diff --git a/client/modules/IDE/actions/uploader.js b/client/modules/IDE/actions/uploader.js index eca1ffe6..1bff2671 100644 --- a/client/modules/IDE/actions/uploader.js +++ b/client/modules/IDE/actions/uploader.js @@ -77,9 +77,6 @@ export function dropzoneSendingCallback(file, xhr, formData) { Object.keys(file.postData).forEach((key) => { formData.append(key, file.postData[key]); }); - formData.append('Content-type', file.type); - formData.append('Content-length', ''); - formData.append('acl', 'public-read'); } }; } diff --git a/package-lock.json b/package-lock.json index cf191511..29734a1c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12926,6 +12926,11 @@ "randomfill": "^1.0.3" } }, + "crypto-js": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.3.0.tgz", + "integrity": "sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q==" + }, "crypto-random-string": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-1.0.0.tgz", @@ -33865,10 +33870,26 @@ "tslib": "^1.9.0" } }, - "s3-policy": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/s3-policy/-/s3-policy-0.2.0.tgz", - "integrity": "sha1-g8NFMBrv7HSJzmnialFTk1BluKw=" + "s3-policy-v4": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/s3-policy-v4/-/s3-policy-v4-0.0.3.tgz", + "integrity": "sha1-tz7ID4YYDnWE4HUTxzzmKwYLrdc=", + "requires": { + "buffer": "^4.6.0", + "crypto-js": "^3.1.6" + }, + "dependencies": { + "buffer": { + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz", + "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==", + "requires": { + "base64-js": "^1.0.2", + "ieee754": "^1.1.4", + "isarray": "^1.0.0" + } + } + } }, "safe-buffer": { "version": "5.1.2", diff --git a/package.json b/package.json index 3d1d85af..117bb1aa 100644 --- a/package.json +++ b/package.json @@ -215,7 +215,7 @@ "request": "^2.88.2", "request-promise": "^4.2.5", "reselect": "^4.0.0", - "s3-policy": "^0.2.0", + "s3-policy-v4": "0.0.3", "sass-extract": "^2.1.0", "sass-extract-js": "^0.4.0", "sass-extract-loader": "^1.1.0", diff --git a/server/controllers/aws.controller.js b/server/controllers/aws.controller.js index a315f1d4..5582e7c1 100644 --- a/server/controllers/aws.controller.js +++ b/server/controllers/aws.controller.js @@ -1,5 +1,5 @@ import uuid from 'node-uuid'; -import policy from 's3-policy'; +import S3Policy from 's3-policy-v4'; import s3 from '@auth0/s3'; import { getProjectsForUserId } from './project.controller'; import { findUserByUsername } from './user.controller'; @@ -80,22 +80,19 @@ export function signS3(req, res) { } const fileExtension = getExtension(req.body.name); const filename = uuid.v4() + fileExtension; - const acl = 'public-read'; - const p = policy({ + const acl = 'private'; + const policy = S3Policy.generate({ acl, - secret: process.env.AWS_SECRET_KEY, - length: 5000000, // in bytes? - bucket: process.env.S3_BUCKET, key: filename, - expires: new Date(Date.now() + 60000), + bucket: process.env.S3_BUCKET, + contentType: req.body.type, + region: process.env.AWS_REGION, + accessKey: process.env.AWS_ACCESS_KEY, + secretKey: process.env.AWS_SECRET_KEY, + // metadata: {'x-amz-meta-lat': '41.891',...} (optional) + metadata: [] }); - const result = { - AWSAccessKeyId: process.env.AWS_ACCESS_KEY, - key: `${req.body.userId}/${filename}`, - policy: p.policy, - signature: p.signature - }; - res.json(result); + res.json(policy); } export function copyObjectInS3(url, userId) {