Add s3-insecure for S3 backend (#658)

This commit is contained in:
Rob 2023-11-18 13:49:06 +09:00 committed by GitHub
parent 1ceef59bec
commit ae1bfc49a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 3 deletions

View file

@ -167,6 +167,11 @@ If you omit the keys or the endpoint URL, then Takahē will try to use implicit
authentication for them. The keys, if included, should be urlencoded, as AWS authentication for them. The keys, if included, should be urlencoded, as AWS
secret keys commonly contain eg + characters. secret keys commonly contain eg + characters.
With the above examples, Takahē connects to an S3 bucket using **HTTPS**. If
you wish to connect to an S3 bucket using **HTTP** (for example, to connect to
an S3 API endpoint on a private network), replace `s3` in the examples above
with `s3-insecure`.
Your S3 bucket *must* be set to allow publically-readable files, as Takahē will Your S3 bucket *must* be set to allow publically-readable files, as Takahē will
set all files it uploads to be ``public-read``. We randomise uploaded file set all files it uploads to be ``public-read``. We randomise uploaded file
names to prevent enumeration attacks. names to prevent enumeration attacks.

View file

@ -432,7 +432,7 @@ if SETUP.MEDIA_BACKEND:
if parsed.hostname is not None: if parsed.hostname is not None:
port = parsed.port or 443 port = parsed.port or 443
GS_CUSTOM_ENDPOINT = f"https://{parsed.hostname}:{port}" GS_CUSTOM_ENDPOINT = f"https://{parsed.hostname}:{port}"
elif parsed.scheme == "s3": elif (parsed.scheme == "s3") or (parsed.scheme == "s3-insecure"):
STORAGES["default"]["BACKEND"] = "core.uploads.TakaheS3Storage" STORAGES["default"]["BACKEND"] = "core.uploads.TakaheS3Storage"
AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/") AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/")
AWS_QUERYSTRING_AUTH = False AWS_QUERYSTRING_AUTH = False
@ -441,8 +441,14 @@ if SETUP.MEDIA_BACKEND:
AWS_ACCESS_KEY_ID = parsed.username AWS_ACCESS_KEY_ID = parsed.username
AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password) AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password)
if parsed.hostname is not None: if parsed.hostname is not None:
port = parsed.port or 443 if parsed.scheme == "s3-insecure":
AWS_S3_ENDPOINT_URL = f"https://{parsed.hostname}:{port}" s3_default_port = 80
s3_scheme = "http"
else:
s3_default_port = 443
s3_scheme = "https"
port = parsed.port or s3_default_port
AWS_S3_ENDPOINT_URL = f"{s3_scheme}://{parsed.hostname}:{port}"
if SETUP.MEDIA_URL is not None: if SETUP.MEDIA_URL is not None:
media_url_parsed = urllib.parse.urlparse(SETUP.MEDIA_URL) media_url_parsed = urllib.parse.urlparse(SETUP.MEDIA_URL)
AWS_S3_CUSTOM_DOMAIN = media_url_parsed.hostname AWS_S3_CUSTOM_DOMAIN = media_url_parsed.hostname