nextcloud /
server
@@ -119,6 +119,9 @@ |
||
| 119 | 119 | return Psr7\modify_request($request, $modify); |
| 120 | 120 | } |
| 121 | 121 | |
| 122 | + /** |
|
| 123 | + * @param string $string |
|
| 124 | + */ |
|
| 122 | 125 | private function signString($string, CredentialsInterface $credentials) |
| 123 | 126 | { |
| 124 | 127 | return base64_encode( |
@@ -14,191 +14,191 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class S3Signature implements SignatureInterface |
| 16 | 16 | { |
| 17 | - /** @var array Query string values that must be signed */ |
|
| 18 | - private $signableQueryString = [ |
|
| 19 | - 'acl', 'cors', 'delete', 'lifecycle', 'location', 'logging', |
|
| 20 | - 'notification', 'partNumber', 'policy', 'requestPayment', |
|
| 21 | - 'response-cache-control', 'response-content-disposition', |
|
| 22 | - 'response-content-encoding', 'response-content-language', |
|
| 23 | - 'response-content-type', 'response-expires', 'restore', 'tagging', |
|
| 24 | - 'torrent', 'uploadId', 'uploads', 'versionId', 'versioning', |
|
| 25 | - 'versions', 'website' |
|
| 26 | - ]; |
|
| 27 | - |
|
| 28 | - /** @var array Sorted headers that must be signed */ |
|
| 29 | - private $signableHeaders = ['Content-MD5', 'Content-Type']; |
|
| 30 | - |
|
| 31 | - /** @var \Aws\S3\S3UriParser S3 URI parser */ |
|
| 32 | - private $parser; |
|
| 33 | - |
|
| 34 | - public function __construct() |
|
| 35 | - { |
|
| 36 | - $this->parser = new S3UriParser(); |
|
| 37 | - // Ensure that the signable query string parameters are sorted |
|
| 38 | - sort($this->signableQueryString); |
|
| 39 | - } |
|
| 40 | - |
|
| 41 | - public function signRequest( |
|
| 42 | - RequestInterface $request, |
|
| 43 | - CredentialsInterface $credentials |
|
| 44 | - ) { |
|
| 45 | - $request = $this->prepareRequest($request, $credentials); |
|
| 46 | - $stringToSign = $this->createCanonicalizedString($request); |
|
| 47 | - $auth = 'AWS ' |
|
| 48 | - . $credentials->getAccessKeyId() . ':' |
|
| 49 | - . $this->signString($stringToSign, $credentials); |
|
| 50 | - |
|
| 51 | - return $request->withHeader('Authorization', $auth); |
|
| 52 | - } |
|
| 53 | - |
|
| 54 | - public function presign( |
|
| 55 | - RequestInterface $request, |
|
| 56 | - CredentialsInterface $credentials, |
|
| 57 | - $expires |
|
| 58 | - ) { |
|
| 59 | - $query = []; |
|
| 60 | - // URL encoding already occurs in the URI template expansion. Undo that |
|
| 61 | - // and encode using the same encoding as GET object, PUT object, etc. |
|
| 62 | - $uri = $request->getUri(); |
|
| 63 | - $path = S3Client::encodeKey(rawurldecode($uri->getPath())); |
|
| 64 | - $request = $request->withUri($uri->withPath($path)); |
|
| 65 | - |
|
| 66 | - // Make sure to handle temporary credentials |
|
| 67 | - if ($token = $credentials->getSecurityToken()) { |
|
| 68 | - $request = $request->withHeader('X-Amz-Security-Token', $token); |
|
| 69 | - $query['X-Amz-Security-Token'] = $token; |
|
| 70 | - } |
|
| 71 | - |
|
| 72 | - if ($expires instanceof \DateTime) { |
|
| 73 | - $expires = $expires->getTimestamp(); |
|
| 74 | - } elseif (!is_numeric($expires)) { |
|
| 75 | - $expires = strtotime($expires); |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - // Set query params required for pre-signed URLs |
|
| 79 | - $query['AWSAccessKeyId'] = $credentials->getAccessKeyId(); |
|
| 80 | - $query['Expires'] = $expires; |
|
| 81 | - $query['Signature'] = $this->signString( |
|
| 82 | - $this->createCanonicalizedString($request, $expires), |
|
| 83 | - $credentials |
|
| 84 | - ); |
|
| 85 | - |
|
| 86 | - // Move X-Amz-* headers to the query string |
|
