How to generate an expiring URL for content on AWS S3

Question

How to generate an expiring URL for content on AWS S3

I would like to create a temporary url for users to download content from my aws-s3 bucket. Is there a tutorial on how this can be done quickly and easily? I am using php for my server side code.

+4

php amazon-s3

Kern elliott Nov 18 '14 at 19:40

source share

2 answers

ceejayoz · Answer 1 · 2014-11-19T17:16:28+0000

This functionality is built into S3 and its PHP SDK.

http://docs.aws.amazon.com/aws-sdk-php/guide/latest/service-s3.html#creating-a-pre-signed-url

// Get a pre-signed URL for an Amazon S3 object
// $client is an instance of AWS SDK S3Client
$signedUrl = $client->getObjectUrl('my-bucket', 'filename.ext', '+10 minutes');
// > https://my-bucket.s3.amazonaws.com/filename.ext?AWSAccessKeyId=[...]&Expires=[...]&Signature=[...]

mti2935 · Answer 2 · 2014-11-18T19:48:24+0000

One way to do this is to encrypt the current date and time using a symmetric encryption function such as mcrypt_encrypt. The ciphertext is then appended to the URL as a query string.

, URL- , URL script , . , .

script, :

        <?
        define('ENCRYPTION_KEY', '9ab6c9abcd827e8726f92275f87e7abc820937d87e871c85e982d8eb08ba87ef');  // this is super-secret.  don't let it get out!
        $expiration=300;  //link expires in 300 seconds

        $expirationtime=time()+$expiration;
        //print $expirationtime;
        $URL="http://hostname.domain.tld/path/to/validationscript.php?" . urlencode(mc_encrypt($expirationtime, ENCRYPTION_KEY));
        print "Link is: <BR>" . $URL . "<BR><BR>Please note that this link is valid only for " . $expiration . " seconds.";


        // Encrypt Function
        function mc_encrypt($encrypt, $key){
            $encrypt = serialize($encrypt);
            $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
            $key = pack('H*', $key);
            $mac = hash_hmac('sha256', $encrypt, substr(bin2hex($key), -32));
            $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt.$mac, MCRYPT_MODE_CBC, $iv);
            $encoded = base64_encode($passcrypt).'|'.base64_encode($iv);
            return $encoded;
        }
        ?>

, script, : .

http://hostname.domain.tld/path/to/validationscript.php?FsUBxPBe88SFu1wlJav8Wk23nnyGfdi%2FP4p95lK7DuErfjGDhUB8%2B1G02WeDqfb8krFjo5ABNRlcTwTs7eNDAzh2ixPsBFUqZWYaRyOQHDaEiuHA0SLpZVQH8SAnnGiQ%7C3LmPuTeozYqr3HhMIGC%2FoBM2Kd6qfb81LYgPZjmgpC8%3D

script , , :

            <?
            define('ENCRYPTION_KEY', '9ab6c9abcd827e8726f92275f87e7abc820937d87e871c85e982d8eb08ba87ef');  // this is super-secret.  don't let it get out!

            $expirationtime=mc_decrypt(urldecode($_SERVER['QUERY_STRING']), ENCRYPTION_KEY);
            if(time()<$expirationtime) {
                print "link is still valid.<BR>";
            } else {
                print "link is no longer valid.<BR>";
            }


            // Decrypt Function
            function mc_decrypt($decrypt, $key){
                $decrypt = explode('|', $decrypt);
                $decoded = base64_decode($decrypt[0]);
                $iv = base64_decode($decrypt[1]);
                $key = pack('H*', $key);        
                $decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_CBC, $iv));
                $mac = substr($decrypted, -64);
                $decrypted = substr($decrypted, 0, -64);
                $calcmac = hash_hmac('sha256', $decrypted, substr(bin2hex($key), -32));
                if($calcmac!==$mac){ return false; }
                $decrypted = unserialize($decrypted);
                return $decrypted;
            }

            ?>

How to generate an expiring URL for content on AWS S3

More articles: