aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2023-01-12 08:41:16 +0100
committerChocobozzz <me@florianbigard.com>2023-01-12 08:41:16 +0100
commit8180f60477e99c4fd70ce25729d1ca65155a6686 (patch)
tree60f0d2f5c10e2302578c3742dfec4d30e14d6baf
parent2cb9f8b9c7b9b6707240171addf2bf015356007b (diff)
downloadPeerTube-8180f60477e99c4fd70ce25729d1ca65155a6686.tar.gz
PeerTube-8180f60477e99c4fd70ce25729d1ca65155a6686.tar.zst
PeerTube-8180f60477e99c4fd70ce25729d1ca65155a6686.zip
Fix ACL incompatibility with some s3 providers
We'll move to another method in the future See https://github.com/Chocobozzz/PeerTube/issues/5497
-rw-r--r--config/default.yaml2
-rw-r--r--config/production.yaml.example2
-rw-r--r--server/initializers/checker-after-init.ts8
-rw-r--r--server/lib/object-storage/shared/object-storage-helpers.ts20
-rw-r--r--server/lib/object-storage/videos.ts8
5 files changed, 22 insertions, 18 deletions
diff --git a/config/default.yaml b/config/default.yaml
index 1b7c3314d..20094ae8f 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -154,9 +154,11 @@ object_storage:
154 154
155 upload_acl: 155 upload_acl:
156 # Set this ACL on each uploaded object of public/unlisted videos 156 # Set this ACL on each uploaded object of public/unlisted videos
157 # Use null if your S3 provider does not support object ACL
157 public: 'public-read' 158 public: 'public-read'
158 # Set this ACL on each uploaded object of private/internal videos 159 # Set this ACL on each uploaded object of private/internal videos
159 # PeerTube can proxify requests to private objects so your users can access them 160 # PeerTube can proxify requests to private objects so your users can access them
161 # Use null if your S3 provider does not support object ACL
160 private: 'private' 162 private: 'private'
161 163
162 proxy: 164 proxy:
diff --git a/config/production.yaml.example b/config/production.yaml.example
index da067b3b5..e8b354d01 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -152,9 +152,11 @@ object_storage:
152 152
153 upload_acl: 153 upload_acl:
154 # Set this ACL on each uploaded object of public/unlisted videos 154 # Set this ACL on each uploaded object of public/unlisted videos
155 # Use null if your S3 provider does not support object ACL
155 public: 'public-read' 156 public: 'public-read'
156 # Set this ACL on each uploaded object of private/internal videos 157 # Set this ACL on each uploaded object of private/internal videos
157 # PeerTube can proxify requests to private objects so your users can access them 158 # PeerTube can proxify requests to private objects so your users can access them
159 # Use null if your S3 provider does not support object ACL
158 private: 'private' 160 private: 'private'
159 161
160 proxy: 162 proxy:
diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts
index 09e878eee..c83fef425 100644
--- a/server/initializers/checker-after-init.ts
+++ b/server/initializers/checker-after-init.ts
@@ -278,14 +278,6 @@ function checkObjectStorageConfig () {
278 'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.' 278 'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.'