| 87 | - foreach ($request->getHeaders() as $name => $header) { |
|
| 88 | - $name = strtolower($name); |
|
| 89 | - if (strpos($name, 'x-amz-') === 0) { |
|
| 90 | - $query[$name] = implode(',', $header); |
|
| 91 | - } |
|
| 92 | - } |
|
| 93 | - |
|
| 94 | - $queryString = http_build_query($query, null, '&', PHP_QUERY_RFC3986); |
|
| 95 | - |
|
| 96 | - return $request->withUri($request->getUri()->withQuery($queryString)); |
|
| 97 | - } |
|
| 98 | - |
|
| 99 | - /** |
|
| 100 | - * @param RequestInterface $request |
|
| 101 | - * @param CredentialsInterface $creds |
|
| 102 | - * |
|
| 103 | - * @return RequestInterface |
|
| 104 | - */ |
|
| 105 | - private function prepareRequest( |
|
| 106 | - RequestInterface $request, |
|
| 107 | - CredentialsInterface $creds |
|
| 108 | - ) { |
|
| 109 | - $modify = [ |
|
| 110 | - 'remove_headers' => ['X-Amz-Date'], |
|
| 111 | - 'set_headers' => ['Date' => gmdate(\DateTime::RFC2822)] |
|
| 112 | - ]; |
|
| 113 | - |
|
| 114 | - // Add the security token header if one is being used by the credentials |
|
| 115 | - if ($token = $creds->getSecurityToken()) { |
|
| 116 | - $modify['set_headers']['X-Amz-Security-Token'] = $token; |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - return Psr7\modify_request($request, $modify); |
|
| 120 | - } |
|
| 121 | - |
|
| 122 | - private function signString($string, CredentialsInterface $credentials) |
|
| 123 | - { |
|
| 124 | - return base64_encode( |
|
| 125 | - hash_hmac('sha1', $string, $credentials->getSecretKey(), true) |
|
| 126 | - ); |
|
| 127 | - } |
|
| 128 | - |
|
| 129 | - private function createCanonicalizedString( |
|
| 130 | - RequestInterface $request, |
|
| 131 | - $expires = null |
|
| 132 | - ) { |
|
| 133 | - $buffer = $request->getMethod() . "\n"; |
|
| 134 | - |
|
| 135 | - // Add the interesting headers |
|
| 136 | - foreach ($this->signableHeaders as $header) { |
|
| 137 | - $buffer .= $request->getHeaderLine($header) . "\n"; |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - $date = $expires ?: $request->getHeaderLine('date'); |
|
| 141 | - $buffer .= "{$date}\n" |
|
| 142 | - . $this->createCanonicalizedAmzHeaders($request) |
|
| 143 | - . $this->createCanonicalizedResource($request); |
|
| 144 | - |
|
| 145 | - return $buffer; |
|
| 146 | - } |
|
| 147 | - |
|
| 148 | - private function createCanonicalizedAmzHeaders(RequestInterface $request) |
|
| 149 | - { |
|
| 150 | - $headers = []; |
|
| 151 | - foreach ($request->getHeaders() as $name => $header) { |
|
| 152 | - $name = strtolower($name); |
|
| 153 | - if (strpos($name, 'x-amz-') === 0) { |
|
| 154 | - $value = implode(',', $header); |
|
| 155 | - if (strlen($value) > 0) { |
|
| 156 | - $headers[$name] = $name . ':' . $value; |
|
| 157 | - } |
|
| 158 | - } |
|
| 159 | - } |
|
| 160 | - |
|
| 161 | - if (!$headers) { |
|
| 162 | - return ''; |
|
| 163 | - } |
|
| 164 | - |
|
| 165 | - ksort($headers); |
|
| 166 | - |
|
| 167 | - return implode("\n", $headers) . "\n"; |
|
| 168 | - } |
|
| 169 | - |
|
| 170 | - private function createCanonicalizedResource(RequestInterface $request) |
|
| 171 | - { |
|
| 172 | - $data = $this->parser->parse($request->getUri()); |
|
| 173 | - $buffer = '/'; |
|
| 174 | - |
|
| 175 | - if ($data['bucket']) { |
|
| 176 | - $buffer .= $data['bucket']; |
|
| 177 | - if (!empty($data['key']) || !$data['path_style']) { |
|
| 178 | - $buffer .= '/' . $data['key']; |
|
| 179 | - } |
|
| 180 | - } |
|
| 181 | - |
|
| 182 | - // Add sub resource parameters if present. |
|
| 183 | - $query = $request->getUri()->getQuery(); |
|
| 184 | - |
|
| 185 | - if ($query) { |
|
