interesting
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix ACL incompatibility with some s3 providers 

We'll move to another method in the future

See https://github.com/Chocobozzz/PeerTube/issues/5497
This commit is contained in:
Chocobozzz 2023-01-12 08:41:16 +01:00
parent 2cb9f8b9c7
commit 8180f60477
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
5 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/default.yaml
View File

@ -154,9 +154,11 @@ object_storage:
upload_acl: upload_acl:
# Set this ACL on each uploaded object of public/unlisted videos # Set this ACL on each uploaded object of public/unlisted videos
# Use null if your S3 provider does not support object ACL
public: 'public-read' public: 'public-read'
# Set this ACL on each uploaded object of private/internal videos # Set this ACL on each uploaded object of private/internal videos
# PeerTube can proxify requests to private objects so your users can access them # PeerTube can proxify requests to private objects so your users can access them
# Use null if your S3 provider does not support object ACL
private: 'private' private: 'private'
proxy: proxy:

2
config/production.yaml.example
View File

@ -152,9 +152,11 @@ object_storage:
upload_acl: upload_acl:
# Set this ACL on each uploaded object of public/unlisted videos # Set this ACL on each uploaded object of public/unlisted videos
# Use null if your S3 provider does not support object ACL
public: 'public-read' public: 'public-read'
# Set this ACL on each uploaded object of private/internal videos # Set this ACL on each uploaded object of private/internal videos
# PeerTube can proxify requests to private objects so your users can access them # PeerTube can proxify requests to private objects so your users can access them
# Use null if your S3 provider does not support object ACL
private: 'private' private: 'private'
proxy: proxy:

8
server/initializers/checker-after-init.ts
View File

@ -278,14 +278,6 @@ function checkObjectStorageConfig () {
'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.' 'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.'
) )
} }
if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) {
throw new Error('object_storage.upload_acl.public must be set')
}
if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) {
throw new Error('object_storage.upload_acl.private must be set')
}
} }
} }

20
server/lib/object-storage/shared/object-storage-helpers.ts
View File

@ -61,13 +61,16 @@ async function storeObject (options: {
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
function updateObjectACL (options: { async function updateObjectACL (options: {
objectStorageKey: string objectStorageKey: string
bucketInfo: BucketInfo bucketInfo: BucketInfo
isPrivate: boolean isPrivate: boolean
}) { }) {
const { objectStorageKey, bucketInfo, isPrivate } = options const { objectStorageKey, bucketInfo, isPrivate } = options
const acl = getACL(isPrivate)
if (!acl) return
const key = buildKey(objectStorageKey, bucketInfo) const key = buildKey(objectStorageKey, bucketInfo)
logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags()) logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags())
@ -75,10 +78,10 @@ function updateObjectACL (options: {
const command = new PutObjectAclCommand({ const command = new PutObjectAclCommand({
Bucket: bucketInfo.BUCKET_NAME, Bucket: bucketInfo.BUCKET_NAME,
Key: key, Key: key,
ACL: getACL(isPrivate) ACL: acl
}) })
return getClient().send(command) await getClient().send(command)
} }
function updatePrefixACL (options: { function updatePrefixACL (options: {
@ -88,6 +91,9 @@ function updatePrefixACL (options: {
}) { }) {
const { prefix, bucketInfo, isPrivate } = options const { prefix, bucketInfo, isPrivate } = options
const acl = getACL(isPrivate)
if (!acl) return
logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags()) logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags())
return applyOnPrefix({ return applyOnPrefix({
@ -99,7 +105,7 @@ function updatePrefixACL (options: {
return new PutObjectAclCommand({ return new PutObjectAclCommand({
Bucket: bucketInfo.BUCKET_NAME, Bucket: bucketInfo.BUCKET_NAME,
Key: obj.Key, Key: obj.Key,
ACL: getACL(isPrivate) ACL: acl
}) })
} }
}) })
@ -227,10 +233,12 @@ async function uploadToStorage (options: {
const input: PutObjectCommandInput = { const input: PutObjectCommandInput = {
Body: content, Body: content,
Bucket: bucketInfo.BUCKET_NAME, Bucket: bucketInfo.BUCKET_NAME,
Key: buildKey(objectStorageKey, bucketInfo), Key: buildKey(objectStorageKey, bucketInfo)
ACL: getACL(isPrivate)
} }
const acl = getACL(isPrivate)
if (acl) input.ACL = acl
const parallelUploads3 = new Upload({ const parallelUploads3 = new Upload({
client: getClient(), client: getClient(),
queueSize: 4, queueSize: 4,

8
server/lib/object-storage/videos.ts
View File

@ -55,16 +55,16 @@ function storeWebTorrentFile (video: MVideo, file: MVideoFile) {
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) { async function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
return updateObjectACL({ await updateObjectACL({
objectStorageKey: generateWebTorrentObjectStorageKey(file.filename), objectStorageKey: generateWebTorrentObjectStorageKey(file.filename),
bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS, bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS,
isPrivate: video.hasPrivateStaticPath() isPrivate: video.hasPrivateStaticPath()
}) })
} }
function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) { async function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
return updatePrefixACL({ await updatePrefixACL({
prefix: generateHLSObjectBaseStorageKey(playlist), prefix: generateHLSObjectBaseStorageKey(playlist),
bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS, bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS,
isPrivate: playlist.Video.hasPrivateStaticPath() isPrivate: playlist.Video.hasPrivateStaticPath()