znbdownload 0.1

A Django storage backend with versioning and S3 support.

Upload media files to S3 and add support for private files.

Features

Installing and Uninstalling Packages

Installing in editable mode from local directory.

$ pip install -e /path/to/znbdownload/

You can remove the -e to install the package in the corresponding Python path, for example: /env/lib/python3.7/site-packages/znbdownload.

List installed packages and uninstall.

$ pip list
$ pip uninstall znbdownload

Installing from git using https.

$ pip install git+https://github.com/requests/requests.git#egg=requests
$ pip install git+https://github.com/alexisbellido/znbdownload.git#egg=znbdownload

This package could be added to a pip requirements.txt file from its git repository or source directory.

git+https://github.com/alexisbellido/znbdownload.git#egg=znbdownload
-e /path-to/znbdownload/

or from PyPi, in this case passing a specific version.

znbdownload==0.2

ZnbDownload will require, and install if necessary, Django, boto3 and django-storages.

Updating Django Settings

Add the following to INSTALLED_APPS

'znbdownload.apps.ZnbDownloadConfig'

Make sure these two are also installed.

'storages'
'django.contrib.staticfiles'

Amazon S3

Some notes to use S3 for storing Django files.

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain.

More on S3 access permissions.

Option 1 (preferred): Resource-based policy.

A bucket configured to be allow publc read access and full control by a IAM user that will be used from Django.

Create a IAM user. Write down the arn and user credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY).

Don’t worry about adding a user policy as you will be using a bucket policy to refer to this user by its arn.

Create an S3 bucket at url-of-s3-bucket.

Assign it the following CORS configuration in the permissions tab.

<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <MaxAgeSeconds>3000</MaxAgeSeconds>
      <AllowedHeader>Authorization</AllowedHeader>
  </CORSRule>
</CORSConfiguration>

Go to permissions, public access settings for the bucket and set these options to false or you won’t be able to use * as Principal in the bucket policy:

Block new public ACLs and uploading public objects (Recommended)
Remove public access granted through public ACLs (Recommended)
Block new public bucket policies (Recommended)
Block public and cross-account access if bucket has public policies (Recommended)

and the following bucket policy (use the corresponding arn for the bucket and for the IAM user that will have full control).

{
    "Version": "2012-10-17",
    "Id": "name-of-bucket",
    "Statement": [
        {
            "Sid": "PublicReadForGetBucketObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::name-of-bucket/*"
        },
        {
            "Sid": "FullControlForBucketObjects",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::364908532015:user/name-of-user"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::name-of-bucket",
                "arn:aws:s3:::name-of-bucket/*"
            ]
        }
    ]
}

Option 2: user policy.

A user configured to control an specific bucket.

Create an S3 bucket at url-of-s3-bucket.

Assign it the following CORS configuration in the permissions tab.

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>

Create a user in IAM and assign it to this policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1394043345000",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::url-of-s3-bucket/*"
            ]
        }
    ]
}

Then create the user credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to connect from Django.