Our site allows users to store their private files on our site, which is now in an S3 bucket since we've moved to AWS. Users can download their files again, but only after logging in to our web site. Even if they have the direct URL (/download.php?fileid=1234), users must be logged in first.
Right now we have a download script which pulls the file from S3 in chunks and then passes it along to the user. This works okay, and even allows download resuming if their browser supports it. Nobody has any complaints.
But I've got this nagging feeling that I'm just doing it wrong, and there has to be some way to allow users to download straight from S3 - but again, only if logged in to our site.
I've been looking at Pre-signed URLs - is this what I need? If so, then I guess I should just do a Location: https://bucket.s3... redirect when the user hits /download.php?fileid=1234?
How would this work with a download manager that supports resuming? Would resume cease to work because they would be going directly to S3 with a then-expired key? Resuming is so uncommon, that it may be worth the speed boost for regular people to not have to go through our servers first...
How do you guys handle your secure downloads from S3?
Both of your proposed solutions are fine. It just depends on things like whether you want to have all of the data coming through your server (which you must then scale) or if it's ok for the link to expire after the time limit you set.
I use both of these approaches for different situations.
I rarely recommend re-implementing a solution that is working without extenuating circumstances (anticipated scaling needs, security concerns, etc.).
And yes, if they try to access a signed URL after the expiration time, it will fail.