Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/lib/s3_helper.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

447 lines
12 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-02 18:17:27 -04:00
# frozen_string_literal: true
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
require "aws-sdk-s3"
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
class S3Helper
DEV: Update aws-sdk-s3 gem for S3 multipart uploads (#13523) We are a few versions behind on this gem. We need to update it for S3 multipart uploads. In the current version we are using, we cannot do this: ```ruby Discourse.store.s3_helper.object(key).presigned_url(:upload_part, part_number: 1, upload_id: multipart_upload_id) ``` The S3 client raises an error, saying the operation is undefined. Once I updated the gem this operation works as expected and returns a presigned URL for the upload_part operation. Also remove use of Aws::S3::FileUploader::FIFTEEN_MEGABYTES. This was part of a private API and should not have been used.
2021-06-25 00:22:31 -04:00
FIFTEEN_MEGABYTES = 15 * 1024 * 1024
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
FIX: Check options and not just site settings.
2016-08-17 04:16:00 -04:00
class SettingMissing < StandardError; end
fix s3_cdn_url when the s3 bucket contains a folder
2018-05-22 17:21:52 -04:00
attr_reader :s3_bucket_name, :s3_bucket_folder_path
REFACTOR: Get bucket name from S3Helper.
2016-08-19 02:08:04 -04:00
FIX: Increase time of DOWNLOAD_URL_EXPIRES_AFTER_SECONDS to 5 minutes (#10160) * Change S3Helper::DOWNLOAD_URL_EXPIRES_AFTER_SECONDS to 5 minutes, which controls presigned URL expiry and secure-media route cache time. * This is done because of the composer preview refreshing while typing causes a lot of requests sent to our server because of the short URL expiry. If this ends up being not enough we can always increase the time or explore other avenues (e.g. GitHub has a 7 day validity for secure URLs)
2020-07-02 23:42:36 -04:00
##
# Controls the following:
#
# * cache time for secure-media URLs
# * expiry time for S3 presigned URLs, which include backup downloads and
# any upload that has a private ACL (e.g. secure uploads)
FEATURE: Make S3 presigned GET URL expiry configurable (#16912) Previously we hardcoded the DOWNLOAD_URL_EXPIRES_AFTER_SECONDS const inside S3Helper to be 5 minutes (300 seconds). For various reasons, some hosted sites may need this to be longer for other integrations. The maximum expiry time for presigned URLs is 1 week (which is 604800 seconds), so that has been added as a validation on the setting as well. The setting is hidden because 99% of the time it should not be changed.
2022-05-25 19:53:01 -04:00
#
# SiteSetting.s3_presigned_get_url_expires_after_seconds
FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787) This adds a few different things to allow for direct S3 uploads using uppy. **These changes are still not the default.** There are hidden `enable_experimental_image_uploader` and `enable_direct_s3_uploads` settings that must be turned on for any of this code to be used, and even if they are turned on only the User Card Background for the user profile actually uses uppy-image-uploader. A new `ExternalUploadStub` model and database table is introduced in this pull request. This is used to keep track of uploads that are uploaded to a temporary location in S3 with the direct to S3 code, and they are eventually deleted a) when the direct upload is completed and b) after a certain time period of not being used. ### Starting a direct S3 upload When an S3 direct upload is initiated with uppy, we first request a presigned PUT URL from the new `generate-presigned-put` endpoint in `UploadsController`. This generates an S3 key in the `temp` folder inside the correct bucket path, along with any metadata from the clientside (e.g. the SHA1 checksum described below). This will also create an `ExternalUploadStub` and store the details of the temp object key and the file being uploaded. Once the clientside has this URL, uppy will upload the file direct to S3 using the presigned URL. Once the upload is complete we go to the next stage. ### Completing a direct S3 upload Once the upload to S3 is done we call the new `complete-external-upload` route with the unique identifier of the `ExternalUploadStub` created earlier. Only the user who made the stub can complete the external upload. One of two paths is followed via the `ExternalUploadManager`. 1. If the object in S3 is too large (currently 100mb defined by `ExternalUploadManager::DOWNLOAD_LIMIT`) we do not download and generate the SHA1 for that file. Instead we create the `Upload` record via `UploadCreator` and simply copy it to its final destination on S3 then delete the initial temp file. Several modifications to `UploadCreator` have been made to accommodate this. 2. If the object in S3 is small enough, we download it. When the temporary S3 file is downloaded, we compare the SHA1 checksum generated by the browser with the actual SHA1 checksum of the file generated by ruby. The browser SHA1 checksum is stored on the object in S3 with metadata, and is generated via the `UppyChecksum` plugin. Keep in mind that some browsers will not generate this due to compatibility or other issues. We then follow the normal `UploadCreator` path with one exception. To cut down on having to re-upload the file again, if there are no changes (such as resizing etc) to the file in `UploadCreator` we follow the same copy + delete temp path that we do for files that are too large. 3. Finally we return the serialized upload record back to the client There are several errors that could happen that are handled by `UploadsController` as well. Also in this PR is some refactoring of `displayErrorForUpload` to handle both uppy and jquery file uploader errors.
2021-07-27 18:42:25 -04:00
##
# Controls the following:
#
# * presigned put_object URLs for direct S3 uploads
UPLOAD_URL_EXPIRES_AFTER_SECONDS ||= 10.minutes.to_i
FEATURE: Support private attachments when using S3 storage (#7677) * Support private uploads in S3 * Use localStore for local avatars * Add job to update private upload ACL on S3 * Test multisite paths * update ACL for private uploads in migrate_to_s3 task
2019-06-05 23:27:24 -04:00
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
def initialize(s3_bucket_name, tombstone_prefix = '', options = {})
DEV: Add option to pass s3 client in param
2019-01-04 01:46:09 -05:00
@s3_client = options.delete(:client)
FIX: Check options and not just site settings.
2016-08-17 04:16:00 -04:00
@s3_options = default_s3_options.merge(options)
Allow custom s3 options for `S3Helper`.
2016-08-15 23:13:59 -04:00
REFACTOR: Get bucket name from S3Helper.
2016-08-19 02:08:04 -04:00
@s3_bucket_name, @s3_bucket_folder_path = begin
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
raise Discourse::InvalidParameters.new("s3_bucket_name") if s3_bucket_name.blank?
FIX: Add compatibility for bucket folder paths in migrate_to_s3 task (#6855) * FIX: Add compatibility for bucket folder paths in migrate_to_s3 task * Refactor bucket_name split logic into S3Helper
2019-01-08 09:34:48 -05:00
self.class.get_bucket_and_folder_path(s3_bucket_name)
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
end
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
@tombstone_prefix =
if @s3_bucket_folder_path
File.join(@s3_bucket_folder_path, tombstone_prefix)
else
tombstone_prefix
end
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
end
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
def self.build_from_config(use_db_s3_config: false, for_backup: false, s3_client: nil)
setting_klass = use_db_s3_config ? SiteSetting : GlobalSetting
options = S3Helper.s3_options(setting_klass)
options[:client] = s3_client if s3_client.present?
bucket =
if for_backup
setting_klass.s3_backup_bucket
else
use_db_s3_config ? SiteSetting.s3_upload_bucket : GlobalSetting.s3_bucket
end
S3Helper.new(bucket.downcase, '', options)
end
FIX: Add compatibility for bucket folder paths in migrate_to_s3 task (#6855) * FIX: Add compatibility for bucket folder paths in migrate_to_s3 task * Refactor bucket_name split logic into S3Helper
2019-01-08 09:34:48 -05:00
def self.get_bucket_and_folder_path(s3_bucket_name)
DEV: stop freezing frozen strings We have the `# frozen_string_literal: true` comment on all our files. This means all string literals are frozen. There is no need to call #freeze on any literals. For files with `# frozen_string_literal: true` ``` puts %w{a b}[0].frozen? => true puts "hi".frozen? => true puts "a #{1} b".frozen? => true puts ("a " + "b").frozen? => false puts (-("a " + "b")).frozen? => true ``` For more details see: https://samsaffron.com/archive/2018/02/16/reducing-string-duplication-in-ruby
2020-04-30 02:48:34 -04:00
s3_bucket_name.downcase.split("/", 2)
FIX: Add compatibility for bucket folder paths in migrate_to_s3 task (#6855) * FIX: Add compatibility for bucket folder paths in migrate_to_s3 task * Refactor bucket_name split logic into S3Helper
2019-01-08 09:34:48 -05:00
end
FIX: Incorrect path being passed to `S3Store#remove_file`.
2016-08-14 23:21:24 -04:00
def upload(file, path, options = {})
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
path = get_path_for_s3_upload(path)
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 01:16:22 -05:00
obj = s3_bucket.object(path)
etag = begin
DEV: Update aws-sdk-s3 gem for S3 multipart uploads (#13523) We are a few versions behind on this gem. We need to update it for S3 multipart uploads. In the current version we are using, we cannot do this: ```ruby Discourse.store.s3_helper.object(key).presigned_url(:upload_part, part_number: 1, upload_id: multipart_upload_id) ``` The S3 client raises an error, saying the operation is undefined. Once I updated the gem this operation works as expected and returns a presigned URL for the upload_part operation. Also remove use of Aws::S3::FileUploader::FIFTEEN_MEGABYTES. This was part of a private API and should not have been used.
2021-06-25 00:22:31 -04:00
if File.size(file.path) >= FIFTEEN_MEGABYTES
options[:multipart_threshold] = FIFTEEN_MEGABYTES
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 01:16:22 -05:00
obj.upload_file(file, options)
obj.load
obj.etag
else
options[:body] = file
obj.put(options).etag
end
end
DEV: Apply Rubocop redundant return style
2019-11-14 15:10:51 -05:00
[path, etag.gsub('"', '')]
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
end
FEATURE: Direct S3 multipart uploads for backups (#14736) This PR introduces a new `enable_experimental_backup_uploads` site setting (default false and hidden), which when enabled alongside `enable_direct_s3_uploads` will allow for direct S3 multipart uploads of backup .tar.gz files. To make multipart external uploads work with both the S3BackupStore and the S3Store, I've had to move several methods out of S3Store and into S3Helper, including: * presigned_url * create_multipart * abort_multipart * complete_multipart * presign_multipart_part * list_multipart_parts Then, S3Store and S3BackupStore either delegate directly to S3Helper or have their own special methods to call S3Helper for these methods. FileStore.temporary_upload_path has also removed its dependence on upload_path, and can now be used interchangeably between the stores. A similar change was made in the frontend as well, moving the multipart related JS code out of ComposerUppyUpload and into a mixin of its own, so it can also be used by UppyUploadMixin. Some changes to ExternalUploadManager had to be made here as well. The backup direct uploads do not need an Upload record made for them in the database, so they can be moved to their final S3 resting place when completing the multipart upload. This changeset is not perfect; it introduces some special cases in UploadController to handle backups that was previously in BackupController, because UploadController is where the multipart routes are located. A subsequent pull request will pull these routes into a module or some other sharing pattern, along with hooks, so the backup controller and the upload controller (and any future controllers that may need them) can include these routes in a nicer way.
2021-11-10 17:25:31 -05:00
def path_from_url(url)
URI.parse(url).path.delete_prefix("/")
end
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
def remove(s3_filename, copy_to_tombstone = false)
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-02 18:17:27 -04:00
s3_filename = s3_filename.dup
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
# copy the file in tombstone
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
if copy_to_tombstone && @tombstone_prefix.present?
Add `FileStore::S3Store#copy_file`.
2018-08-07 23:26:05 -04:00
self.copy(
FIX: Wrong order for `S3Helper#copy_file`.
2018-08-08 03:57:58 -04:00
get_path_for_s3_upload(s3_filename),
File.join(@tombstone_prefix, s3_filename)
Add `FileStore::S3Store#copy_file`.
2018-08-07 23:26:05 -04:00
)
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
end
FIX: Incorrect path being passed to `S3Store#remove_file`.
2016-08-14 23:21:24 -04:00
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
# delete the file
FIX: Ensure that multisite s3 uploads are tombstoned correctly (#6769) * FIX: Ensure that multisite uploads are tombstoned into the correct paths * Move multisite specs to spec/multisite/s3_store_spec.rb
2018-12-19 00:32:32 -05:00
s3_filename.prepend(multisite_upload_path) if Rails.configuration.multisite
new S3 backup layout (#9830) * DEV: new S3 backup layout Currently, with $S3_BACKUP_BUCKET of "bucket/backups", multisite backups end up in "bucket/backups/backups/dbname/" and single-site will be in "bucket/backups/". Both _should_ be in "bucket/backups/dbname/" - remove MULTISITE_PREFIX, - always include dbname, - method to move to the new prefix - job to call the method * SPEC: add tests for `VacateLegacyPrefixBackups` onceoff job. Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
2020-05-28 14:58:23 -04:00
delete_object(get_path_for_s3_upload(s3_filename))
FIX: don't raise an error if file not found in S3. (#17841) While deleting the object in S3, don't raise an error if the file is not available in S3. Co-authored-by: Régis Hanol <regis@hanol.fr>
2022-08-09 05:46:35 -04:00
rescue Aws::S3::Errors::NoSuchKey, Aws::S3::Errors::NotFound
new S3 backup layout (#9830) * DEV: new S3 backup layout Currently, with $S3_BACKUP_BUCKET of "bucket/backups", multisite backups end up in "bucket/backups/backups/dbname/" and single-site will be in "bucket/backups/". Both _should_ be in "bucket/backups/dbname/" - remove MULTISITE_PREFIX, - always include dbname, - method to move to the new prefix - job to call the method * SPEC: add tests for `VacateLegacyPrefixBackups` onceoff job. Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
2020-05-28 14:58:23 -04:00
end
def delete_object(key)
s3_bucket.object(key).delete
FIX: don't raise an error if file not found in S3. (#17841) While deleting the object in S3, don't raise an error if the file is not available in S3. Co-authored-by: Régis Hanol <regis@hanol.fr>
2022-08-09 05:46:35 -04:00
rescue Aws::S3::Errors::NoSuchKey, Aws::S3::Errors::NotFound
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
end
PERF: Update `s3:expire_missing_assets` to delete in batches (#18908) Some sites may have thousands of stale assets - deleting them one-by-one is very slow. Followup to e8570b5cc92908b038bcc56ddd0af201c2bed46e
2022-11-07 07:53:14 -05:00
def delete_objects(keys)
s3_bucket.delete_objects({
delete: {
objects: keys.map { |k| { key: k } },
quiet: true,
},
})
end
DEV: Update `uploads:list_posts_with_broken_images` to recover from tombstone.
2018-09-10 05:01:11 -04:00
def copy(source, destination, options: {})
FIX: Make sure S3 object headers are preserved on copy (#14302) When copying an existing upload stub temporary object on S3 to its final destination we were not copying across its additional headers such as content-disposition and cache-control, which led to issues like attachments not downloading with their original filename when clicking the download links in posts. This is because the metadata_directive = REPLACE option was not being passed to object.copy_from(), so only the source object's headers were being used. Added an option for apply_metadata_to_destination to apply this option conditionally, because we may not always want to replace this metadata, but we definitely do when copying a temporary upload.
2021-09-09 22:59:51 -04:00
if options[:apply_metadata_to_destination]
options = options.except(:apply_metadata_to_destination).merge(metadata_directive: "REPLACE")
end
FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787) This adds a few different things to allow for direct S3 uploads using uppy. **These changes are still not the default.** There are hidden `enable_experimental_image_uploader` and `enable_direct_s3_uploads` settings that must be turned on for any of this code to be used, and even if they are turned on only the User Card Background for the user profile actually uses uppy-image-uploader. A new `ExternalUploadStub` model and database table is introduced in this pull request. This is used to keep track of uploads that are uploaded to a temporary location in S3 with the direct to S3 code, and they are eventually deleted a) when the direct upload is completed and b) after a certain time period of not being used. ### Starting a direct S3 upload When an S3 direct upload is initiated with uppy, we first request a presigned PUT URL from the new `generate-presigned-put` endpoint in `UploadsController`. This generates an S3 key in the `temp` folder inside the correct bucket path, along with any metadata from the clientside (e.g. the SHA1 checksum described below). This will also create an `ExternalUploadStub` and store the details of the temp object key and the file being uploaded. Once the clientside has this URL, uppy will upload the file direct to S3 using the presigned URL. Once the upload is complete we go to the next stage. ### Completing a direct S3 upload Once the upload to S3 is done we call the new `complete-external-upload` route with the unique identifier of the `ExternalUploadStub` created earlier. Only the user who made the stub can complete the external upload. One of two paths is followed via the `ExternalUploadManager`. 1. If the object in S3 is too large (currently 100mb defined by `ExternalUploadManager::DOWNLOAD_LIMIT`) we do not download and generate the SHA1 for that file. Instead we create the `Upload` record via `UploadCreator` and simply copy it to its final destination on S3 then delete the initial temp file. Several modifications to `UploadCreator` have been made to accommodate this. 2. If the object in S3 is small enough, we download it. When the temporary S3 file is downloaded, we compare the SHA1 checksum generated by the browser with the actual SHA1 checksum of the file generated by ruby. The browser SHA1 checksum is stored on the object in S3 with metadata, and is generated via the `UppyChecksum` plugin. Keep in mind that some browsers will not generate this due to compatibility or other issues. We then follow the normal `UploadCreator` path with one exception. To cut down on having to re-upload the file again, if there are no changes (such as resizing etc) to the file in `UploadCreator` we follow the same copy + delete temp path that we do for files that are too large. 3. Finally we return the serialized upload record back to the client There are several errors that could happen that are handled by `UploadsController` as well. Also in this PR is some refactoring of `displayErrorForUpload` to handle both uppy and jquery file uploader errors.
2021-07-27 18:42:25 -04:00
destination = get_path_for_s3_upload(destination)
FIX: Uploading large files (> 5GB) failed when `enable_direct_s3_uploads` is enabled (#16724) Larger files require a multipart copy.
2022-06-28 15:30:00 -04:00
source_object = if !Rails.configuration.multisite || source.include?(multisite_upload_path) || source.include?(@tombstone_prefix)
s3_bucket.object(source)
elsif @s3_bucket_folder_path
folder, filename = source.split("/", 2)
s3_bucket.object(File.join(folder, multisite_upload_path, filename))
FIX: Ensure that multisite s3 uploads are tombstoned correctly (#6769) * FIX: Ensure that multisite uploads are tombstoned into the correct paths * Move multisite specs to spec/multisite/s3_store_spec.rb
2018-12-19 00:32:32 -05:00
else
FIX: Uploading large files (> 5GB) failed when `enable_direct_s3_uploads` is enabled (#16724) Larger files require a multipart copy.
