kennethormandy / craft-s3securedownloads
Return an AWS signed URL and proxy the download request.
Installs: 10 554
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 2
Forks: 6
Open Issues: 1
Type:craft-plugin
Requires
- aws/aws-sdk-php: ^3.135
- craftcms/aws-s3: ^2.0.1
- craftcms/cms: ^4.0.0
Requires (Dev)
- codeception/codeception: ^4.0
- codeception/module-asserts: ^1.1
- codeception/module-yii2: ^1.0
- friendsofphp/php-cs-fixer: ^2.18
- vlucas/phpdotenv: ^3.0
- yiisoft/yii2-dev: *
This package is auto-updated.
Last update: 2024-04-11 20:07:23 UTC
README
This plugin will return a pre-signed URL used to allow temporary access to private objects with an expiring URL. You can optionally allow file downloads only for logged in users and force file downloads (useful for PDF files).
From the original developer, Jonathan Melville:
This plugin was originally developed for a client in the financial services industry who wanted to make sure only logged in users had access to downloads of financial reports, and download links couldn’t be shared. … Now you can keep your S3 objects private but grant temporary access to them with an expiring link.
AWS Signature Version
As of June 24, 2020, all new AWS S3 buckets require Signature Version 4. Previously, this was only required for certain regions.
Upgrading the S3 plugin to the latest version (v3.x) will solve this issue and use Signature Version 4 by default.
Installation
The Craft 4 version of the plugin is currently in beta. To install it, run:
# Require the plugin with composer
composer require kennethormandy/craft-s3securedownloads:^4.0.0-beta.1
To install the Craft 3 version:
# Require the plugin with composer
composer require kennethormandy/craft-s3securedownloads
Then, install the plugin:
# Install the plugin via the Control Panel, or by running:
./craft install/plugin s3securedownloads
Usage
Pass in an asset's entry id and it will return a pre-signed URL for that asset:
{% set asset = entry.myAssetField.one() %}
<a href="{{ getSignedUrl(asset.id) }}">{{ asset }}</a>
By default, only users logged in will be able to generate the pre-signed URL. This can be changed within the plugin settings.
The generated a pre-signed AWS S3 URL will expire after 24 hours, or however long you have configured in the plugin settings.
Options
filename
By default, the download will use the same filename as the Craft CMS asset. Alternatively, a custom filename can be passed to AWS instead. For example:
{% set asset = entry.myAssetField.one() %}
<a href="{{ getSignedUrl(asset.id, { filename: 'my-new-filename.png' }) }}">{{ asset }}</a>
Events
kennethormandy\s3securedownloads\services\SignUrlSignUrl::EVENT_BEFORE_SIGN_URLSignUrl::EVENT_AFTER_SIGN_URL
use Craft; use yii\base\Event; use kennethormandy\s3securedownloads\events\SignUrlEvent; use kennethormandy\s3securedownloads\services\SignUrl; // … Event::on( SignUrl::class, SignUrl::EVENT_BEFORE_SIGN_URL, function (SignUrlEvent $event) { $asset = $event->asset; Craft::info("Handle EVENT_BEFORE_SIGN_URL event here", __METHOD__); } ); Event::on( SignUrl::class, SignUrl::EVENT_AFTER_SIGN_URL, function (SignUrlEvent $event) { $asset = $event->asset; Craft::info("Handle EVENT_AFTER_SIGN_URL event here", __METHOD__); } );
Original version
S3 Secure Downloads is built for Craft v3.x. For a version that runs on Craft v2.5.x, see the original plugin. Note that as of June 24, 2020 all new AWS S3 buckets require URLs to be signed using Signature Version 4, and the original plugin (understandably) only signs URLs using Signature Version 2.
License
Copyright © 2016–2019 Jonathan Melville
Copyright © 2019–2020 Kenneth Ormandy Inc.