Configurable lifetime of secure urls

README.md

@@ -63,6 +63,12 @@ will be aborted. You can configure this lifetime, example:
 
      ckanext.cloudstorage.max_multipart_lifetime  = 7
 
+One-time URLs generated by CKAN are expired in an hour. This behaviour can be
+changed by setting expected lifetime(in seconds) as `ckanext.cloudstorage.secure_ttl` option:
+
+    # make one-time links valid only for 1 minute
+    ckanext.cloudstorage.secure_ttl = 60
+
 # Migrating From FileStorage
 
 If you already have resources that have been uploaded and saved using CKAN's

ckanext/cloudstorage/storage.py

@@ -28,6 +28,16 @@
 AWS_UPLOAD_PART_SIZE = 5 * 1024 * 1024
 
 
+CONFIG_SECURE_TTL = "ckanext.cloudstorage.secure_ttl"
+DEFAULT_SECURE_TTL = 3600
+
+
+def config_secure_ttl():
+    return p.toolkit.asint(p.toolkit.config.get(
+        CONFIG_SECURE_TTL, DEFAULT_SECURE_TTL
+    ))
+
+
 def _get_underlying_file(wrapper):
     if isinstance(wrapper, FlaskFileStorage):
         return wrapper.stream
@@ -409,7 +419,7 @@ def get_url_by_path(self, path, content_type=None):
                 sas_token=blob_service.generate_blob_shared_access_signature(
                     container_name=self.container_name,
                     blob_name=path,
-                    expiry=datetime.utcnow() + timedelta(hours=1),
+                    expiry=datetime.utcnow() + timedelta(seconds=config_secure_ttl()),
                     permission=azure_blob.BlobPermissions.READ,
                 ),
             )
@@ -429,7 +439,7 @@ def get_url_by_path(self, path, content_type=None):
                 ]
 
             generate_url_params = {
-                "expires_in": 60 * 60,
+                "expires_in": config_secure_ttl(),
                 "method": "GET",
                 "bucket": self.container_name,
                 "key": path,