Expand description
Presigned URL generation for S3 objects.
§Design
AWS SigV4 presigned URLs embed the credentials directly in the query string
(via X-Amz-Signature, X-Amz-Credential, X-Amz-Date, …) so the
recipient can fetch the object without AWS credentials of their own.
The URL is generated entirely in Rust — credentials never cross the Tauri
IPC boundary. The frontend receives an opaque PresignedUrl struct and
writes the URL to the clipboard.
§Expiry limits (AWS SigV4)
- Minimum: 60 seconds (enforce in this module; 1-second URLs are technically valid but useless and confusing).
- Maximum: 604 800 seconds (7 days) — hard AWS limit for SigV4 presigned URLs.
§OCP
PresignedUrl is intentionally open: expires_in_secs and method can be
added as optional fields in a future task without breaking the IPC shape.
A presign_put_object function would mirror this one with a PutObject
builder — no changes to existing callers.
Structs§
- Presigned
Url - Result returned by
object_presign.
Constants§
- MAX_
EXPIRES_ SECS - Maximum presigned URL expiry (7 days in seconds). Hard AWS limit for SigV4 presigned GET URLs.
- MIN_
EXPIRES_ SECS - Minimum presigned URL expiry (60 s). URLs shorter than this are essentially unusable and would confuse users.
Functions§
- presign_
get_ object - Generate a presigned
GetObjectURL forbucket/key. - validate_
expires_ 🔒secs - Pure validation helper extracted so unit tests can call it without a real
client. The command and
presign_get_objectboth call this inline for consistency.