diff options
| author | Chocobozzz <me@florianbigard.com> | 2023-01-12 08:41:16 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2023-01-12 08:41:16 +0100 |
| commit | 8180f60477e99c4fd70ce25729d1ca65155a6686 (patch) | |
| tree | 60f0d2f5c10e2302578c3742dfec4d30e14d6baf /server | |
| parent | 2cb9f8b9c7b9b6707240171addf2bf015356007b (diff) | |
| download | PeerTube-8180f60477e99c4fd70ce25729d1ca65155a6686.tar.gz PeerTube-8180f60477e99c4fd70ce25729d1ca65155a6686.tar.zst PeerTube-8180f60477e99c4fd70ce25729d1ca65155a6686.zip | |
Fix ACL incompatibility with some s3 providers
We'll move to another method in the future
See https://github.com/Chocobozzz/PeerTube/issues/5497
Diffstat (limited to 'server')
| -rw-r--r-- | server/initializers/checker-after-init.ts | 8 | ||||
| -rw-r--r-- | server/lib/object-storage/shared/object-storage-helpers.ts | 20 | ||||
| -rw-r--r-- | server/lib/object-storage/videos.ts | 8 |
3 files changed, 18 insertions, 18 deletions
diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts index 09e878eee..c83fef425 100644 --- a/server/initializers/checker-after-init.ts +++ b/server/initializers/checker-after-init.ts | |||
| @@ -278,14 +278,6 @@ function checkObjectStorageConfig () { | |||
| 278 | 'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.' | 278 | 'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.' |
| 279 | ) | 279 | ) |
| 280 | } | 280 | } |
| 281 | |||
| 282 | if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) { | ||
| 283 | throw new Error('object_storage.upload_acl.public must be set') | ||
| 284 | } | ||
| 285 | |||
| 286 | if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) { | ||
| 287 | throw new Error('object_storage.upload_acl.private must be set') | ||
| 288 | } | ||
| 289 | } | 281 | } |
| 290 | } | 282 | } |
| 291 | 283 | ||
diff --git a/server/lib/object-storage/shared/object-storage-helpers.ts b/server/lib/object-storage/shared/object-storage-helpers.ts index 8dff08ab4..be94b01a8 100644 --- a/server/lib/object-storage/shared/object-storage-helpers.ts +++ b/server/lib/object-storage/shared/object-storage-helpers.ts | |||
| @@ -61,13 +61,16 @@ async function storeObject (options: { | |||
| 61 | 61 | ||
| 62 | // --------------------------------------------------------------------------- | 62 | // --------------------------------------------------------------------------- |
| 63 | 63 | ||
| 64 | function updateObjectACL (options: { | 64 | async function updateObjectACL (options: { |
| 65 | objectStorageKey: string | 65 | objectStorageKey: string |
| 66 | bucketInfo: BucketInfo | 66 | bucketInfo: BucketInfo |
| 67 | isPrivate: boolean | 67 | isPrivate: boolean |
| 68 | }) { | 68 | }) { |
| 69 | const { objectStorageKey, bucketInfo, isPrivate } = options | 69 | const { objectStorageKey, bucketInfo, isPrivate } = options |
| 70 | 70 | ||
| 71 | const acl = getACL(isPrivate) | ||
| 72 | if (!acl) return | ||
| 73 | |||
| 71 | const key = buildKey(objectStorageKey, bucketInfo) | 74 | const key = buildKey(objectStorageKey, bucketInfo) |
| 72 | 75 | ||
| 73 | logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags()) | 76 | logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags()) |
| @@ -75,10 +78,10 @@ function updateObjectACL (options: { | |||
| 75 | const command = new PutObjectAclCommand({ | 78 | const command = new PutObjectAclCommand({ |
| 76 | Bucket: bucketInfo.BUCKET_NAME, | 79 | Bucket: bucketInfo.BUCKET_NAME, |
| 77 | Key: key, | 80 | Key: key, |
| 78 | ACL: getACL(isPrivate) | 81 | ACL: acl |
| 79 | }) | 82 | }) |
| 80 | 83 | ||
| 81 | return getClient().send(command) | 84 | await getClient().send(command) |
| 82 | } | 85 | } |
| 83 | 86 | ||
| 84 | function updatePrefixACL (options: { | 87 | function updatePrefixACL (options: { |
| @@ -88,6 +91,9 @@ function updatePrefixACL (options: { | |||
| 88 | }) { | 91 | }) { |
| 89 | const { prefix, bucketInfo, isPrivate } = options | 92 | const { prefix, bucketInfo, isPrivate } = options |
| 90 | 93 | ||
| 94 | const acl = getACL(isPrivate) | ||
| 95 | if (!acl) return | ||
| 96 | |||
| 91 | logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags()) | 97 | logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags()) |
| 92 | 98 | ||
| 93 | return applyOnPrefix({ | 99 | return applyOnPrefix({ |
| @@ -99,7 +105,7 @@ function updatePrefixACL (options: { | |||
| 99 | return new PutObjectAclCommand({ | 105 | return new PutObjectAclCommand({ |
| 100 | Bucket: bucketInfo.BUCKET_NAME, | 106 | Bucket: bucketInfo.BUCKET_NAME, |
| 101 | Key: obj.Key, | 107 | Key: obj.Key, |
| 102 | ACL: getACL(isPrivate) | 108 | ACL: acl |
| 103 | }) | 109 | }) |
| 104 | } | 110 | } |
| 105 | }) | 111 | }) |
| @@ -227,10 +233,12 @@ async function uploadToStorage (options: { | |||
| 227 | const input: PutObjectCommandInput = { | 233 | const input: PutObjectCommandInput = { |
| 228 | Body: content, | 234 | Body: content, |
| 229 | Bucket: bucketInfo.BUCKET_NAME, | 235 | Bucket: bucketInfo.BUCKET_NAME, |
| 230 | Key: buildKey(objectStorageKey, bucketInfo), | 236 | Key: buildKey(objectStorageKey, bucketInfo) |
| 231 | ACL: getACL(isPrivate) | ||
| 232 | } | 237 | } |
| 233 | 238 | ||
| 239 | const acl = getACL(isPrivate) | ||
| 240 | if (acl) input.ACL = acl | ||
| 241 | |||
| 234 | const parallelUploads3 = new Upload({ | 242 | const parallelUploads3 = new Upload({ |
| 235 | client: getClient(), | 243 | client: getClient(), |
| 236 | queueSize: 4, | 244 | queueSize: 4, |
diff --git a/server/lib/object-storage/videos.ts b/server/lib/object-storage/videos.ts index b764e4b22..bfdef94fd 100644 --- a/server/lib/object-storage/videos.ts +++ b/server/lib/object-storage/videos.ts | |||
| @@ -55,16 +55,16 @@ function storeWebTorrentFile (video: MVideo, file: MVideoFile) { | |||
| 55 | 55 | ||
| 56 | // --------------------------------------------------------------------------- | 56 | // --------------------------------------------------------------------------- |
| 57 | 57 | ||
| 58 | function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) { | 58 | async function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) { |
| 59 | return updateObjectACL({ | 59 | await updateObjectACL({ |
| 60 | objectStorageKey: generateWebTorrentObjectStorageKey(file.filename), | 60 | objectStorageKey: generateWebTorrentObjectStorageKey(file.filename), |
| 61 | bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS, | 61 | bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS, |
| 62 | isPrivate: video.hasPrivateStaticPath() | 62 | isPrivate: video.hasPrivateStaticPath() |
| 63 | }) | 63 | }) |
| 64 | } | 64 | } |
| 65 | 65 | ||
| 66 | function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) { | 66 | async function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) { |
| 67 | return updatePrefixACL({ | 67 | await updatePrefixACL({ |
| 68 | prefix: generateHLSObjectBaseStorageKey(playlist), | 68 | prefix: generateHLSObjectBaseStorageKey(playlist), |
| 69 | bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS, | 69 | bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS, |
| 70 | isPrivate: playlist.Video.hasPrivateStaticPath() | 70 | isPrivate: playlist.Video.hasPrivateStaticPath() |