| 186 | - $params = Psr7\parse_query($query); |
|
| 187 | - $first = true; |
|
| 188 | - foreach ($this->signableQueryString as $key) { |
|
| 189 | - if (array_key_exists($key, $params)) { |
|
| 190 | - $value = $params[$key]; |
|
| 191 | - $buffer .= $first ? '?' : '&'; |
|
| 192 | - $first = false; |
|
| 193 | - $buffer .= $key; |
|
| 194 | - // Don't add values for empty sub-resources |
|
| 195 | - if (strlen($value)) { |
|
| 196 | - $buffer .= "={$value}"; |
|
| 197 | - } |
|
| 198 | - } |
|
| 199 | - } |
|
| 200 | - } |
|
| 201 | - |
|
| 202 | - return $buffer; |
|
| 203 | - } |
|
| 17 | + /** @var array Query string values that must be signed */ |
|
| 18 | + private $signableQueryString = [ |
|
| 19 | + 'acl', 'cors', 'delete', 'lifecycle', 'location', 'logging', |
|
| 20 | + 'notification', 'partNumber', 'policy', 'requestPayment', |
|
| 21 | + 'response-cache-control', 'response-content-disposition', |
|
| 22 | + 'response-content-encoding', 'response-content-language', |
|
| 23 | + 'response-content-type', 'response-expires', 'restore', 'tagging', |
|
| 24 | + 'torrent', 'uploadId', 'uploads', 'versionId', 'versioning', |
|
| 25 | + 'versions', 'website' |
|
| 26 | + ]; |
|
| 27 | + |
|
| 28 | + /** @var array Sorted headers that must be signed */ |
|
| 29 | + private $signableHeaders = ['Content-MD5', 'Content-Type']; |
|
| 30 | + |
|
| 31 | + /** @var \Aws\S3\S3UriParser S3 URI parser */ |
|
| 32 | + private $parser; |
|
| 33 | + |
|
| 34 | + public function __construct() |
|
| 35 | + { |
|
| 36 | + $this->parser = new S3UriParser(); |
|
| 37 | + // Ensure that the signable query string parameters are sorted |
|
| 38 | + sort($this->signableQueryString); |
|
| 39 | + } |
|
| 40 | + |
|
| 41 | + public function signRequest( |
|
| 42 | + RequestInterface $request, |
|
| 43 | + CredentialsInterface $credentials |
|
| 44 | + ) { |
|
| 45 | + $request = $this->prepareRequest($request, $credentials); |
|
| 46 | + $stringToSign = $this->createCanonicalizedString($request); |
|
| 47 | + $auth = 'AWS ' |
|
| 48 | + . $credentials->getAccessKeyId() . ':' |
|
| 49 | + . $this->signString($stringToSign, $credentials); |
|
| 50 | + |
|
| 51 | + return $request->withHeader('Authorization', $auth); |
|
| 52 | + } |
|
| 53 | + |
|
| 54 | + public function presign( |
|
| 55 | + RequestInterface $request, |
|
| 56 | + CredentialsInterface $credentials, |
|
| 57 | + $expires |
|
| 58 | + ) { |
|
| 59 | + $query = []; |
|
| 60 | + // URL encoding already occurs in the URI template expansion. Undo that |
|
| 61 | + // and encode using the same encoding as GET object, PUT object, etc. |
|
| 62 | + $uri = $request->getUri(); |
|
| 63 | + $path = S3Client::encodeKey(rawurldecode($uri->getPath())); |
|
| 64 | + $request = $request->withUri($uri->withPath($path)); |
|
| 65 | + |
|
| 66 | + // Make sure to handle temporary credentials |
|
| 67 | + if ($token = $credentials->getSecurityToken()) { |
|
| 68 | + $request = $request->withHeader('X-Amz-Security-Token', $token); |
|
| 69 | + $query['X-Amz-Security-Token'] = $token; |
|
| 70 | + } |
|
| 71 | + |
|
| 72 | + if ($expires instanceof \DateTime) { |
|
| 73 | + $expires = $expires->getTimestamp(); |
|
| 74 | + } elseif (!is_numeric($expires)) { |
|
| 75 | + $expires = strtotime($expires); |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + // Set query params required for pre-signed URLs |
|
| 79 | + $query['AWSAccessKeyId'] = $credentials->getAccessKeyId(); |
|
| 80 | + $query['Expires'] = $expires; |
|
| 81 | + $query['Signature'] = $this->signString( |
|
| 82 | + $this->createCanonicalizedString($request, $expires), |
|
| 83 | + $credentials |
|
| 84 | + ); |
