minio-js icon indicating copy to clipboard operation
minio-js copied to clipboard

Published 20 hours ago verified publisher icon minio

generate presigned url using the specified hash

Open Zazck opened this issue 6 years ago • 4 comments

https://github.com/minio/minio-js/blob/6459c82a02fe6dfaeed1f5d870681e1a8733f683/src/main/signing.js#L257

currently presigned put request has a fixed 'UNSIGNED-PAYLOAD' which should be replaced by a real file hash when ' X-Amz-Content-Sha256' was precaculated by browser

I didn't found any other way to change it without modifying the source.

for myself, I wrote following code:

var unsignedPayload = 'UNSIGNED-PAYLOAD';
var hashedPayload;
var reqParams = querystring.parse(query);
if ('X-Amz-Content-Sha256' in reqParams) {
  hashedPayload = reqParams['X-Amz-Content-Sha256'];
} else {
  hashedPayload = unsignedPayload;
}

and for usage:

const presigned = await minio.presignedUrl('PUT', 'data', 'testfile.jpg', 5 * 60, {
  'X-Amz-Content-Sha256': 'adf879c749266508e488791329a41f74a5a093196ed9f57489eed9676549ae26',
});

I think it's very ugly.

Zazck avatar Sep 16 '19 12:09 Zazck

thanks we'll take a look @Zazck

nitisht avatar Sep 16 '19 13:09 nitisht

AWS S3 doc recommends having UNSIGNED-PAYLOAD for presigned requests https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

You don't include a payload hash in the Canonical Request, because when you create a presigned URL, you don't know the payload content because the URL is used to upload an arbitrary payload. Instead, you use a constant string UNSIGNED-PAYLOAD.

kanagarajkm avatar Sep 30 '19 10:09 kanagarajkm

@kanagarajkm The basic idea is, I would let user browser caculate the file hash before they upload, the filename will be the previously calculated hash, and then send those hashes to other participants who are waiting for the file. They should be able to get the file link(generated by hash) immediately even it's not available, The uploader must then upload the file content that has precalculated hash posted before, other participants will receive a signal upon completion of the upload.

Since the message containing the file hash should have some text content that should not be blocked by the file upload, and the sent message must contain a file hash for the local history, it seems reasonable to use a presigned url to resolve the problem.

And in this case, UNSIGNED-PAYLOAD won't work.

Zazck avatar Sep 30 '19 13:09 Zazck

Something new about this @Zazck ? I've the same problem.

gcuellar avatar Nov 02 '22 20:11 gcuellar