Feature Proposal: Short Signed Token URL for Object Access

[rikurunico]

Background

Currently, RustFS provides temporary object access using AWS Signature V4 compatible presigned URLs, similar to Amazon S3. While this ensures compatibility with existing tooling, the resulting URLs are extremely long and include multiple query parameters:

• X-Amz-Algorithm

• X-Amz-Credential

• X-Amz-Date

• X-Amz-Expires

• X-Amz-Signature

• etc.

Example:

https://cdn.example.com/bucket/path/file.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=...&X-Amz-Signature=...

These URLs work correctly but introduce several practical limitations:

1. Very long URLs are inconvenient for frontend usage.

2. Hard to use as canonical URLs in applications.

3. Poor compatibility with some CDN caching strategies.

4. Difficult to embed in QR codes or messaging platforms.

5. Not ergonomic for systems that store file references in databases.

Many modern storage systems provide an additional mechanism using short signed tokens.

---

Proposal

Introduce an optional Short Signed Token URL mechanism.

Example public URL:

https://cdn.example.com/s/abc123xyz

or

https://cdn.example.com/object/file.jpg?token=abc123xyz

Where the token encodes:

• object path

• expiration timestamp

• optional permissions

• signature

Example structure:

token = base64url(
    object_path + ":" + expires + ":" + HMAC(secret, object_path + expires)
)

Server verification flow:

1. Receive request /s/{token}

2. Decode token

3. Validate signature

4. Validate expiration

5. Resolve object path

6. Serve object

---

Advantages

1. Much shorter URLs

2. Easier integration with front-end applications

3. Better CDN compatibility

4. Cleaner database storage (store token instead of full presigned URL)

5. Still cryptographically secure

---

Additional Features (Optional)

• configurable token length

• optional IP binding

• optional permission scope (read / download)

• revocation via key rotation

• configurable token TTL

---

Comparison

Feature | Presigned URL | Short Token -- | -- | -- Length | Very long | Short S3 Compatible | Yes | No CDN Friendly | Moderate | High Usability | Low | High

---

Question

Would maintainers be open to adding a short signed token access mode alongside the existing S3-compatible presigned URL system?

This would not break compatibility but would significantly improve usability for applications that rely heavily on object URLs.