@ -366,7 +366,7 @@ end
   ```
   ```rb
   attacher = photo.image_attacher
-  attacher.form_assign("image" => file, "title" => "...", "description" => "...")
+  attacher.form_assign({ "image" => file, "title" => "...", "description" => "..." })
   attacher.file #=> #<Shrine::UploadedFile id="..." storage=:cache ...>
   ```
 

data/doc/release_notes/3.2.0.md

@@ -0,0 +1,96 @@
+---
+title: Shrine 3.2.0
+---
+
+## New features
+
+* The `type_predicates` plugin has been added, which adds convenient predicate
+  methods to `Shrine::UploadedFile` based on the MIME type.
+
+  ```rb
+  # Gemfile
+  gem "mini_mime" # default dependency of type_predicates
+  ```
+  ```rb
+  Shrine.plugin :type_predicates
+  ```
+
+  The plugin adds four predicate methods based on the general type of the file:
+
+  ```rb
+  file.image? # returns true for any "image/*" MIME type
+  file.video? # returns true for any "video/*" MIME type
+  file.audio? # returns true for any "audio/*" MIME type
+  file.text?  # returns true for any "text/*" MIME type
+  ```
+
+  You can also check for specific MIME type using the extension name:
+
+  ```rb
+  file.type?(:jpg) # returns true if MIME type is "image/jpeg"
+  file.type?(:svg) # returns true if MIME type is "image/svg+xml"
+  file.type?(:mov) # returns true if MIME type is "video/quicktime"
+  file.type?(:ppt) # returns true if MIME type is "application/vnd.ms-powerpoint"
+  ...
+  ```
+
+  For convenience, you can create predicate methods for specific file types:
+
+  ```rb
+  Shrine.plugin :type_predicates, methods: %i[jpg svg mov ppt]
+  ```
+  ```rb
+  file.jpg? # returns true if MIME type is "image/jpeg"
+  file.svg? # returns true if MIME type is "image/svg+xml"
+  file.mov? # returns true if MIME type is "video/quicktime"
+  file.ppt? # returns true if MIME type is "application/vnd.ms-powerpoint"
+  ```
+
+* The `#add_metadata` method has been added to the `add_metadata` plugin for
+  adding new metadata to an existing file/attachment.
+
+  ```rb
+  attacher.file.metadata #=> { ... }
+  attacher.add_metadata("foo" => "bar")
+  attacher.file.metadata #=> { ..., "foo" => "bar" }
+  ```
+
+## Other improvements
+
+* The `remove_invalid` plugin now works correctly with `derivatives` plugin.
+
+* The `remove_invalid` plugin is now also activated when `Attacher#validate`
+  is called manually.
+
+* The current attached file data can now be assigned back to the attachment
+  attribute, and this operation will be a no-op.
+
+  ```rb
+  photo.image #=> #<Shrine::UploadedFile id="foo" storage=:store metadata={...}>
+  photo.image = { "id" => "foo", "storage" => "store", "metadata" => { ... } } # no-op
+  ```
+
+  This allows treating the attachment attribute as a persistent attribute,
+  where the current value can be assigned back on record updates.
+
+* When promoting derivatives, the `:derivative` parameter value was being
+  passed to the uploader as an array. This has been fixed, and the value is now
+  the same as when uploading derivatives directly to permanent storage.
+
+* The `derivatives` plugin now includes additional `:io` and `:attacher` values
+  in the instrumentation event payload.
+
+## Backwards compatibility
+
+* The `validation` plugin now runs validations on `Attacher#attach` and
+  `Attacher#attach_cached`. If you were using `Attacher#change` directly and
+  expecting the validations to be run automatically, you will need to update
+  your code.
+
+* If you were updating the cached file metadata via file data assignment, this
+  will no longer work.
+
+  ```rb
+  photo.image #=> #<Shrine::UploadedFile id="foo" storage=:cache metadata={...}>
+  photo.image = { "id" => "foo", "storage" => "cache", "metadata" => { ... } } # no-op
+  ```

data/doc/release_notes/3.2.1.md

@@ -0,0 +1,31 @@
+---
+title: Shrine 3.2.1
+---
+
+## Ruby 2.7 compatibility
+
+* Shrine doesn't trigger [Ruby 2.7 warnings for separation of positional and
+  keyword arguments][kwargs] anymore.
+
+* Down 5.1.0 has been released, which resolves warnings and a `FrozenError`
+  exception on Ruby 2.7. Shrine now requires at least this version of Down.
+
+  If you're using `Down::Http`, make sure you're using http.rb 4.3.0 or newer.
+
+* ImageProcessing 1.10.3 gem has been released which resolves Ruby 2.7 warnings
+  as well. If you're using it for image processing, make sure to upgrade to
+  this version:
+
+  ```rb
+  gem "image_processing", ">= 1.10.3", "< 2"
+  ```
+
+## Rack 2.1 compatibility
+
+* The `derivation_endpoint` plugin now uses `Rack::Files` on Rack 2.1 or newer.
+
+## Other improvements 
+
+* The `S3#open` method now handles empty S3 objects.
+
+[kwargs]: https://www.ruby-lang.org/en/news/2019/12/12/separation-of-positional-and-keyword-arguments-in-ruby-3-0/

data/doc/release_notes/3.2.2.md

@@ -0,0 +1,14 @@
+---
+title: Shrine 3.2.2
+---
+
+## Bug fixes
+
+* aws-sdk-core 3.104.0 introduced a backwards incompatible changes that caused
+  `Shrine::Storage::S3#open` to start raising an exception.
+
+  ```
+  NoMethodError: undefined method `bytesize' for #<Array:0x000000000a721be0>
+  ```
+
+  This has now been fixed.

data/doc/release_notes/3.3.0.md

@@ -0,0 +1,105 @@
+---
+title: Shrine 3.3.0
+---
+
+## New features
+
+* The `:create_on_promote` option has been added to the `derivatives` plugin
+  for automatically creating derivatives after the attached cached file is
+  promoted to permanent storage.
+
+  ```rb
+  Shrine.plugin :derivatives, create_on_promote: true
+  ```
+
+* The `:auto_extraction` option has been added to the `store_dimensions` plugin
+  for skipping automatically extracting dimensions on upload.
+
+  ```rb
+  Shrine.plugin :store_dimensions, auto_extraction: false
+  ```
+
+* The `:skip_nil` option has been added to the `add_metadata` plugin for
+  excluding metadata keys whose values are nil.
+
+  ```rb
+  class PdfUploader < Shrine
+    add_metadata :pages, skip_nil: true do |io|
+      if is_pdf?(io)
+        reader = PDF::Reader.new(io)
+        reader.page_count
+      else
+        # If this is not a PDF, then the pages metadata will not be stored
+        nil
+      end
+    end
+  end
+  ```
+
+* The `:download` option has been added to derivatives processors in
+  `derivatives` plugin for skipping converting the source IO object into a
+  file. This can be used to avoid a potentially expensive download/copy when
+  the derivatives processor doesn't need the file.
+
+  ```rb
+  Attacher.derivatives :my_processor, download: false do |source|
+    source #=> Could be File, Shrine::UploadedFile, or other IO-like object
+    shrine_class.with_file(source) do |file|
+      # can force download/copy if necessary with `with_file`,
+    end
+  end
+  ```
+
+## Bug fixes
+
+* The `upload_endpoint` now handles calling `Shrine.upload_response` method
+  from a Rails controller.
+
+* The `derivation_endpoint` plugin now applies the `version` query parameter
+  to the derivation when creating the response.
+
+## Other improvements
+
+* The new `Aws:S3::EncryptionV2::Client` is now supported by the S3 storage for
+  client-side encryption.
+
+* The `derivation_endpoint` now reduces the possibility of timing attacks by
+  comparing URL signatures in constant time using `Rack::Utils.secure_compare`.
+
+* The `derivatives` plugin now copies non-file source IO objects to disk before
+  passing them to the processor. This is consistent with how a
+  `Shrine::UploadedFile` object is downloaded to disk.
+
+* The `sequel` and `activerecord` plugins now call `Attacher#reload` when
+  reloading the model, which reloads the attached files but keeps other
+  attacher state.
+
+* The `derivatives` plugin doesn't download the attached file anymore if
+  attempting to process derivatives when no derivatives processor was defined.
+
+* The `mirroring` plugin now forwards attacher options when uploading to mirror
+  storages.
+
+* The `presign_endpoint` plugin now handles the `OPTIONS` HTTP verb, which
+  newer versions of Uppy are requesting.
+
+* `Shrine::Storage::Memory#open` now always returns a `StringIO` in the file
+  content's original encoding, instead of the encoding set by
+  `Encoding.default_internal`. This works around a [bug][ruby-lang #16497]
+  in `StringIO` introduced in Ruby 2.7.0.
+
+* The `remove_attachment` plugin now deletes the removed file if a new file was
+  attached right after removal.
+
+## Backwards compatibility
+
+* If you were passing a non-file IO object to the derivatives processor, Shrine
+  will now convert it into a file beforehand. If you're currently doing this
+  and are converting the IO object into a file inside the processor, you can
+  now remove the conversion code to avoid doubling the amount of disk writes.
+
+* When reloading a Sequel/ActiveRecord model, any attacher state other than
+  uploaded files will now be retained after the reload. If you were relying on
+  all the attacher state being re-initialized, you'll need to update your code.
+
+[ruby-lang #16497]: https://bugs.ruby-lang.org/issues/16497

data/doc/release_notes/3.4.0.md

@@ -0,0 +1,35 @@
+---
+title: Shrine 3.4.0
+---
+
+* Passing attacher options to `Shrine.Attachment` method now works on Ruby 3.0.
+
+* Defining validation errors as an array of I18n key and options in
+  `activerecord` plugin now works on Ruby 3.0.
+
+* The `:fastimage` MIME type analyzer now correctly detects SVGs as
+  `image/svg+html` in the `determine_mime_type` plugin.
+
+* The `Shrine::Attacher#read` method provided by the `entity` plugin is now
+  public. This is consistent with `Shrine::Attacher#write` from `model` plugin
+  being public as well.
+
+* The `Shrine::Attacher#reload` method now resets attachment's dirty state.
+  This means that for a model whose `Attacher#changed?` returns `true`, calling
+  `#reload` on the model will make `Attacher#changed?` return `false`. This was
+  the behaviour before Shrine 3.3.0.
+
+  ```rb
+  # before
+  model.file_attacher.changed? #=> true
+  model.reload
+  model.file_attacher.changed? #=> true
+
+  # after
+  model.file_attacher.changed? #=> true
+  model.reload
+  model.file_attacher.changed? #=> false
+  ```
+
+* Calling `#reload` on the model will not initialize a `Shrine::Attacher`
+  instance anymore if one hasn't previously been initialized.

data/doc/securing_uploads.md

@@ -1,6 +1,6 @@
 ---
 id: securing-uploads
-title: Securing uploads
+title: Securing Uploads
 ---
 
 Shrine does a lot to make your file uploads secure, but there are still a lot
@@ -63,7 +63,7 @@ in the `:max_size` option to reject files that are larger than the specified
 limit:
 
