Fix #358 - migrate to S3 policy v4 to support AWS4-HMAC-SHA256

2020-09-04 22:08:38 +02:00 · 2020-09-04 22:08:38 +02:00 · cf0cd38269
parent b7ab455518
commit cf0cd38269
4 changed files with 37 additions and 22 deletions
--- a/client/modules/IDE/actions/uploader.js
+++ b/client/modules/IDE/actions/uploader.js
@ -77,9 +77,6 @@ export function dropzoneSendingCallback(file, xhr, formData) {
      Object.keys(file.postData).forEach((key) => {
        formData.append(key, file.postData[key]);
      });
-      formData.append('Content-type', file.type);
-      formData.append('Content-length', '');
-      formData.append('acl', 'public-read');
    }
  };
 }
--- a/package-lock.json
+++ b/package-lock.json
@ -12926,6 +12926,11 @@
        "randomfill": "^1.0.3"
      }
    },
+    "crypto-js": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.3.0.tgz",
+      "integrity": "sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q=="
+    },
    "crypto-random-string": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-1.0.0.tgz",
@ -33865,10 +33870,26 @@
        "tslib": "^1.9.0"
      }
    },
-    "s3-policy": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/s3-policy/-/s3-policy-0.2.0.tgz",
-      "integrity": "sha1-g8NFMBrv7HSJzmnialFTk1BluKw="
+    "s3-policy-v4": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/s3-policy-v4/-/s3-policy-v4-0.0.3.tgz",
+      "integrity": "sha1-tz7ID4YYDnWE4HUTxzzmKwYLrdc=",
+      "requires": {
+        "buffer": "^4.6.0",
+        "crypto-js": "^3.1.6"
+      },
+      "dependencies": {
+        "buffer": {
+          "version": "4.9.2",
+          "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz",
+          "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==",
+          "requires": {
+            "base64-js": "^1.0.2",
+            "ieee754": "^1.1.4",
+            "isarray": "^1.0.0"
+          }
+        }
+      }
    },
    "safe-buffer": {
      "version": "5.1.2",
--- a/package.json
+++ b/package.json
@ -215,7 +215,7 @@
    "request": "^2.88.2",
    "request-promise": "^4.2.5",
    "reselect": "^4.0.0",
-    "s3-policy": "^0.2.0",
+    "s3-policy-v4": "0.0.3",
    "sass-extract": "^2.1.0",
    "sass-extract-js": "^0.4.0",
    "sass-extract-loader": "^1.1.0",
--- a/server/controllers/aws.controller.js
+++ b/server/controllers/aws.controller.js
@ -1,5 +1,5 @@
 import uuid from 'node-uuid';
-import policy from 's3-policy';
+import S3Policy from 's3-policy-v4';
 import s3 from '@auth0/s3';
 import { getProjectsForUserId } from './project.controller';
 import { findUserByUsername } from './user.controller';
@ -80,22 +80,19 @@ export function signS3(req, res) {
  }
  const fileExtension = getExtension(req.body.name);
  const filename = uuid.v4() + fileExtension;
-  const acl = 'public-read';
-  const p = policy({
+  const acl = 'private';
+  const policy = S3Policy.generate({
    acl,
-    secret: process.env.AWS_SECRET_KEY,
-    length: 5000000, // in bytes?
-    bucket: process.env.S3_BUCKET,
    key: filename,
-    expires: new Date(Date.now() + 60000),
+    bucket: process.env.S3_BUCKET,
+    contentType: req.body.type,
+    region: process.env.AWS_REGION,
+    accessKey: process.env.AWS_ACCESS_KEY,
+    secretKey: process.env.AWS_SECRET_KEY,
+    // metadata: {'x-amz-meta-lat': '41.891',...} (optional)
+    metadata: []
  });
-  const result = {
-    AWSAccessKeyId: process.env.AWS_ACCESS_KEY,
-    key: `${req.body.userId}/${filename}`,
-    policy: p.policy,
-    signature: p.signature
-  };
-  res.json(result);
+  res.json(policy);
 }

 export function copyObjectInS3(url, userId) {