Actions9
Overview
This node operation generates a presigned URL for an object stored in a Cloudflare R2 bucket. A presigned URL is a temporary, secure URL that grants limited access to perform specific operations on an object without requiring direct authentication. This node supports generating URLs for two main operations: downloading (GET) and uploading (PUT) objects.
Common scenarios where this node is beneficial include:
- Allowing users or external systems to upload files directly to a bucket without exposing credentials.
- Providing temporary download links to private objects for sharing purposes.
- Automating workflows that require secure, time-limited access to objects in R2 storage.
For example, you can generate a presigned URL valid for one hour that allows a client to upload a file to a specific path in your R2 bucket, or create a download link for a report stored in the bucket that expires after 30 minutes.
Properties
| Name | Meaning |
|---|---|
| Bucket Name | The name of the Cloudflare R2 bucket containing the object. |
| Object Key | The key (path) identifying the object within the bucket. |
| URL Operation | The type of operation the presigned URL will allow: - Download (GET): URL for downloading the object. - Upload (PUT): URL for uploading an object. |
| Expires In | Duration in seconds for which the presigned URL remains valid. Default is 3600 seconds (1 hour). |
Output
The node outputs JSON data with the following structure:
{
"url": "string", // The generated presigned URL granting temporary access.
"bucket": "string", // The bucket name used.
"key": "string", // The object key/path used.
"operation": "get|put", // The operation allowed by the URL ("get" for download, "put" for upload).
"expiresIn": number // The expiration time in seconds for the URL.
}
No binary data output is produced by this operation.
Dependencies
- Requires valid Cloudflare API credentials configured with R2 S3-compatible access keys.
- Uses AWS SDK v3 S3 client configured with Cloudflare R2 endpoint and credentials.
- The node expects the Cloudflare API credential to be set up with "R2 S3-Compatible" authentication mode, providing Access Key ID, Secret Access Key, and Account ID.
- No additional environment variables are required beyond the configured credentials.
Troubleshooting
Missing or Invalid Credentials: If the R2 credentials (Access Key ID, Secret Access Key, or endpoint) are missing or invalid, the node throws an error indicating the credentials are incomplete. Ensure the Cloudflare API credentials are correctly configured with R2 S3-compatible keys.
Invalid Bucket or Object Key: Errors may occur if the specified bucket does not exist or the object key is malformed. Verify the bucket name and object key are correct.
Presigned URL Generation Failure: If the AWS SDK fails to generate the presigned URL, the node returns an error with details. Common causes include incorrect permissions or network issues.
Expiration Time Limits: The expiration time should be a positive integer and typically less than one week (604800 seconds). Setting excessively long expiration times may cause errors.
Links and References
- Cloudflare R2 Documentation
- Generating Presigned URLs with AWS SDK for JavaScript v3
- Cloudflare API Tokens
Summary of execute() logic for Resource=Object, Operation=Get Presigned URL
- Retrieves input parameters: bucket name, object key, URL operation (download/upload), and expiration time.
- Obtains R2 credentials from the configured Cloudflare API credential.
- Validates presence of necessary R2 credentials (access key, secret key, endpoint).
- Creates an AWS S3 client instance configured for Cloudflare R2 using the credentials.
- Depending on the URL operation:
- For download: creates a GetObjectCommand.
- For upload: creates a PutObjectCommand.
- Calls
getSignedUrlfrom AWS SDK to generate a presigned URL with the specified expiration. - Returns the presigned URL along with input parameters as JSON output.
- Handles and throws errors with descriptive messages if any step fails.