Skip to content

feat: add configurable expiration for signed URLs #8136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: preview
Choose a base branch
from
Open

feat: add configurable expiration for signed URLs #8136

wants to merge 1 commit into from
+214 −3

Conversation

@gustoliveira
Copy link

@gustoliveira gustoliveira commented Nov 18, 2025
edited by cursor bot
Loading

Description

This PR adds a configurable environment variable SIGNED_URL_EXPIRATION to control the expiration time of S3 signed URLs for asset uploads and
downloads.

Currently, the expiration time is hardcoded to 3600 seconds (1 hour) in the S3Storage class. This change allows administrators to configure this value
through an environment variable, enabling shorter expiration times for enhanced security (e.g., 30 seconds) without modifying code.

Key Changes:

  • Added SIGNED_URL_EXPIRATION environment variable (default: 3600 seconds)
  • Updated generate_presigned_post() and generate_presigned_url() methods to use the configurable value
  • Maintains full backward compatibility - existing deployments will continue using 1-hour expiration
  • Added comprehensive unit tests with 100% coverage of the new functionality

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • Feature (non-breaking change which adds functionality)
  • Improvement (change that would cause existing functionality to not work as expected)
  • Code refactoring
  • Performance improvements
  • Documentation update

Test Scenarios

✅ Unit tests created in plane/tests/unit/settings/test_storage.py:

  • Test default expiration (3600s) when env variable is not set
  • Test custom expiration values (30s, 60s, 300s) from environment variable
  • Test that generate_presigned_post() uses the configured expiration
  • Test that generate_presigned_url() uses the configured expiration
  • Test that explicit expiration parameter overrides the default
  • All tests use mocked boto3 client to avoid real S3 calls

Note

Make S3 signed URL expiration configurable via SIGNED_URL_EXPIRATION and update storage methods with tests.

  • Backend/API:
    • S3Storage reads SIGNED_URL_EXPIRATION from env (default 3600).
    • generate_presigned_post and generate_presigned_url accept expiration=None and default to configured value; pass ExpiresIn accordingly.
  • Config:
    • Add SIGNED_URL_EXPIRATION to apps/api/.env.example with guidance/comments.
  • Tests:
    • New unit tests in plane/tests/unit/settings/test_storage.py covering defaults, custom values, and explicit overrides for both presigned post and URL methods (mocked boto3).

Written by Cursor Bugbot for commit 4179ece. This will update automatically on new commits. Configure here.

@gustoliveira
- Add SIGNED_URL_EXPIRATION environment variable
4179ece 
  - Update S3Storage to use configurable expiration time
  - Default remains 3600 seconds (1 hour) for backward compatibility
  - Add comprehensive unit tests with mocked S3 client
  - Update .env.example with documentation and examples
Copilot AI review requested due to automatic review settings November 18, 2025 14:21
@CLAassistant
Copy link

CLAassistant commented Nov 18, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

Copilot finished reviewing on behalf of gustoliveira November 18, 2025 14:23
Copilot AI reviewed Nov 18, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces configurable expiration times for S3 signed URLs by adding the SIGNED_URL_EXPIRATION environment variable. Currently, expiration times are hardcoded to 3600 seconds, which this change makes configurable to enable shorter expiration periods for enhanced security.

  • Added SIGNED_URL_EXPIRATION environment variable with a default of 3600 seconds
  • Modified generate_presigned_post() and generate_presigned_url() methods to use the configurable expiration value
  • Added comprehensive unit tests covering default and custom expiration scenarios

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
apps/api/plane/settings/storage.py Added signed_url_expiration instance variable and updated both presigned URL generation methods to use configurable expiration with explicit parameter override support
apps/api/plane/tests/unit/settings/test_storage.py Comprehensive unit test suite covering default expiration, custom expiration values, and method-level overrides for both presigned URL generation methods
apps/api/.env.example Added documentation for the new SIGNED_URL_EXPIRATION environment variable with usage examples

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gustoliveira gustoliveira mentioned this pull request Nov 19, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gustoliveira @CLAassistant