API Sign: Change the S3 Provider into a signer

[AlexanderGeere]

Description

Provides an api endpoint api/sign/s3 Which returns a signed URL.

GitHub Issue

#1607

Type of Change

• ✅ New feature (non-breaking change which adds functionality)
• ✅ Breaking change (fix or feature that would cause existing functionality to not work as expected)
• ✅ Documentation

How have you tested this?

Tested with bugs_testing/sign/s3_workspace.json

Testing Checklist

• ✅ Existing Tests still pass
• ✅ Ran locally on my machine

Code Quality Checklist

• ✅ My code follows the guidelines of XYZ
• ✅ My code has been commented
• ✅ Documentation has been updated
• ✅ New and existing unit tests pass locally with my changes
• ✅ Main has been merged into this PR

[dbauszus-glx]

The S3 library should be installed as an optional dependency. The module should export null if the dependency is not available using npm install --no-optional.

[dbauszus-glx]

How are requests handled where signing fails? eg. missing resource, missing credentials.

[AlexanderGeere]

@dbauszus-glx

How are requests handled where signing fails? eg. missing resource, missing credentials.

Signing will always succeed even if the credentials are wrong, calling the signed url will return a 403.

Addressed RFC in 8461242

[RobAndrewHurst]

How do we handle public buckets that don't require any credentials?

[AlexanderGeere]

I'll test what happens with public buckets

[AlexanderGeere]

Public buckets can just be hit on the url. 7071f1b provides a function that returns the public url if no credentials are supplied

[dbauszus-glx]

I don't understand this bit. Can you comment on this for me to test.

  if (provider[req.params.provider]?.deprecated){
    return await provider[req.params.provider].fn(req, res)
  }

[dbauszus-glx]

I added S3 to requires of the sign module and updated the docs in regards to exports null from signer modules. 90bc15e

[dbauszus-glx]

I have updated the S3 module docs with reference to the credentials required from AWS and optional dependencies.

[AlexanderGeere]

I don't understand this bit. Can you comment on this for me to test.

  if (provider[req.params.provider]?.deprecated){
    return await provider[req.params.provider].fn(req, res)
  }

@dbauszus-glx Turns out this is no longer necessary

[dbauszus-glx]

@AlexanderGeere

The s3_provider doesn't have to be async or deprecated. We can just require the s3_signer and exports null or s3_provider dependent on the avilability of the s3 signer.

2a85231

The idea is that eventually the s3 provider will sign a request and return the payload as this might be used inside the process. ie the workspace could be stored in an s3 bucket.

For now the s3_provider works exactly as the s3 signer.

[AlexanderGeere]

@RobAndrewHurst After a quick chat with @dbauszus-glx public url are not signed so these should just be handled in the plugin. Could Maybe do a public: true or similar

[RobAndrewHurst]

Happy with that! :)

[dbauszus-glx]

I bumped the optional dependencies to their current versions 3.691.0

AWS recommends to use ListObjectsV2Command in development. The ListObjectsCommand is only kept for legacy purposes.

I also changed the s3 signer to return the signed URL as a text which it is.

[dbauszus-glx]

Rather than providing command maps, and action dictionaries to translate commands and properties back and forth it will be much easier to talk directly with the SDK using the commands as documented in the S3 documentation.

9cce4f1

[RobAndrewHurst]

Nice I am happy with this!

I added in a note for developers that they must not use this sign if they are interacting with a public bucket, and gave them an example of how they could use it.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[simon-leech]

Don't feel like I'm best placed to review this one so removed my request. If you two @dbauszus-glx and @RobAndrewHurst are happy, that's great with me!