2021-10-31 18:23:13 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-03-21 10:28:52 -04:00
|
|
|
require "s3_helper"
|
2021-11-07 18:16:38 -05:00
|
|
|
|
2021-10-31 18:23:13 -04:00
|
|
|
class S3CorsRulesets
|
|
|
|
ASSETS = {
|
|
|
|
allowed_headers: ["Authorization"],
|
|
|
|
allowed_methods: ["GET", "HEAD"],
|
|
|
|
allowed_origins: ["*"],
|
|
|
|
max_age_seconds: 3000
|
|
|
|
}.freeze
|
|
|
|
|
|
|
|
BACKUP_DIRECT_UPLOAD = {
|
|
|
|
allowed_headers: ["*"],
|
2021-11-07 18:16:38 -05:00
|
|
|
expose_headers: ["ETag"],
|
|
|
|
allowed_methods: ["GET", "HEAD", "PUT"],
|
|
|
|
allowed_origins: ["*"],
|
|
|
|
max_age_seconds: 3000
|
|
|
|
}.freeze
|
|
|
|
|
|
|
|
DIRECT_UPLOAD = {
|
|
|
|
allowed_headers: ["Authorization", "Content-Disposition", "Content-Type"],
|
|
|
|
expose_headers: ["ETag"],
|
|
|
|
allowed_methods: ["GET", "HEAD", "PUT"],
|
|
|
|
allowed_origins: ["*"],
|
2021-10-31 18:23:13 -04:00
|
|
|
max_age_seconds: 3000
|
|
|
|
}.freeze
|
2021-11-07 18:16:38 -05:00
|
|
|
|
2021-11-07 20:44:12 -05:00
|
|
|
RULE_STATUS_SKIPPED = "rules_skipped_from_settings"
|
|
|
|
RULE_STATUS_EXISTED = "rules_already_existed"
|
|
|
|
RULE_STATUS_APPLIED = "rules_applied"
|
|
|
|
|
2021-11-07 18:16:38 -05:00
|
|
|
##
|
|
|
|
# Used by the s3:ensure_cors_rules rake task to make sure the
|
|
|
|
# relevant CORS rules are applied to allow for direct uploads to
|
|
|
|
# S3, and in the case of assets rules so there are fonts and other
|
|
|
|
# public assets for the site loaded correctly.
|
|
|
|
#
|
|
|
|
# The use_db_s3_config param comes from ENV, and if the S3 client
|
|
|
|
# is not provided it is initialized by the S3Helper.
|
|
|
|
def self.sync(use_db_s3_config:, s3_client: nil)
|
|
|
|
return if !SiteSetting.s3_install_cors_rule
|
|
|
|
return if !(GlobalSetting.use_s3? || SiteSetting.enable_s3_uploads)
|
|
|
|
|
2021-11-07 20:44:12 -05:00
|
|
|
assets_rules_status = RULE_STATUS_SKIPPED
|
|
|
|
backup_rules_status = RULE_STATUS_SKIPPED
|
|
|
|
direct_upload_rules_status = RULE_STATUS_SKIPPED
|
2021-11-07 18:16:38 -05:00
|
|
|
|
|
|
|
s3_helper = S3Helper.build_from_config(
|
|
|
|
s3_client: s3_client, use_db_s3_config: use_db_s3_config
|
|
|
|
)
|
2021-11-16 10:01:48 -05:00
|
|
|
if !Rails.env.test?
|
|
|
|
puts "Attempting to apply ASSETS S3 CORS ruleset in bucket #{s3_helper.s3_bucket_name}."
|
|
|
|
end
|
2021-11-07 20:44:12 -05:00
|
|
|
assets_rules_status = s3_helper.ensure_cors!([S3CorsRulesets::ASSETS]) ? RULE_STATUS_APPLIED : RULE_STATUS_EXISTED
|
2021-11-07 18:16:38 -05:00
|
|
|
|
|
|
|
if SiteSetting.enable_backups? && SiteSetting.backup_location == BackupLocationSiteSetting::S3
|
|
|
|
backup_s3_helper = S3Helper.build_from_config(
|
|
|
|
s3_client: s3_client, use_db_s3_config: use_db_s3_config, for_backup: true
|
|
|
|
)
|
2021-11-16 10:01:48 -05:00
|
|
|
if !Rails.env.test?
|
|
|
|
puts "Attempting to apply BACKUP_DIRECT_UPLOAD S3 CORS ruleset in bucket #{backup_s3_helper.s3_bucket_name}."
|
|
|
|
end
|
2021-11-07 20:44:12 -05:00
|
|
|
backup_rules_status = backup_s3_helper.ensure_cors!([S3CorsRulesets::BACKUP_DIRECT_UPLOAD]) ? RULE_STATUS_APPLIED : RULE_STATUS_EXISTED
|
2021-11-07 18:16:38 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
if SiteSetting.enable_direct_s3_uploads
|
2021-11-16 10:01:48 -05:00
|
|
|
if !Rails.env.test?
|
|
|
|
puts "Attempting to apply DIRECT_UPLOAD S3 CORS ruleset in bucket #{s3_helper.s3_bucket_name}."
|
|
|
|
end
|
2021-11-07 20:44:12 -05:00
|
|
|
direct_upload_rules_status = s3_helper.ensure_cors!([S3CorsRulesets::DIRECT_UPLOAD]) ? RULE_STATUS_APPLIED : RULE_STATUS_EXISTED
|
2021-11-07 18:16:38 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
{
|
2021-11-07 20:44:12 -05:00
|
|
|
assets_rules_status: assets_rules_status,
|
|
|
|
backup_rules_status: backup_rules_status,
|
|
|
|
direct_upload_rules_status: direct_upload_rules_status
|
2021-11-07 18:16:38 -05:00
|
|
|
}
|
|
|
|
end
|
2021-10-31 18:23:13 -04:00
|
|
|
end
|