-
Notifications
You must be signed in to change notification settings - Fork 7
/
index.html
140 lines (126 loc) · 5.75 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
<!DOCTYPE html>
<html>
<head>
<title>S3 Signature Generator</title>
<link rel="stylesheet" type="text/css" href="css/normalize.css"/>
<link rel="stylesheet" type="text/css" href="css/siggenerator.css"/>
</head>
<body>
<div id="content">
<a href="https://github.com/dcartoon/s3-siggenerator"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"></a>
<h1>S3 Signature Generator</h1>
<hr/>
<p>
This is a tool to help you generate one-off signed Amazon S3 urls.
For more information about the S3 Signature protocol see Amazon's
<a href="http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html">Developer Guide</a>.
This is useful if you want to store files in a private S3 bucket
but still allow access to individuals without having to provide credentials
or alter access control lists.
</p>
<p style="font-style:italic;">
The signature generation process requires your AWS Credentials. It is a best practice
to not put your key into random forms on the Internet. Therefore, this tool
can also be downloaded off <a href="https://github.com/dcartoon/s3-siggenerator">Github</a>.
</p>
<h2>How does it work?</h2>
<p>
The signature generation process requires four pieces of information:
<ul>
<li>The url(bucket/file) to be accessed</li>
<li>Expiration time(in seconds since the Unix epoch)</li>
<li>AWS Access Key ID</li>
<li>AWS Secret Access Key</li>
</ul>
This information is used to create a signed query string that can be
used to download S3 files via the browser. Note that expiration is
calculated relative to your computer's time, so if your clock is
behind then your files will expire sooner than expected for everyone
else
</p>
<p>
This tool draws from the S3 Signature Tester by
<a href="https://forums.aws.amazon.com/profile.jspa?userID=14656">Chris@AWS</a>
available <a href="http://aws.amazon.com/code/199">here</a>.
</p>
<div class="box">
<h3>Inputs</h3>
<form onsubmit="return false;">
<div class="inputHolder">
<label for="urlToSign">Url to access(i.e. bucket/file.txt)</label>
<input type="text" size="50" name="urlToSign"/>
</div>
<div class="inputHolder">
<label for="expiresInSeconds">Number of seconds until the generated link expires</label>
<input type="text" size="50" name="expiresInSeconds"/>
</div>
<div class="inputHolder">
<label for="accessKey">AWS Access Key</label>
<input type="text" size="50" name="accessKey"/>
</div>
<div class="inputHolder">
<label for="secretAccessKey">AWS Secret Access Key</label>
<input type="text" size="50" name="secretAccessKey"/>
</div>
<div id="inputErrorHolder">
</div>
<div class="inputHolder">
<input type="submit" id="submit"/>
</div>
</form>
</div>
<div class="box">
<h3>Output</h3>
<div id="output">
</div>
</div>
</div>
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script src="js/siggenerator.js"></script>
<script type="text/javascript">
$('form').submit(function () {
var url =$.trim($('input[name=urlToSign]').val());
var ttl = $.trim($('input[name=expiresInSeconds]').val());
var accessKey = $.trim($('input[name=accessKey]').val());
var secretKey = $.trim($('input[name=secretAccessKey]').val());
var inputErrorHolder = $('#inputErrorHolder');
inputErrorHolder.empty();
if(!url) {
inputErrorHolder.append('URL is required<br/>');
return false;
}
if(!ttl) {
inputErrorHolder.append('Expires time is required<br/>');
return false;
}
if(!accessKey) {
inputErrorHolder.append('Access Key is required<br/>');
return false;
}
if(!secretKey) {
inputErrorHolder.append('Secret Key is required<br/>');
return false;
}
/* It's easy to forget the / prefix and it's also easy to fix */
if(url.charAt(0) != '/') {
url = '/' + url;
}
var secondsSinceEpoch = new Date().getTime() / 1000;
var expiresAt = Math.floor(secondsSinceEpoch + parseInt(ttl, 10));
$('#output').empty();
$('#output').append('Expires at: ' + expiresAt + '<br />');
var canonicalString = generateCanonicalString(url, expiresAt,
secretKey);
$('#output').append('Canonical string: ' + canonicalString +
'<br />');
var signature = generateSignature(url, expiresAt, secretKey);
$('#output').append('Signature: ' + signature + '<br />');
var signedUrl = generateSignedUrl(url, expiresAt, accessKey,
signature);
$('#output').append('<a href="' + signedUrl +'">' + signedUrl +
'</a>');
return false;
});
</script>
</body>
</html>