S3: connect v4 presigned URL support to storage

omeka · May 29, 2024 · 1ce89ad · 1ce89ad
1 parent 037a8d7
commit 1ce89ad
Showing 1 changed file with 33 additions and 17 deletions.
diff --git a/application/libraries/Omeka/Storage/Adapter/ZendS3.php b/application/libraries/Omeka/Storage/Adapter/ZendS3.php
@@ -221,30 +221,46 @@ public function getUri($path)
         $uri = "$endpoint/$object";
 
         if ($expiration = $this->_getExpiration()) {
-            $timestamp = time();
-            $expirationSeconds = $expiration * 60;
-            $expires = $timestamp + $expirationSeconds;
-            // "Chunk" expirations to allow browser caching
-            $expires = $expires + $expirationSeconds - ($expires % $expirationSeconds);
+            if ($this->_sigV4) {
+                $uri .= '?' . $this->_getPresignedQueryV4("/$object", $expiration);
+            } else {
+                $uri .= '?' . $this->_getPresignedQueryV2("/$object", $expiration);
+            }
+        }
+
+        return $uri;
+    }
 
-            $accessKeyId = $this->_options[self::AWS_KEY_OPTION];
-            $secretKey = $this->_options[self::AWS_SECRET_KEY_OPTION];
+    protected function _getPresignedQueryV2($path, $expiration)
+    {
+        $timestamp = time();
+        $expirationSeconds = $expiration * 60;
+        $expires = $timestamp + $expirationSeconds;
+        // "Chunk" expirations to allow browser caching
+        $expires = $expires + $expirationSeconds - ($expires % $expirationSeconds);
 
-            $stringToSign = "GET\n\n\n$expires\n/$object";
+        $accessKeyId = $this->_options[self::AWS_KEY_OPTION];
+        $secretKey = $this->_options[self::AWS_SECRET_KEY_OPTION];
 
-            $signature = base64_encode(
-                Zend_Crypt_Hmac::compute($secretKey, 'sha1', $stringToSign, Zend_Crypt_Hmac::BINARY));
+        $stringToSign = "GET\n\n\n$expires\n$path";
 
-            $query['AWSAccessKeyId'] = $accessKeyId;
-            $query['Expires'] = $expires;
-            $query['Signature'] = $signature;
+        $signature = base64_encode(
+            Zend_Crypt_Hmac::compute($secretKey, 'sha1', $stringToSign, Zend_Crypt_Hmac::BINARY));
 
-            $queryString = http_build_query($query);
+        $query['AWSAccessKeyId'] = $accessKeyId;
+        $query['Expires'] = $expires;
+        $query['Signature'] = $signature;
 
-            $uri .= "?$queryString";
-        }
+        return http_build_query($query);
+    }
 
-        return $uri;
+    protected function _getPresignedQueryV4($path, $expiration)
+    {
+        $expirationSeconds = $expiration * 60;
+        // SigV4 expirations are limited to 7 days
+        $expires = min($expirationSeconds, 604800);
+
+        return $this->_s3->getPresignedURLQuery($path, $expires);
     }
 
     /**