Updating docs and adding additional settings checks

Author: etianen

README.rst

@@ -216,21 +216,18 @@ Please note, however, that **custom URLs will not work with AWS_S3_PUBLIC_URL**
 URL doesn't accept extra parameters, and it will raise ``ValueError``.
 
 
-Presigned URL
------------
-Pre-signed URLs allow temporary access to S3 objects without AWS credentials.
-Generate a URL with permissions and time limit, then provide it to the user for downloading or uploading the object.
-API server does not need to handle the I/O of transferring the file, which can be resource-intensive and slow down the server's response time.
-Instead, the user can directly interact with S3, improving performance and reducing the load on your API server.
-It's secure and flexible for temporary access to S3 objects.
+Pre-signed URL uploads
+----------------------
 
-For download a existed file:
-.. code:: python
-    url = storage.url("foo/bar.pdf")
+Pre-signed URLs allow temporary access to S3 objects without AWS credentials. A pre-signed URL allows HTTP clients to
+upload files directly, improving performance and reducing the load on your server.
+
+To generate a presigned URL allowing a file upload with HTTP ``PUT``:
 
-For upload new file: 
 .. code:: python
-    url = storage.url("foo/bar.pdf", clientMethod="put_object")
+
+    url = storage.url("foo/bar.pdf", client_method="put_object")
+
 
 Management commands
 -------------------

django_s3_storage/storage.py

@@ -6,7 +6,7 @@
 import shutil
 from contextlib import closing
 from datetime import timezone
-from functools import wraps
+from functools import wraps, partial
 from io import TextIOBase
 from tempfile import SpooledTemporaryFile
 from threading import local
@@ -18,6 +18,7 @@
 from botocore.exceptions import ClientError
 from django.conf import settings
 from django.contrib.staticfiles.storage import ManifestFilesMixin
+from django.core import checks
 from django.core.exceptions import ImproperlyConfigured
 from django.core.files.base import File
 from django.core.files.storage import Storage
@@ -183,14 +184,6 @@ def _setup(self):
         # Validate settings.
         if not self.settings.AWS_S3_BUCKET_NAME:
             raise ImproperlyConfigured(f"Setting AWS_S3_BUCKET_NAME{self.s3_settings_suffix} is required.")
-        if self.settings.AWS_S3_PUBLIC_URL and self.settings.AWS_S3_BUCKET_AUTH:
-            log.warning(
-                "Using AWS_S3_BUCKET_AUTH%s with AWS_S3_PUBLIC_URL%s. "
-                "Private files on S3 may be inaccessible via the public URL. "
-                "See https://github.com/etianen/django-s3-storage/issues/114 ",
-                self.s3_settings_suffix,
-                self.s3_settings_suffix,
-            )
         # Create a thread-local connection manager.
         self._connections = _Local(self)
         # Set transfer config for S3 operations
@@ -217,9 +210,25 @@ def __init__(self, **kwargs):
         self._setup()
         # Re-initialize the storage if an AWS setting changes.
         setting_changed.connect(self._setting_changed_received)
+        # Register system checks.
+        checks.register(partial(self.__class__._system_checks, self), checks.Tags.security)
         # All done!
         super().__init__()
 
+    def _system_checks(self, app_configs, **kwargs):
+        errors = []
+        if self.settings.AWS_S3_PUBLIC_URL and self.settings.AWS_S3_BUCKET_AUTH:
+            errors.append(
+                checks.Warning(
+                    f"Using AWS_S3_BUCKET_AUTH{self.s3_settings_suffix} "
+                    f"with AWS_S3_PUBLIC_URL{self.s3_settings_suffix}. "
+                    "Private files on S3 may be inaccessible via the public URL. "
+                    "See https://github.com/etianen/django-s3-storage/issues/114 ",
+                    id="django_s3_storage.W001",
+                )
+            )
+        return errors
+
     def __reduce__(self):
         return unpickle_helper, (self.__class__, self._kwargs)
 
@@ -436,25 +445,24 @@ def size(self, name):
         except KeyError:
             return meta["ContentLength"]
 
-    def url(self, name, extra_params=None, clientMethod="get_object"):
+    def url(self, name, extra_params=None, client_method="get_object"):
         # Use a public URL, if specified.
         if self.settings.AWS_S3_PUBLIC_URL:
-            if extra_params:
-                raise ValueError(
-                    "Use of extra_params to generate custom URLs is not allowed "
-                    "with AWS_S3_PUBLIC_URL"
-                )
+            if extra_params or client_method != "get_object":
+                raise ValueError("Use of extra_params or client_method is not allowed with AWS_S3_PUBLIC_URL")
             return urljoin(self.settings.AWS_S3_PUBLIC_URL, filepath_to_uri(name))
         # Otherwise, generate the URL.
         params = extra_params.copy() if extra_params else {}
         params.update(self._object_params(name))
         url = self.s3_connection.generate_presigned_url(
-            ClientMethod=clientMethod,
+            ClientMethod=client_method,
             Params=params,
             ExpiresIn=self.settings.AWS_S3_MAX_AGE_SECONDS,
         )
         # Strip off the query params if we're not interested in bucket auth.
         if not self.settings.AWS_S3_BUCKET_AUTH:
+            if extra_params or client_method != "get_object":
+                raise ValueError("Use of extra_params or client_method is not allowed with AWS_S3_BUCKET_AUTH")
             url = urlunsplit(urlsplit(url)[:3] + ("", "",))
         # All done!
         return url