swift/bin/swift-temp-url
Clay Gerrard b7659bee26 Add --quoted option to swift-temp-url
If you have a path with special characters it may be easier to hand them to
swift-temp-url prequoted than try to escape them on the command line.  By the
time common.middleware.tempurl gets ahold of the path it's unquoted so we do
the same before calculating the hmac but still use the pre-quoted path output
to the commandline.

Change-Id: Ia1a9666e487b1e70e4db7cd597bc6a1027e3e918
2014-05-02 20:11:12 -07:00

75 lines
2.9 KiB
Python
Executable File

#!/usr/bin/env python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import hmac
from hashlib import sha1
from os.path import basename
from sys import argv, exit, stderr
from time import time
import urllib
if __name__ == '__main__':
if len(argv) < 5:
prog = basename(argv[0])
print 'Syntax: %s <method> <seconds> <path> <key>' % prog
print
print 'Where:'
print ' <method> The method to allow; GET for example.'
print ' <seconds> The number of seconds from now to allow requests.'
print ' <path> The full path to the resource.'
print ' Example: /v1/AUTH_account/c/o'
print ' <key> The X-Account-Meta-Temp-URL-Key for the account.'
print
print 'Example output:'
print ' /v1/AUTH_account/c/o?temp_url_sig=34d49efc32fe6e3082e411e' \
'eeb85bd8a&temp_url_expires=1323482948'
print
print 'This can be used to form a URL to give out for the access '
print 'allowed. For example:'
print ' echo https://swift-cluster.example.com`%s GET 60 ' \
'/v1/AUTH_account/c/o mykey`' % prog
print
print 'Might output:'
print ' https://swift-cluster.example.com/v1/AUTH_account/c/o?' \
'temp_url_sig=34d49efc32fe6e3082e411eeeb85bd8a&' \
'temp_url_expires=1323482948'
exit(1)
method, seconds, path, key = argv[1:5]
try:
expires = int(time() + int(seconds))
except ValueError:
expires = 0
if expires < 1:
print 'Please use a positive <seconds> value.'
exit(1)
parts = path.split('/', 4)
# Must be five parts, ['', 'v1', 'a', 'c', 'o'], must be a v1 request, have
# account, container, and object values, and the object value can't just
# have '/'s.
if len(parts) != 5 or parts[0] or parts[1] != 'v1' or not parts[2] or \
not parts[3] or not parts[4].strip('/'):
stderr.write(
'WARNING: "%s" does not refer to an object '
'(e.g. /v1/account/container/object).\n' % path)
stderr.write(
'WARNING: Non-object paths will be rejected by tempurl.\n')
if '--quoted' in argv[5:]:
real_path = urllib.unquote(path)
else:
real_path = path
sig = hmac.new(key, '%s\n%s\n%s' % (method, expires, real_path),
sha1).hexdigest()
print '%s?temp_url_sig=%s&temp_url_expires=%s' % (path, sig, expires)