 ```rb
-plugin :upload_endpoint, max_size: 100*1024*1024 # 20 MB
+plugin :upload_endpoint, max_size: 100*1024*1024 # 100 MB
 ```
 
 If you're doing direct uploads to Amazon S3 using the `presign_endpoint`

data/doc/storage/memory.md

@@ -0,0 +1,19 @@
+---
+title: Memory
+---
+
+The Memory storage stores uploaded files in memory, which is suitable for
+testing.
+
+```rb
+Shrine.storages[:store] = Shrine::Storage::Memory.new
+```
+
+By default, each storage instance uses a new Hash object for storing files,
+but you can pass your own:
+
+```rb
+my_store = Hash.new
+
+Shrine.storages[:store] = Shrine::Storage::Memory.new(my_store)
+```

data/doc/storage/s3.md

@@ -2,30 +2,40 @@
 title: AWS S3
 ---
 
-The S3 storage handles uploads to Amazon S3 service, using the [aws-sdk-s3]
+The S3 storage handles uploads to [AWS S3] service (or any s3-compatible
+service such as [DigitalOcean Spaces] or [MinIO]). It requires the [aws-sdk-s3]
 gem:
 
 ```rb
+# Gemfile
 gem "aws-sdk-s3", "~> 1.14"
 ```
 
-It can be initialized by providing the bucket name and credentials:
+## Initialization
+
+The storage is initialized by providing your bucket name, region and
+credentials:
 