2022-06-28 15:30:00 -04:00
s3_bucket.object(File.join(multisite_upload_path, source))
end
if source_object.size > FIFTEEN_MEGABYTES
options[:multipart_copy] = true
options[:content_length] = source_object.size
FIX: Ensure that multisite s3 uploads are tombstoned correctly (#6769) * FIX: Ensure that multisite uploads are tombstoned into the correct paths * Move multisite specs to spec/multisite/s3_store_spec.rb
2018-12-19 00:32:32 -05:00
end
FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787) This adds a few different things to allow for direct S3 uploads using uppy. **These changes are still not the default.** There are hidden `enable_experimental_image_uploader` and `enable_direct_s3_uploads` settings that must be turned on for any of this code to be used, and even if they are turned on only the User Card Background for the user profile actually uses uppy-image-uploader. A new `ExternalUploadStub` model and database table is introduced in this pull request. This is used to keep track of uploads that are uploaded to a temporary location in S3 with the direct to S3 code, and they are eventually deleted a) when the direct upload is completed and b) after a certain time period of not being used. ### Starting a direct S3 upload When an S3 direct upload is initiated with uppy, we first request a presigned PUT URL from the new `generate-presigned-put` endpoint in `UploadsController`. This generates an S3 key in the `temp` folder inside the correct bucket path, along with any metadata from the clientside (e.g. the SHA1 checksum described below). This will also create an `ExternalUploadStub` and store the details of the temp object key and the file being uploaded. Once the clientside has this URL, uppy will upload the file direct to S3 using the presigned URL. Once the upload is complete we go to the next stage. ### Completing a direct S3 upload Once the upload to S3 is done we call the new `complete-external-upload` route with the unique identifier of the `ExternalUploadStub` created earlier. Only the user who made the stub can complete the external upload. One of two paths is followed via the `ExternalUploadManager`. 1. If the object in S3 is too large (currently 100mb defined by `ExternalUploadManager::DOWNLOAD_LIMIT`) we do not download and generate the SHA1 for that file. Instead we create the `Upload` record via `UploadCreator` and simply copy it to its final destination on S3 then delete the initial temp file. Several modifications to `UploadCreator` have been made to accommodate this. 2. If the object in S3 is small enough, we download it. When the temporary S3 file is downloaded, we compare the SHA1 checksum generated by the browser with the actual SHA1 checksum of the file generated by ruby. The browser SHA1 checksum is stored on the object in S3 with metadata, and is generated via the `UppyChecksum` plugin. Keep in mind that some browsers will not generate this due to compatibility or other issues. We then follow the normal `UploadCreator` path with one exception. To cut down on having to re-upload the file again, if there are no changes (such as resizing etc) to the file in `UploadCreator` we follow the same copy + delete temp path that we do for files that are too large. 3. Finally we return the serialized upload record back to the client There are several errors that could happen that are handled by `UploadsController` as well. Also in this PR is some refactoring of `displayErrorForUpload` to handle both uppy and jquery file uploader errors.
2021-07-27 18:42:25 -04:00
FIX: Make sure S3 object headers are preserved on copy (#14302) When copying an existing upload stub temporary object on S3 to its final destination we were not copying across its additional headers such as content-disposition and cache-control, which led to issues like attachments not downloading with their original filename when clicking the download links in posts. This is because the metadata_directive = REPLACE option was not being passed to object.copy_from(), so only the source object's headers were being used. Added an option for apply_metadata_to_destination to apply this option conditionally, because we may not always want to replace this metadata, but we definitely do when copying a temporary upload.
2021-09-09 22:59:51 -04:00
destination_object = s3_bucket.object(destination)
FIX: Uploading large files (> 5GB) failed when `enable_direct_s3_uploads` is enabled (#16724) Larger files require a multipart copy.
2022-06-28 15:30:00 -04:00
# Note for small files that do not use multipart copy: Any options for metadata
# (e.g. content_disposition, content_type) will not be applied unless the
# metadata_directive = "REPLACE" option is passed in. If this is not passed in,
# the source object's metadata will be used.
# For larger files it copies the metadata from the source file and merges it
# with values from the copy call.
response = destination_object.copy_from(source_object, options)
etag = if response.respond_to?(:copy_object_result)
# small files, regular copy
response.copy_object_result.etag
else
# larger files, multipart copy
response.data.etag
end
[destination, etag.gsub('"', '')]
Add `FileStore::S3Store#copy_file`.
2018-08-07 23:26:05 -04:00
end
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
# Several places in the application need certain CORS rules to exist
# inside an S3 bucket so requests to the bucket can be made
# directly from the browser. The s3:ensure_cors_rules rake task
# is used to ensure these rules exist for assets, S3 backups, and
# direct S3 uploads, depending on configuration.
FEATURE: Support backup uploads/downloads directly to/from S3. This reverts commit 3c59106bac4d79f39981bda3ff9db7786c1a78a0.
2018-10-14 21:43:31 -04:00
def ensure_cors!(rules = nil)
FEATURE: Add setting to disable automatic CORS rule install in S3 buckets (#9872)
2020-05-25 16:09:34 -04:00
return unless SiteSetting.s3_install_cors_rule
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
rules = [rules] if !rules.is_a?(Array)
existing_rules = fetch_bucket_cors_rules
FEATURE: Add setting to disable automatic CORS rule install in S3 buckets (#9872)
2020-05-25 16:09:34 -04:00
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
new_rules = rules - existing_rules
return false if new_rules.empty?
