Created
May 10, 2018 23:54
-
-
Save wp-kitten/5342a4602dde9c209c62934539e30dce to your computer and use it in GitHub Desktop.
AWS S3 Get signed URL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if ( ! function_exists( 'el_crypto_hmacSHA1' ) ) { | |
/** | |
* Calculate the HMAC SHA1 hash of a string. | |
* | |
* @param string $key The key to hash against | |
* @param string $data The data to hash | |
* @param int $blockSize Optional blocksize | |
* @return string HMAC SHA1 | |
*/ | |
function el_crypto_hmacSHA1( $key, $data, $blockSize = 64 ) | |
{ | |
if ( strlen( $key ) > $blockSize ) { | |
$key = pack( 'H*', sha1( $key ) ); | |
} | |
$key = str_pad( $key, $blockSize, chr( 0x00 ) ); | |
$ipad = str_repeat( chr( 0x36 ), $blockSize ); | |
$opad = str_repeat( chr( 0x5c ), $blockSize ); | |
$hmac = pack( 'H*', sha1( ( $key ^ $opad ) . pack( 'H*', sha1( ( $key ^ $ipad ) . $data ) ) ) ); | |
return base64_encode( $hmac ); | |
} | |
} | |
/** | |
* Retrieve the download URL for the specified archive | |
* @param string $fileName The name of the file to retrieve from S3. Must have the file extension! | |
* @param bool $signUrl Whether or not to sign the download url. Defaults to false | |
* @return string | |
*/ | |
function aws3_getDownloadUrl( $fileName, $signUrl = false ) | |
{ | |
$fileName = strtolower($fileName); | |
return ( $signUrl ? aws3_getSignedUrl( $fileName ) : 'http://' . AWS3_BUCKET . '.s3.amazonaws.com/' . $fileName ); | |
} | |
/** | |
* Create signed URLs to your protected Amazon S3 files. | |
* | |
* @param string $fileName The name of the file. File extension must be provided! | |
* @param array $customParams Key value pairs of custom parameters | |
* | |
* @return string Temporary signed Amazon S3 URL | |
* @see http://awsdocs.s3.amazonaws.com/S3/20060301/s3-dg-20060301.pdf | |
*/ | |
function aws3_getSignedUrl( $fileName, $customParams = array() ) | |
{ | |
$archiveFileName = strtolower($fileName); | |
# Calculate the expire time. | |
$expires = time() + ( AWS3_EXPIRE_URL_TIME * 60 ); | |
# Create the object path for use in the signature. | |
$objectPathForSignature = '/' . AWS3_BUCKET . '/' . $archiveFileName; | |
# Create the S3 friendly string to sign. | |
$stringToSign = implode( "\n", $pieces = array( 'GET', null, null, $expires, $objectPathForSignature ) ); | |
# Create the URL friendly string to use. | |
$url = 'http://' . AWS3_BUCKET . '.s3.amazonaws.com/' . $fileName; | |
# Custom parameters. | |
$appendCharacter = '?'; // Default append character. | |
# Loop through the custom query parameters (if any) and append them to the string-to-sign, and to the URL strings. | |
if ( ! empty( $customParams ) ) { | |
foreach ( $customParams as $paramKey => $paramValue ) { | |
$stringToSign .= $appendCharacter . $paramKey . '=' . $paramValue; | |
$url .= $appendCharacter . $paramKey . '=' . str_replace( array( '%2F', '%2B' ), array( '/', '+' ), rawurlencode( ltrim( $paramValue, '/' ) ) ); | |
$appendCharacter = '&'; | |
} | |
} | |
# Hash the string-to-sign to create the signature. | |
$signature = el_crypto_hmacSHA1( AWS3_SECRET_KEY, $stringToSign ); | |
# Append generated AWS parameters to the URL. | |
$queries = http_build_query( $pieces = array( 'AWSAccessKeyId' => AWS3_ACCESS_KEY, 'Expires' => $expires, 'Signature' => $signature, ) ); | |
$url .= $appendCharacter . $queries; | |
return $url; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment