knox

Node Amazon S3 Client.

Features

• Familiar API (client.get(), client.put(), etc.)
• Very Node-like low-level request capabilities via http.Client
• Higher-level API with client.putStream(), client.getFile(), etc.
• Copying and multi-file delete support
• Streaming file upload and direct stream-piping support

Examples

The following examples demonstrate some capabilities of knox and the S3 REST API. First things first, create an S3 client:

var client = knox.createClient({
    key: '<api-key-here>'
  , secret: '<secret-here>'
  , bucket: 'learnboost'
});

More options are documented below for features like other endpoints or regions.

PUT

If you want to directly upload some strings to S3, you can use the Client#put method with a string or buffer, just like you would for any http.Client request. You pass in the filename as the first parameter, some headers for the second, and then listen for a 'response' event on the request. Then send the request using req.end(). If we get a 200 response, great!

If you send a string, set Content-Length to the length of the buffer of your string, rather than of the string itself.

var object = { foo: "bar" };
var string = JSON.stringify(object);
var req = client.put('/test/obj.json', {
    'Content-Length': Buffer.byteLength(string)
  , 'Content-Type': 'application/json'
});
req.on('response', function(res){
  if (200 == res.statusCode) {
    console.log('saved to %s', req.url);
  }
});
req.end(string);

By default the x-amz-acl header is private. To alter this simply pass this header to the client request method.

client.put('/test/obj.json', { 'x-amz-acl': 'public-read' });

Each HTTP verb has an alternate method with the "File" suffix, for example put() also has a higher level method named putFile(), accepting a source filename and performing the dirty work shown above for you. Here is an example usage:

client.putFile('my.json', '/user.json', function(err, res){
  // Always either do something with `res` or at least call `res.resume()`.
});

Another alternative is to stream via Client#putStream(), for example:

http.get('http://google.com/doodle.png', function(res){
  var headers = {
      'Content-Length': res.headers['content-length']
    , 'Content-Type': res.headers['content-type']
  };
  client.putStream(res, '/doodle.png', headers, function(err, res){
    // check `err`, then do `res.pipe(..)` or `res.resume()` or whatever.
  });
});

You can also use your stream's pipe method to pipe to the PUT request, but you'll still have to set the 'Content-Length' header. For example:

fs.stat('./Readme.md', function(err, stat){
  // Be sure to handle `err`.

  var req = client.put('/Readme.md', {
      'Content-Length': stat.size
    , 'Content-Type': 'text/plain'
  });

  fs.createReadStream('./Readme.md').pipe(req);

  req.on('response', function(res){
    // ...
  });
});

Finally, if you want a nice interface for putting a buffer or a string of data, use Client#putBuffer():

var buffer = new Buffer('a string of data');
var headers = {
  'Content-Type': 'text/plain'
};
client.putBuffer(buffer, '/string.txt', headers, function(err, res){
  // ...
});

Note that both putFile and putStream will stream to S3 instead of reading into memory, which is great. And they return objects that emit 'progress' events too, so you can monitor how the streaming goes! The progress events have fields written, total, and percent.

GET

Below is an example GET request on the file we just shoved at S3. It simply outputs the response status code, headers, and body.

client.get('/test/Readme.md').on('response', function(res){
  console.log(res.statusCode);
  console.log(res.headers);
  res.setEncoding('utf8');
  res.on('data', function(chunk){
    console.log(chunk);
  });
}).end();

There is also Client#getFile() which uses a callback pattern instead of giving you the raw request:

client.getFile('/test/Readme.md', function(err, res){
  // check `err`, then do `res.pipe(..)` or `res.resume()` or whatever.
});

DELETE

Delete our file:

client.del('/test/Readme.md').on('response', function(res){
  console.log(res.statusCode);
  console.log(res.headers);
}).end();

Likewise we also have Client#deleteFile() as a more concise (yet less flexible) solution:

client.deleteFile('/test/Readme.md', function(err, res){
  // check `err`, then do `res.pipe(..)` or `res.resume()` or whatever.
});

HEAD

As you might expect we have Client#head and Client#headFile, following the same pattern as above.