|
| 85 | + |
|
| 86 | + // Move X-Amz-* headers to the query string |
|
| 87 | + foreach ($request->getHeaders() as $name => $header) { |
|
| 88 | + $name = strtolower($name); |
|
| 89 | + if (strpos($name, 'x-amz-') === 0) { |
|
| 90 | + $query[$name] = implode(',', $header); |
|
| 91 | + } |
|
| 92 | + } |
|
| 93 | + |
|
| 94 | + $queryString = http_build_query($query, null, '&', PHP_QUERY_RFC3986); |
|
| 95 | + |
|
| 96 | + return $request->withUri($request->getUri()->withQuery($queryString)); |
|
| 97 | + } |
|
| 98 | + |
|
| 99 | + /** |
|
| 100 | + * @param RequestInterface $request |
|
| 101 | + * @param CredentialsInterface $creds |
|
| 102 | + * |
|
| 103 | + * @return RequestInterface |
|
| 104 | + */ |
|
| 105 | + private function prepareRequest( |
|
| 106 | + RequestInterface $request, |
|
| 107 | + CredentialsInterface $creds |
|
| 108 | + ) { |
|
| 109 | + $modify = [ |
|
| 110 | + 'remove_headers' => ['X-Amz-Date'], |
|
| 111 | + 'set_headers' => ['Date' => gmdate(\DateTime::RFC2822)] |
|
| 112 | + ]; |
|
| 113 | + |
|
| 114 | + // Add the security token header if one is being used by the credentials |
|
| 115 | + if ($token = $creds->getSecurityToken()) { |
|
| 116 | + $modify['set_headers']['X-Amz-Security-Token'] = $token; |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + return Psr7\modify_request($request, $modify); |
|
| 120 | + } |
|
| 121 | + |
|
| 122 | + private function signString($string, CredentialsInterface $credentials) |
|
| 123 | + { |
|
| 124 | + return base64_encode( |
|
| 125 | + hash_hmac('sha1', $string, $credentials->getSecretKey(), true) |
|
| 126 | + ); |
|
| 127 | + } |
|
| 128 | + |
|
| 129 | + private function createCanonicalizedString( |
|
| 130 | + RequestInterface $request, |
|
| 131 | + $expires = null |
|
| 132 | + ) { |
|
| 133 | + $buffer = $request->getMethod() . "\n"; |
|
| 134 | + |
|
| 135 | + // Add the interesting headers |
|
| 136 | + foreach ($this->signableHeaders as $header) { |
|
| 137 | + $buffer .= $request->getHeaderLine($header) . "\n"; |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + $date = $expires ?: $request->getHeaderLine('date'); |
|
| 141 | + $buffer .= "{$date}\n" |
|
| 142 | + . $this->createCanonicalizedAmzHeaders($request) |
|
| 143 | + . $this->createCanonicalizedResource($request); |
|
| 144 | + |
|
| 145 | + return $buffer; |
|
| 146 | + } |
|
| 147 | + |
|
| 148 | + private function createCanonicalizedAmzHeaders(RequestInterface $request) |
|
| 149 | + { |
|
| 150 | + $headers = []; |
|
| 151 | + foreach ($request->getHeaders() as $name => $header) { |
|
| 152 | + $name = strtolower($name); |
|
| 153 | + if (strpos($name, 'x-amz-') === 0) { |
|
| 154 | + $value = implode(',', $header); |
|
| 155 | + if (strlen($value) > 0) { |
|
| 156 | + $headers[$name] = $name . ':' . $value; |
|
| 157 | + } |
|
| 158 | + } |
|
| 159 | + } |
|
| 160 | + |
|
| 161 | + if (!$headers) { |
|
| 162 | + return ''; |
|
| 163 | + } |
|
| 164 | + |
|
| 165 | + ksort($headers); |
|
| 166 | + |
|
| 167 | + return implode("\n", $headers) . "\n"; |
|
| 168 | + } |
|
| 169 | + |
|
| 170 | + private function createCanonicalizedResource(RequestInterface $request) |
|
| 171 | + { |
|
| 172 | + $data = $this->parser->parse($request->getUri()); |
|
| 173 | + $buffer = '/'; |
|
| 174 | + |
|
| 175 | + if ($data['bucket']) { |
|
| 176 | + $buffer .= $data['bucket']; |
|
| 177 | + if (!empty($data['key']) || !$data['path_style']) { |
|
| 178 | + $buffer .= '/' . $data['key']; |
|
| 179 | + } |
|
| 180 | + } |
|
| 181 | + |
|
| 182 | + // Add sub resource parameters if present. |
|
| 183 | + $query = $request->getUri()->getQuery(); |
