add option to allow server side encryption

README.md

@@ -63,7 +63,6 @@ Use the `s3_uploader` helper to add an s3 upload file field to your view:
 * It is required that the file_field_tag is named 'file'.
 * A unique :id should be added to file_field_tag if there is many 's3_uploader_form' in the page
 
-
 Then in your application.js.coffee, call the S3Uploader jQuery plugin on the element you created above:
 ```coffeescript
 jQuery ->
@@ -84,6 +83,7 @@ Optionally, you can also place this template in the same view for the progress b
 * `callback_url:` No default. The url that is POST'd to after file is uploaded to S3. If you don't specify this option, no callback to the server will be made after the file has uploaded to S3.
 * `callback_method:` Defaults to `POST`. Use PUT and remove the multiple option from your file field to update a model.
 * `callback_param:` Defaults to `file`. Parameter key for the POST to `callback_url` the value will be the full s3 url of the file. If for example this is set to "model[image_url]" then the data posted would be `model[image_url] : http://bucketname.s3.amazonws.com/filename.ext`
+* `server_side_encryption:` Default to nothing. Specifies whether [Server-Side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) should be used to secure uploaded file. See
 * `key:` Defaults to `uploads/{timestamp}-{unique_id}-#{SecureRandom.hex}/${filename}`. It is the key, or filename used on s3. `{timestamp}`, `{unique_id}`, `{extension}` and `{cleaned_filename}` are special substitution strings that will be populated by javascript with values for the current upload. {cleaned_filename} is the original filename with special characters removed. `${filename}` is a special s3 string that will be populated with the original uploaded file name. Needs to be at least `"${filename}"` or `"${cleaned_filename}"`. It is highly recommended to use both `{unique_id}`, which will prevent collisions when uploading files with the same name (such as from a mobile device, where every photo is named image.jpg), and a server-generated random value such as `#{SecureRandom.hex}`, which adds further collision protection with other uploaders.
 * `key_starts_with:` Defaults to `uploads/`. Constraint on the key on s3.  if you change the `key` option, make sure this starts with what you put there. If you set this as a blank string the upload path to s3 can be anything - not recommended!
 * `acl:` Defaults to `public-read`. The AWS acl for files uploaded to s3.
@@ -138,7 +138,6 @@ To do this remove `s3_direct_upload` from your application.js and include the ne
 ```
 Use the javascript in `s3_direct_upload` as a guide.
 
-
 ## Options for S3Upload jQuery Plugin
 
 * `path:` manual path for the files on your s3 bucket. Example: `path/to/my/files/on/s3`
@@ -183,9 +182,6 @@ Target for progress bar
 </div>
 ```
 
-
-
-
 ### Public methods
 You can change the settings on your form later on by accessing the jQuery instance:
 
@@ -283,7 +279,6 @@ IE file uploads are working but with a couple caveats.
 
 But IE should still upload your files fine.
 
-
 ## Contributing / TODO
 This is just a simple gem that only really provides some javascript and a form helper.
 This gem could go all sorts of ways based on what people want and how people contribute.
@@ -295,7 +290,6 @@ Ideas:
 * Model methods.
 * Model method to delete files from s3
 
-
 ## Credit
 This gem is basically a small wrapper around code that [Ryan Bates](http://github.com/rbates) wrote for [Railscast#383](http://railscasts.com/episodes/383-uploading-to-amazon-s3). Most of the code in this gem was extracted from [gallery-jquery-fileupload](https://github.com/railscasts/383-uploading-to-amazon-s3/tree/master/gallery-jquery-fileupload).
 

lib/s3_direct_upload/form_helper.rb

@@ -29,7 +29,8 @@ def initialize(options)
           callback_method: "POST",
           callback_param: "file",
           key_starts_with: @key_starts_with,
-          key: key
+          key: key,
+          server_side_encryption: nil
         )
       end
 
@@ -53,8 +54,9 @@ def fields
           :policy => policy,
           :signature => signature,
           :success_action_status => "201",
-          'X-Requested-With' => 'xhr'
-        }
+          'X-Requested-With' => 'xhr',
+          "x-amz-server-side-encryption" => @options[:server_side_encryption]
+        }.delete_if { |k, v| v.nil? }
       end
 
       def key
@@ -76,10 +78,18 @@ def policy_data
             {bucket: @options[:bucket]},
             {acl: @options[:acl]},
             {success_action_status: "201"}
-          ] + (@options[:conditions] || [])
+          ] + server_side_encryption + (@options[:conditions] || [])
         }
       end
 
+      def server_side_encryption
+        if @options[:server_side_encryption]
+          [ { "x-amz-server-side-encryption" => @options[:server_side_encryption] } ]
+        else
+          []
+        end
+      end
+
       def signature
         Base64.encode64(
           OpenSSL::HMAC.digest(

spec/helpers/form_helper_spec.rb

@@ -28,6 +28,15 @@
         s3_uploader.policy_data[:conditions].should include ["starts-with", "$content-type", ""]
       end
     end
+
+    describe "#policy_data" do
+      it "includes server side encruption" do
+        s3_uploader = S3DirectUpload::UploadHelper::S3Uploader.new({:server_side_encryption => "AES256"})
+        hash = s3_uploader.policy_data[:conditions].select{|c|c.class == Hash}.
+          select{|h|h.key?("x-amz-server-side-encryption")}[0]
+        hash["x-amz-server-side-encryption"].should eq("AES256")
+      end
+    end
   end
 
 end