Fix ACL incompatibility with some s3 providers

We'll move to another method in the future

See https://github.com/Chocobozzz/PeerTube/issues/5497
This commit is contained in:
Chocobozzz 2023-01-12 08:41:16 +01:00
parent 2cb9f8b9c7
commit 8180f60477
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
5 changed files with 22 additions and 18 deletions

View File

@ -154,9 +154,11 @@ object_storage:
upload_acl:
# Set this ACL on each uploaded object of public/unlisted videos
# Use null if your S3 provider does not support object ACL
public: 'public-read'
# Set this ACL on each uploaded object of private/internal videos
# PeerTube can proxify requests to private objects so your users can access them
# Use null if your S3 provider does not support object ACL
private: 'private'
proxy:

View File

@ -152,9 +152,11 @@ object_storage:
upload_acl:
# Set this ACL on each uploaded object of public/unlisted videos
# Use null if your S3 provider does not support object ACL
public: 'public-read'
# Set this ACL on each uploaded object of private/internal videos
# PeerTube can proxify requests to private objects so your users can access them
# Use null if your S3 provider does not support object ACL
private: 'private'
proxy:

View File

@ -278,14 +278,6 @@ function checkObjectStorageConfig () {
'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.'
)
}
if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) {
throw new Error('object_storage.upload_acl.public must be set')
}
if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) {
throw new Error('object_storage.upload_acl.private must be set')
}
}
}

View File

@ -61,13 +61,16 @@ async function storeObject (options: {
// ---------------------------------------------------------------------------
function updateObjectACL (options: {
async function updateObjectACL (options: {
objectStorageKey: string
bucketInfo: BucketInfo
isPrivate: boolean
}) {
const { objectStorageKey, bucketInfo, isPrivate } = options
const acl = getACL(isPrivate)
if (!acl) return
const key = buildKey(objectStorageKey, bucketInfo)
logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags())
@ -75,10 +78,10 @@ function updateObjectACL (options: {
const command = new PutObjectAclCommand({
Bucket: bucketInfo.BUCKET_NAME,
Key: key,
ACL: getACL(isPrivate)
ACL: acl
})
return getClient().send(command)
await getClient().send(command)
}
function updatePrefixACL (options: {
@ -88,6 +91,9 @@ function updatePrefixACL (options: {
}) {
const { prefix, bucketInfo, isPrivate } = options
const acl = getACL(isPrivate)
if (!acl) return
logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags())
return applyOnPrefix({
@ -99,7 +105,7 @@ function updatePrefixACL (options: {
return new PutObjectAclCommand({
Bucket: bucketInfo.BUCKET_NAME,
Key: obj.Key,
ACL: getACL(isPrivate)
ACL: acl
})
}
})
@ -227,10 +233,12 @@ async function uploadToStorage (options: {
const input: PutObjectCommandInput = {
Body: content,
Bucket: bucketInfo.BUCKET_NAME,
Key: buildKey(objectStorageKey, bucketInfo),
ACL: getACL(isPrivate)
Key: buildKey(objectStorageKey, bucketInfo)
}
const acl = getACL(isPrivate)
if (acl) input.ACL = acl
const parallelUploads3 = new Upload({
client: getClient(),
queueSize: 4,

View File

@ -55,16 +55,16 @@ function storeWebTorrentFile (video: MVideo, file: MVideoFile) {
// ---------------------------------------------------------------------------
function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
return updateObjectACL({
async function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
await updateObjectACL({
objectStorageKey: generateWebTorrentObjectStorageKey(file.filename),
bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS,
isPrivate: video.hasPrivateStaticPath()
})
}
function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
return updatePrefixACL({
async function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
await updatePrefixACL({
prefix: generateHLSObjectBaseStorageKey(playlist),
bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS,
isPrivate: playlist.Video.hasPrivateStaticPath()