Fix ACL incompatibility with some s3 providers

We'll move to another method in the future

See https://github.com/Chocobozzz/PeerTube/issues/5497

diff --git a/config/default.yaml b/config/default.yaml
index 1b7c3314da8a618f74d2e998f034d1496de2c867..20094ae8fce9cdc7a975361b3ef2005ac7f59ca3 100644 (file)
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -154,9 +154,11 @@ object_storage:
 
   upload_acl:
     # Set this ACL on each uploaded object of public/unlisted videos
+    # Use null if your S3 provider does not support object ACL
     public: 'public-read'
     # Set this ACL on each uploaded object of private/internal videos
     # PeerTube can proxify requests to private objects so your users can access them
+    # Use null if your S3 provider does not support object ACL
     private: 'private'
 
   proxy:

diff --git a/config/production.yaml.example b/config/production.yaml.example
index da067b3b55828ba96369883a0ab1e6d731fc89d8..e8b354d0109332a125db7af7c279cde1617c0045 100644 (file)
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -152,9 +152,11 @@ object_storage:
 
   upload_acl:
     # Set this ACL on each uploaded object of public/unlisted videos
+    # Use null if your S3 provider does not support object ACL
     public: 'public-read'
     # Set this ACL on each uploaded object of private/internal videos
     # PeerTube can proxify requests to private objects so your users can access them
+    # Use null if your S3 provider does not support object ACL
     private: 'private'
 
   proxy:

diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts
index 09e878eee27df0b42f610d838b23aa9dd5d36587..c83fef425af8fc4ddd46ade9745000e54fff27e3 100644 (file)
--- a/server/initializers/checker-after-init.ts
+++ b/server/initializers/checker-after-init.ts
@@ -278,14 +278,6 @@ function checkObjectStorageConfig () {
         'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.'
       )
     }
-
-    if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) {
-      throw new Error('object_storage.upload_acl.public must be set')
-    }
-
-    if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) {
-      throw new Error('object_storage.upload_acl.private must be set')
-    }
   }
 }
 

diff --git a/server/lib/object-storage/shared/object-storage-helpers.ts b/server/lib/object-storage/shared/object-storage-helpers.ts
index 8dff08ab48b50fbf7876b525c48942723d12aa58..be94b01a8e2851d618bb6e281f24ce4f7d16d116 100644 (file)
--- a/server/lib/object-storage/shared/object-storage-helpers.ts
+++ b/server/lib/object-storage/shared/object-storage-helpers.ts
@@ -61,13 +61,16 @@ async function storeObject (options: {
 
 // ---------------------------------------------------------------------------
 
-function updateObjectACL (options: {
+async function updateObjectACL (options: {
   objectStorageKey: string
   bucketInfo: BucketInfo
   isPrivate: boolean
 }) {
   const { objectStorageKey, bucketInfo, isPrivate } = options
 
+  const acl = getACL(isPrivate)
+  if (!acl) return
+
   const key = buildKey(objectStorageKey, bucketInfo)
 
   logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags())
@@ -75,10 +78,10 @@ function updateObjectACL (options: {
   const command = new PutObjectAclCommand({
     Bucket: bucketInfo.BUCKET_NAME,
     Key: key,
-    ACL: getACL(isPrivate)
+    ACL: acl
   })
 
-  return getClient().send(command)
+  await getClient().send(command)
 }
 
 function updatePrefixACL (options: {
@@ -88,6 +91,9 @@ function updatePrefixACL (options: {
 }) {
   const { prefix, bucketInfo, isPrivate } = options
 
+  const acl = getACL(isPrivate)
+  if (!acl) return
+
   logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags())
 
   return applyOnPrefix({
@@ -99,7 +105,7 @@ function updatePrefixACL (options: {
       return new PutObjectAclCommand({
         Bucket: bucketInfo.BUCKET_NAME,
         Key: obj.Key,
-        ACL: getACL(isPrivate)
+        ACL: acl
       })
     }
   })
@@ -227,10 +233,12 @@ async function uploadToStorage (options: {
   const input: PutObjectCommandInput = {
     Body: content,
     Bucket: bucketInfo.BUCKET_NAME,
-    Key: buildKey(objectStorageKey, bucketInfo),
-    ACL: getACL(isPrivate)
+    Key: buildKey(objectStorageKey, bucketInfo)
   }
 
+  const acl = getACL(isPrivate)
+  if (acl) input.ACL = acl
+
   const parallelUploads3 = new Upload({
     client: getClient(),
     queueSize: 4,

diff --git a/server/lib/object-storage/videos.ts b/server/lib/object-storage/videos.ts
index b764e4b22ad67e8233ccd2e3b4da40f033080af3..bfdef94fd9dd71670200f607e899c84df6e8fbc2 100644 (file)
--- a/server/lib/object-storage/videos.ts
+++ b/server/lib/object-storage/videos.ts
@@ -55,16 +55,16 @@ function storeWebTorrentFile (video: MVideo, file: MVideoFile) {
 
 // ---------------------------------------------------------------------------
 
-function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
-  return updateObjectACL({
+async function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
+  await updateObjectACL({
     objectStorageKey: generateWebTorrentObjectStorageKey(file.filename),
     bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS,
     isPrivate: video.hasPrivateStaticPath()
   })
 }
 
-function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
-  return updatePrefixACL({
+async function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
+  await updatePrefixACL({
     prefix: generateHLSObjectBaseStorageKey(playlist),
     bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS,
     isPrivate: playlist.Video.hasPrivateStaticPath()