From 8180f60477e99c4fd70ce25729d1ca65155a6686 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 12 Jan 2023 08:41:16 +0100 Subject: Fix ACL incompatibility with some s3 providers We'll move to another method in the future See https://github.com/Chocobozzz/PeerTube/issues/5497 --- config/default.yaml | 2 ++ config/production.yaml.example | 2 ++ server/initializers/checker-after-init.ts | 8 -------- .../object-storage/shared/object-storage-helpers.ts | 20 ++++++++++++++------ server/lib/object-storage/videos.ts | 8 ++++---- 5 files changed, 22 insertions(+), 18 deletions(-) diff --git a/config/default.yaml b/config/default.yaml index 1b7c3314d..20094ae8f 100644 --- a/config/default.yaml +++ b/config/default.yaml @@ -154,9 +154,11 @@ object_storage: upload_acl: # Set this ACL on each uploaded object of public/unlisted videos + # Use null if your S3 provider does not support object ACL public: 'public-read' # Set this ACL on each uploaded object of private/internal videos # PeerTube can proxify requests to private objects so your users can access them + # Use null if your S3 provider does not support object ACL private: 'private' proxy: diff --git a/config/production.yaml.example b/config/production.yaml.example index da067b3b5..e8b354d01 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example @@ -152,9 +152,11 @@ object_storage: upload_acl: # Set this ACL on each uploaded object of public/unlisted videos + # Use null if your S3 provider does not support object ACL public: 'public-read' # Set this ACL on each uploaded object of private/internal videos # PeerTube can proxify requests to private objects so your users can access them + # Use null if your S3 provider does not support object ACL private: 'private' proxy: diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts index 09e878eee..c83fef425 100644 --- a/server/initializers/checker-after-init.ts +++ b/server/initializers/checker-after-init.ts @@ -278,14 +278,6 @@ function checkObjectStorageConfig () { 'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.' ) } - - if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) { - throw new Error('object_storage.upload_acl.public must be set') - } - - if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) { - throw new Error('object_storage.upload_acl.private must be set') - } } } diff --git a/server/lib/object-storage/shared/object-storage-helpers.ts b/server/lib/object-storage/shared/object-storage-helpers.ts index 8dff08ab4..be94b01a8 100644 --- a/server/lib/object-storage/shared/object-storage-helpers.ts +++ b/server/lib/object-storage/shared/object-storage-helpers.ts @@ -61,13 +61,16 @@ async function storeObject (options: { // --------------------------------------------------------------------------- -function updateObjectACL (options: { +async function updateObjectACL (options: { objectStorageKey: string bucketInfo: BucketInfo isPrivate: boolean }) { const { objectStorageKey, bucketInfo, isPrivate } = options + const acl = getACL(isPrivate) + if (!acl) return + const key = buildKey(objectStorageKey, bucketInfo) logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags()) @@ -75,10 +78,10 @@ function updateObjectACL (options: { const command = new PutObjectAclCommand({ Bucket: bucketInfo.BUCKET_NAME, Key: key, - ACL: getACL(isPrivate) + ACL: acl }) - return getClient().send(command) + await getClient().send(command) } function updatePrefixACL (options: { @@ -88,6 +91,9 @@ function updatePrefixACL (options: { }) { const { prefix, bucketInfo, isPrivate } = options + const acl = getACL(isPrivate) + if (!acl) return + logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags()) return applyOnPrefix({ @@ -99,7 +105,7 @@ function updatePrefixACL (options: { return new PutObjectAclCommand({ Bucket: bucketInfo.BUCKET_NAME, Key: obj.Key, - ACL: getACL(isPrivate) + ACL: acl }) } }) @@ -227,10 +233,12 @@ async function uploadToStorage (options: { const input: PutObjectCommandInput = { Body: content, Bucket: bucketInfo.BUCKET_NAME, - Key: buildKey(objectStorageKey, bucketInfo), - ACL: getACL(isPrivate) + Key: buildKey(objectStorageKey, bucketInfo) } + const acl = getACL(isPrivate) + if (acl) input.ACL = acl + const parallelUploads3 = new Upload({ client: getClient(), queueSize: 4, diff --git a/server/lib/object-storage/videos.ts b/server/lib/object-storage/videos.ts index b764e4b22..bfdef94fd 100644 --- a/server/lib/object-storage/videos.ts +++ b/server/lib/object-storage/videos.ts @@ -55,16 +55,16 @@ function storeWebTorrentFile (video: MVideo, file: MVideoFile) { // --------------------------------------------------------------------------- -function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) { - return updateObjectACL({ +async function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) { + await updateObjectACL({ objectStorageKey: generateWebTorrentObjectStorageKey(file.filename), bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS, isPrivate: video.hasPrivateStaticPath() }) } -function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) { - return updatePrefixACL({ +async function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) { + await updatePrefixACL({ prefix: generateHLSObjectBaseStorageKey(playlist), bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS, isPrivate: playlist.Video.hasPrivateStaticPath() -- cgit v1.2.3