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
final_rules = existing_rules + new_rules
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
begin
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
s3_resource.client.put_bucket_cors(
bucket: @s3_bucket_name,
cors_configuration: {
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
cors_rules: final_rules
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
}
)
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
rescue Aws::S3::Errors::AccessDenied => err
# TODO (martin) Remove this warning log level once we are sure this new
# ensure_cors! rule is functioning correctly.
Discourse.warn_exception(err, message: "Could not PutBucketCors rules for #{@s3_bucket_name}, rules: #{final_rules}")
return false
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
end
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
true
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
end
def update_lifecycle(id, days, prefix: nil, tag: nil)
filter = {}
if prefix
filter[:prefix] = prefix
elsif tag
filter[:tag] = tag
end
FEATURE: generate (avatar) thumbnails in a background task FIX: keep the "uploading..." indicator until the server replies via the MessageBus FIX: text was disapearing when uploading an avatar PERF: always use a region for S3 (defaults to 'us-east-1') FEATURE: ApplyCDN middleware when using S3 FIX: use the same pattern to store files on S3 and locally PERF: keep a local cache of uploads when generating thumbnails FEATURE: migrate_to_s3 rake task
2015-05-25 11:59:00 -04:00
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
# cf. http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
rule = {
id: id,
status: "Enabled",
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
expiration: { days: days },
filter: filter
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
}
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
rules = []
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
begin
rules = s3_resource.client.get_bucket_lifecycle_configuration(bucket: @s3_bucket_name).rules
rescue Aws::S3::Errors::NoSuchLifecycleConfiguration
# skip trying to merge
end
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
FIX: error setting tombstone bucket when set to old version
2017-11-12 23:36:45 -05:00
# in the past we has a rule that was called purge-tombstone vs purge_tombstone
# just go ahead and normalize for our bucket
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
rules.delete_if do |r|
FIX: error setting tombstone bucket when set to old version
2017-11-12 23:36:45 -05:00
r.id.gsub('_', '-') == id.gsub('_', '-')
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
end
rules << rule
FIX: error setting tombstone bucket when set to old version
2017-11-12 23:36:45 -05:00
# normalize filter in rules, due to AWS library bug
rules = rules.map do |r|
r = r.to_h
prefix = r.delete(:prefix)
if prefix
r[:filter] = { prefix: prefix }
end
r
end
Correct rule installation in AWS
2017-10-08 19:26:58 -04:00
s3_resource.client.put_bucket_lifecycle_configuration(
bucket: @s3_bucket_name,
lifecycle_configuration: {
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
rules: rules
})
end
def update_tombstone_lifecycle(grace_period)
FEATURE: Add SiteSetting for s3_configure_tombstone_policy Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-16 20:57:50 -04:00
return if !SiteSetting.s3_configure_tombstone_policy
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
return if @tombstone_prefix.blank?
update_lifecycle("purge_tombstone", grace_period, prefix: @tombstone_prefix)
end
FEATURE: Make uploads:missing task compatible with s3 uploads
2018-11-26 14:24:51 -05:00
def list(prefix = "", marker = nil)
options = { prefix: get_path_for_s3_upload(prefix) }
options[:marker] = marker if marker.present?
s3_bucket.objects(options)
FEATURE: rake tasks for uploading assets to S3 This opens the door to serving application.js and so on from s3. Also updates s3 gem for some tagging support
2017-10-03 03:00:42 -04:00
end
def tag_file(key, tags)
tag_array = []
tags.each do |k, v|
tag_array << { key: k.to_s, value: v.to_s }
end
s3_resource.client.put_object_tagging(
bucket: @s3_bucket_name,
key: key,
tagging: {
tag_set: tag_array
}
)
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
end
FEATURE: Support backup uploads/downloads directly to/from S3. This reverts commit 3c59106bac4d79f39981bda3ff9db7786c1a78a0.
2018-10-14 21:43:31 -04:00
def object(path)
PERF: new 'migrate_to_s3' rake task
2018-12-26 11:34:49 -05:00
s3_bucket.object(get_path_for_s3_upload(path))
FEATURE: Support backup uploads/downloads directly to/from S3. This reverts commit 3c59106bac4d79f39981bda3ff9db7786c1a78a0.
2018-10-14 21:43:31 -04:00
end
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
def self.s3_options(obj)
PERF: new 'migrate_to_s3' rake task
2018-12-26 11:34:49 -05:00
opts = {
DEV: Remove SiteSetting.s3_force_path_style (#7210) - s3_force_path_style was added as a Minio specific url scheme but it has never been well supported in our code base. - Our new migrate_to_s3 rake task does not work reliably with path style urls too - Minio has also added support for virtual style requests i.e the same scheme as AWS S3/DO Spaces so we can rely on that instead of using path style requests. - Add migration to drop s3_force_path_style from the site_settings table
2019-03-20 09:58:20 -04:00
region: obj.s3_region
PERF: new 'migrate_to_s3' rake task
2018-12-26 11:34:49 -05:00
}
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
FIX: S3 endpoint broke bucket creation in non-default region
2019-02-05 11:50:27 -05:00
opts[:endpoint] = SiteSetting.s3_endpoint if SiteSetting.s3_endpoint.present?
