A django widget library for securely uploading files directly to S3 (or MinIO).
Project description
django-s3-file-field
django-s3-file-field
is a Django widget library for uploading files directly to S3
(or MinIO) through the browser. django-s3-file-field heavily depends on the
django-storages package.
Quickstart
Ensure you've configured your Django installation to use django-storages
for S3 access: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html.
Install the django-s3-file-field package:
pip install django-s3-file-field
Add s3_file_field
to your INSTALLED_APPS
:
INSTALLED_APPS = [
...
's3_file_field',
]
Add the required settings:
S3FF_UPLOAD_STS_ARN = '' # see STS Role section below (not required for minio)
Add the appropriate routes to urls.py
:
urlpatterns = [
...
path('api/s3-upload/', include('s3_file_field.urls')),
]
Usage
from s3_file_field import S3FileField
class Car(db.Model):
...
owners_manual = S3FileField()
Running checks
django-s3-file-field can detect common misconfigurations using Django's built in System check framework. To confirm your configuration is correct, run:
./manage.py check
Advanced Topics
Advanced configuration
Key | Default | Description |
---|---|---|
S3FF_UPLOAD_STS_ARN | none | ... |
STS configuration
CORS configuration
This is a minimal function CORS configuration for an S3 bucket to be compatible with django-s3-file-field:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedHeader>*</AllowedHeader>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<ExposeHeader>Connection</ExposeHeader>
<ExposeHeader>Content-Length</ExposeHeader>
<ExposeHeader>Date</ExposeHeader>
<ExposeHeader>ETag</ExposeHeader>
<ExposeHeader>Server</ExposeHeader>
<ExposeHeader>x-amz-delete-marker</ExposeHeader>
<ExposeHeader>x-amz-version-id</ExposeHeader>
<MaxAgeSeconds>600</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>
Note: These are insecure defaults, the allowed origin and headers should not be a wildcard but instead modified for your specific deployment(s).
MinIO support
MinIO support depends on the django-minio-storage config (see https://django-minio-storage.readthedocs.io/en/latest/usage/), following settings are used
Security considerations
Integrating with forms
note on form.media
Extending
django-s3-file-field sends out two signals when its REST api is called:
s3_file_field_upload_prepare(name: str, object_key: str)
s3_file_field_upload_finalize(name: str, object_key: str, status: string)
API Reference
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-s3-file-field-0.0.13.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1815b0b1952f642f3de4c8fffab3374e90a4b4dc8ad4c40aa619c8a7a4a287a4 |
|
MD5 | 00f8bd90264ce5b4631dfa9e71858376 |
|
BLAKE2b-256 | 8a011e3e23eeceb8adcffd5bcfa1ce31d79e7744d672daae698066288d721f93 |
Hashes for django_s3_file_field-0.0.13-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f87e04cc6b191db4bb70b3854e9fbb73046c4fc44c6bc61b78862ea58a7acbb7 |
|
MD5 | 24423af828970a23f80710d25653587f |
|
BLAKE2b-256 | 27b99375e94bd44e570e02e3029138b642a5e1b658e4492f7e3e270c264a2efe |