S3 authentication

video module only support for public videos, if need private videos then you should create private URL and its not done with the video_s3 module.

I did a crude implementation of S3 query authentication.
Its actually already included in the S3.class and requires a few simple lines to get it working.

I wanted to make it onfigurable and submit it for dev review, why would we not want this feature in video module, i don't understand ?
It just adds a lifetime to your URL's...the urls will be working for everyone.
It's not only for private video sites, but it also prevents hotlinking from other hosts to your Amazon vids

I will add it with the next release of the video module, meanwhile if you can provide a patch on this, it is better for the community.

Sorry, i was planning to, was ill for a couple of weeks :(
I will tidy it up, make it admin configurable, and put it in a patch somewhere before wednesday.

If you're using Flowplayer, and trying to do something like limit access to videos to registered users you might want to take a look at this blog post:
http://evolt.org/s3secure

no need to do this in player deep level.
Official S3.class.php is used by the amazon_s3 part of the video module, so the functiobality is already available.
Will submit a patch soon

If database changes are needed for strong new variables, do i patch the schema of the video s3 module, or do i provide a video_update_xxxx in the video module?

I think you do not need any database changes, what you need to do is get the existing public url and append the params in to that URL, that will work.

Yes, but i want to make it configurable 'enable authentication url' and a configurable url lifetime in seconds.

never mind, stored in variables obviously :D

should be right, tested out fine on latest dev version.
Added gracetime so browsers will keep caching the same file (url does not change for lifetime interval).

Please review!

this change is needed for it to work with flowplayer

in video_formatter.inc
line 143

 elseif ($video->flash_player == 'flowplayer') {
    $options = array(
      'clip' => array(
        'url' => $video->url,
        'autoPlay' => $video->autoplay,
        'autoBuffering' => $video->autobuffering,
    ),

change to

 elseif ($video->flash_player == 'flowplayer') {
    $options = array(
      'clip' => array(
        'url' => urlencode($video->url),
        'autoPlay' => $video->autoplay,
        'autoBuffering' => $video->autobuffering,
    ),

to perform url encoding on the passed URL

Fixed in dev.

Not going to work

in amazon_s3.inc

        if ($this->s3->putObjectFile($filepath, $this->bucket, $filename, S3::ACL_PUBLIC_READ)) {

you need to put the file as ACL_PRIVATE when you enable private for S3..

If you don't do this, the file can be accessed without adding the additional params.

http://www.s3maphor3.org/files/The_ultimate_PHP_guide-to_the_Amazon_S3_s...
[code]
Reminder: Set the ACL of your S3 files to private, otherwise there is no point in using signed URLs.
[/code]

I also don't get why you didn't add the gracetime functionality i've added to the code.

Fixed in dev.

This issue is back with rc6. How should I update the code to allow for private downloads again, the new code breaks the ability to use private downloads.

Re-posting since I tagged it with the wrong version.... This issue is back with 6.x-4.2-alpha2. How should I update the code to allow for private downloads again, the new code breaks the ability to use private downloads.

Well, I am not the best code jockey out there.. In fact, I'm a hack.... I changed the following code to stop the Code 200, stream not found error... Access Denied serving uploaded S3 videos.....

modules/video/plugins/video_s3/includes
Alpha2 code change

Lines changed:

Line 135 original: $perm = (variable_get('amazon_s3_private', FALSE) == FALSE) ? S3::ACL_PUBLIC_READ : S3::ACL_PRIVATE;

Line 135 revised: $perm = (variable_get('amazon_s3_private', FALSE) == FALSE) ? S3::ACL_PRIVATE : S3::ACL_PUBLIC_READ;