Skip to content

Commit

Permalink
add configuration for server-side encrypted s3 uploads
Browse files Browse the repository at this point in the history
  • Loading branch information
@rauhryan
rauhryan committed Jan 9, 2016
1 parent f2f9e5b commit 6f835b4
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 48 deletions.
2 changes: 1 addition & 1 deletion Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ gem 'faraday-http-cache'
gem 'connection_pool'
gem 'addressable'
gem 'kgio'
gem 'carrierwave_direct'
gem 'carrierwave_direct', :github => 'huboard/carrierwave_direct'
gem 'memcachier'
gem 'solid_use_case'
gem 'faye'
Expand Down
109 changes: 73 additions & 36 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
GIT
remote: git://github.com/huboard/carrierwave_direct.git
revision: 59f51f1fe3c6c221db5a25b7675dafb59f40f861
specs:
carrierwave_direct (0.0.15)
carrierwave
fog
uuidtools

PATH
remote: vendor/engines/saas
specs:
Expand All @@ -14,7 +23,7 @@ PATH
GEM
remote: https://rubygems.org/
specs:
CFPropertyList (2.3.1)
CFPropertyList (2.3.2)
actionmailer (4.2.0)
actionpack (= 4.2.0)
actionview (= 4.2.0)
Expand Down Expand Up @@ -71,10 +80,6 @@ GEM
activesupport (>= 3.2.0)
json (>= 1.7)
mime-types (>= 1.16)
carrierwave_direct (0.0.15)
carrierwave
fog
uuidtools
celluloid (0.16.0)
timers (~> 4.0.0)
coderay (1.1.0)
Expand Down Expand Up @@ -118,7 +123,7 @@ GEM
ethon (0.8.0)
ffi (>= 1.3.0)
eventmachine (1.0.7)
excon (0.44.4)
excon (0.45.4)
execjs (2.4.0)
faraday (0.9.2)
multipart-post (>= 1.2, < 3)
Expand All @@ -144,13 +149,18 @@ GEM
ffi (1.9.10)
fission (0.5.0)
CFPropertyList (~> 2.2)
fog (1.28.0)
fog (1.37.0)
fog-aliyun (>= 0.1.0)
fog-atmos
fog-aws (~> 0.0)
fog-aws (>= 0.6.0)
fog-brightbox (~> 0.4)
fog-core (~> 1.27, >= 1.27.3)
fog-ecloud
fog-core (~> 1.32)
fog-dynect (~> 0.0.2)
fog-ecloud (~> 0.1)
fog-google (<= 0.1.0)
fog-json
fog-local
fog-powerdns (>= 0.1.1)
fog-profitbricks
fog-radosgw (>= 0.0.2)
fog-riakcs
Expand All @@ -161,67 +171,91 @@ GEM
fog-terremark
fog-vmfusion
fog-voxel
fog-vsphere (>= 0.4.0)
fog-xenserver
fog-xml (~> 0.1.1)
ipaddress (~> 0.5)
nokogiri (~> 1.5, >= 1.5.11)
fog-aliyun (0.1.0)
fog-core (~> 1.27)
fog-json (~> 1.0)
ipaddress (~> 0.8)
xml-simple (~> 1.1)
fog-atmos (0.1.0)
fog-core
fog-xml
fog-aws (0.1.1)
fog-aws (0.8.1)
fog-core (~> 1.27)
fog-json (~> 1.0)
fog-xml (~> 0.1)
ipaddress (~> 0.8)
fog-brightbox (0.7.1)
fog-brightbox (0.10.1)
fog-core (~> 1.22)
fog-json
inflecto (~> 0.0.2)
fog-core (1.29.0)
fog-core (1.35.0)
builder
excon (~> 0.38)
excon (~> 0.45)
formatador (~> 0.2)
mime-types
net-scp (~> 1.1)
net-ssh (>= 2.1.3)
fog-ecloud (0.0.2)
fog-dynect (0.0.2)
fog-core
fog-json
fog-xml
fog-json (1.0.0)
multi_json (~> 1.0)
fog-profitbricks (0.0.2)
fog-ecloud (0.3.0)
fog-core
fog-xml
fog-google (0.1.0)
fog-core
fog-json
fog-xml
fog-json (1.0.2)
fog-core (~> 1.0)
multi_json (~> 1.10)
fog-local (0.2.1)
fog-core (~> 1.27)
fog-powerdns (0.1.1)
fog-core (~> 1.27)
fog-json (~> 1.0)
fog-xml (~> 0.1)
fog-profitbricks (0.0.5)
fog-core
fog-xml
nokogiri
fog-radosgw (0.0.3)
fog-radosgw (0.0.4)
fog-core (>= 1.21.0)
fog-json
fog-xml (>= 0.0.1)
fog-riakcs (0.1.0)
fog-core
fog-json
fog-xml
fog-sakuracloud (1.0.0)
fog-sakuracloud (1.7.5)
fog-core
fog-json
fog-serverlove (0.1.1)
fog-serverlove (0.1.2)
fog-core
fog-json
fog-softlayer (0.4.1)
fog-softlayer (1.0.3)
fog-core
fog-json
fog-storm_on_demand (0.1.0)
fog-storm_on_demand (0.1.1)
fog-core
fog-json
fog-terremark (0.0.4)
fog-terremark (0.1.0)
fog-core
fog-xml
fog-vmfusion (0.0.1)
fog-vmfusion (0.1.0)
fission
fog-core
fog-voxel (0.0.2)
fog-voxel (0.1.0)
fog-core
fog-xml
fog-xml (0.1.1)
fog-vsphere (0.4.0)
fog-core
rbvmomi (~> 1.8)
fog-xenserver (0.2.2)
fog-core
fog-xml
fog-xml (0.1.2)
fog-core
nokogiri (~> 1.5, >= 1.5.11)
foreman (0.78.0)
Expand Down Expand Up @@ -249,7 +283,7 @@ GEM
multi_xml (>= 0.5.2)
i18n (0.7.0)
inflecto (0.0.2)
ipaddress (0.8.0)
ipaddress (0.8.2)
jbuilder (2.2.12)
activesupport (>= 3.0.0, < 5)
multi_json (~> 1.2)
Expand Down Expand Up @@ -278,9 +312,6 @@ GEM
multi_json (1.11.2)
multi_xml (0.5.5)
multipart-post (2.0.0)
net-scp (1.2.1)
net-ssh (>= 2.6.5)
net-ssh (2.9.2)
netrc (0.10.3)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
Expand Down Expand Up @@ -341,6 +372,10 @@ GEM
httparty (~> 0.11)
json
rack
rbvmomi (1.8.2)
builder
nokogiri (>= 1.4.1)
trollop
rdoc (4.2.0)
json (~> 1.4)
redcarpet (3.2.2)
Expand Down Expand Up @@ -418,6 +453,7 @@ GEM
tilt (1.4.1)
timers (4.0.1)
hitimes
trollop (2.1.2)
typhoeus (0.7.3)
ethon (>= 0.7.4)
tzinfo (1.2.2)
Expand All @@ -436,6 +472,7 @@ GEM
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.2)
wkhtmltopdf-heroku (2.12.2.1)
xml-simple (1.1.5)

