Fix #358 - migrate to S3 policy v4 to support AWS4-HMAC-SHA256

client/modules/IDE/actions/uploader.js

@@ -77,9 +77,6 @@ export function dropzoneSendingCallback(file, xhr, formData) {
       Object.keys(file.postData).forEach((key) => {
         formData.append(key, file.postData[key]);
       });
-      formData.append('Content-type', file.type);
-      formData.append('Content-length', '');
-      formData.append('acl', 'public-read');
     }
   };
 }

package-lock.json

@@ -12926,6 +12926,11 @@
         "randomfill": "^1.0.3"
       }
     },
+    "crypto-js": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.3.0.tgz",
+      "integrity": "sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q=="
+    },
     "crypto-random-string": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-1.0.0.tgz",
@@ -33865,10 +33870,26 @@
         "tslib": "^1.9.0"
       }
     },
-    "s3-policy": {
+    "s3-policy-v4": {
-      "version": "0.2.0",
+      "version": "0.0.3",
-      "resolved": "https://registry.npmjs.org/s3-policy/-/s3-policy-0.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/s3-policy-v4/-/s3-policy-v4-0.0.3.tgz",
-      "integrity": "sha1-g8NFMBrv7HSJzmnialFTk1BluKw="
+      "integrity": "sha1-tz7ID4YYDnWE4HUTxzzmKwYLrdc=",
+      "requires": {
+        "buffer": "^4.6.0",
+        "crypto-js": "^3.1.6"
+      },
+      "dependencies": {
+        "buffer": {
+          "version": "4.9.2",
+          "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz",
+          "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==",
+          "requires": {
+            "base64-js": "^1.0.2",
+            "ieee754": "^1.1.4",
+            "isarray": "^1.0.0"
+          }
+        }
+      }
     },
     "safe-buffer": {
       "version": "5.1.2",

package.json

@@ -215,7 +215,7 @@
     "request": "^2.88.2",
     "request-promise": "^4.2.5",
     "reselect": "^4.0.0",
-    "s3-policy": "^0.2.0",
+    "s3-policy-v4": "0.0.3",
     "sass-extract": "^2.1.0",
     "sass-extract-js": "^0.4.0",
     "sass-extract-loader": "^1.1.0",

server/controllers/aws.controller.js

@@ -1,5 +1,5 @@
 import uuid from 'node-uuid';
-import policy from 's3-policy';
+import S3Policy from 's3-policy-v4';
 import s3 from '@auth0/s3';
 import { getProjectsForUserId } from './project.controller';
 import { findUserByUsername } from './user.controller';
@@ -80,22 +80,19 @@ export function signS3(req, res) {
   }
   const fileExtension = getExtension(req.body.name);
   const filename = uuid.v4() + fileExtension;
-  const acl = 'public-read';
+  const acl = 'private';
-  const p = policy({
+  const policy = S3Policy.generate({
     acl,
-    secret: process.env.AWS_SECRET_KEY,
-    length: 5000000, // in bytes?
-    bucket: process.env.S3_BUCKET,
     key: filename,
-    expires: new Date(Date.now() + 60000),
+    bucket: process.env.S3_BUCKET,
+    contentType: req.body.type,
+    region: process.env.AWS_REGION,
+    accessKey: process.env.AWS_ACCESS_KEY,
+    secretKey: process.env.AWS_SECRET_KEY,
+    // metadata: {'x-amz-meta-lat': '41.891',...} (optional)
+    metadata: []
   });
-  const result = {
+  res.json(policy);
-    AWSAccessKeyId: process.env.AWS_ACCESS_KEY,
-    key: `${req.body.userId}/${filename}`,
-    policy: p.policy,
-    signature: p.signature
-  };
-  res.json(result);
 }
 
 export function copyObjectInS3(url, userId) {