|
| 184 | + |
|
| 185 | + if ($query) { |
|
| 186 | + $params = Psr7\parse_query($query); |
|
| 187 | + $first = true; |
|
| 188 | + foreach ($this->signableQueryString as $key) { |
|
| 189 | + if (array_key_exists($key, $params)) { |
|
| 190 | + $value = $params[$key]; |
|
| 191 | + $buffer .= $first ? '?' : '&'; |
|
| 192 | + $first = false; |
|
| 193 | + $buffer .= $key; |
|
| 194 | + // Don't add values for empty sub-resources |
|
| 195 | + if (strlen($value)) { |
|
| 196 | + $buffer .= "={$value}"; |
|
| 197 | + } |
|
| 198 | + } |
|
| 199 | + } |
|
| 200 | + } |
|
| 201 | + |
|
| 202 | + return $buffer; |
|
| 203 | + } |
|
| 204 | 204 | } |
@@ -45,7 +45,7 @@ discard block |
||
| 45 | 45 | $request = $this->prepareRequest($request, $credentials); |
| 46 | 46 | $stringToSign = $this->createCanonicalizedString($request); |
| 47 | 47 | $auth = 'AWS ' |
| 48 | - . $credentials->getAccessKeyId() . ':' |
|
| 48 | + . $credentials->getAccessKeyId().':' |
|
| 49 | 49 | . $this->signString($stringToSign, $credentials); |
| 50 | 50 | |
| 51 | 51 | return $request->withHeader('Authorization', $auth); |
@@ -130,11 +130,11 @@ discard block |
||
| 130 | 130 | RequestInterface $request, |
| 131 | 131 | $expires = null |
| 132 | 132 | ) { |
| 133 | - $buffer = $request->getMethod() . "\n"; |
|
| 133 | + $buffer = $request->getMethod()."\n"; |
|
| 134 | 134 | |
| 135 | 135 | // Add the interesting headers |
| 136 | 136 | foreach ($this->signableHeaders as $header) { |
| 137 | - $buffer .= $request->getHeaderLine($header) . "\n"; |
|
| 137 | + $buffer .= $request->getHeaderLine($header)."\n"; |
|
| 138 | 138 | } |
| 139 | 139 | |
| 140 | 140 | $date = $expires ?: $request->getHeaderLine('date'); |
@@ -153,7 +153,7 @@ discard block |
||
| 153 | 153 | if (strpos($name, 'x-amz-') === 0) { |
| 154 | 154 | $value = implode(',', $header); |
| 155 | 155 | if (strlen($value) > 0) { |
| 156 | - $headers[$name] = $name . ':' . $value; |
|
| 156 | + $headers[$name] = $name.':'.$value; |
|
| 157 | 157 | } |
| 158 | 158 | } |
| 159 | 159 | } |
@@ -164,7 +164,7 @@ discard block |
||
| 164 | 164 | |
| 165 | 165 | ksort($headers); |
| 166 | 166 | |
| 167 | - return implode("\n", $headers) . "\n"; |
|
| 167 | + return implode("\n", $headers)."\n"; |
|
| 168 | 168 | } |
| 169 | 169 | |
| 170 | 170 | private function createCanonicalizedResource(RequestInterface $request) |
@@ -175,7 +175,7 @@ discard block |
||
| 175 | 175 | if ($data['bucket']) { |
| 176 | 176 | $buffer .= $data['bucket']; |
| 177 | 177 | if (!empty($data['key']) || !$data['path_style']) { |
| 178 | - $buffer .= '/' . $data['key']; |
|
| 178 | + $buffer .= '/'.$data['key']; |
|
| 179 | 179 | } |
| 180 | 180 | } |
| 181 | 181 | |
@@ -29,110 +29,110 @@ |
||
| 29 | 29 | use Aws\S3\S3Client; |
| 30 | 30 | |
| 31 | 31 | trait S3ConnectionTrait { |
| 32 | - /** @var array */ |
|
| 33 | - protected $params; |
|
| 34 | - |
|
| 35 | - /** @var S3Client */ |
|
| 36 | - protected $connection; |
|
| 37 | - |
|
| 38 | - /** @var string */ |
|
| 39 | - protected $id; |
|
| 40 | - |
|
| 41 | - /** @var string */ |
|
| 42 | - protected $bucket; |
|
| 43 | - |
|
| 44 | - /** @var int */ |
|
| 45 | - protected $timeout; |
|
| 46 | - |
|
| 47 | - protected $test; |
|
| 48 | - |
|
| 49 | - protected function parseParams($params) { |
|
| 50 | - if (empty($params['key']) || empty($params['secret']) || empty($params['bucket'])) { |
|
| 51 | - throw new \Exception("Access Key, Secret and Bucket have to be configured."); |
|
| 52 | - } |
|
| 53 | - |
|
| 54 | - $this->id = 'amazon::' . $params['bucket']; |
|
| 55 | - |
|
| 56 | - $this->test = isset($params['test']); |
