Fix ACL incompatibility with some s3 providers

We'll move to another method in the future See https://github.com/Chocobozzz/PeerTube/issues/5497
2023-01-12 08:41:16 +01:00 · 2023-01-12 08:41:16 +01:00 · 8180f60477
parent 2cb9f8b9c7
commit 8180f60477
5 changed files with 22 additions and 18 deletions
--- a/config/default.yaml
+++ b/config/default.yaml
@ -154,9 +154,11 @@ object_storage:

  upload_acl:
    # Set this ACL on each uploaded object of public/unlisted videos
+    # Use null if your S3 provider does not support object ACL
    public: 'public-read'
    # Set this ACL on each uploaded object of private/internal videos
    # PeerTube can proxify requests to private objects so your users can access them
+    # Use null if your S3 provider does not support object ACL
    private: 'private'

  proxy:
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@ -152,9 +152,11 @@ object_storage:

  upload_acl:
    # Set this ACL on each uploaded object of public/unlisted videos
+    # Use null if your S3 provider does not support object ACL
    public: 'public-read'
    # Set this ACL on each uploaded object of private/internal videos
    # PeerTube can proxify requests to private objects so your users can access them
+    # Use null if your S3 provider does not support object ACL
    private: 'private'

  proxy:
--- a/server/initializers/checker-after-init.ts
+++ b/server/initializers/checker-after-init.ts
@ -278,14 +278,6 @@ function checkObjectStorageConfig () {
        'Object storage bucket prefixes should be set to different values when the same bucket is used for both types of video.'
      )
    }
-
-    if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PUBLIC) {
-      throw new Error('object_storage.upload_acl.public must be set')
-    }
-
-    if (!CONFIG.OBJECT_STORAGE.UPLOAD_ACL.PRIVATE) {
-      throw new Error('object_storage.upload_acl.private must be set')
-    }
  }
 }

--- a/server/lib/object-storage/shared/object-storage-helpers.ts
+++ b/server/lib/object-storage/shared/object-storage-helpers.ts
@ -61,13 +61,16 @@ async function storeObject (options: {

 // ---------------------------------------------------------------------------

-function updateObjectACL (options: {
+async function updateObjectACL (options: {
  objectStorageKey: string
  bucketInfo: BucketInfo
  isPrivate: boolean
 }) {
  const { objectStorageKey, bucketInfo, isPrivate } = options

+  const acl = getACL(isPrivate)
+  if (!acl) return
+
  const key = buildKey(objectStorageKey, bucketInfo)

  logger.debug('Updating ACL file %s in bucket %s', key, bucketInfo.BUCKET_NAME, lTags())
@ -75,10 +78,10 @@ function updateObjectACL (options: {
  const command = new PutObjectAclCommand({
    Bucket: bucketInfo.BUCKET_NAME,
    Key: key,
-    ACL: getACL(isPrivate)
+    ACL: acl
  })

-  return getClient().send(command)
+  await getClient().send(command)
 }

 function updatePrefixACL (options: {
@ -88,6 +91,9 @@ function updatePrefixACL (options: {
 }) {
  const { prefix, bucketInfo, isPrivate } = options

+  const acl = getACL(isPrivate)
+  if (!acl) return
+
  logger.debug('Updating ACL of files in prefix %s in bucket %s', prefix, bucketInfo.BUCKET_NAME, lTags())

  return applyOnPrefix({
@ -99,7 +105,7 @@ function updatePrefixACL (options: {
      return new PutObjectAclCommand({
        Bucket: bucketInfo.BUCKET_NAME,
        Key: obj.Key,
-        ACL: getACL(isPrivate)
+        ACL: acl
      })
    }
  })
@ -227,10 +233,12 @@ async function uploadToStorage (options: {
  const input: PutObjectCommandInput = {
    Body: content,
    Bucket: bucketInfo.BUCKET_NAME,
-    Key: buildKey(objectStorageKey, bucketInfo),
-    ACL: getACL(isPrivate)
+    Key: buildKey(objectStorageKey, bucketInfo)
  }

+  const acl = getACL(isPrivate)
+  if (acl) input.ACL = acl
+
  const parallelUploads3 = new Upload({
    client: getClient(),
    queueSize: 4,
--- a/server/lib/object-storage/videos.ts
+++ b/server/lib/object-storage/videos.ts
@ -55,16 +55,16 @@ function storeWebTorrentFile (video: MVideo, file: MVideoFile) {

 // ---------------------------------------------------------------------------

-function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
-  return updateObjectACL({
+async function updateWebTorrentFileACL (video: MVideo, file: MVideoFile) {
+  await updateObjectACL({
    objectStorageKey: generateWebTorrentObjectStorageKey(file.filename),
    bucketInfo: CONFIG.OBJECT_STORAGE.VIDEOS,
    isPrivate: video.hasPrivateStaticPath()
  })
 }

-function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
-  return updatePrefixACL({
+async function updateHLSFilesACL (playlist: MStreamingPlaylistVideo) {
+  await updatePrefixACL({
    prefix: generateHLSObjectBaseStorageKey(playlist),
    bucketInfo: CONFIG.OBJECT_STORAGE.STREAMING_PLAYLISTS,
    isPrivate: playlist.Video.hasPrivateStaticPath()