Custom expiry time setting for Amazon S3 download links (#3846)

* Less spartan expiry time for Amazon S3 download links. * Add URL expiry timespan to Amazon S3 URLs
RocketChat · Aug 2, 2016 · e954c08 · e954c08
1 parent 27d595f
commit e954c08
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 2 deletions.
diff --git a/packages/rocketchat-file-upload/server/config/configFileUploadAmazonS3.js b/packages/rocketchat-file-upload/server/config/configFileUploadAmazonS3.js
@@ -1,14 +1,14 @@
 /* globals Slingshot, FileUpload, AWS, SystemLogger */
 var crypto = Npm.require('crypto');
 
-var S3accessKey, S3secretKey;
+var S3accessKey, S3secretKey, S3expiryTimeSpan;
 
 var generateURL = function(file) {
 	if (!file || !file.s3) {
 		return;
 	}
 	let resourceURL = '/' + file.s3.bucket + '/' + file.s3.path + file._id;
-	let expires = parseInt(new Date().getTime() / 1000) + 60;
+	let expires = parseInt(new Date().getTime() / 1000) + Math.max(5, S3expiryTimeSpan);
 	let StringToSign = 'GET\n\n\n' + expires +'\n'+resourceURL;
 	let signature = crypto.createHmac('sha1', S3secretKey).update(new Buffer(StringToSign, 'utf-8')).digest('base64');
 	return file.url + '?AWSAccessKeyId='+encodeURIComponent(S3accessKey)+'&Expires='+expires+'&Signature='+encodeURIComponent(signature);
@@ -117,6 +117,11 @@ RocketChat.settings.get('FileUpload_S3_AWSSecretAccessKey', function(key, value)
 	createS3Directive();
 });
 
+RocketChat.settings.get('FileUpload_S3_URLExpiryTimeSpan', function(key, value) {
+	S3expiryTimeSpan = value;
+	createS3Directive();
+});
+
 RocketChat.settings.get('FileUpload_S3_CDN', createS3Directive);
 
 RocketChat.settings.get('FileUpload_S3_Region', createS3Directive);

diff --git a/packages/rocketchat-file-upload/server/startup/settings.js b/packages/rocketchat-file-upload/server/startup/settings.js
@@ -87,6 +87,14 @@ RocketChat.settings.addGroup('FileUpload', function() {
 			},
 			i18nDescription: 'Override_URL_to_which_files_are_uploaded_This_url_also_used_for_downloads_unless_a_CDN_is_given.'
 		});
+		this.add('FileUpload_S3_URLExpiryTimeSpan', 120, {
+			type: 'int',
+			enableQuery: {
+				_id: 'FileUpload_Storage_Type',
+				value: 'AmazonS3'
+			},
+			i18nDescription: 'FileUpload_S3_URLExpiryTimeSpan_Description'
+		});
 	});
 
 	this.section('File System', function() {

diff --git a/packages/rocketchat-lib/i18n/ca.i18n.json b/packages/rocketchat-lib/i18n/ca.i18n.json
@@ -434,6 +434,8 @@
   "FileUpload_S3_BucketURL" : "Bucket URL",
   "FileUpload_S3_CDN" : "Domini CDN per descàrregues",
   "FileUpload_S3_Region" : "Regió S3",
+  "FileUpload_S3_URLExpiryTimeSpan" : "Caducitat de les URL",
+  "FileUpload_S3_URLExpiryTimeSpan_Description" : "Temps després el qual les adreces d'Amazon S3 generades deixaran de ser vàlides (en segons). Si s'estableix a menys de 5 segons, aquest camp serà ignorat.",
   "FileUpload_Storage_Type" : "Tipus d'emmagatzematge",
   "Flags" : "Indicadors",
   "Follow_social_profiles" : "Segueix els nostres perfils, fes-nos un fork a GitHub i comparteix la teva opinió sobre Rocket.Chat al nostre tauler de Trello.",

diff --git a/packages/rocketchat-lib/i18n/en.i18n.json b/packages/rocketchat-lib/i18n/en.i18n.json
@@ -434,6 +434,8 @@
   "FileUpload_S3_BucketURL" : "Bucket URL",
   "FileUpload_S3_CDN" : "CDN domain for downloads",
   "FileUpload_S3_Region" : "Region",
+  "FileUpload_S3_URLExpiryTimeSpan" : "URLs expiration timespan",
+  "FileUpload_S3_URLExpiryTimeSpan_Description" : "Time after which Amazon S3 generated URLs will no longer be valid (in seconds). If set to less than 5 seconds, this field will be ignored.",
   "FileUpload_Storage_Type" : "Storage Type",
   "Flags" : "Flags",
   "Follow_social_profiles" : "Follow our social profiles, fork us on github and share your thoughts about the rocket.chat app on our trello board.",