Feature Request: Return presigned URLs for S3 storage
Returning a 302 with a presigned url instead of an anonymous request would enable us to include headers to set in the get request such as Content-Disposition
when config :pleroma, Pleroma.Upload, link_name:
is set to true
as well as set Cache-Control
headers saving bandwidth. For whatever reason Amazon decided that you have to provide authentication to set those headers.
One of the downsides is that presigned urls can only be valid for up to 7 days but that's not really too big of an issue since we're returning 302s anyway. Requests shouldn't be too resource intensive to sign. It is just HMAC-SHA256 after all. However, it'd be best to cache them. Especially for initial post federation when it'd be getting hundreds of requests at once which would greatly increase the CPU needed to sign the requests if no caching is used.
Initially, I was thinking of the best way to do the caching in Pleroma but I see no reason we couldn't just sign them for 7 days and then and then just use Nginx (or whatever reverse proxy is being used) to just cache the responses.