mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-22 07:10:59 +00:00
Add s3-insecure for S3 backend (#658)
This commit is contained in:
parent
1ceef59bec
commit
ae1bfc49a7
2 changed files with 14 additions and 3 deletions
|
@ -167,6 +167,11 @@ If you omit the keys or the endpoint URL, then Takahē will try to use implicit
|
||||||
authentication for them. The keys, if included, should be urlencoded, as AWS
|
authentication for them. The keys, if included, should be urlencoded, as AWS
|
||||||
secret keys commonly contain eg + characters.
|
secret keys commonly contain eg + characters.
|
||||||
|
|
||||||
|
With the above examples, Takahē connects to an S3 bucket using **HTTPS**. If
|
||||||
|
you wish to connect to an S3 bucket using **HTTP** (for example, to connect to
|
||||||
|
an S3 API endpoint on a private network), replace `s3` in the examples above
|
||||||
|
with `s3-insecure`.
|
||||||
|
|
||||||
Your S3 bucket *must* be set to allow publically-readable files, as Takahē will
|
Your S3 bucket *must* be set to allow publically-readable files, as Takahē will
|
||||||
set all files it uploads to be ``public-read``. We randomise uploaded file
|
set all files it uploads to be ``public-read``. We randomise uploaded file
|
||||||
names to prevent enumeration attacks.
|
names to prevent enumeration attacks.
|
||||||
|
|
|
@ -432,7 +432,7 @@ if SETUP.MEDIA_BACKEND:
|
||||||
if parsed.hostname is not None:
|
if parsed.hostname is not None:
|
||||||
port = parsed.port or 443
|
port = parsed.port or 443
|
||||||
GS_CUSTOM_ENDPOINT = f"https://{parsed.hostname}:{port}"
|
GS_CUSTOM_ENDPOINT = f"https://{parsed.hostname}:{port}"
|
||||||
elif parsed.scheme == "s3":
|
elif (parsed.scheme == "s3") or (parsed.scheme == "s3-insecure"):
|
||||||
STORAGES["default"]["BACKEND"] = "core.uploads.TakaheS3Storage"
|
STORAGES["default"]["BACKEND"] = "core.uploads.TakaheS3Storage"
|
||||||
AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/")
|
AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/")
|
||||||
AWS_QUERYSTRING_AUTH = False
|
AWS_QUERYSTRING_AUTH = False
|
||||||
|
@ -441,8 +441,14 @@ if SETUP.MEDIA_BACKEND:
|
||||||
AWS_ACCESS_KEY_ID = parsed.username
|
AWS_ACCESS_KEY_ID = parsed.username
|
||||||
AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password)
|
AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password)
|
||||||
if parsed.hostname is not None:
|
if parsed.hostname is not None:
|
||||||
port = parsed.port or 443
|
if parsed.scheme == "s3-insecure":
|
||||||
AWS_S3_ENDPOINT_URL = f"https://{parsed.hostname}:{port}"
|
s3_default_port = 80
|
||||||
|
s3_scheme = "http"
|
||||||
|
else:
|
||||||
|
s3_default_port = 443
|
||||||
|
s3_scheme = "https"
|
||||||
|
port = parsed.port or s3_default_port
|
||||||
|
AWS_S3_ENDPOINT_URL = f"{s3_scheme}://{parsed.hostname}:{port}"
|
||||||
if SETUP.MEDIA_URL is not None:
|
if SETUP.MEDIA_URL is not None:
|
||||||
media_url_parsed = urllib.parse.urlparse(SETUP.MEDIA_URL)
|
media_url_parsed = urllib.parse.urlparse(SETUP.MEDIA_URL)
|
||||||
AWS_S3_CUSTOM_DOMAIN = media_url_parsed.hostname
|
AWS_S3_CUSTOM_DOMAIN = media_url_parsed.hostname
|
||||||
|
|
Loading…
Reference in a new issue