Why does S3 (using with boto and django-storages) give signed url even for public files?

StackOverflow https://stackoverflow.com/questions/16777900

سؤال

This is strange. I have mix of public as well as private files. I want normal urls in public files, and signed urls in private files.

I tried to change AWS_QUERYSTRING_AUTH to False as I see by default, it's True in django-storages.

But, when I change it, my private files url is not signed (thus not accessible).

May be I am missing something here. What can be solution?

Thanks in advance.

هل كانت مفيدة؟

المحلول

AWS_QUERYSTRING_AUTH sets the default behavior, but you can override it when you create an instance of S3BotoStorage, by passing in an additional argument to the initializer:

S3BotoStorage(bucket="foo", querystring_auth=False)

So if you have one bucket private and another bucket public, you can set the querystring_auth argument appropriately and get your desired behavior.

نصائح أخرى

put this in your settings.py

AWS_QUERYSTRING_AUTH = False

Another way to get around this is to set AWS_S3_CUSTOM_DOMAIN in your settings. @see: https://github.com/jschneier/django-storages/blob/master/storages/backends/s3boto.py#L478

(tested with boto==2.38.0 and django-storages-redux==1.3)

You can create separate storage types for separate folders, directories and manage the access permission there.

With Django - create a file you can call "storage_aws.py" and add the following:

from storages.backends.s3boto3 import S3Boto3Storage

class PublicMediaStorage(S3Boto3Storage):
    location = 'media/location2/public'
    default_acl = 'public-read'
    file_overwrite = False
    querystring_auth=False

class PrivateMediaStorage(S3Boto3Storage):
    location = 'media/location1/private'
    default_acl = 'private'
    file_overwrite = False
    custom_domain = False
    querystring_auth=True

use default_acl to define the access (public or private) use location to define location - (you can specify paths) like

location1 = 'media/location1/private'
location2 = 'media/location2/public'

*Note the querystring_auth=False or True

Then when you define your model, you can specify which location to use for which model

from django.db import models
from appname.storage_aws import PublicMediaStorage, PrivateMediaStorage


class Upload(models.Model):
    file = models.FileField(storage=PublicMediaStorage())


class UploadPrivate(models.Model):
    file = models.FileField(storage=PrivateMediaStorage())

The private files will have query string while the public ones will not, as defined in the "storage_aws.py' file

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top