A django widget library for securely uploading files directly to S3 (or MinIO).
Project description
django-s3-file-field
django-s3-file-field
is a Django widget library for uploading files directly to S3
(or MinIO) through the browser. django-s3-file-field heavily depends on the
django-storages package.
Quickstart
Ensure you've configured your Django installation to use django-storages
for S3 access: https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html.
Install the django-s3-file-field package:
pip install django-s3-file-field
Add s3_file_field
to your INSTALLED_APPS
:
INSTALLED_APPS = [
...
's3_file_field',
]
Add the required settings:
S3FF_UPLOAD_STS_ARN = '' # see STS Role section below (not required for minio)
Add the appropriate routes to urls.py
:
urlpatterns = [
...
path('api/s3-upload/', include('s3_file_field.urls')),
]
Usage
from s3_file_field import S3FileField
class Car(db.Model):
...
owners_manual = S3FileField()
Running checks
django-s3-file-field can detect common misconfigurations using Django's built in System check framework. To confirm your configuration is correct, run:
./manage.py check
Advanced Topics
Advanced configuration
Key | Default | Description |
---|---|---|
S3FF_UPLOAD_STS_ARN | none | ... |
S3FF_UPLOAD_PREFIX | none | Prefix where files should be stored |
STS configuration
CORS configuration
This is a minimal function CORS configuration for an S3 bucket to be compatible with django-s3-file-field:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedHeader>*</AllowedHeader>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<ExposeHeader>Connection</ExposeHeader>
<ExposeHeader>Content-Length</ExposeHeader>
<ExposeHeader>Date</ExposeHeader>
<ExposeHeader>ETag</ExposeHeader>
<ExposeHeader>Server</ExposeHeader>
<ExposeHeader>x-amz-delete-marker</ExposeHeader>
<ExposeHeader>x-amz-version-id</ExposeHeader>
<MaxAgeSeconds>600</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>
Note: These are insecure defaults, the allowed origin and headers should not be a wildcard but instead modified for your specific deployment(s).
MinIO support
MinIO support depends on the django-minio-storage config (see https://django-minio-storage.readthedocs.io/en/latest/usage/), following settings are used
Security considerations
Integrating with forms
note on form.media
Extending
django-s3-file-field sends out two signals when its REST api is called:
s3_file_field_upload_prepare(name: str, object_key: str)
s3_file_field_upload_finalize(name: str, object_key: str, status: string)
API Reference
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-s3-file-field-0.0.9.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | f99cebc80d6ddb84f862d351305076c77d198a2bc85c3139caa172769dfe8356 |
|
MD5 | 25abf778cba0103fa7fcdaa3ed1a1a3d |
|
BLAKE2b-256 | 94924ea68119aa843707848c7849ccdbb495be980869bf6fc149150a3b261394 |
Hashes for django_s3_file_field-0.0.9-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5050a69076c4332afaf21a2a9877725c8ec4119eac2e28f9f763fa51d5ade973 |
|
MD5 | a6423bfaea0a1dfe4609fc43e00312cf |
|
BLAKE2b-256 | c6e6fd01a200e0dac72dc9b0a4013ed750efada284acd9d836a3168a95aaab61 |