FEATURE: Add setting to controle the Expect header on S3 calls Some providers don't implement the Expect: 100-continue support, which results in a mismatch in the object signature. With this settings, users can disable the header and use such providers.
2020-04-29 18:04:59 -04:00
opts[:http_continue_timeout] = SiteSetting.s3_http_continue_timeout
FIX: S3 endpoint broke bucket creation in non-default region
2019-02-05 11:50:27 -05:00
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
unless obj.s3_use_iam_profile
opts[:access_key_id] = obj.s3_access_key_id
opts[:secret_access_key] = obj.s3_secret_access_key
end
opts
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
end
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
FEATURE: Use amazon s3 inventory to manage upload stats (#6867)
2019-01-31 23:40:48 -05:00
def download_file(filename, destination_path, failure_message = nil)
FIX: attempt to output a useful error message currently AWS problems will just dump a stack trace
2020-08-03 23:08:37 -04:00
object(filename).download_file(destination_path)
rescue => err
FIX: AWS S3 errors don't necessarily include a message * If the error doesn't have a message, the class name will help * example: before: "Failed to download #{filename} because " after: "Failed to download #{filename} because Aws::S3::Errors::NotFound"
2020-08-12 16:01:14 -04:00
raise failure_message&.to_s || "Failed to download #{filename} because #{err.message.length > 0 ? err.message : err.class.to_s}"
FEATURE: Use amazon s3 inventory to manage upload stats (#6867)
2019-01-31 23:40:48 -05:00
end
def s3_client
@s3_client ||= Aws::S3::Client.new(@s3_options)
end
def s3_inventory_path(path = 'inventory')
get_path_for_s3_upload(path)
end
FEATURE: Direct S3 multipart uploads for backups (#14736) This PR introduces a new `enable_experimental_backup_uploads` site setting (default false and hidden), which when enabled alongside `enable_direct_s3_uploads` will allow for direct S3 multipart uploads of backup .tar.gz files. To make multipart external uploads work with both the S3BackupStore and the S3Store, I've had to move several methods out of S3Store and into S3Helper, including: * presigned_url * create_multipart * abort_multipart * complete_multipart * presign_multipart_part * list_multipart_parts Then, S3Store and S3BackupStore either delegate directly to S3Helper or have their own special methods to call S3Helper for these methods. FileStore.temporary_upload_path has also removed its dependence on upload_path, and can now be used interchangeably between the stores. A similar change was made in the frontend as well, moving the multipart related JS code out of ComposerUppyUpload and into a mixin of its own, so it can also be used by UppyUploadMixin. Some changes to ExternalUploadManager had to be made here as well. The backup direct uploads do not need an Upload record made for them in the database, so they can be moved to their final S3 resting place when completing the multipart upload. This changeset is not perfect; it introduces some special cases in UploadController to handle backups that was previously in BackupController, because UploadController is where the multipart routes are located. A subsequent pull request will pull these routes into a module or some other sharing pattern, along with hooks, so the backup controller and the upload controller (and any future controllers that may need them) can include these routes in a nicer way.
2021-11-10 17:25:31 -05:00
def abort_multipart(key:, upload_id:)
s3_client.abort_multipart_upload(
bucket: s3_bucket_name,
key: key,
upload_id: upload_id
)
end
def create_multipart(key, content_type, metadata: {})
response = s3_client.create_multipart_upload(
acl: "private",
bucket: s3_bucket_name,
key: key,
content_type: content_type,
metadata: metadata
)
{ upload_id: response.upload_id, key: key }
end
def presign_multipart_part(upload_id:, key:, part_number:)
presigned_url(
key,
method: :upload_part,
expires_in: S3Helper::UPLOAD_URL_EXPIRES_AFTER_SECONDS,
opts: {
part_number: part_number,
upload_id: upload_id
}
)
end
# Important note from the S3 documentation:
#
# This request returns a default and maximum of 1000 parts.
# You can restrict the number of parts returned by specifying the
# max_parts argument. If your multipart upload consists of more than 1,000
# parts, the response returns an IsTruncated field with the value of true,
# and a NextPartNumberMarker element.
#
# In subsequent ListParts requests you can include the part_number_marker arg
# using the NextPartNumberMarker the field value from the previous response to
# get more parts.
#
# See https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#list_parts-instance_method
def list_multipart_parts(upload_id:, key:, max_parts: 1000, start_from_part_number: nil)
options = {
bucket: s3_bucket_name,
key: key,
upload_id: upload_id,
max_parts: max_parts
}
if start_from_part_number.present?