 ```rb
 require "shrine/storage/s3"
 
 s3 = Shrine::Storage::S3.new(
   bucket: "my-app", # required
+  region: "eu-west-1", # required
   access_key_id: "abc",
   secret_access_key: "xyz",
-  region: "eu-west-1",
 )
 ```
 
-The core features of this storage require the following AWS permissions:
-`s3:ListBucket`, `s3:PutObject`, `s3:GetObject`, and `s3:DeleteObject`. If you
-have additional upload options configured such as setting object ACLs, then
-additional permissions may be required.
+> The storage requires the following AWS S3 permissions:
+>
+>  * `s3:ListBucket` for the bucket resource
+>  * `s3:GetObject`, `s3:PutObject`, `s3:PutObjectAcl`, `s3:DeleteObject`,
+>    `s3:ListMultipartUploadParts` and `s3:AbortMultipartUpload` for the object
+>    resources
+
+> The `:access_key_id` and `:secret_access_key` options is just one form of
+> authentication, see the [AWS SDK docs][credentials] for more options.
 
 The storage exposes the underlying Aws objects:
 
@@ -45,14 +55,29 @@ s3.object("key") #=> #<Aws::S3::Object>
 
 By default, uploaded S3 objects will have private visibility, meaning they can
 only be accessed via signed expiring URLs generated using your private S3
-credentials. If you would like to generate public URLs, you can tell S3 storage
-to make uploads public:
+credentials.
 
 ```rb
-s3 = Shrine::Storage::S3.new(public: true, **s3_options)
+s3 = Shrine::Storage::S3.new(**s3_options)
+s3.upload(io, "key") # uploads with default "private" ACL
+s3.url("key")        # https://my-bucket.s3.amazonaws.com/key?X-Amz-Expires=900&X-Amz-Signature=b22d37c37d...
+```
 
+If you would like to generate public URLs, you can tell S3 storage to make
+uploads public:
+
+```rb
+s3 = Shrine::Storage::S3.new(public: true, **s3_options)
 s3.upload(io, "key") # uploads with "public-read" ACL
-s3.url("key")        # returns public (unsigned) object URL
+s3.url("key")        # https://my-bucket.s3.amazonaws.com/key
+```
+
+If you want to make only *some* uploads public, you can conditionally apply the
+`:acl` upload option and `:public` URL option:
+
+```rb
+Shrine.plugin :upload_options, store: -> (io, **) { { acl: "public-read" } }
+Shrine.plugin :url_options,    store: -> (io, **) { { public: true } }
 ```
 
 ## Prefix
@@ -80,13 +105,11 @@ You can also generate upload options per upload with the `upload_options`
 plugin
 
 ```rb
-class MyUploader < Shrine
-  plugin :upload_options, store: -> (io, derivative: nil, **) do
-    if derivative == :thumb
-      { acl: "public-read" }
-    else
-      { acl: "private" }
-    end
+Shrine.plugin :upload_options, store: -> (io, derivative: nil, **) do
+  if derivative == :thumb
+    { acl: "public-read" }
+  else
+    { acl: "private" }
   end
 end
 ```
@@ -97,23 +120,9 @@ or when using the uploader directly
 uploader.upload(file, upload_options: { acl: "private" })
 ```
 