Advanced Operations

Knox supports a few advanced operations. Like copying files:

client.copy('/test/source.txt', '/test/dest.txt').on('response', function(res){
  console.log(res.statusCode);
  console.log(res.headers);
}).end();

// or

client.copyFile('/source.txt', '/dest.txt', function(err, res){
  // ...
});

even between buckets:

client.copyTo('/source.txt', 'dest-bucket', '/dest.txt').on('response', function(res){
  // ...
}).end();

and even between buckets in different regions:

var destOptions = { region: 'us-west-2', bucket: 'dest-bucket' };
client.copyTo('/source.txt', destOptions, '/dest.txt', function(res){
  // ...
}).end();

or deleting multiple files at once:

client.deleteMultiple(['/test/Readme.md', '/test/Readme.markdown'], function(err, res){
  // ...
});

or listing all the files in your bucket:

client.list({ prefix: 'my-prefix' }, function(err, data){
  /* `data` will look roughly like:

  {
    Prefix: 'my-prefix',
    IsTruncated: true,
    MaxKeys: 1000,
    Contents: [
      {
        Key: 'whatever'
        LastModified: new Date(2012, 11, 25, 0, 0, 0),
        ETag: 'whatever',
        Size: 123,
        Owner: 'you',
        StorageClass: 'whatever'
      },
      ⋮
    ]
  }

  */
});

And you can always issue ad-hoc requests, e.g. the following to get an object's ACL:

client.request('GET', '/test/Readme.md?acl').on('response', function(res){
  // Read and parse the XML response.
  // Everyone loves XML parsing.
}).end();

Finally, you can construct HTTP or HTTPS URLs for a file like so:

var readmeUrl = client.http('/test/Readme.md');
var userDataUrl = client.https('/user.json');

Client Creation Options

Besides the required key, secret, and bucket options, you can supply any of the following:

endpoint

By default knox will send all requests to the global endpoint (s3.amazonaws.com). This works regardless of the region where the bucket is. But if you want to manually set the endpoint, e.g. for performance or testing reasons, or because you are using a S3-compatible service that isn't hosted by Amazon, you can do it with the endpoint option.

region

For your convenience when using buckets not in the US Standard region, you can specify the region option. When you do so, the endpoint is automatically assembled.

As of this writing, valid values for the region option are:

• US Standard (default): us-standard
• US West (Oregon): us-west-2
• US West (Northern California): us-west-1
• EU (Ireland): eu-west-1
• Asia Pacific (Singapore): ap-southeast-1
• Asia Pacific (Tokyo): ap-northeast-1
• South America (Sao Paulo): sa-east-1

If new regions are added later, their subdomain names will also work when passed as the region option. See the AWS endpoint documentation for the latest list.

Convenience APIs such as putFile and putStream currently do not work as expected with buckets in regions other than US Standard without explicitly specify the region option. This will eventually be addressed by resolving issue #66; however, for performance reasons, it is always best to specify the region option anyway.

secure and port

By default, knox uses HTTPS to connect to S3 on port 443. You can override either of these with the secure and port options. Note that if you specify a custom port option, the default for secure switches to false, although you can override it manually if you want to run HTTPS against a specific port.

token

If you are using the AWS Security Token Service APIs, you can construct the client with a token parameter containing the temporary security credentials token. This simply sets the x-amz-security-token header on every request made by the client.

style

By default, knox tries to use the "virtual hosted style" URLs for accessing S3, e.g. bucket.s3.amazonaws.com. If you pass in "path" as the style option, or pass in a bucket value that cannot be used with virtual hosted style URLs, knox will use "path style" URLs, e.g. s3.amazonaws.com/bucket. There are tradeoffs you should be aware of:

• Virtual hosted style URLs can work with any region, without requiring it to be explicitly specified; path style URLs cannot.
• You can access programmatically-created buckets only by using virtual hosted style URLs; path style URLs will not work.
• You can access buckets with periods in their names over SSL using path style URLs; virtual host style URLs will not work unless you turn off certificate validation.
• You can access buckets with mixed-case names only using path style URLs; virtual host style URLs will not work.

