feat: Support IAM role authentication for S3 (#2830)

closes #2829
2021-12-11 01:08:03 +00:00
parent 05b9ae3e63
commit 11e14bc4f5
12 changed files with 44 additions and 19 deletions
--- a/server/routes/api/attachments.test.ts
+++ b/server/routes/api/attachments.test.ts
@@ -15,6 +15,7 @@ const app = webService();
 const server = new TestServer(app.callback());
 jest.mock("aws-sdk", () => {
  const mS3 = {
+    createPresignedPost: jest.fn(),
    deleteObject: jest.fn().mockReturnThis(),
    promise: jest.fn(),
  };
--- a/server/routes/api/attachments.ts
+++ b/server/routes/api/attachments.ts
@@ -1,4 +1,3 @@
-import { format } from "date-fns";
 import Router from "koa-router";
 import { v4 as uuidv4 } from "uuid";
 import { NotFoundError } from "@server/errors";
@@ -6,10 +5,8 @@ import auth from "@server/middlewares/authentication";
 import { Attachment, Document, Event } from "@server/models";
 import policy from "@server/policies";
 import {
-  makePolicy,
-  getSignature,
+  getPresignedPost,
  publicS3Endpoint,
-  makeCredential,
  getSignedUrl,
 } from "@server/utils/s3";
 import { assertPresent } from "@server/validation";
@@ -34,9 +31,7 @@ router.post("attachments.create", auth(), async (ctx) => {
      : "private";
  const bucket = acl === "public-read" ? "public" : "uploads";
  const key = `${bucket}/${user.id}/${s3Key}/${name}`;
-  const credential = makeCredential();
-  const longDate = format(new Date(), "yyyyMMdd'T'HHmmss'Z'");
-  const policy = makePolicy(credential, longDate, acl, contentType);
+  const presignedPost = await getPresignedPost(key, acl, contentType);
  const endpoint = publicS3Endpoint();
  const url = `${endpoint}/${key}`;

@@ -73,13 +68,7 @@ router.post("attachments.create", auth(), async (ctx) => {
      form: {
        "Cache-Control": "max-age=31557600",
        "Content-Type": contentType,
-        acl,
-        key,
-        policy,
-        "x-amz-algorithm": "AWS4-HMAC-SHA256",
-        "x-amz-credential": credential,
-        "x-amz-date": longDate,
-        "x-amz-signature": getSignature(policy),
+        ...presignedPost.fields,
      },
      attachment: {
        documentId,
--- a/server/routes/api/fileOperations.test.ts
+++ b/server/routes/api/fileOperations.test.ts
@@ -15,6 +15,7 @@ const app = webService();
 const server = new TestServer(app.callback());
 jest.mock("aws-sdk", () => {
  const mS3 = {
+    createPresignedPost: jest.fn(),
    deleteObject: jest.fn().mockReturnThis(),
    promise: jest.fn(),
  };
--- a/server/routes/api/utils.test.ts
+++ b/server/routes/api/utils.test.ts
@@ -11,6 +11,7 @@ const app = webService();
 const server = new TestServer(app.callback());
 jest.mock("aws-sdk", () => {
  const mS3 = {
+    createPresignedPost: jest.fn(),
    deleteObject: jest.fn().mockReturnThis(),
    promise: jest.fn(),
  };