Functionality to generate pre-signed URLs

[Mosnar]

Description

There are a lot of situations where you might want to have a volume that doesn't have publicly accessible assets; however, you need to be able to generate URLs to allow a user to download them. S3 solves this with pre-signed URLs, which are short-lived public links to download objects.

Example use cases:

• Digital purchase downloads
• Invoices and receipts
• Gated documents

I propose incorporating this functionality in the S3 plugin via these features:

1. Add a behavior to Assets to generate a pre-signed URL. For example:

{{ invoice.getPresignedUrl(expiresIn = 'P1H', forceDownload = true)) }}

If the asset does not belong to an S3 volume or an exception occurs, the result would be null.

2. Add an element index action to copy a pre-signed URL for an asset. The life-span of this could be configured via config setting.

I have the functionality for the behavior created and am open to creating a pull request; however, my questions are:

1. Are you open this feature being in the S3 plugin and accepting a PR?
2. Should this be an interface in the Craft CMS repository so other volume types can implement consistently? (e.g. implements GeneratesSharableLinks)

[andris-sevcenko]

Currently, I'm inclined to say that it would be better off as a Craft CMS thing. Maybe still possible for 3.7.

We'll discuss this internally and I'll get back to you.

[kennethormandy]

It sounds like this is what the S3 Secure Downloads plugin I maintain already does. I agree it would be nice to see it at the Craft and Volume level, though.

The plugin is MIT licensed and could be partially incorporated here later, if it’s helpful.

@Mosnar In the meantime, happy to discuss adding those settings to the Twig API in addition to the global settings, if it would be helpful to you.

[mofman]

@brandonkelly was this enhancement abandoned? We're currently in process of building an intranet site using SSO and need all assets private.