options[:part_number_marker] = start_from_part_number
end
s3_client.list_parts(options)
end
def complete_multipart(upload_id:, key:, parts:)
s3_client.complete_multipart_upload(
bucket: s3_bucket_name,
key: key,
upload_id: upload_id,
multipart_upload: {
parts: parts
}
)
end
def presigned_url(
key,
method:,
expires_in: S3Helper::UPLOAD_URL_EXPIRES_AFTER_SECONDS,
opts: {}
)
Aws::S3::Presigner.new(client: s3_client).presigned_url(
method,
{
bucket: s3_bucket_name,
key: key,
expires_in: expires_in,
}.merge(opts)
)
end
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
private
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
FIX: Ensure CORS rules exist for S3 using rake task (#14802) This commit introduces a new s3:ensure_cors_rules rake task that is run as a prerequisite to s3:upload_assets. This rake task calls out to the S3CorsRulesets class to ensure that the 3 relevant sets of CORS rules are applied, depending on site settings: * assets * direct S3 backups * direct S3 uploads This works for both Global S3 settings and Database S3 settings (the latter set directly via SiteSetting). As it is, only one rule can be applied, which is generally the assets rule as it is called first. This commit changes the ensure_cors! method to be able to apply new rules as well as the existing ones. This commit also slightly changes the existing rules to cover direct S3 uploads via uppy, especially multipart, which requires some more headers.
2021-11-07 18:16:38 -05:00
def fetch_bucket_cors_rules
begin
s3_resource.client.get_bucket_cors(
bucket: @s3_bucket_name
).cors_rules&.map(&:to_h) || []
rescue Aws::S3::Errors::NoSuchCORSConfiguration
# no rule
[]
end
end
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
def default_s3_options
if SiteSetting.enable_s3_uploads?
options = self.class.s3_options(SiteSetting)
check_missing_site_options
options
elsif GlobalSetting.use_s3?
self.class.s3_options(GlobalSetting)
else
{}
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
end
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
end
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
def get_path_for_s3_upload(path)
FIX: Do not prefix temp/ S3 keys with s3_bucket_folder_path in S3Helper (#14145) This is unnecessary, as when the temporary key is created in S3Store we already include the s3_bucket_folder_path, and the key will always start with temp/ to assist with lifecycle rules for multipart uploads. This was affecting Discourse.store.object_from_path, Discourse.store.signed_url_for_path, and possibly others. See also: e0102a5
2021-08-25 18:50:49 -04:00
if @s3_bucket_folder_path &&
!path.starts_with?(@s3_bucket_folder_path) &&
!path.starts_with?(File.join(FileStore::BaseStore::TEMPORARY_UPLOAD_PREFIX, @s3_bucket_folder_path))
return File.join(@s3_bucket_folder_path, path)
end
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
path
Split options into another method so that plugins can use it.
2016-08-15 10:04:24 -04:00
end
FIX: Ensure that multisite s3 uploads are tombstoned correctly (#6769) * FIX: Ensure that multisite uploads are tombstoned into the correct paths * Move multisite specs to spec/multisite/s3_store_spec.rb
2018-12-19 00:32:32 -05:00
def multisite_upload_path
FIX: Multisite spec was failing in parallel environment We were not adding the test number to the path in all places.
2020-04-22 14:04:45 -04:00
path = File.join("uploads", RailsMultisite::ConnectionManagement.current_db, "/")
DEV: Use a tmp directory for storing uploads in tests (#9554) This avoids development-mode upload files from polluting the test environment
2020-04-28 09:03:04 -04:00
return path if !Rails.env.test?
File.join(path, "test_#{ENV['TEST_ENV_NUMBER'].presence || '0'}", "/")
FIX: Ensure that multisite s3 uploads are tombstoned correctly (#6769) * FIX: Ensure that multisite uploads are tombstoned into the correct paths * Move multisite specs to spec/multisite/s3_store_spec.rb
2018-12-19 00:32:32 -05:00
end
Split options into another method so that plugins can use it.
2016-08-15 10:04:24 -04:00
def s3_resource
FEATURE: Add S3 etag value to uploads table (#6795)
2019-01-04 01:16:22 -05:00
Aws::S3::Resource.new(client: s3_client)
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
end
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
def s3_bucket
Add `FileStore::S3Store#copy_file`.
2018-08-07 23:26:05 -04:00
@s3_bucket ||= begin
bucket = s3_resource.bucket(@s3_bucket_name)
bucket.create unless bucket.exists?
bucket
end
FEATURE: Support subfolders in `SiteSetting.s3_backup_bucket`.
2016-08-15 04:06:29 -04:00
end
FIX: Check options and not just site settings.
2016-08-17 04:16:00 -04:00
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
def check_missing_site_options
FIX: Check options and not just site settings.
2016-08-17 04:16:00 -04:00
unless SiteSetting.s3_use_iam_profile
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 01:20:01 -04:00
raise SettingMissing.new("access_key_id") if SiteSetting.s3_access_key_id.blank?
raise SettingMissing.new("secret_access_key") if SiteSetting.s3_secret_access_key.blank?
FIX: Check options and not just site settings.
2016-08-17 04:16:00 -04:00
end
end
FIX: automatic backup uploads to S3 when using a region
2014-09-24 16:52:09 -04:00
end