A django widget library for securely uploading files directly to S3 (or MinIO).
Project description
django-s3-file-field
django-s3-file-field
is a Django widget library for uploading files directly to S3
(or MinIO) through the browser. django-s3-file-field heavily depends on the
django-storages package.
Quickstart
Ensure you've configured your Django installation to use django-storages
for S3 access: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html.
Install the django-s3-file-field package:
pip install django-s3-file-field
Add s3_file_field
to your INSTALLED_APPS
:
INSTALLED_APPS = [
...
's3_file_field',
]
Add the required settings:
S3FF_UPLOAD_STS_ARN = '' # see STS Role section below (not required for minio)
Add the appropriate routes to urls.py
:
urlpatterns = [
...
path('api/s3-upload/', include('s3_file_field.urls')),
]
Usage
from s3_file_field import S3FileField
class Car(db.Model):
...
owners_manual = S3FileField()
Running checks
django-s3-file-field can detect common misconfigurations using Django's built in System check framework. To confirm your configuration is correct, run:
./manage.py check
Advanced Topics
Advanced configuration
Key | Default | Description |
---|---|---|
S3FF_UPLOAD_STS_ARN | none | ... |
S3FF_UPLOAD_PREFIX | none | Prefix where files should be stored |
S3FF_API_BASE_URL | /api/s3-upload |
API prefix where the server urls are hosted |
STS configuration
CORS configuration
This is a minimal function CORS configuration for an S3 bucket to be compatible with django-s3-file-field:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedHeader>*</AllowedHeader>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<ExposeHeader>Connection</ExposeHeader>
<ExposeHeader>Content-Length</ExposeHeader>
<ExposeHeader>Date</ExposeHeader>
<ExposeHeader>ETag</ExposeHeader>
<ExposeHeader>Server</ExposeHeader>
<ExposeHeader>x-amz-delete-marker</ExposeHeader>
<ExposeHeader>x-amz-version-id</ExposeHeader>
<MaxAgeSeconds>600</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>
Note: These are insecure defaults, the allowed origin and headers should not be a wildcard but instead modified for your specific deployment(s).
MinIO support
MinIO support depends on the django-minio-storage config (see https://django-minio-storage.readthedocs.io/en/latest/usage/), following settings are used
Security considerations
Integrating with forms
note on form.media
Extending
django-s3-file-field sends out two signals when its REST api is called:
s3_file_field_upload_prepare(name: str, object_key: str)
s3_file_field_upload_finalize(name: str, object_key: str, status: string)
API Reference
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-s3-file-field-0.0.6.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 06557ae171c40876a033db8e96dc2454d272e0ddff5c7a4062f96ab914b20a71 |
|
MD5 | ba012ac26a7917a41c0a7c6178ce995f |
|
BLAKE2b-256 | f5acfc27b4e228a48a6306e8c78409f9a29ba1857157cdb917b87e777aca65a5 |
Hashes for django_s3_file_field-0.0.6-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c5a2944abd8cd5317f06c29a8b52ef98f13180443006cc9a14798b46e1b59c82 |
|
MD5 | 1597d33d7ed9d869435c1b3411e9b42f |
|
BLAKE2b-256 | 8af40a43804f6f2b17b959cffb1eb19eaa51c757fd4960e927381b9f21548c94 |