-Note that, unlike the `:upload_options` storage option, upload options given on
-the uploader level won't be forwarded for generating presigns, since presigns
-are generated using the storage directly.
-
-## URL options
-
-Other than [`:host`](#url-host) and [`:public`](#public-uploads) URL options,
-all additional options are forwarded to [`Aws::S3::Object#presigned_url`].
-
-```rb
-s3.url(
-  expires_in: 15,
-  response_content_disposition: ContentDisposition.attachment("my-filename"),
-  response_content_type: "foo/bar",
-  # ...
-)
-```
+> Unlike the `:upload_options` storage option, upload options given on
+  the uploader level won't be forwarded for generating presigns, since presigns
+  are generated using the storage directly.
 
 ## URL Host
 
@@ -133,12 +142,14 @@ s3.url("image.jpg", host: "https://your-s3-host.com/prefix/") # needs to end wit
 ```
 
 To have the `:host` option passed automatically for every URL, use the
-`url_options` plugin.
+`url_options` plugin:
 
 ```rb
 plugin :url_options, store: { host: "http://abc123.cloudfront.net" }
 ```
 
+### Signer
+
 If you would like to [serve private content via CloudFront], you need to sign
 the object URLs with a special signer, such as [`Aws::CloudFront::UrlSigner`]
 provided by the `aws-sdk-cloudfront` gem. The S3 storage initializer accepts a
@@ -157,13 +168,27 @@ Shrine::Storage::S3.new(signer: signer.method(:signed_url))
 Shrine::Storage::S3.new(signer: -> (url, **options) { signer.signed_url(url, **options) })
 ```
 
+## URL options
+
+Other than `:host` and `:public` URL options, all additional `S3#url` options
+are forwarded to [`Aws::S3::Object#presigned_url`].
+
+```rb
+s3.url(
+  expires_in: 15,
+  response_content_disposition: ContentDisposition.attachment("my-filename"),
+  response_content_type: "foo/bar",
+  # ...
+)
+```
+
 ## Presigns
 
-The `#presign` method can be used for generating paramters for direct uploads
-to Amazon S3:
+The `S3#presign` method can be used for generating parameters for direct upload
+to S3:
 
 ```rb
-s3.presign("/path/to/file") #=>
+s3.presign("key") #=>
 # {
 #   url: "https://my-bucket.s3.amazonaws.com/...",
 #   fields: { ... },  # blank for PUT presigns
@@ -172,11 +197,25 @@ s3.presign("/path/to/file") #=>
 # }
 ```
 
-Additional presign options can be given in three places:
+By default, parameters for a POST upload is generated, but you can also
+generate PUT upload parameters:
+
+```rb
+s3.presign("key", method: :put)
+```
 
-* in `Storage::S3#presign` by forwarding options
-* in `:upload_options` option on this storage
-* in `presign_endpoint` plugin through `:presign_options`
+Any additional options are forwarded to [`Aws::S3::Object#presigned_post`]
+(for POST uploads) and [`Aws::S3::Object#presigned_url`] (for PUT uploads).
+
+```rb
+s3.presign("key", method: :put, content_disposition: "attachment; filename=my-file.txt") #=>
+# {
+#   url: "https://my-bucket.s3.amazonaws.com/...",
+#   fields: {},
+#   headers: { "Content-Disposition" => "attachment; filename=my-file.txt" },
+#   method :put,
+# }
+```
 
 ## Large files
 
@@ -184,33 +223,24 @@ The aws-sdk-s3 gem has the ability to automatically use multipart upload/copy
 for larger files, splitting the file into multiple chunks and uploading/copying
 them in parallel.
 