|
| 57 | - $this->bucket = $params['bucket']; |
|
| 58 | - $this->timeout = (!isset($params['timeout'])) ? 15 : $params['timeout']; |
|
| 59 | - $params['region'] = empty($params['region']) ? 'eu-west-1' : $params['region']; |
|
| 60 | - $params['hostname'] = empty($params['hostname']) ? 's3.' . $params['region'] . '.amazonaws.com' : $params['hostname']; |
|
| 61 | - if (!isset($params['port']) || $params['port'] === '') { |
|
| 62 | - $params['port'] = (isset($params['use_ssl']) && $params['use_ssl'] === false) ? 80 : 443; |
|
| 63 | - } |
|
| 64 | - $this->params = $params; |
|
| 65 | - } |
|
| 66 | - |
|
| 67 | - |
|
| 68 | - /** |
|
| 69 | - * Returns the connection |
|
| 70 | - * |
|
| 71 | - * @return S3Client connected client |
|
| 72 | - * @throws \Exception if connection could not be made |
|
| 73 | - */ |
|
| 74 | - protected function getConnection() { |
|
| 75 | - if (!is_null($this->connection)) { |
|
| 76 | - return $this->connection; |
|
| 77 | - } |
|
| 78 | - |
|
| 79 | - $scheme = (isset($this->params['use_ssl']) && $this->params['use_ssl'] === false) ? 'http' : 'https'; |
|
| 80 | - $base_url = $scheme . '://' . $this->params['hostname'] . ':' . $this->params['port'] . '/'; |
|
| 81 | - |
|
| 82 | - $options = [ |
|
| 83 | - 'version' => isset($this->params['version']) ? $this->params['version'] : 'latest', |
|
| 84 | - 'credentials' => [ |
|
| 85 | - 'key' => $this->params['key'], |
|
| 86 | - 'secret' => $this->params['secret'], |
|
| 87 | - ], |
|
| 88 | - 'endpoint' => $base_url, |
|
| 89 | - 'region' => $this->params['region'], |
|
| 90 | - 'use_path_style_endpoint' => isset($this->params['use_path_style']) ? $this->params['use_path_style'] : false, |
|
| 91 | - 'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()) |
|
| 92 | - ]; |
|
| 93 | - if (isset($this->params['proxy'])) { |
|
| 94 | - $options['request.options'] = ['proxy' => $this->params['proxy']]; |
|
| 95 | - } |
|
| 96 | - if (isset($this->params['legacy_auth']) && $this->params['legacy_auth']) { |
|
| 97 | - $options['signature_version'] = 'v2'; |
|
| 98 | - } |
|
| 99 | - $this->connection = new S3Client($options); |
|
| 100 | - |
|
| 101 | - if (!$this->connection->isBucketDnsCompatible($this->bucket)) { |
|
| 102 | - throw new \Exception("The configured bucket name is invalid: " . $this->bucket); |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - if (!$this->connection->doesBucketExist($this->bucket)) { |
|
| 106 | - try { |
|
| 107 | - $this->connection->createBucket(array( |
|
| 108 | - 'Bucket' => $this->bucket |
|
| 109 | - )); |
|
| 110 | - $this->testTimeout(); |
|
| 111 | - } catch (S3Exception $e) { |
|
| 112 | - \OCP\Util::logException('files_external', $e); |
|
| 113 | - throw new \Exception('Creation of bucket failed. ' . $e->getMessage()); |
|
| 114 | - } |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - return $this->connection; |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - /** |
|
| 121 | - * when running the tests wait to let the buckets catch up |
|
| 122 | - */ |
|
| 123 | - private function testTimeout() { |
|
| 124 | - if ($this->test) { |
|
| 125 | - sleep($this->timeout); |
|
| 126 | - } |
|
| 127 | - } |
|
| 128 | - |
|
| 129 | - public static function legacySignatureProvider($version, $service, $region) { |
|
| 130 | - switch ($version) { |
|
| 131 | - case 'v2': |
|
| 132 | - case 's3': |
|
| 133 | - return new S3Signature(); |
|
| 134 | - default: |
|
| 135 | - return null; |
|
| 136 | - } |
|
| 137 | - } |
|
| 32 | + /** @var array */ |
|
| 33 | + protected $params; |
|
| 34 | + |
|
| 35 | + /** @var S3Client */ |
|
