def signed_download_url(self, path: str, version: Optional[str] = None, max_age: int = 30) -> str: """ Sign a path to authenticate download. The url is valid for between max_age seconds and max_age + expiry_rounding seconds. https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth """ assert not path.startswith('/'), 'path should not start with /' url = URL(f'https://{self._aws_client.host}/{path}') url = self._aws_client.add_signed_download_params('GET', url, max_age) if version: url = url.copy_add_param('v', version) return str(url)
def add_signed_download_params(self, method: Literal['GET', 'POST'], url: URL, expires: int = 86400) -> URL: assert expires >= 1, f'expires must be greater than or equal to 1, not {expires}' assert expires <= 604800, f'expires must be less than or equal to 604800, not {expires}' now = utcnow() url = url.copy_merge_params({ 'X-Amz-Algorithm': _AUTH_ALGORITHM, 'X-Amz-Credential': self._aws4_credential(now), 'X-Amz-Date': _aws4_x_amz_date(now), 'X-Amz-Expires': str(expires), 'X-Amz-SignedHeaders': 'host', }) _, signature = self._aws4_signature(now, method, url, {'host': self.host}, 'UNSIGNED-PAYLOAD') return url.copy_add_param('X-Amz-Signature', signature)