-By default any files that are uploaded will use the multipart upload if they're
-larger than 15MB, and any files that are copied will use the multipart copy if
-they're larger than 150MB, but you can change the thresholds via
-`:multipart_threshold`.
-
-```rb
-thresholds = { upload: 30*1024*1024, copy: 200*1024*1024 }
-Shrine::Storage::S3.new(multipart_threshold: thresholds, **s3_options)
-```
-
-If you want to change how many threads aws-sdk-s3 will use for multipart
-upload/copy, you can use the `upload_options` plugin to specify
-`:thread_count`.
+By default, multipart upload will be used for files larger than 15MB, and
+multipart copy for files larger than 100MB, but you can change the thresholds
+via `:multipart_threshold`:
 
 ```rb
-plugin :upload_options, store: -> (io, context) do
-  { thread_count: 5 }
-end
+Shrine::Storage::S3.new(
+  multipart_threshold: { upload: 30*1024*1024, copy: 200*1024*1024 },
+  **s3_options,
+)
 ```
 
 ## Encryption
 
-The easiest way to use server-side encryption for uploaded S3 objects is to
+The easiest way to use **server-side** encryption for uploaded S3 objects is to
 configure default encryption for your S3 bucket. Alternatively, you can pass
 server-side encryption parameters to the API calls.
 
-The `#upload` method accepts `:sse_*` options:
+The `S3#upload` method accepts `:sse_*` options:
 
 ```rb
 s3.upload(io, "key", sse_customer_algorithm: "AES256",
@@ -219,7 +249,7 @@ s3.upload(io, "key", sse_customer_algorithm: "AES256",
                      ssekms_key_id:          "key_id")
 ```
 
-The `#presign` method accepts `:server_side_encryption_*` options for POST
+The `S3#presign` method accepts `:server_side_encryption_*` options for POST
 presigns, and the same `:sse_*` options as above for PUT presigns.
 
 ```rb
@@ -237,15 +267,14 @@ s3.open("key", sse_customer_algorithm: "AES256",
                sse_customer_key_md5:   "secret_key_md5")
 ```
 
-If you want to use client-side encryption instead, you can instantiate the
-storage with an `Aws::S3::Encryption::Client` instance.
+**Client-side** encryption is supported as well:
 
 ```rb
-client = Aws::S3::Encryption::Client.new(
-  kms_key_id: "alias/my-key"
-)
+encryption_client = Aws::S3::EncryptionV2::Client.new(...)
+s3 = Shrine::Storage::S3.new(client: encryption_client, **other_options)
 
-Shrine::Storage::S3(client: client, bucket: "my-bucket")
+s3.upload(io, "key") # encrypts on upload
+s3.open("key")       # decrypts on download
 ```
 
 ## Accelerate endpoint
@@ -279,20 +308,18 @@ Alternatively you can periodically call the `#clear!` method:
 s3.clear! { |object| object.last_modified < Time.now - 7*24*60*60 }
 ```
 
-## Request Rate and Performance Guidelines
-
-Amazon S3 automatically scales to high request rates. For example, your
-application can achieve at least 3,500 PUT/POST/DELETE and 5,500 GET requests
-per second per prefix in a bucket (a prefix is a top-level "directory" in the
-bucket). If your app needs to support higher request rates to S3 than that, you
-can scale exponentially by using more prefixes.
-
+[AWS S3]: https://aws.amazon.com/s3/
+[MinIO]: https://min.io/
+[DigitalOcean Spaces]: https://www.digitalocean.com/products/spaces/
+[aws-sdk-s3]: https://rubygems.org/gems/aws-sdk-s3
 [uploading]: http://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#put-instance_method
 [copying]: http://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#copy_from-instance_method
 [presigning]: http://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#presigned_post-instance_method
 [`Aws::S3::Object#presigned_url`]: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#presigned_url-instance_method
-[aws-sdk-s3]: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-s3
 [Transfer Acceleration]: http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html
 [object lifecycle]: http://docs.aws.amazon.com/AmazonS3/latest/UG/lifecycle-configuration-bucket-no-versioning.html
 [serve private content via CloudFront]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
 [`Aws::CloudFront::UrlSigner`]: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CloudFront/UrlSigner.html
+[credentials]: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html
+[`Aws::S3::Object#presigned_post`]: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#presigned_post-instance_method
+[`Aws::S3::Object#presigned_url`]: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Object.html#presigned_url-instance_method