Support signed URLs in IIIF requests #5
Conversation
kdid
force-pushed
the
5073-iiif-signed-urls
branch
from
3a606c3 to
b450227
Compare
kdid
force-pushed
the
5073-iiif-signed-urls
branch
from
b450227 to
355b5ac
Compare
There was a problem hiding this comment.
This is really fantastic and exactly what I was thinking. I just have two suggestions:
- [Fully my fault, since I didn't consider this before writing the spec ticket] Change the
idclaim field tosub,expirestoexp, and usepascalCasefor themax-[dimension]fields, just to be consistent with JWT best practices. - Instead of just returning
trueorfalsefromvalidateJwtClaims, maybe return{ valid: [true|false], reason: reason }and then use the reason as the body of the 403 response (e.g.,disallowed ${field}orsubject doesn't matchormaxWidth exceeded). I don't think that gives away too much about the implementation, and it would demonstrate to tinkerers that we're serious about checking the parameters. 😄
kdid
force-pushed
the
5073-iiif-signed-urls
branch
from
355b5ac to
e7b9155
Compare
|
@mbklein - this is ready for re-review. Code is deployed live on staging. |
iiif-server/src/index.js
Outdated
| if (jwtClaims['max-width'] && params.size.width > jwtClaims['max-width']) { | ||
| errors.push("Width too large"); | ||
| } | ||
|
|
||
| if (jwtClaims['max-height'] && params.size.height > jwtClaims['max-height']) { | ||
| errors.push("Height too large"); | ||
| } |
There was a problem hiding this comment.
max-width and max-height aren't being enforced, because params.size isn't being parsed into width and height. It looks like 2048,1536 or !300,300 or even ,768 or pct:50. This is where all the stuff about the “full frame image” came from in the documentation of those fields – there was a whole discussion in the serverless-iiif repo about how to handle max dimensions in light of the fact that a savvy and patient user could simply request individual tiles that didn't violate the maximum and stitch them together.
The iiif-processor gem offers a way to calculate the effective width and height of the full image based on the parameters given even when a region is requested, but all things considered, I'm not convinced it's worth going to great lengths to support it right now. Maybe the best thing to do is remove max-width and max-height from the code and the docs and come back to it later if we feel the need. I'm willing to be persuaded otherwise.
There was a problem hiding this comment.
If you decide to remove the max-* support, consider the PR approved once that's done. Otherwise, I'm happy to pair on the rest of implementation if we have time.
kdid
force-pushed
the
5073-iiif-signed-urls
branch
from
1fb41bf to
10e07f1
Compare
|
@mbklein - I think this is ready for re-review! It's deployed on staging and there should be a number of shared test evens on the viewer function (I was logged in as admin). I wasn't sure what we'd want to do if the S3 object did not exist at all so I just logged it and let it pass on through? My thought was that right now the authorizer doesn't care if the object exists or not. Open to counter arguments. |
Summary
Add support for HMAC-signed URLs with an expires parameter.
This will make certain operations (like one-off downloads and redirects) a lot simpler.