For more information on the differences between these two types of URLs, and limitations related to them, see the following S3 documentation pages:

• Virtual Hosting of Buckets
• Bucket Configuration Options
• Bucket Restrictions and Limitations

agent

Knox disables the default HTTP agent, because it leads to lots of "socket hang up" errors when doing more than 5 requests at once. See #116 for details. If you want to get the default agent back, you can specify agent: require("https").globalAgent, or use your own.

Beyond Knox

Multipart Upload

S3's multipart upload is their rather-complicated way of uploading large files. In particular, it is the only way of streaming files without knowing their Content-Length ahead of time.

Adding the complexity of multipart upload directly to knox is not a great idea. For example, it requires buffering at least 5 MiB of data at a time in memory, which you want to avoid if possible. Fortunately, @nathanoehlman has created the excellent knox-mpu package to let you use multipart upload with knox if you need it!

Easy Download/Upload

@superjoe30 has created a nice library, called simply s3, that makes it very easy to upload local files directly to S3, and download them back to your filesystem. For simple cases this is often exactly what you want!

Uploading With Retries and Exponential Backoff

@jergason created intimidate, a library wrapping Knox to automatically retry failed uploads with exponential backoff. This helps your app deal with intermittent connectivity to S3 without bringing it to a ginding halt.

Listing and Copying Large Buckets

@goodeggs created knox-copy to easily copy and stream keys of buckets beyond Amazon's 1000 key page size limit.

@segmentio created s3-lister to stream a list of bucket keys using the new streams2 interface.

@drob created s3-deleter, a writable stream that batch-deletes bucket keys.

Running Tests

To run the test suite you must first have an S3 account. Then create a file named ./test/auth.json, which contains your credentials as JSON, for example:

{
  "key": "<api-key-here>",
  "secret": "<secret-here>",
  "bucket": "<your-bucket-name>",
  "bucket2": "<another-bucket-name>",
  "bucketUsWest2": "<bucket-in-us-west-2-region-here>"
}

Then install the dev dependencies and execute the test suite:

$ npm install
$ npm test

0.9.2 / 2015-01-05

• Fix encoding of filenames with + or ? characters in them. (hurrymaplelad)

0.9.1 / 2014-08-24

• Remove Expect: 100-continue headers from PUT and copy commands. We weren't using them correctly anyway.
• Add extraHeaders option to signedUrl. (dweinstein)

0.9.0 / 2014-06-11

• Update dependencies: Knox will now no longer work on Node 0.8.
• Fix files with # in their filename not working. (kristokaiv)
• Fix a variety of intermittent double-callback bugs, e.g. both response and error, or two errors. If there are two errors, or an error on the request after the response is delivered, those are now swallowed. (willisblackburn, domenic)
• Fix missing return value of client.deleteFile.

0.8.10 / 2014-05-11

• Fix mapping of us-east-1 region to be s3.amazonaws.com, instead of s3-us-east-1.amazonaws.com. (coen-hyde)

0.8.9 / 2014-02-08

• Fix reported sporadic error with client.list getting null data by reporting it instead of crashing. (pauliusuza)

0.8.8 / 2013-11-27

• Fix double-encoding bug introduced in 0.8.7, where using client.list with a prefix containing special characters would fail. (colinmutter)

0.8.7 / 2013-11-21

• Fix handling of non-ASCII characters. (jbuck)

0.8.6 / 2013-07-31

• Fix normalization of CommonPrefixes to an array when doing a client.list operation. (mackyi)
• Fix doing operations with spaces in filenames.
• Throw when an invalid port is passed to the constructor.

0.8.5 / 2013-07-29

• Fix bucket name validation to allow short segments, e.g. in buck.e.t.

