Fog authenticated URL with S3/CloudFront

Question

I'm using Carrierwave to upload files to my app. I'm also using the Fog gem to store my files on S3, and on top of that, I'm creating a distribution in CloudFront for everything inside my bucket.

I have several questions...

1. I need to create 'file downloads', so I need to edit response-content-disposition. It seems to be (looking at examples), this can already be done with Fog or Carrierwave... but when I try passing in url(20, :query => { "response-content-disposition" => "xyz" }) like the documentation says (20 is the expire time), it states that it only expects one argument. So my question is, how do I set an expire time for URL's?

After I couldn't find anything there, I tried authenticated_url which also only takes 1 argument, and puts the expire time at 10 minutes. I'm sure I can set this globally in a config but I have no idea why I wouldn't be able to set this on a per link basis?

Here is the code I have so far:

def download_link(download)                                                
  file      = download.filename.file                                       
  filename  = file.filename                                                
  extension = file.extension                                               

  options = {                                                              
    :query => {                                                            
      "response-content-type"        => download_content_type(extension),  
      "response-content-disposition" => "attachment; filename=#{filename}" 
    }                                                                      
  }                                                                        

  file.authenticated_url(options)                                          
end  

1. It's my understanding that I cannot have a CF Distribution which is both private and public. I have no problem making my download links all private, but the images on my site are also hosted here... which means every image on my site would need an authenticated URL. That wouldnt be so bad I suppose unless later on I want to cache, which would be a problem. So, I suppose here my best bet would be to make a new bucket just for images that is public?

Answer 1

I guess maybe I answered above, but for the sake of answers instead of comments:

1. I think you should be able to modify the expiry by setting fog_authenticated_url_expiration in your carrierwave config.
2. Yes, if you want separate public files, you should just have a separate bucket and possibly distribution.
3. What are you getting back out from this authenticated_url? Sounds like it isn't what you expect, but knowing what it is should help.

Thanks.