photos/pkg/signer/signer.go

package signer

import (
	"errors"
	"net/http"
	"os"
	"strconv"
	"time"

	"git.makerforce.io/photos/photos/pkg/credentials"
	"github.com/minio/minio-go/v6/pkg/signer"
)

type Signer struct {
	expirations Expirations
}

type Expirations struct {
	// Expiration time for list and read in time.Duration
	Read time.Duration
	// Expiration time for write in time.Duration
	Write time.Duration
}

var ErrorExpirationTooLow = errors.New("expiration time too low")

func NewSigner(expirations Expirations) (*Signer, error) {
	if expirations.Read == 0 {
		expirations.Read = 30 * time.Minute
	}
	if expirations.Write == 0 {
		expirations.Write = 5 * time.Minute
	}
	if expirations.Read < time.Second || expirations.Write < time.Second {
		return nil, ErrorExpirationTooLow
	}
	return &Signer{
		expirations: expirations,
	}, nil
}

func NewSignerFromEnv() (*Signer, error) {
	expirationRead, _ := strconv.Atoi(os.Getenv("EXPIRATION_READ"))
	expirationWrite, _ := strconv.Atoi(os.Getenv("EXPIRATION_WRITE"))
	expirations := Expirations{Read: time.Duration(expirationRead), Write: time.Duration(expirationWrite)}
	return NewSigner(expirations)
}

func (s *Signer) PreSignRead(req *http.Request, cred credentials.Credential) *http.Request {
	signedReq := signer.PreSignV4(
		*req,
		cred.AccessKey, cred.SecretKey, "",
		cred.Region,
		int64(s.expirations.Read/time.Second),
	)
	return signedReq
}

func (s *Signer) PreSignWrite(req *http.Request, cred credentials.Credential) *http.Request {
	signedReq := signer.PreSignV4(
		*req,
		cred.AccessKey, cred.SecretKey, "",
		cred.Region,
		int64(s.expirations.Write/time.Second),
	)
	return signedReq
}

func (s *Signer) Sign(req *http.Request, cred credentials.Credential) *http.Request {
	signedReq := signer.SignV4(
		*req,
		cred.AccessKey, cred.SecretKey, "",
		cred.Region,
	)
	return signedReq
}