I like the multipart aspect but the key signing and putting your keys in plaintext seems unnecessary.

Here is an alternative: make a bucket with a policy where it will accept anonymous uploads (but not reads) and automatic object deletion after say 24 hours. You can then on the backend just copy the object to it's final destination. The simplicity means it becomes very versatile.

There is of course a risk that somebody will maliciously dump a huge file on you or many but it won't cost you anything because the files get automatically deleted. Furthermore, none of the files are publicly readable.

As making a policy involves no communication with Amazon, I used to just create a policy on the fly for every upload request that said "allow upload to this specific key(path)". The key would be unique to every upload request. Once the upload is done, I'd just start processing the upload and move it where it belongs.

Thus, in plaintext you'd have to put only your AccessID and a policy which would expire after a few minutes.

EDIT: typo

You almost have it. Each user would receive a STS federated token, and their attached policy would give them permission to S3 keys prefixed with their user ID.

It will cost you if you have a malicious uploader. I'm pretty sure S3 is not free just because you had objects in there for less than 24h.

S3 supports pre-signed urls for exactly this use-case.

EDIT: Nope, my bad. Doesn't look like S3 supports pre-signed urls for multipart uploads

Another alternative to consider is FineUploader which has a mature S3 module[1]. However, FineUploader does require a commercial licence of $80-$500p.a.

[1] http://blog.fineuploader.com/2013/08/16/fine-uploader-s3-upl...

This is great. The S3 multipart upload API is a super bitch. Can't wait to have a reason to try this out.

Hey great job! I've used mule-uploader [1] in the past, seems similar in feature set. Perhaps you can take some inspiration from that project.

One major downside was the lack of multiple file upload support, maybe that's the direction you can take your project.

[1] https://github.com/cinely/mule-uploader

EvaporateJS author here - just saw this on HN! Good to see more people getting involved - thanks. Always happy to see questions, comments, and PRs :)

Nice library. I currently use Plupload's S3 module [1], which does not support multipart uploads, but is otherwise convenient.

[1] http://www.plupload.com/docs/Upload-to-Amazon-S3

How annoying... I just implemented 70% of this last night. Sods law.

I don't how this could be seen as something going wrong? From my perspective the vast majority of programming is solving issues that have already been solved multiple times.

It's not like this is the first solution there's ever been to solve this problem.

No I know :-D I didn't find anything that did quite what I wanted and I understand how the signing process all works now and how to send files with XML Http Request which I didn't before. Just got a deadline for Monday morning and time spent on this could have been better spent.

It's just more that something like this appears literally the day after I build something that does the same thing - a look at the code would have helped no doubt.

Browser support?