从AWS S3下载Rails控制器

Question

I am trying to build a really easy way for my users to download audio content from aws via my website. Here is the flow:

1. I give the user a download link. Ex: www.mysite.com/foobar
2. User clicks on the link.
3. In my rails controller, I create an expiring aws s3 url and automatically start downloading the audio content from that url.
4. User's browser should ask the user whether or not to save the file or not. In the event the user accepts to save the file, I want a callback to my rails app to log that the user actually downloaded the file.

So, from a user's perspective, I want the process to be as simple as going to a url I determine, and accepting to download the file when prompted.

In the background, I want to keep the aws s3 url hidden from the user and I want to have the flexibility to write callback logic after the user accepts the download.

What is the recommended way to achieving this?

Answer 1

The best way to solve this is to create an S3 URL with a very short (10 minute?) lifetime and return a redirect to the S3 URL. This does expose the S3 url to the user, but isn't a vulnerability.

If you want to hide the S3 URL, you will need to proxy the download through your servers, which is expensive and consumes a worker process for long periods of time. I do not recommend this, but it is the only way to conceal the S3 resource.

Additionally, if triggering a download vs. a view is important, you need to set the Content-Disposition header to trigger an attachment download:

  Content-Disposition: attachment; filename="fname.ext"