Signed URLs

Presigned URLs are a way to give temporary access to a private object in S3. S3 will generate a URL (by attaching a cryptographic signature) that allows access to the object for a limited time. To be clear, it doesn't require the user to be logged in - it's just a URL that expires.

The idea is that we'll generate these URLs with very short life spans, and then only give them to users who have already been authenticated by your application.

Assignment

Okay, so now that we've switched to a private bucket, we have a problem. Our code in that app's current state will generate URLs that simply put, won't work. Let's try it!

Create a new video and upload the vertical video to it. The video player in the UI should sit there spinning forever in a broken state...
Right click on the player and select "Copy video address". Open a new tab and paste the URL in the address bar. You should see a permissions error!

<Message>Access Denied</Message>

Let's use presigned URLs to fix it! Now, we're gonna do something a bit... hacky. There's no point in storing pre-signed URLs in the database, because they expire quickly. Instead, we'll use the video_url column to store the bucket and key of the video, then we'll use that to generate the presigned URL on the fly and respond with it on the API.

Update the handlerUploadVideo handler code to store bucket and key as a comma delimited string in the video_url. E.g. tube-private-12345,portrait/vertical.mp4
Create a new generatePresignedURL(s3Client *s3.Client, bucket, key string, expireTime time.Duration) (string, error) function.
1. Use the SDK to create a s3.PresignClient with s3.NewPresignClient
2. Use the client's .PresignGetObject() method with s3.WithPresignExpires as a functional option.
3. Return the .URL field of the v4.PresignedHTTPRequest created by .PresignGetObject()
Create a new (cfg *apiConfig) dbVideoToSignedVideo(video database.Video) (database.Video, error) method:
- It should take a video database.Video as input and return a database.Video with the VideoURL field set to a presigned URL and an error (to be returned from the handler)
- It should first split the video.VideoURL on the comma to get the bucket and key
- Then it should use generatePresignedURL to get a presigned URL for the video
- Set the VideoURL field of the video to the presigned URL and return the updated video
Now whenever we return a video object over the wire, we need to first use the dbVideoToSignedVideo method to generate the presigned URL
- handlerUploadVideo should use it
- handlerVideoGet should use it
- handlerVideosRetrieve should use it
Restart your server, and make sure you have a single video uploaded, it should be the vertical one. Make sure the video player works now!

Run and submit the CLI tests.