Merge pull request #1603 from rubenvandeven/fix/s3v4

Fix #358 - migrate to S3 policy v4 to support AWS4-HMAC-SHA256

Author: catarak

client/modules/IDE/actions/uploader.js

@@ -77,9 +77,6 @@ export function dropzoneSendingCallback(file, xhr, formData) {
       Object.keys(file.postData).forEach((key) => {
         formData.append(key, file.postData[key]);
       });
-      formData.append('Content-type', file.type);
-      formData.append('Content-length', '');
-      formData.append('acl', 'public-read');
     }
   };
 }

package-lock.json

@@ -215,7 +215,7 @@
     "request": "^2.88.2",
     "request-promise": "^4.2.5",
     "reselect": "^4.0.0",
-    "s3-policy": "^0.2.0",
+    "s3-policy-v4": "0.0.3",
     "sass-extract": "^2.1.0",
     "sass-extract-js": "^0.4.0",
     "sass-extract-loader": "^1.1.0",

package.json

@@ -1,9 +1,12 @@
 import uuid from 'node-uuid';
-import policy from 's3-policy';
+import S3Policy from 's3-policy-v4';
 import s3 from '@auth0/s3';
+import mongoose from 'mongoose';
 import { getProjectsForUserId } from './project.controller';
 import { findUserByUsername } from './user.controller';
 
+const { ObjectId } = mongoose.Types;
+
 const client = s3.createClient({
   maxAsyncS3: 20,
   s3RetryCount: 3,
@@ -18,7 +21,7 @@ const client = s3.createClient({
 });
 
 const s3Bucket = process.env.S3_BUCKET_URL_BASE ||
-                 `https://s3-${process.env.AWS_REGION}.amazonaws.com/${process.env.S3_BUCKET}/`;
+  `https://s3-${process.env.AWS_REGION}.amazonaws.com/${process.env.S3_BUCKET}/`;
 
 function getExtension(filename) {
   const i = filename.lastIndexOf('.');
@@ -27,14 +30,10 @@ function getExtension(filename) {
 
 export function getObjectKey(url) {
   const urlArray = url.split('/');
-  let objectKey;
-  if (urlArray.length === 5) {
-    const key = urlArray.pop();
-    const userId = urlArray.pop();
-    objectKey = `${userId}/${key}`;
-  } else {
-    const key = urlArray.pop();
-    objectKey = key;
+  const objectKey = urlArray.pop();
+  const userId = urlArray.pop();
+  if (ObjectId.isValid(userId) && userId === new ObjectId(userId).toString()) {
+    return `${userId}/${objectKey}`;
   }
   return objectKey;
 }
@@ -81,21 +80,17 @@ export function signS3(req, res) {
   const fileExtension = getExtension(req.body.name);
   const filename = uuid.v4() + fileExtension;
   const acl = 'public-read';
-  const p = policy({
+  const policy = S3Policy.generate({
     acl,
-    secret: process.env.AWS_SECRET_KEY,
-    length: 5000000, // in bytes?
+    key: `${req.body.userId}/${filename}`,
     bucket: process.env.S3_BUCKET,
-    key: filename,
-    expires: new Date(Date.now() + 60000),
+    contentType: req.body.type,
+    region: process.env.AWS_REGION,
+    accessKey: process.env.AWS_ACCESS_KEY,
+    secretKey: process.env.AWS_SECRET_KEY,
+    metadata: []
   });
-  const result = {
-    AWSAccessKeyId: process.env.AWS_ACCESS_KEY,
-    key: `${req.body.userId}/${filename}`,
-    policy: p.policy,
-    signature: p.signature
-  };
-  res.json(result);
+  res.json(policy);
 }
 
 export function copyObjectInS3(url, userId) {