Use S3 object store with presigned url

[frabe1579]

Summary

What about redirecting to a real-time created presigned url pointing to an s3 object?
Shlink shoult generate a new target/redirect link for every request to the shortened url (or with a short cache).
Giving to shlink access the the source s3 (compatible) bucket (endpoint, keys, region, ...) it should be able to generate new links to the same target when necessary.

Use case

I'm using shlink to distribute software to my customers.
The advantage is that I can give a fixed shortened url to my customers (they use it to download new versions but also to install on new workstations), and update its target/redirect with a new url on software update.
All softwares are stored in a public reachable s3 bucket, which contains binaries for different apps and different versions for every app.
The current solution is good enough, but it has a drawback: in some circumstancies the shortened link is publicly visible, and a malicious user can take a link and download the software via a ddos attach or similar, eating a lot of money of bandwidth for the downloaded software.
If the shortened link redirects to a temporary presigned url, the software archive can be made private, and the presigned url can have a very short expiration (i.e. 5 minutes), restricting the attach surface. Also, in the worst case, I can block the shortened url without touching the s3 bucket, stopping the attacker in short time.

What do you think about this? Can this be a useful feature? Or just something off topic?

[acelaya]

I'm afraid this is quite out of Shlink's scope. I'm not saying it would not be somewhat useful, but it's very specific and quite complex to do right, for the very few people that could benefit from something like this.