Net::Amazon::S3::Policy is a Perl module that gives you an object-oriented interface to manage policies for Amazon S3 HTTP POST uploads.
Amazon S3 relies upon either a REST interface (see Net::Amazon::S3) or a SOAP one; as an added service, it is possible to give access to the upload of resources using HTTP POSTs that do not involve using any of these two interfaces, but a single HTML FORM. The rules you have to follow are explained in the Amazon S3 Developer Guide.
More or less, it boils down to the following:
* if the target bucket is not writeable by the anonymous group, you'll need to set an access policy;
* almost every field in the HTML FORM that will be used to build up the HTTP POST message by the browser needs to be included into a policy, and the policy has to be sent along within the HTTP POST
* together with the policy, also the bucket owner's AWS ID (the public one) has to be sent, together with a digital signature of the policy that has to be created using the bucket owner's AWS secret key.
So, you'll have to add three fields to the HTTP POST in order for it to comply with Amazon's requirement when the bucket is not publicly writeable:
AWSAccessKeyId
given "as-is", i.e. as you copied from your account in Amazon Web Services;
policy
given as a JSON document that is Base64 encoded;
signature
calculated as a SHA1-HMAC of the Base64-encoded policy, using your secret key as the signature key, and then encoded with Base64.
This module lets you manage the build-up of a policy document, providing you with tools to get the Base64 encoding of the resulting JSON policy document, and to calculate the Base64 encoding of the signature. See "Example" for a complete example of how to do this.
In addition to policy synthesis, the module is also capable of parsing some policy (base64-encoded or not, but in JSON format). This shouldn't be a need in general... possibly for debug reasons.
SYNOPSIS
use Net::Amazon::S3::Policy;
# Expire in one hour
my $policy = Net::Amazon::S3::Policy->new(expiration => time() + 3600);
# Do What I Mean handling of conditions
# Note: single quotes, $key is not a Perl variable in this example!
$policy->add('$key eq path/to/somewhere');
# In DWIM mode, '$' are pre-pended automatically where necessary
$policy->add('key eq path/to/somewhere');
$policy->add('x-some-field starts-with some-prefix');
$policy->add(' 0 < = content-length-range < = 1_000_000 ');
$policy->add('whatever *'); # any value admitted for field 'whatever'
# NON-DWIM interface for conditions
use Net::Amazon::S3::Policy qw( :all ); # OR
use Net::Amazon::S3::Policy qw( exact starts_with range );
$policy->add(exact('$field', 'whatever spaced value ');
$policy->add(starts_with('$other-field', ' yadda ');
$policy->add(range('percentual', 0, 100));
# The output as JSON
print $policy->stringify(), "\n"; # OR
print $policy->json(), "\n";
# Where the stuff is really needed: HTML FORMs for HTTP POSTs
my $policy_for_form = $policy->base64();
my $signature_for_form = $policy->signature_base64($key);
# If you ever receive a policy...
my $received = Net::Amazon::S3::Policy->new(json => $json_text);
my $rec2 = Net::Amazon::S3::Policy->new();
$rec2->parse($json_base64); # either JSON or its Base64 encoding
Product's homepage
Requirements:
· Perl
Find us on Google+
