b7659bee26
If you have a path with special characters it may be easier to hand them to swift-temp-url prequoted than try to escape them on the command line. By the time common.middleware.tempurl gets ahold of the path it's unquoted so we do the same before calculating the hmac but still use the pre-quoted path output to the commandline. Change-Id: Ia1a9666e487b1e70e4db7cd597bc6a1027e3e918
75 lines
2.9 KiB
Python
Executable File
75 lines
2.9 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import hmac
|
|
from hashlib import sha1
|
|
from os.path import basename
|
|
from sys import argv, exit, stderr
|
|
from time import time
|
|
import urllib
|
|
|
|
|
|
if __name__ == '__main__':
|
|
if len(argv) < 5:
|
|
prog = basename(argv[0])
|
|
print 'Syntax: %s <method> <seconds> <path> <key>' % prog
|
|
print
|
|
print 'Where:'
|
|
print ' <method> The method to allow; GET for example.'
|
|
print ' <seconds> The number of seconds from now to allow requests.'
|
|
print ' <path> The full path to the resource.'
|
|
print ' Example: /v1/AUTH_account/c/o'
|
|
print ' <key> The X-Account-Meta-Temp-URL-Key for the account.'
|
|
print
|
|
print 'Example output:'
|
|
print ' /v1/AUTH_account/c/o?temp_url_sig=34d49efc32fe6e3082e411e' \
|
|
'eeb85bd8a&temp_url_expires=1323482948'
|
|
print
|
|
print 'This can be used to form a URL to give out for the access '
|
|
print 'allowed. For example:'
|
|
print ' echo https://swift-cluster.example.com`%s GET 60 ' \
|
|
'/v1/AUTH_account/c/o mykey`' % prog
|
|
print
|
|
print 'Might output:'
|
|
print ' https://swift-cluster.example.com/v1/AUTH_account/c/o?' \
|
|
'temp_url_sig=34d49efc32fe6e3082e411eeeb85bd8a&' \
|
|
'temp_url_expires=1323482948'
|
|
exit(1)
|
|
method, seconds, path, key = argv[1:5]
|
|
try:
|
|
expires = int(time() + int(seconds))
|
|
except ValueError:
|
|
expires = 0
|
|
if expires < 1:
|
|
print 'Please use a positive <seconds> value.'
|
|
exit(1)
|
|
parts = path.split('/', 4)
|
|
# Must be five parts, ['', 'v1', 'a', 'c', 'o'], must be a v1 request, have
|
|
# account, container, and object values, and the object value can't just
|
|
# have '/'s.
|
|
if len(parts) != 5 or parts[0] or parts[1] != 'v1' or not parts[2] or \
|
|
not parts[3] or not parts[4].strip('/'):
|
|
stderr.write(
|
|
'WARNING: "%s" does not refer to an object '
|
|
'(e.g. /v1/account/container/object).\n' % path)
|
|
stderr.write(
|
|
'WARNING: Non-object paths will be rejected by tempurl.\n')
|
|
if '--quoted' in argv[5:]:
|
|
real_path = urllib.unquote(path)
|
|
else:
|
|
real_path = path
|
|
sig = hmac.new(key, '%s\n%s\n%s' % (method, expires, real_path),
|
|
sha1).hexdigest()
|
|
print '%s?temp_url_sig=%s&temp_url_expires=%s' % (path, sig, expires)
|