Make object storage ACL configurable
Override this value to allow uploads to non-public S3 buckets. Otherwise "AccessDenied: Access Denied" errors will end up in the log. Fixes #4850
This commit is contained in:
parent
60233e90d2
commit
f9915efa5e
|
@ -138,6 +138,9 @@ object_storage:
|
|||
|
||||
region: 'us-east-1'
|
||||
|
||||
# Set this ACL on each uploaded object
|
||||
upload_acl: 'public-read'
|
||||
|
||||
credentials:
|
||||
# You can also use AWS_ACCESS_KEY_ID env variable
|
||||
access_key_id: ''
|
||||
|
|
|
@ -134,6 +134,9 @@ object_storage:
|
|||
|
||||
region: 'us-east-1'
|
||||
|
||||
# Set this ACL on each uploaded object
|
||||
upload_acl: 'public'
|
||||
|
||||
credentials:
|
||||
# You can also use AWS_ACCESS_KEY_ID env variable
|
||||
access_key_id: ''
|
||||
|
|
|
@ -114,6 +114,7 @@ const CONFIG = {
|
|||
MAX_UPLOAD_PART: bytes.parse(config.get<string>('object_storage.max_upload_part')),
|
||||
ENDPOINT: config.get<string>('object_storage.endpoint'),
|
||||
REGION: config.get<string>('object_storage.region'),
|
||||
UPLOAD_ACL: config.get<string>('object_storage.upload_acl'),
|
||||
CREDENTIALS: {
|
||||
ACCESS_KEY_ID: config.get<string>('object_storage.credentials.access_key_id'),
|
||||
SECRET_ACCESS_KEY: config.get<string>('object_storage.credentials.secret_access_key')
|
||||
|
|
|
@ -6,10 +6,12 @@ import {
|
|||
CompletedPart,
|
||||
CompleteMultipartUploadCommand,
|
||||
CreateMultipartUploadCommand,
|
||||
CreateMultipartUploadCommandInput,
|
||||
DeleteObjectCommand,
|
||||
GetObjectCommand,
|
||||
ListObjectsV2Command,
|
||||
PutObjectCommand,
|
||||
PutObjectCommandInput,
|
||||
UploadPartCommand
|
||||
} from '@aws-sdk/client-s3'
|
||||
import { pipelinePromise } from '@server/helpers/core-utils'
|
||||
|
@ -143,12 +145,17 @@ async function objectStoragePut (options: {
|
|||
}) {
|
||||
const { objectStorageKey, content, bucketInfo } = options
|
||||
|
||||
const command = new PutObjectCommand({
|
||||
const input: PutObjectCommandInput = {
|
||||
Bucket: bucketInfo.BUCKET_NAME,
|
||||
Key: buildKey(objectStorageKey, bucketInfo),
|
||||
Body: content,
|
||||
ACL: 'public-read'
|
||||
})
|
||||
Body: content
|
||||
}
|
||||
|
||||
if (CONFIG.OBJECT_STORAGE.UPLOAD_ACL) {
|
||||
input.ACL = CONFIG.OBJECT_STORAGE.UPLOAD_ACL
|
||||
}
|
||||
|
||||
const command = new PutObjectCommand(input)
|
||||
|
||||
await getClient().send(command)
|
||||
|
||||
|
@ -167,11 +174,16 @@ async function multiPartUpload (options: {
|
|||
|
||||
const statResult = await stat(inputPath)
|
||||
|
||||
const createMultipartCommand = new CreateMultipartUploadCommand({
|
||||
const input: CreateMultipartUploadCommandInput = {
|
||||
Bucket: bucketInfo.BUCKET_NAME,
|
||||
Key: key,
|
||||
ACL: 'public-read'
|
||||
})
|
||||
Key: buildKey(objectStorageKey, bucketInfo)
|
||||
}
|
||||
|
||||
if (CONFIG.OBJECT_STORAGE.UPLOAD_ACL) {
|
||||
input.ACL = CONFIG.OBJECT_STORAGE.UPLOAD_ACL
|
||||
}
|
||||
|
||||
const createMultipartCommand = new CreateMultipartUploadCommand(input)
|
||||
const createResponse = await s3Client.send(createMultipartCommand)
|
||||
|
||||
const fd = await open(inputPath, 'r')
|
||||
|
|
|
@ -66,6 +66,7 @@ object_storage:
|
|||
bucket_name: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME"
|
||||
prefix: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX"
|
||||
base_url: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BASE_URL"
|
||||
upload_acl: "PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL"
|
||||
|
||||
videos:
|
||||
bucket_name: "PEERTUBE_OBJECT_STORAGE_VIDEOS_BUCKET_NAME"
|
||||
|
|
Loading…
Reference in New Issue