{"id":17322453,"url":"https://github.com/mattdeboard/flask-cloudfront","last_synced_at":"2025-03-27T03:40:22.899Z","repository":{"id":138807042,"uuid":"6199216","full_name":"mattdeboard/flask-cloudfront","owner":"mattdeboard","description":"A library for securely serving data from CloudFront using Flask","archived":false,"fork":false,"pushed_at":"2012-10-23T19:39:09.000Z","size":132,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-24T11:59:33.298Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mattdeboard.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-10-13T03:02:37.000Z","updated_at":"2015-06-20T21:04:35.000Z","dependencies_parsed_at":"2023-03-11T10:41:15.528Z","dependency_job_id":null,"html_url":"https://github.com/mattdeboard/flask-cloudfront","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdeboard%2Fflask-cloudfront","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdeboard%2Fflask-cloudfront/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdeboard%2Fflask-cloudfront/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdeboard%2Fflask-cloudfront/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mattdeboard","download_url":"https://codeload.github.com/mattdeboard/flask-cloudfront/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245779431,"owners_count":20670684,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T13:42:13.499Z","updated_at":"2025-03-27T03:40:22.875Z","avatar_url":"https://github.com/mattdeboard.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"================\nFlask-CloudFront\n================\n\nA library for providing an authorization layer between a user's browser and your sensitive data being served by Amazon's CloudFront service.\n\nAbout\n=====\n\nThis project was born out of a need I had for a lightweight authorization server that could sit between a CloudFront distribution and the `Courseload \u003chttp://courseload.com\u003e`_ API client. It is an expression of a strategy leveraging CloudFront's `signed URL \u003chttp://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html\u003e`_ feature for serving private content combined with an authorize-every-request constraint. I could not find any good front-to-back solutions out there so I made one myself.\n\nIn short, I need an authorization layer sitting between the End User and the Edge Location in this diagram:\n\n.. image:: http://ubuntuone.com/2ePlghjXJsMuBgLjdV3Yjy\n\nFlask-CloudFront does that.\n\nUsage\n=====\n\nThe API is provided by ``flask_cloudfiles.auth.CloudFilesRedirect``. You will need to create a subclass and override the ``authorize`` method with your own authorization logic. That method should return an integer correlated with an HTTP response code, e.g. 200, 204, 404, 500, etc. Example::\n\n from flask.ext.cloudfiles import CloudFilesRedirect\n\n\n class MyRedirect(CloudFilesRedirect):\n def authorize(self, *args):\n result = do_some_stuff(*args)\n if result:\n return 200\n return 404\n\nYou can then call the class instance's ``go`` method to perform the authorization, cryptographic signing \u0026 signed URL generation. If you return the value of that method invocation, the user will be redirected to the location you specify::\n\n @app.route('/')\n def home():\n my_redirect = MyRedirect(app.config['CLOUDFRONT_DOMAIN'], code=303, headers={},\n **app.config['CLOUDFRONT_CONFIG'])\n return my_redirect.go()\n\nHTTP 303\n--------\n\nI chose to make HTTP 303 the default redirect code because by default and by specification HTTP 303 is not cached by browsers. Because the signed URLs are time-bound, caching the redirect could have disasterous results on user experience (i.e. hitting a cached redirect for an expired link == 404). However you can pass whatever code you like when you instantiate your class.\n\nConfiguration\n=============\n\nThere is one recommended configuration setting and one mandatory.\n\nMandatory: ``CLOUDFRONT_CONFIG``. This is a dictionary in the following format::\n\n CLOUDFRONT_CONFIG = {\n 'priv_key_string': '/path/to/pk-ABCDEF.pem',\n 'key_pair_id': 'ABCDEF',\n # How many seconds from the time the signature is generated it will expire.\n # Keys generated using a value of 60 for this key will expire one minute\n # after they are created\n 'expires': 60\n }\n\nRecommended: ``CLOUDFRONT_DOMAIN``. This is a string that refers to the domain or CNAME of your CloudFront distribution, e.g. ``http://dc1097jtk.cloudfront.net``.\n\n\n\n \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattdeboard%2Fflask-cloudfront","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmattdeboard%2Fflask-cloudfront","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattdeboard%2Fflask-cloudfront/lists"}