jrochkind/optimized_presigned_s3.rb

## optimized_presigned_s3.rb
AWS_SIG4_SIGNER = Aws::Sigv4::Signer.new(
  service: 's3',
  region: AWS_CLIENT.config.region,
  credentials_provider: SOME_AWS_CLIENT.config.credentials,
  unsigned_headers: Aws::S3::Presigner::BLACKLISTED_HEADERS,
  uri_escape_path: false
)

def naive_with_uri_escape_escaping(shrine_file)
  # because URI.escape does NOT escape `/`, we don't need to split it,
  # which is what actually saves us the time.
  path = URI.escape(shrine_file.id)

  "https://#{["#{shrine_file.storage.bucket.name}.s3.amazonaws.com", *shrine_file.storage.prefix, shrine_file.id].join('/')}"
end


# not yet handling custom query params eg for content-disposition
def direct_aws_sig4_signer(url)
  AWS_SIG4_SIGNER.presign_url(
            http_method: "GET",
            url: url,
            headers: {},
            body_digest: 'UNSIGNED-PAYLOAD',
            expires_in: 900, # seconds
            time: nil
  ).to_s
end

direct_aws_sig4_signer( naive_with_uri_escape_escaping( shrine_uploaded_file ) )
# => presigned S3 url
	AWS_SIG4_SIGNER = Aws::Sigv4::Signer.new(
	service: 's3',
	region: AWS_CLIENT.config.region,
	credentials_provider: SOME_AWS_CLIENT.config.credentials,
	unsigned_headers: Aws::S3::Presigner::BLACKLISTED_HEADERS,
	uri_escape_path: false
	)

	def naive_with_uri_escape_escaping(shrine_file)
	# because URI.escape does NOT escape `/`, we don't need to split it,
	# which is what actually saves us the time.
	path = URI.escape(shrine_file.id)

	"https://#{["#{shrine_file.storage.bucket.name}.s3.amazonaws.com", *shrine_file.storage.prefix, shrine_file.id].join('/')}"
	end


	# not yet handling custom query params eg for content-disposition
	def direct_aws_sig4_signer(url)
	AWS_SIG4_SIGNER.presign_url(
	http_method: "GET",
	url: url,
	headers: {},
	body_digest: 'UNSIGNED-PAYLOAD',
	expires_in: 900, # seconds
	time: nil
	).to_s
	end

	direct_aws_sig4_signer( naive_with_uri_escape_escaping( shrine_uploaded_file ) )
	# => presigned S3 url