Class: ActiveCipherStorage::Adapters::S3Adapter

Inherits:

Object

• Object
• ActiveCipherStorage::Adapters::S3Adapter

Includes:

KeyUtils

Defined in:

lib/active_cipher_storage/adapters/s3_adapter.rb

Defined Under Namespace

Classes: StreamingDecryptor

Constant Summary

DEFAULT_MULTIPART_THRESHOLD =

100 * 1024 * 1024

Instance Method Summary

• #delete(key) ⇒ Object
• #exist?(key) ⇒ Boolean
• #get_decrypted(key) ⇒ Object
• #initialize(bucket:, region: nil, multipart_threshold: DEFAULT_MULTIPART_THRESHOLD, s3_client: nil, config: nil, chunk_size: Configuration::DEFAULT_CHUNK_SIZE) ⇒ S3Adapter constructor

  A new instance of S3Adapter.

• #presigned_url(key, expires_in: 3600) ⇒ Object
• #put_encrypted(key, io, **options) ⇒ Object
• #stream_decrypted(key, &block) ⇒ Object

  Streams decrypted plaintext from S3 without buffering the whole object.

Constructor Details

#initialize(bucket:, region: nil, multipart_threshold: DEFAULT_MULTIPART_THRESHOLD, s3_client: nil, config: nil, chunk_size: Configuration::DEFAULT_CHUNK_SIZE) ⇒ S3Adapter

Returns a new instance of S3Adapter.

Raises:

• (ArgumentError)

# File 'lib/active_cipher_storage/adapters/s3_adapter.rb', line 10

def initialize(bucket:, region: nil, multipart_threshold: DEFAULT_MULTIPART_THRESHOLD,
               s3_client: nil, config: nil,
               chunk_size: Configuration::DEFAULT_CHUNK_SIZE)
  @bucket              = bucket
  @region              = region
  @multipart_threshold = multipart_threshold
  @client_override     = s3_client
  @config              = config || ActiveCipherStorage.configuration
  @chunk_size          = Integer(chunk_size)
  @config.validate!
  raise ArgumentError, "chunk_size must be positive" unless @chunk_size.positive?
end

Instance Method Details

#delete(key) ⇒ Object

# File 'lib/active_cipher_storage/adapters/s3_adapter.rb', line 58

def delete(key)
  s3.delete_object(bucket: @bucket, key: key)
end

#exist?(key) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_cipher_storage/adapters/s3_adapter.rb', line 51

def exist?(key)
  s3.head_object(bucket: @bucket, key: key)
  true
rescue Aws::S3::Errors::NotFound, Aws::S3::Errors::NoSuchKey
  false
end

#get_decrypted(key) ⇒ Object

# File 'lib/active_cipher_storage/adapters/s3_adapter.rb', line 27

def get_decrypted(key)
  resp = s3.get_object(bucket: @bucket, key: key)
  decrypt_io(StringIO.new(resp.body.read.b))
end

#presigned_url(key, expires_in: 3600) ⇒ Object

# File 'lib/active_cipher_storage/adapters/s3_adapter.rb', line 45

def presigned_url(key, expires_in: 3600)
  Aws::S3::Presigner.new(client: s3)
                    .presigned_url(:get_object, bucket: @bucket, key: key,
                                   expires_in: expires_in)
end

#put_encrypted(key, io, **options) ⇒ Object

# File 'lib/active_cipher_storage/adapters/s3_adapter.rb', line 23

def put_encrypted(key, io, **options)
  large_file?(io) ? multipart_put(key, io, **options) : single_put(key, io, **options)
end

#stream_decrypted(key, &block) ⇒ Object

Streams decrypted plaintext from S3 without buffering the whole object. Yields each decrypted plaintext chunk as it becomes available. Safe for multi-gigabyte files: memory usage is bounded by chunk_size.

Raises:

• (ArgumentError)

# File 'lib/active_cipher_storage/adapters/s3_adapter.rb', line 35

def stream_decrypted(key, &block)
  raise ArgumentError, "stream_decrypted requires a block" unless block_given?

  decryptor = StreamingDecryptor.new(@config)
  s3.get_object(bucket: @bucket, key: key) do |s3_chunk|
    decryptor.push(s3_chunk.b, &block)
  end
  decryptor.finish!
end