0.8.4 / 2013-07-13

• Add the ability to pass arbitrary destination options to copyTo. (kof)
• Fix a regression where custom ports were not being used properly in the actual HTTP requests. (aslakhellesoy)
• Re-emit errors from the underlying HTTP request when using putFile.

0.8.3 / 2013-06-09

• No longer modifies options objects passed to knox.createClient.

0.8.2 / 2013-05-20

• Fixed a potential issue where request listeners were not cleaned up properly if a callback threw an error. (spollack)

0.8.1 / 2013-05-19

• Fixed a regression introduced in 0.8.0 that, in certain cases that only some people were able to reproduce, caused 307 responses to every request.

0.8.0 / 2013-05-06

• Now allows path-style bucket access using style option, and automatically chooses it in a few cases:
  • DNS-uncompliant bucket names (in the US Standard region, where they are allowed)
  • When secure is not set to false, but the bucket name contains a period
• More extensive validation of bucket names, with good error messages, as per the Amazon documentation.

0.7.1 / 2013-05-01

• If using a custom port, reflect it in the endpoint property and in any URLs created using the client. (#168, @jbuck)
• Fix requests using certain Amazon headers, like the conditional copy headers. (#174, @rrjamie)

0.7.0 / 2013-04-08

• Added real streams2 compatibility: Knox does not kick incoming streams into "old mode," nor does it return streams already kicked into "old mode." (#156, @superjoe30).
• Fixed a rare bug where sometimes callbacks would be called twice, once with an error then with a failed response. (#159)
• Made Node.js 0.8 a requirement in package.json; it seems like Knox did not work with Node.js 0.6 anyway.

0.6.0 / 2013-03-24

• Added a stopgap fix for Knox in Node.js 0.10 with streams2, although we do not yet expose a fully streams2-compatible interface. (#146, @pifantastic)
• Fixed "socket hang up" errors (hopefully!) by disabling the default HTTPS agent. (#116, fix discovered by @kof)
• Added the domain configuration option for easy use of other S3-compatible services. (#154, @clee)
• Changed and enhanced signedUrl: its third parameter is now options, which can contain a verb string, a contentType string, and a qs object. In particular, the new contentType capability allows creating pre-signed URLs for PUTs. (#152)

0.5.5 / 2013-03-18

• Fixed signedUrl query-string extra-param support for parameters that contained Unicode characters. (#149)
• Automatically include STS tokens, when a client is created with the token option, in URLs generated from client.signedUrl. (#147, @willwhite)

0.5.4 / 2013-02-27

• Fixed signedUrl query-string extra-param support for parameters that contained URL-encodable characters.
• Added support for arbitrary verbs (not just GET) to signedUrl. (#144, @markdaws)

0.5.3 / 2013-02-15

• The x-amz-security-token header is no longer sent when the token option is undefined. (#143, @ianshward)

0.5.2 / 2013-02-05

• Fixed signedUrl query-string param support, as introduced in 0.4.7.
• Added debug support.

0.5.0 / 2013-01-25

• Added copyTo and copyFileTo for copying files between buckets. (#16, @kof)

0.4.7 / 2013-01-17

• Fixed 403s when sending requests for files with any of !'()* in their name. (#135, @jeremycondon)
• Added support for arbitrary extra parameters to signedUrl, e.g. for use in generating download URLs. (#133)

0.4.6 / 2012-12-22

• Fixed signedUrl to work without a leading slash in the filename, like all other Knox methods. (#129, @relistan)

0.4.5 / 2012-12-16

• Bucket names with periods are now allowed again, even with SSL. (#128)

0.4.4 / 2012-12-08

• Added an informative error when using bucket names with periods in them without first turning off SSL. (#125)
• Fixed all requests when passing in 'Content-Type' or 'Content-MD5' headers using any casing other than those exact ones, e.g. 'content-type'. (#126)

0.4.3 / 2012-12-05

• Fixed list always giving IsTruncated as true. (#124, @simonwex)

0.4.2 / 2012-11-24

• Fixed deleteMultiple when passed keys that start with leading slashes (like they do in the README example). (#121)
• Fixed list not always returning an array for the Contents property.