PLATFORMS
ruby
Expand All @@ -445,7 +482,7 @@ DEPENDENCIES
annotate
better_errors
binding_of_caller
carrierwave_direct
carrierwave_direct!
coffee-rails (~> 4.1.0)
connection_pool
couchrest
Expand Down
34 changes: 25 additions & 9 deletions app/controllers/api/uploads_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,35 @@ class UploadsController < ApiController

def asset_uploader
not_found unless logged_in?
not_found unless ENV['AWS_ENABLED']
uploader = AssetUploader.new
uploader.will_include_content_type = true
uploader.success_action_status = '201'

if ENV['AWS_S3_ENCRYPTED'] == 'true'
policy = uploader.policy do |conditions|
conditions << {"x-amz-server-side-encryption" => "AES256"}
conditions << {"x-amz-server-side-encryption-aws-kms-key-id" => ENV['AWS_KMS_KEY_ID']} if ENV['AWS_KMS_KEY_ID']
conditions << {'utf8' => '✓'}
end
else
policy = uploader.policy
end

uploader = {
key: uploader.key,
aws_access_key_id: uploader.aws_access_key_id,
acl: uploader.acl,
policy: policy,
signature: uploader.signature,
upload_url: uploader.direct_fog_url,
success_action_status: uploader.success_action_status
}

uploader.merge!(aws_kms_key_id: ENV['AWS_KMS_KEY_ID']) if ENV['AWS_KMS_KEY_ID']

render json: {
uploader: {
key: uploader.key,
aws_access_key_id: uploader.aws_access_key_id,
acl: uploader.acl,
policy: uploader.policy,
signature: uploader.signature,
upload_url: uploader.direct_fog_url,
success_action_status: uploader.success_action_status
}
uploader: uploader
}
end

Expand Down
10 changes: 9 additions & 1 deletion ember-app/app/components/hb-markdown-composer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,15 @@ var HbMarkdownComposerComponent = Ember.Component.extend({
fd.append('policy', response.policy);
fd.append('signature', response.signature);
fd.append('success_action_status', "201");
fd.append('file', file);

if(HUBOARD_ENV.FEATURES.ENCRYPTED_UPLOADS) {
fd.append('x-amz-server-side-encryption',"AES256");
if(HUBOARD_ENV.CONFIG && HUBOARD_ENV.CONFIG.AWS_KMS_KEY_ID) {
fd.append('x-amz-server-side-encryption-aws-kms-key-id', HUBOARD_ENV.CONFIG.AWS_KMS_KEY_ID);
}
}

fd.append('file', file);
var request = new XMLHttpRequest();
request.addEventListener('readystatechange', function(){
if(request.readyState === 4) {
Expand All @@ -54,6 +61,7 @@ var HbMarkdownComposerComponent = Ember.Component.extend({
}
});


request.open('POST', response.upload_url, true);
request.send(fd);
});
Expand Down
3 changes: 2 additions & 1 deletion features.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{
"FEATURES" : {
"IMAGE_UPLOADS": true
"IMAGE_UPLOADS": true,
"ENCRYPTED_UPLOADS": false
}
}

0 comments on commit 6f835b4

Please sign in to comment.