| 36 | + protected $connection; |
|
| 37 | + |
|
| 38 | + /** @var string */ |
|
| 39 | + protected $id; |
|
| 40 | + |
|
| 41 | + /** @var string */ |
|
| 42 | + protected $bucket; |
|
| 43 | + |
|
| 44 | + /** @var int */ |
|
| 45 | + protected $timeout; |
|
| 46 | + |
|
| 47 | + protected $test; |
|
| 48 | + |
|
| 49 | + protected function parseParams($params) { |
|
| 50 | + if (empty($params['key']) || empty($params['secret']) || empty($params['bucket'])) { |
|
| 51 | + throw new \Exception("Access Key, Secret and Bucket have to be configured."); |
|
| 52 | + } |
|
| 53 | + |
|
| 54 | + $this->id = 'amazon::' . $params['bucket']; |
|
| 55 | + |
|
| 56 | + $this->test = isset($params['test']); |
|
| 57 | + $this->bucket = $params['bucket']; |
|
| 58 | + $this->timeout = (!isset($params['timeout'])) ? 15 : $params['timeout']; |
|
| 59 | + $params['region'] = empty($params['region']) ? 'eu-west-1' : $params['region']; |
|
| 60 | + $params['hostname'] = empty($params['hostname']) ? 's3.' . $params['region'] . '.amazonaws.com' : $params['hostname']; |
|
| 61 | + if (!isset($params['port']) || $params['port'] === '') { |
|
| 62 | + $params['port'] = (isset($params['use_ssl']) && $params['use_ssl'] === false) ? 80 : 443; |
|
| 63 | + } |
|
| 64 | + $this->params = $params; |
|
| 65 | + } |
|
| 66 | + |
|
| 67 | + |
|
| 68 | + /** |
|
| 69 | + * Returns the connection |
|
| 70 | + * |
|
| 71 | + * @return S3Client connected client |
|
| 72 | + * @throws \Exception if connection could not be made |
|
| 73 | + */ |
|
| 74 | + protected function getConnection() { |
|
| 75 | + if (!is_null($this->connection)) { |
|
| 76 | + return $this->connection; |
|
| 77 | + } |
|
| 78 | + |
|
| 79 | + $scheme = (isset($this->params['use_ssl']) && $this->params['use_ssl'] === false) ? 'http' : 'https'; |
|
| 80 | + $base_url = $scheme . '://' . $this->params['hostname'] . ':' . $this->params['port'] . '/'; |
|
| 81 | + |
|
| 82 | + $options = [ |
|
| 83 | + 'version' => isset($this->params['version']) ? $this->params['version'] : 'latest', |
|
| 84 | + 'credentials' => [ |
|
| 85 | + 'key' => $this->params['key'], |
|
| 86 | + 'secret' => $this->params['secret'], |
|
| 87 | + ], |
|
| 88 | + 'endpoint' => $base_url, |
|
| 89 | + 'region' => $this->params['region'], |
|
| 90 | + 'use_path_style_endpoint' => isset($this->params['use_path_style']) ? $this->params['use_path_style'] : false, |
|
| 91 | + 'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()) |
|
| 92 | + ]; |
|
| 93 | + if (isset($this->params['proxy'])) { |
|
| 94 | + $options['request.options'] = ['proxy' => $this->params['proxy']]; |
|
| 95 | + } |
|
| 96 | + if (isset($this->params['legacy_auth']) && $this->params['legacy_auth']) { |
|
| 97 | + $options['signature_version'] = 'v2'; |
|
| 98 | + } |
|
| 99 | + $this->connection = new S3Client($options); |
|
| 100 | + |
|
| 101 | + if (!$this->connection->isBucketDnsCompatible($this->bucket)) { |
|
| 102 | + throw new \Exception("The configured bucket name is invalid: " . $this->bucket); |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + if (!$this->connection->doesBucketExist($this->bucket)) { |
|
| 106 | + try { |
|
| 107 | + $this->connection->createBucket(array( |
|
| 108 | + 'Bucket' => $this->bucket |
|
| 109 | + )); |
|
| 110 | + $this->testTimeout(); |
|
| 111 | + } catch (S3Exception $e) { |
|
| 112 | + \OCP\Util::logException('files_external', $e); |
|
| 113 | + throw new \Exception('Creation of bucket failed. ' . $e->getMessage()); |
|
| 114 | + } |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + return $this->connection; |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + /** |
