Skip to main content

A django widget library for securely uploading files directly to S3 (or MinIO).

Project description

django-s3-file-field

PyPI version shields.io PyPI - Python Version PyPI - Django Version

django-s3-file-field is a Django widget library for uploading files directly to S3 (or MinIO) through the browser. django-s3-file-field heavily depends on the django-storages package.

Quickstart

Ensure you've configured your Django installation to use django-storages for S3 access: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html.

Install the django-s3-file-field package:

pip install django-s3-file-field

Add s3_file_field to your INSTALLED_APPS:

INSTALLED_APPS = [
 ...
 's3_file_field',
]

Add the required settings:

S3FF_UPLOAD_STS_ARN = '' # see STS Role section below (not required for minio)

Add the appropriate routes to urls.py:

urlpatterns = [
    ...
    path('api/s3-upload/', include('s3_file_field.urls')),
]

Usage

from s3_file_field import S3FileField

class Car(db.Model):
    ...
    owners_manual = S3FileField()

Running checks

django-s3-file-field can detect common misconfigurations using Django's built in System check framework. To confirm your configuration is correct, run:

./manage.py check

Advanced Topics

Advanced configuration

Key Default Description
S3FF_UPLOAD_STS_ARN none ...
S3FF_UPLOAD_PREFIX none Prefix where files should be stored

STS configuration

CORS configuration

This is a minimal function CORS configuration for an S3 bucket to be compatible with django-s3-file-field:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedHeader>*</AllowedHeader>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedOrigin>*</AllowedOrigin>
    <ExposeHeader>Connection</ExposeHeader>
    <ExposeHeader>Content-Length</ExposeHeader>
    <ExposeHeader>Date</ExposeHeader>
    <ExposeHeader>ETag</ExposeHeader>
    <ExposeHeader>Server</ExposeHeader>
    <ExposeHeader>x-amz-delete-marker</ExposeHeader>
    <ExposeHeader>x-amz-version-id</ExposeHeader>
    <MaxAgeSeconds>600</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>

Note: These are insecure defaults, the allowed origin and headers should not be a wildcard but instead modified for your specific deployment(s).

MinIO support

MinIO support depends on the django-minio-storage config (see https://django-minio-storage.readthedocs.io/en/latest/usage/), following settings are used

Security considerations

Integrating with forms

note on form.media

Extending

django-s3-file-field sends out two signals when its REST api is called:

s3_file_field_upload_prepare(name: str, object_key: str)
s3_file_field_upload_finalize(name: str, object_key: str, status: string)

API Reference

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-s3-file-field, version 0.0.7
Filename, size File type Python version Upload date Hashes
Filename, size django_s3_file_field-0.0.7-py2.py3-none-any.whl (108.8 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size django-s3-file-field-0.0.7.tar.gz (108.5 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page