def signed_download_url(self,
path: str,
version: Optional[str] = None,
max_age: int = 30) -> str:
"""
Sign a path to authenticate download.
The url is valid for between max_age seconds and max_age + expiry_rounding seconds.
https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth
"""
assert not path.startswith('/'), 'path should not start with /'
url = URL(f'https://{self._aws_client.host}/{path}')
url = self._aws_client.add_signed_download_params('GET', url, max_age)
if version:
url = url.copy_add_param('v', version)
return str(url)
def add_signed_download_params(self,
method: Literal['GET', 'POST'],
url: URL,
expires: int = 86400) -> URL:
assert expires >= 1, f'expires must be greater than or equal to 1, not {expires}'
assert expires <= 604800, f'expires must be less than or equal to 604800, not {expires}'
now = utcnow()
url = url.copy_merge_params({
'X-Amz-Algorithm':
_AUTH_ALGORITHM,
'X-Amz-Credential':
self._aws4_credential(now),
'X-Amz-Date':
_aws4_x_amz_date(now),
'X-Amz-Expires':
str(expires),
'X-Amz-SignedHeaders':
'host',
})
_, signature = self._aws4_signature(now, method, url,
{'host': self.host},
'UNSIGNED-PAYLOAD')
return url.copy_add_param('X-Amz-Signature', signature)