定制 troisiemejoueur/cloudfront-signed-urls 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

troisiemejoueur/cloudfront-signed-urls

Composer 安装命令:

composer require troisiemejoueur/cloudfront-signed-urls

包简介

Create AWS Cloudfront Signed Urls for S3 Craft CMS storage

README 文档

README

Cloudfront Signed URLs icon

Cloudfront Signed URLs for Craft CMS

This plugin provides AWS Cloudfront Signed URLs in Twig templates.

Requirements

This plugin requires Craft CMS 3.x

Installation

To install the plugin, follow these instructions.

  1. Open your terminal and go to your Craft project:

     cd /path/to/project
    
  2. Then tell Composer to load the plugin:

     composer require troisiemejoueur/cloudfront-signed-urls
    
  3. In the Control Panel, go to Settings → Plugins and click the “Install” button for Cloudfront Signed URLs.

Overview

This plugin adds a Twig function to sign URLs from an AWS Cloudfront distribution. The common usage is for a restricted section for logged-in users only.

In order to use this plugin, we assume that you already worked with AWS and that you know how to create a bucket, a Cloudfront distribution and an IAM access for the CMS. If not, you can read the documentation of the first-party plugin AWS S3 plugin from Pixel & Tonic and this article from Andrew Welch.

Please, do not open issues for AWS configuration problems or questions that are not related to this plugin.

How it works

You upload your assets to a non-public S3 bucket with a Cloudfront distribution with the Restrict Viewer Access setting to Yes. When you create URLs in your templates, these URLs are signed with a random key.

These URLs are created on page load and expires after the duration that you entered.

Documentation for Cloudfront Signed URLs

Configuration file

The plugin comes with a config.php file that defines some sensible defaults.

If you want to set your own values, you should create a cloudfront-signed-urls.php file in your Craft config directory. The contents of this file will be merged with the plugin defaults. You only need to specify the values of the settings you want to override.

keyPairId

keyPairId is where you define the value of the Key-Pair-Id field from your public–private key pair. See AWS documentation for creating public–private key pair.

cloudfrontDistributionUrl

cloudfrontDistributionUrl is where you define the base URL for your signed URLs. If you want to manage the base URL on a per-file basis, do not add this setting to your config file. If you are using a subfolder, you can append it to this URL. Trailing slash are not required.

profile

profile is where you define the profile of your Cloudfront client. default is the default value.

version

version is where you define the version of your Cloudfront client. 2020-05-31 is the default value.

region

region is where you define the regional endpoint for your Cloudfront client. ca-central-1 is the default value, you probably need to change it based on your project.

defaultExpires

defaultExpires is where you define in seconds the expiry delay for your signed URLs if not configured as an argument when using the Twig function. This is a fallback value. The default value is 3600 (60 minutes).

The expiry time is calculated like this: now time + defaultExpires.

Note: You can use values from your ENV file for all the configuration settings. Example: App::env('YOUR_VARIABLE_NAME')

Example cloudfront-signed-urls.php Config File

<?php

use craft\helpers\App;

return [
   'keyPairId' => App::env('SIGNED_URLS_KEYPAIR'),
   'cloudfrontDistributionUrl' => 'https://my-distribution.cloudfront.net',
   'profile' => 'default',
   'version' => '2020-05-31',
   'region' => 'ca-central-1',
   'defaultExpires' => 4200
];

Private Key (.pem file)

In order to sign your URLs, AWS needs to access the private key (the private_key.pem file). See AWS documentation for creating public–private key pair.

When you install this plugin, a cloudfront-signed-urls folder will be created in your Craft CMS project storage folder. You'll need to copy your private_key.pem file in this folder.

Note: When uninstalling the plugin, this folder (and your private key) will be deleted.

This .pem file cannot be added as an .env variable.

Usage in Twig

Basic usage with filename and an expiry delay of 300 seconds.
{% set myAssetUrl = myAssetTest.folderPath ~ myAssetTest.filename %}
{{ signUrl(myAssetUrl, 300) }}
Usage without expiry delay - it will use your fallback config value or the default one.
{% set myAssetUrl = myAssetTest.folderPath ~ myAssetTest.filename %}
{{ signUrl(myAssetUrl) }}
Usage with a complete URL - this use case only works if you did not provide a value to the cloudfrontDistributionUrl setting in your config file.
{% set myAssetUrl = 'https://my-distribution-url.cloudfront.net' ~ myAssetTest.folderPath ~ myAssetTest.filename %}
{{ signUrl(myAssetUrl, 300) }}

S3 storage and Craft CMS Control Panel

AWS

  1. Create a non-public S3 bucket on AWS (and an IAM user with a programmatically access for your Craft CMS).
  2. Create a Cloudfront distribution with the Restrict Viewer Access setting to Yes.

Control Panel

  1. Install the AWS S3 plugin from Pixel & Tonic.
  2. Create a new filesystem in the Control Panel (settings/filesystems) with the Amazon S3 Filesystem Type.
  3. Turn off the lightswith for Filesystem in this volume have public URLs.
  4. Add your S3 bucket credentials, subfolder and settings.
  5. Let empty the CloudFront Distribution ID and CloudFront Path Prefix fields.
  6. Create a new volume (settings/assets) and choose your Private filesystem for Asset Filesystem

Note: When a user (mostly the admin) is logged in the Control Panel, he will be able to open / view the assets by clicking the download button, but he will not be able to preview them (as the assets have no public URLs).

Template restricted zone -> Example

  1. Create your templates based on which user group is logged in (or any condition that you want).
  2. Show assets with the Twig function.
  3. No one from the "web" will be able to view the files. The URL will expire after the duration that you entered. A user can copy and share the URL to another, but that's the only way to share / access a signed URL.

Brought to you from Canada by 3e joueur

troisiemejoueur/cloudfront-signed-urls 适用场景与选型建议

troisiemejoueur/cloudfront-signed-urls 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 3.51k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2022 年 02 月 22 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「assets」 「cms」 「aws」 「private assets」 「Craft」 「craftcms」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 troisiemejoueur/cloudfront-signed-urls 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 troisiemejoueur/cloudfront-signed-urls 我们能提供哪些服务?
定制开发 / 二次开发

基于 troisiemejoueur/cloudfront-signed-urls 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 3.51k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 14
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2022-02-22