Add a storage layer for attachments (#11387)

* Add a storage layer for attachments * Fix some bug * fix test * Fix copyright head and lint * Fix bug * Add setting for minio and flags for migrate-storage * Add documents * fix lint * Add test for minio store type on attachments * fix test * fix test * Apply suggestions from code review Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> * Add warning when storage migrated successfully * Fix drone * fix test * rebase * Fix test * display the error on console * Move minio test to amd64 since minio docker don't support arm64 * refactor the codes * add trace * Fix test * remove log on xorm * Fi download bug * Add a storage layer for attachments * Add setting for minio and flags for migrate-storage * fix lint * Add test for minio store type on attachments * Apply suggestions from code review Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> * Fix drone * fix test * Fix test * display the error on console * Move minio test to amd64 since minio docker don't support arm64 * refactor the codes * add trace * Fix test * Add URL function to serve attachments directly from S3/Minio * Add ability to enable/disable redirection in attachment configuration * Fix typo * Add a storage layer for attachments * Add setting for minio and flags for migrate-storage * fix lint * Add test for minio store type on attachments * Apply suggestions from code review Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> * Fix drone * fix test * Fix test * display the error on console * Move minio test to amd64 since minio docker don't support arm64 * don't change unrelated files * Fix lint * Fix build * update go.mod and go.sum * Use github.com/minio/minio-go/v6 * Remove unused function * Upgrade minio to v7 and some other improvements * fix lint * Fix go mod Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: Tyler <tystuyfzand@gmail.com>
2020-08-18 12:23:45 +08:00 · 2020-08-18 12:23:45 +08:00 · 62e6c9bc6c
commit 62e6c9bc6c
parent 02fbe1e5dc
330 changed files with 62099 additions and 331 deletions
--- a/vendor/github.com/minio/minio-go/v7/api-presigned.go
+++ b/vendor/github.com/minio/minio-go/v7/api-presigned.go
@ -0,0 +1,216 @@
+/*
+ * MinIO Go Library for Amazon S3 Compatible Cloud Storage
+ * Copyright 2015-2017 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package minio
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/minio/minio-go/v7/pkg/s3utils"
+	"github.com/minio/minio-go/v7/pkg/signer"
+)
+
+// presignURL - Returns a presigned URL for an input 'method'.
+// Expires maximum is 7days - ie. 604800 and minimum is 1.
+func (c Client) presignURL(ctx context.Context, method string, bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {
+	// Input validation.
+	if method == "" {
+		return nil, errInvalidArgument("method cannot be empty.")
+	}
+	if err = s3utils.CheckValidBucketName(bucketName); err != nil {
+		return nil, err
+	}
+	if err = isValidExpiry(expires); err != nil {
+		return nil, err
+	}
+
+	// Convert expires into seconds.
+	expireSeconds := int64(expires / time.Second)
+	reqMetadata := requestMetadata{
+		presignURL:  true,
+		bucketName:  bucketName,
+		objectName:  objectName,
+		expires:     expireSeconds,
+		queryValues: reqParams,
+	}
+
+	// Instantiate a new request.
+	// Since expires is set newRequest will presign the request.
+	var req *http.Request
+	if req, err = c.newRequest(ctx, method, reqMetadata); err != nil {
+		return nil, err
+	}
+	return req.URL, nil
+}
+
+// PresignedGetObject - Returns a presigned URL to access an object
+// data without credentials. URL can have a maximum expiry of
+// upto 7days or a minimum of 1sec. Additionally you can override
+// a set of response headers using the query parameters.
+func (c Client) PresignedGetObject(ctx context.Context, bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {
+	if err = s3utils.CheckValidObjectName(objectName); err != nil {
+		return nil, err
+	}
+	return c.presignURL(ctx, http.MethodGet, bucketName, objectName, expires, reqParams)
+}
+
+// PresignedHeadObject - Returns a presigned URL to access
+// object metadata without credentials. URL can have a maximum expiry
+// of upto 7days or a minimum of 1sec. Additionally you can override
+// a set of response headers using the query parameters.
+func (c Client) PresignedHeadObject(ctx context.Context, bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {
+	if err = s3utils.CheckValidObjectName(objectName); err != nil {
+		return nil, err
+	}
+	return c.presignURL(ctx, http.MethodHead, bucketName, objectName, expires, reqParams)
+}
+
+// PresignedPutObject - Returns a presigned URL to upload an object
+// without credentials. URL can have a maximum expiry of upto 7days
+// or a minimum of 1sec.