|
| 121 | + * when running the tests wait to let the buckets catch up |
|
| 122 | + */ |
|
| 123 | + private function testTimeout() { |
|
| 124 | + if ($this->test) { |
|
| 125 | + sleep($this->timeout); |
|
| 126 | + } |
|
| 127 | + } |
|
| 128 | + |
|
| 129 | + public static function legacySignatureProvider($version, $service, $region) { |
|
| 130 | + switch ($version) { |
|
| 131 | + case 'v2': |
|
| 132 | + case 's3': |
|
| 133 | + return new S3Signature(); |
|
| 134 | + default: |
|
| 135 | + return null; |
|
| 136 | + } |
|
| 137 | + } |
|
| 138 | 138 | } |
@@ -33,32 +33,32 @@ |
||
| 33 | 33 | |
| 34 | 34 | class AmazonS3 extends Backend { |
| 35 | 35 | |
| 36 | - use LegacyDependencyCheckPolyfill; |
|
| 36 | + use LegacyDependencyCheckPolyfill; |
|
| 37 | 37 | |
| 38 | - public function __construct(IL10N $l, AccessKey $legacyAuth) { |
|
| 39 | - $this |
|
| 40 | - ->setIdentifier('amazons3') |
|
| 41 | - ->addIdentifierAlias('\OC\Files\Storage\AmazonS3') // legacy compat |
|
| 42 | - ->setStorageClass('\OCA\Files_External\Lib\Storage\AmazonS3') |
|
| 43 | - ->setText($l->t('Amazon S3')) |
|
| 44 | - ->addParameters([ |
|
| 45 | - (new DefinitionParameter('bucket', $l->t('Bucket'))), |
|
| 46 | - (new DefinitionParameter('hostname', $l->t('Hostname'))) |
|
| 47 | - ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 48 | - (new DefinitionParameter('port', $l->t('Port'))) |
|
| 49 | - ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 50 | - (new DefinitionParameter('region', $l->t('Region'))) |
|
| 51 | - ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 52 | - (new DefinitionParameter('use_ssl', $l->t('Enable SSL'))) |
|
| 53 | - ->setType(DefinitionParameter::VALUE_BOOLEAN), |
|
| 54 | - (new DefinitionParameter('use_path_style', $l->t('Enable Path Style'))) |
|
| 55 | - ->setType(DefinitionParameter::VALUE_BOOLEAN), |
|
| 56 | - (new DefinitionParameter('legacy_auth', $l->t('Legacy (v2) authentication'))) |
|
| 57 | - ->setType(DefinitionParameter::VALUE_BOOLEAN), |
|
| 58 | - ]) |
|
| 59 | - ->addAuthScheme(AccessKey::SCHEME_AMAZONS3_ACCESSKEY) |
|
| 60 | - ->setLegacyAuthMechanism($legacyAuth) |
|
| 61 | - ; |
|
| 62 | - } |
|
| 38 | + public function __construct(IL10N $l, AccessKey $legacyAuth) { |
|
| 39 | + $this |
|
| 40 | + ->setIdentifier('amazons3') |
|
| 41 | + ->addIdentifierAlias('\OC\Files\Storage\AmazonS3') // legacy compat |
|
| 42 | + ->setStorageClass('\OCA\Files_External\Lib\Storage\AmazonS3') |
|
| 43 | + ->setText($l->t('Amazon S3')) |
|
| 44 | + ->addParameters([ |
|
| 45 | + (new DefinitionParameter('bucket', $l->t('Bucket'))), |
|
| 46 | + (new DefinitionParameter('hostname', $l->t('Hostname'))) |
|
| 47 | + ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 48 | + (new DefinitionParameter('port', $l->t('Port'))) |
|
| 49 | + ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 50 | + (new DefinitionParameter('region', $l->t('Region'))) |
|
| 51 | + ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 52 | + (new DefinitionParameter('use_ssl', $l->t('Enable SSL'))) |
|
| 53 | + ->setType(DefinitionParameter::VALUE_BOOLEAN), |
|
| 54 | + (new DefinitionParameter('use_path_style', $l->t('Enable Path Style'))) |
|
| 55 | + ->setType(DefinitionParameter::VALUE_BOOLEAN), |
|
| 56 | + (new DefinitionParameter('legacy_auth', $l->t('Legacy (v2) authentication'))) |
|
| 57 | + ->setType(DefinitionParameter::VALUE_BOOLEAN), |
|
| 58 | + ]) |
|
| 59 | + ->addAuthScheme(AccessKey::SCHEME_AMAZONS3_ACCESSKEY) |
|
| 60 | + ->setLegacyAuthMechanism($legacyAuth) |
|
| 61 | + ; |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | 64 | } |
