The ability to have temporary URLs is something that has been requested for quite some time. Since Cloud Files runs on openstack swift, we get some of the new features available, such as temporary URLs. This will allow you to create temporary URLs so your end users can consume your product, while having it expire after a few days, or minutes, so it isn’t possible to share the link, limiting unauthorized downloads.
Keep in mind, this isn’t officially supported by Rackspace yet, so you’re on your own for it, however it does work and you can start taking advantage of it now. Read on after the jump for the how-to.
The first thing we need(Aside of an account), is the API key.
You can locate this in your control panel under ‘Your Account’, if you’re using Cloud Files, you more then likely already have this. Once you have your API key, we need to create authenticate and create/set our key.
Let’s go ahead and authenticate first:
$ curl -I -X GET -H X-Auth-User:USER -H X-Auth-Key:APIKEY https://auth.api.rackspacecloud.com/v1.0 HTTP/1.1 204 No Content Server: Apache/2.2.3 (Red Hat) vary: X-Auth-Token,X-Auth-Key,X-Storage-User,X-Storage-Pass X-Storage-Url: https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_d58d266b-3601-4d95-8e96-2063c9caef48 Cache-Control: s-maxage=5028 Content-Type: text/xml Date: Mon, 16 Apr 2012 18:41:46 GMT X-Auth-Token: ~ X-Storage-Token: ~ X-Server-Management-Url: https://servers.api.rackspacecloud.com/v1.0/473948 Connection: Keep-Alive X-CDN-Management-Url: https://cdn.clouddrive.com/v1/MossoCloudFS_d58d266b-3601-4d95-8e96-2063c9caef48 Content-Length: 0
Next, let’s go ahead and make a key. It can be whatever you want (Alphanumeric) within the limitations of the header length, however I recommend just echoing out some text and making an md5 or sha of it.
$ echo -n "Random text so I can make my key with it and such" | md5sum 7acc0fe42358c0232053b3fc7254609c -
Once we have this, we can go ahead and set it on our account:
$ curl -i -X POST -H X-Auth-Token:~token -H X-Account-Meta-Temp-URL-Key:7acc0fe42358c0232053b3fc7254609c https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_d58d266b-3601-4d95-8e96-2063c9caef48 HTTP/1.1 204 No Content Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Trans-Id: txd69ae1123b4d4f8c82ab1a38bfb3a499 Date: Mon, 16 Apr 2012 19:02:22 GMT
A few notes about your key, if you change it, it will invalidate every URL you have generated after about a minute (Due to caching), additionally, you can check it by issuing a HEAD against your account, so you won’t have to invalidate all your old URLS if you forget it –
$ curl -I -H X-Auth-Token:TOKEN https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_d58d266b-3601-4d95-8e96-2063c9caef48 HTTP/1.1 204 No Content X-Account-Object-Count: 52 X-Account-Meta-Temp-Url-Key: 7acc0fe42358c0232053b3fc7254609c X-Account-Bytes-Used: 61839518344 X-Account-Container-Count: 2 Accept-Ranges: bytes Content-Length: 0 X-Trans-Id: txa90bbf3e259443d5bd4c312adddc1767 Date: Mon, 16 Apr 2012 19:31:12 GMT
After you’ve set up your key on your account, we can go ahead and generate the URL using a python script:
import hmac from hashlib import sha1 from time import time method = 'GET' expires = int(time() + TIME FROM NOW TO EXPIRE, IN SECONDS) base = 'BASEURL' path = 'PATH TO OBJECT' key = 'THE KEY YOU CREATED' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() print '%s%s?temp_url_sig=%s&temp_url_expires=%s' % (base, path, sig, expires)
For comparison, here is what mine looked like:
import hmac from hashlib import sha1 from time import time method = 'GET' expires = int(time() + 600) base = 'https://storage101.dfw1.clouddrive.com' path = '/v1/MossoCloudFS_d58d266b-3601-4d95-8e96-2063c9caef48/test/test.txt' key = '7acc0fe42358c0232053b3fc7254609c' hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new(key, hmac_body, sha1).hexdigest() print '%s%s?temp_url_sig=%s&temp_url_expires=%s' % (base, path, sig, expires)
Now that we have the script made, we can generate our URL and give it to end users:
$ python script.py https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_d58d266b-3601-4d95-8e96-2063c9caef48/test/test.txt?temp_url_sig=d36692ce16ff22c80769dfce0712ff6fc9e4dd6c&temp_url_expires=1334603603 $ curl -I "https://storage101.dfw1.clouddrive.com/v1/MossoCloudFS_d58d266b-3601-4d95-8e96-2063c9caef48/test/test.txt?temp_url_sig=d36692ce16ff22c80769dfce0712ff6fc9e4dd6c&temp_url_expires=1334603603" HTTP/1.1 200 OK Last-Modified: Fri, 18 Nov 2011 23:32:41 GMT Accept-Ranges: bytes Etag: 8d777f385d3dfec8815d20f7496026dc Content-Type: text/plain Content-Length: 4 X-Trans-Id: txf8297b7c83d44a85bcb9d28c7141ca08 Date: Mon, 16 Apr 2012 19:03:41 GMT
Again, this exists in the Swift implementation for Rackspace Cloud, however it is not officially supported yet. If you have issues, you’re pretty much on your own. However it seems to work fine, and it will probably be in the documentation soon and officially supported, so you can start utilizing it now!