From ae51114a451477b4cc6c8271b8fd5d053faec2e0 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Sat, 4 Jun 2022 08:29:57 -0700 Subject: [PATCH] backend: fix accessing signed urls when using local minio service - signing url with endpoint_url instead of access_endpoint_url, but replace endpoint_url prefix with access_endpoint_url for access. - keep existing behavior of signing access_endpoint_url only if SIGN_ACCESS_ENDPOINT env var is set --- backend/storages.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/backend/storages.py b/backend/storages.py index a43a4aab..fba7dd42 100644 --- a/backend/storages.py +++ b/backend/storages.py @@ -4,6 +4,7 @@ Storage API from typing import Union from urllib.parse import urlsplit from contextlib import asynccontextmanager +import os from fastapi import Depends, HTTPException from aiobotocore.session import get_session @@ -12,6 +13,10 @@ from archives import Archive, DefaultStorage, S3Storage from users import User +# sign access endpoint +sign_access_endpoint = os.environ.get("SIGN_ACCESS_ENDPOINT") + + # ============================================================================ def init_storages_api(archive_ops, crawl_manager, user_dep): """ API for updating storage for an archive """ @@ -103,11 +108,20 @@ async def get_presigned_url(archive, crawlfile, crawl_manager, duration=3600): else: raise Exception("No Default Storage Found, Invalid Storage Type") - async with get_s3_client(s3storage, True) as (client, bucket, key): + async with get_s3_client(s3storage, sign_access_endpoint) as (client, bucket, key): key += crawlfile.filename presigned_url = await client.generate_presigned_url( "get_object", Params={"Bucket": bucket, "Key": key}, ExpiresIn=duration ) + if ( + not sign_access_endpoint + and s3storage.access_endpoint_url + and s3storage.access_endpoint_url != s3storage.endpoint_url + ): + presigned_url = presigned_url.replace( + s3storage.endpoint_url, s3storage.access_endpoint_url + ) + return presigned_url