+func (c Client) PresignedPutObject(ctx context.Context, bucketName string, objectName string, expires time.Duration) (u *url.URL, err error) {
+	if err = s3utils.CheckValidObjectName(objectName); err != nil {
+		return nil, err
+	}
+	return c.presignURL(ctx, http.MethodPut, bucketName, objectName, expires, nil)
+}
+
+// Presign - returns a presigned URL for any http method of your choice
+// along with custom request params. URL can have a maximum expiry of
+// upto 7days or a minimum of 1sec.
+func (c Client) Presign(ctx context.Context, method string, bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {
+	return c.presignURL(ctx, method, bucketName, objectName, expires, reqParams)
+}
+
+// PresignedPostPolicy - Returns POST urlString, form data to upload an object.
+func (c Client) PresignedPostPolicy(ctx context.Context, p *PostPolicy) (u *url.URL, formData map[string]string, err error) {
+	// Validate input arguments.
+	if p.expiration.IsZero() {
+		return nil, nil, errors.New("Expiration time must be specified")
+	}
+	if _, ok := p.formData["key"]; !ok {
+		return nil, nil, errors.New("object key must be specified")
+	}
+	if _, ok := p.formData["bucket"]; !ok {
+		return nil, nil, errors.New("bucket name must be specified")
+	}
+
+	bucketName := p.formData["bucket"]
+	// Fetch the bucket location.
+	location, err := c.getBucketLocation(ctx, bucketName)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	isVirtualHost := c.isVirtualHostStyleRequest(*c.endpointURL, bucketName)
+
+	u, err = c.makeTargetURL(bucketName, "", location, isVirtualHost, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Get credentials from the configured credentials provider.
+	credValues, err := c.credsProvider.Get()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var (
+		signerType      = credValues.SignerType
+		sessionToken    = credValues.SessionToken
+		accessKeyID     = credValues.AccessKeyID
+		secretAccessKey = credValues.SecretAccessKey
+	)
+
+	if signerType.IsAnonymous() {
+		return nil, nil, errInvalidArgument("Presigned operations are not supported for anonymous credentials")
+	}
+
+	// Keep time.
+	t := time.Now().UTC()
+	// For signature version '2' handle here.
+	if signerType.IsV2() {
+		policyBase64 := p.base64()
+		p.formData["policy"] = policyBase64
+		// For Google endpoint set this value to be 'GoogleAccessId'.
+		if s3utils.IsGoogleEndpoint(*c.endpointURL) {
+			p.formData["GoogleAccessId"] = accessKeyID
+		} else {
+			// For all other endpoints set this value to be 'AWSAccessKeyId'.
+			p.formData["AWSAccessKeyId"] = accessKeyID
+		}
+		// Sign the policy.
+		p.formData["signature"] = signer.PostPresignSignatureV2(policyBase64, secretAccessKey)
+		return u, p.formData, nil
+	}
+
+	// Add date policy.
+	if err = p.addNewPolicy(policyCondition{
+		matchType: "eq",
+		condition: "$x-amz-date",
+		value:     t.Format(iso8601DateFormat),
+	}); err != nil {
+		return nil, nil, err
+	}
+
+	// Add algorithm policy.
+	if err = p.addNewPolicy(policyCondition{
+		matchType: "eq",
+		condition: "$x-amz-algorithm",
+		value:     signV4Algorithm,
+	}); err != nil {
+		return nil, nil, err
+	}
+
+	// Add a credential policy.
+	credential := signer.GetCredential(accessKeyID, location, t, signer.ServiceTypeS3)
+	if err = p.addNewPolicy(policyCondition{
+		matchType: "eq",
+		condition: "$x-amz-credential",
+		value:     credential,
+	}); err != nil {
+		return nil, nil, err
+	}
+
+	if sessionToken != "" {
+		if err = p.addNewPolicy(policyCondition{
+			matchType: "eq",
+			condition: "$x-amz-security-token",
+			value:     sessionToken,
+		}); err != nil {
+			return nil, nil, err
+		}
+	}
+
+	// Get base64 encoded policy.
+	policyBase64 := p.base64()
+
+	// Fill in the form data.
+	p.formData["policy"] = policyBase64
+	p.formData["x-amz-algorithm"] = signV4Algorithm
+	p.formData["x-amz-credential"] = credential
+	p.formData["x-amz-date"] = t.Format(iso8601DateFormat)
+	if sessionToken != "" {
+		p.formData["x-amz-security-token"] = sessionToken
+	}
+	p.formData["x-amz-signature"] = signer.PostPresignSignatureV4(policyBase64, t, secretAccessKey, location)
+	return u, p.formData, nil
+}