279 ) 279 )
280 } 280 }
281
282 if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) {
283 throw new Error('object_storage.upload_acl.public must be set')
284 }
285
286 if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) {
287 throw new Error('object_storage.upload_acl.private must be set')
288 }
289 } 281 }
290} 282}
291 283
diff --git a/server/lib/object-storage/shared/object-storage-helpers.ts b/server/lib/object-storage/shared/object-storage-helpers.ts
index 8dff08ab4..be94b01a8 100644
--- a/server/lib/object-storage/shared/object-storage-helpers.ts
+++ b/server/lib/object-storage/shared/object-storage-helpers.ts
@@ -61,13 +61,16 @@ async function storeObject (options: {
61 61
62// --------------------------------------------------------------------------- 62// ---------------------------------------------------------------------------
63 63
64function updateObjectACL (options: { 64async function updateObjectACL (options: {
65 objectStorageKey: string 65 objectStorageKey: string
66 bucketInfo: BucketInfo 66 bucketInfo: BucketInfo
67 isPrivate: boolean 67 isPrivate: boolean
68}) { 68}) {
69 const { objectStorageKey, bucketInfo, isPrivate } = options 69 const { objectStorageKey, bucketInfo, isPrivate } = options
70 70
71 const acl = getACL(isPrivate)
72 if (!acl) return
73
71 const key = buildKey(objectStorageKey, bucketInfo) 74 const key = buildKey(objectStorageKey, bucketInfo)
72 75
73 logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags()) 76 logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags())
@@ -75,10 +78,10 @@ function updateObjectACL (options: {
75 const command = new PutObjectAclCommand({ 78 const command = new PutObjectAclCommand({
76 Bucket: bucketInfo.BUCKET_NAME, 79 Bucket: bucketInfo.BUCKET_NAME,
77 Key: key, 80 Key: key,
78 ACL: getACL(isPrivate) 81 ACL: acl
79 }) 82 })
80 83
81 return getClient().send(command) 84 await getClient().send(command)
82} 85}
83 86
84function updatePrefixACL (options: { 87function updatePrefixACL (options: {
@@ -88,6 +91,9 @@ function updatePrefixACL (options: {
88}) { 91}) {
89 const { prefix, bucketInfo, isPrivate } = options 92 const { prefix, bucketInfo, isPrivate } = options
90 93
94 const acl = getACL(isPrivate)
95 if (!acl) return
96
91 logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags()) 97 logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags())
92 98
93 return applyOnPrefix({ 99 return applyOnPrefix({
@@ -99,7 +105,7 @@ function updatePrefixACL (options: {
99 return new PutObjectAclCommand({ 105 return new PutObjectAclCommand({
100 Bucket: bucketInfo.BUCKET_NAME, 106 Bucket: bucketInfo.BUCKET_NAME,
101 Key: obj.Key, 107 Key: obj.Key,
102 ACL: getACL(isPrivate) 108 ACL: acl
103 }) 109 })
104 } 110 }
105 }) 111 })
@@ -227,10 +233,12 @@ async function uploadToStorage (options: {
227 const input: PutObjectCommandInput = { 233 const input: PutObjectCommandInput = {
228 Body: content, 234 Body: content,
229 Bucket: bucketInfo.BUCKET_NAME, 235 Bucket: bucketInfo.BUCKET_NAME,
230 Key: buildKey(objectStorageKey, bucketInfo), 236 Key: buildKey(objectStorageKey, bucketInfo)
231 ACL: getACL(isPrivate)
232 } 237 }
233 238
239 const acl = getACL(isPrivate)
240 if (acl) input.ACL = acl
241
234 const parallelUploads3 = new Upload({ 242 const parallelUploads3 = new Upload({
235 client: getClient(), 243 client: getClient(),
236 queueSize: 4, 244 queueSize: 4,
diff --git a/server/lib/object-storage/videos.ts b/server/lib/object-storage/videos.ts
index b764e4b22..bfdef94fd 100644
--- a/server/lib/object-storage/videos.ts
+++ b/server/lib/object-storage/videos.ts
@@ -55,16 +55,16 @@ function storeWebTorrentFile (video: MVideo, file: MVideoFile) {
55 55
56// --------------------------------------------------------------------------- 56// ---------------------------------------------------------------------------
57 57
58function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) { 58async function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
59 return updateObjectACL({ 59 await updateObjectACL({
60 objectStorageKey: generateWebTorrentObjectStorageKey(file.filename), 60 objectStorageKey: generateWebTorrentObjectStorageKey(file.filename),
61 bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS, 61 bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS,
62 isPrivate: video.hasPrivateStaticPath() 62 isPrivate: video.hasPrivateStaticPath()
63 }) 63 })
64} 64}
65 65
66function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) { 66async function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
67 return updatePrefixACL({ 67 await updatePrefixACL({
68 prefix: generateHLSObjectBaseStorageKey(playlist), 68 prefix: generateHLSObjectBaseStorageKey(playlist),
69 bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS, 69 bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS,
70 isPrivate: playlist.Video.hasPrivateStaticPath() 70 isPrivate: playlist.Video.hasPrivateStaticPath()