Use private ACL for private videos in s3

author: Chocobozzz <me@florianbigard.com> 2022-10-19 10:43:53 +0200
committer: Chocobozzz <chocobozzz@cpy.re> 2022-10-24 14:48:24 +0200
commit: 9ab330b90decf4edf152ff8e1d2948c065766b2c (patch)
tree: 29d924f50f7307e8e828a57ecb9ea78623487ce0 /server/initializers
parent: 3545e72c686ff1725bbdfd8d16d693e2f4aa75a3 (diff)
download: PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.tar.gz
PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.tar.zst
PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.zip
3 files changed, 20 insertions, 1 deletions
diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts
index c83fef425..09e878eee 100644
--- a/server/initializers/checker-after-init.ts
+++ b/server/initializers/checker-after-init.ts
@@ -278,6 +278,14 @@ function checkObjectStorageConfig () {
        'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.'
      )
    }
+    if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) {
+      throw new Error('object_storage.upload_acl.public must be set')
+    }
+    if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) {
+      throw new Error('object_storage.upload_acl.private must be set')
+    }
  }
 }
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index a5a0d4e46..ab5e645ad 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -118,7 +118,10 @@ const CONFIG = {
    MAX_UPLOAD_PART: bytes.parse(config.get<string>('object_storage.max_upload_part')),
    ENDPOINT: config.get<string>('object_storage.endpoint'),
    REGION: config.get<string>('object_storage.region'),
-    UPLOAD_ACL: config.get<string>('object_storage.upload_acl'),
+    UPLOAD_ACL: {
+      PUBLIC: config.get<string>('object_storage.upload_acl.public'),
+      PRIVATE: config.get<string>('object_storage.upload_acl.private')
+    },
    CREDENTIALS: {
      ACCESS_KEY_ID: config.get<string>('object_storage.credentials.access_key_id'),
      SECRET_ACCESS_KEY: config.get<string>('object_storage.credentials.secret_access_key')
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 88bdd07fe..66eb31230 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -685,6 +685,13 @@ const LAZY_STATIC_PATHS = {
  VIDEO_CAPTIONS: '/lazy-static/video-captions/',
  TORRENTS: '/lazy-static/torrents/'
 }
+const OBJECT_STORAGE_PROXY_PATHS = {
+  PRIVATE_WEBSEED: '/object-storage-proxy/webseed/private/',
+  STREAMING_PLAYLISTS: {
+    PRIVATE_HLS: '/object-storage-proxy/streaming-playlists/hls/private/'
+  }
+}
 // Cache control
 const STATIC_MAX_AGE = {
@@ -995,6 +1002,7 @@ export {
  VIDEO_LIVE,
  PEERTUBE_VERSION,
  LAZY_STATIC_PATHS,
+  OBJECT_STORAGE_PROXY_PATHS,
  SEARCH_INDEX,
  DIRECTORIES,
  RESUMABLE_UPLOAD_SESSION_LIFETIME,
author	Chocobozzz <me@florianbigard.com>	2022-10-19 10:43:53 +0200
committer	Chocobozzz <chocobozzz@cpy.re>	2022-10-24 14:48:24 +0200
commit	9ab330b90decf4edf152ff8e1d2948c065766b2c (patch)
tree	29d924f50f7307e8e828a57ecb9ea78623487ce0 /server/initializers
parent	3545e72c686ff1725bbdfd8d16d693e2f4aa75a3 (diff)
download	PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.tar.gz PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.tar.zst PeerTube-9ab330b90decf4edf152ff8e1d2948c065766b2c.zip