Get a file from R2 using a pre-signed url
By Massimo Presta

Get a file from R2 using a pre-signed url

cloudflare pill typescript R2

In this Article

Overview

In this article I’ll show a practical example of how to use a pre-signed url to get a file from Cloudflare R2. Objects in R2 buckets are private by default. That means the user will need permission to be able to access a file from the client side. In this case we can grant the user with temporary permission that’s restricted to the specific action we want the user to take using a pre-signed url.

Signing the url

We are going to use the aws4fetch library to sign the url. Keep in mind for this to work you’ll might need to update the cors settings of your bucket. You will need to generate the access_key_id and secret_access_key for your R2 bucket. You’ll also need to bind your bucket to your pages app or cloudflare worker. Here is what the pill code looks like:

Now here is the pill of code:

import { AwsClient } from 'aws4fetch'

export const onRequestPost = async (context: any): Promise<Response> => {
  const { env, request } = context
  // reading the body to find which file the client is looking for
  const body: any = await request.json()
  const filename: string = body.filename
  // the bound bucket
  const myBucket = env.MY_BUCKET
  // my cloudflare account id
  const cfAccountId = env.CF_ACCOUNT_ID
  // init the client
  const r2: AwsClient = new AwsClient({
    accessKeyId: env.R2_ACCESS_KEY_ID,
    secretAccessKey: env.R2_SECRET_ACCESS_KEY,
  })

  // allow the user to perform operations under the assets folder in my bucket
  const url = new URL(`https://${cfAccountId}.r2.cloudflarestorage.com/${myBucket}/assets/${filename}`)

  // Specify a custom expiry for the presigned URL, in seconds
  url.searchParams.set('x-Amz-Expires', '3600')

  // allow the user to perform a PUT (upload) operation
  const mySignedUrl = await r2.sign(
    new Request(url, {
      method: 'GET',
    }),
    {
      aws: { signQuery: true },
    },
  )

  // return the signed url
  return Promise.resolve(new Response(JSON.stringify({ signedUrl: mySignedUrl.url }), { status: 200 }))
}

Now the client can read the signedUrl from the response body and use it for requesting a file.

You may also like
Coderpunk Tech Solutions Beta
Massimo Presta

Coderpunk Tech Solutions Beta

Delivering digital solutions faster and at a lower cost for your business needs. Coderpunk Tech Solutions is now in beta.
cloudflare vulcan coderpunk solutions
Strong typed Pinia stores in Vue
Massimo Presta

Strong typed Pinia stores in Vue

Have you been coding in vuejs with typescript and pinia? Do you like for your store to be typed? Have a peek at this article...
vuejs pill typescript
Tidy up Worker endpoints with Hono
Massimo Presta

Tidy up Worker endpoints with Hono

Manage your worker endpoints using Hono.
cloudflare pill typescript Hono

Coderpunk is a blog that provides coding snippets, articles and tutorials on different programming languages and libraries.

Recent Posts

Coderpunk Tech Solutions Beta
Strong typed Pinia stores in Vue