0.4.1 / 2012-11-02

• Added token configuration option for temporary security tokens. (@corp186, #110)

0.4.0 / 2012-10-27

• Added list to list all the objects in a bucket. (@kof, #101)
• Fixed tests in Node 0.6.x and in non-ET timezones. (@ianshward, #102)
• Fixed putStream's early-error logic to accept lowercase versions of 'Content-Length' as well. (#96)
• Added agent configuration option for configurable HTTP agents. (@ianshward, #111)

0.3.1 / 2012-09-22

• No longer specifying 'x-amz-acl' header as 'public-read' by default. (@shlevy, #91)
• Made the port configurable with the new port option, and defaulting to insecure if the port is customized. (@pifantastic, #86)
• Made putStream give an early and user-intelligible error when no 'Content-Length' header is set, instead of letting Amazon return a cryptic 501 about 'Transfer-Encoding'.

0.3.0 / 2012-08-17

• Added putStream "progress" event to go along with putFile's. putStream now also returns a request object, just like put.
• Added new putBuffer method as a higher-level way to PUT Buffers.
• When uploading text files using putFile, charset=UTF-8 is now added to the 'Content-Type' header. (@pifantastic, #83)
• Fixed signedUrl method, which was last working in Knox 0.0.9. (@shawnburke, #81)

0.2.0 / 2012-08-16

• Added putFile "progress" event.

0.1.0 / 2012-08-02

• putStream now works with every type of stream, not just file streams, and actually streams the data using pipe, instead of buffering chunks into memory. Note that a 'Content-Length' header is now required, if you weren't using one already. (#14 #32 #48 #57 #72)
• putFile is now based on putStream, and thus no longer buffers the entire file into memory.
• Added copyFile method as a higher-level version of existing copy.
• Fixed signing logic for URLs with query parameters outside the Amazon whitelist. (Seth Purcell, #78)
• Leading slashes are now optional again, after becoming mandatory in 0.0.10. (#77)
• Lots of README updates for a more pleasant documentation experience.

0.0.11 / 2012-07-18

• Now using HTTPS by default, instead of HTTP. This can be disabled with the option secure: false.
• Now using the mime package as a dependency instead of bundling an outdated version of it. This should result in a much more complete registry of MIME types for auto-detection when using putFile.
• Trying to use bucket names that are not all lowercase will give an early error instead of failing with SignatureDoesNotMatch upon attempting any operation. See #44 for more information.
• Fixed capturing of HTTP request errors to forward to the callback function for all "higher-level API" methods (i.e. those accepting callbacks). (@shuzhang, #71)
• Fixed README example to use "image/jpeg" instead of "image/jpg". (@jedwood, #74)

0.0.10 / 2012-07-16

• Added client.copy(sourceFilename, destFilename, headers) method for copying files within a bucket.
• Added client.deleteMultiple(filenames, headers, cb) method for multi-object delete.
• Knox now passes through any Content-MD5 headers supplied to any of its methods, and automatically generates one for putFile. (@staer, #36)
• Fixed a bug with error propagation in putStream. (@xmilliard, #48)
• Fixed requests to querystring resources. (@richtera, #70)
• Updated tests to use Mocha instead of Expresso; now they can be run on Windows.

0.0.9 / 2011-06-20

• Fixed signedUrl signature, needs encodeURIComponent() not escape() to prevent SignatureDoesNotMatch errors on signatures containing plus signs.

0.0.8 / 2011-06-15

• Fixed bug introduced in refactor

0.0.7 / 2011-06-14

• Fixed resource canonicalization

0.0.6 / 2011-06-07

• Fixed; ignoring certain query params when preparing stringToSign. [Rajiv Navada]

0.0.4 / 2011-05-20

• Added Client#https?(filename)

0.0.3 / 2011-04-12

• 0.4.x support

0.0.2 / 2011-01-10

• Removed util require
• Support for S3 presigned URLs

0.0.1 / 2010-12-12

• Initial release