A django widget library for securely uploading files directly to S3 (or MinIO).
Project description
django-s3-file-field
django-s3-file-field
is a Django widget library for uploading files directly to S3
(or MinIO) through the browser. django-s3-file-field heavily depends on the
django-storages package.
Quickstart
Ensure you've configured your Django installation to use django-storages
for S3 access: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html.
Install the django-s3-file-field package:
pip install django-s3-file-field
Add s3_file_field
to your INSTALLED_APPS
:
INSTALLED_APPS = [
...
's3_file_field',
]
Add the required settings:
S3FF_UPLOAD_STS_ARN = '' # see STS Role section below (not required for minio)
Add the appropriate routes to urls.py
:
urlpatterns = [
...
path('api/s3-upload/', include('s3_file_field.urls')),
]
Usage
from s3_file_field import S3FileField
class Car(db.Model):
...
owners_manual = S3FileField()
Running checks
django-s3-file-field can detect common misconfigurations using Django's built in System check framework. To confirm your configuration is correct, run:
./manage.py check
Advanced Topics
Advanced configuration
Key | Default | Description |
---|---|---|
S3FF_UPLOAD_STS_ARN | none | ... |
STS configuration
CORS configuration
This is a minimal function CORS configuration for an S3 bucket to be compatible with django-s3-file-field:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedHeader>*</AllowedHeader>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<ExposeHeader>Connection</ExposeHeader>
<ExposeHeader>Content-Length</ExposeHeader>
<ExposeHeader>Date</ExposeHeader>
<ExposeHeader>ETag</ExposeHeader>
<ExposeHeader>Server</ExposeHeader>
<ExposeHeader>x-amz-delete-marker</ExposeHeader>
<ExposeHeader>x-amz-version-id</ExposeHeader>
<MaxAgeSeconds>600</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>
Note: These are insecure defaults, the allowed origin and headers should not be a wildcard but instead modified for your specific deployment(s).
MinIO support
MinIO support depends on the django-minio-storage config (see https://django-minio-storage.readthedocs.io/en/latest/usage/), following settings are used
Security considerations
Integrating with forms
note on form.media
Extending
django-s3-file-field sends out two signals when its REST api is called:
s3_file_field_upload_prepare(name: str, object_key: str)
s3_file_field_upload_finalize(name: str, object_key: str, status: string)
API Reference
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-s3-file-field-0.0.18.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 238f4dd13276a3cbb53a6e1ce9414f454091b253f293c1b22538a55d5df7fe3a |
|
MD5 | c82ff9f2dab175f135d6bf4dea60d0dd |
|
BLAKE2b-256 | e0c12073c85820f220d1cbe9891bd23e29015abc7fc6463c87fc1ffe979e7652 |
Hashes for django_s3_file_field-0.0.18-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 81da1d17bbc8bb78714642215ed2116bcac9a5c2df836cd5c00cc0998d01de3f |
|
MD5 | a1f399ca6e4e56da12749bd907b9532c |
|
BLAKE2b-256 | e093ebbbe0aa1667be839c82854b5673a099d406301eb133ca52dc1184aa2a72 |