2016-08-08 07:54:46 -04:00
|
|
|
<?php
|
2025-06-30 09:04:05 -04:00
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
/**
|
2024-05-23 03:26:56 -04:00
|
|
|
* SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
|
|
|
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
2016-08-08 07:54:46 -04:00
|
|
|
*/
|
|
|
|
|
namespace OC\Files\ObjectStore;
|
|
|
|
|
|
2017-12-19 05:54:55 -05:00
|
|
|
use Aws\ClientResolver;
|
2020-05-09 10:22:56 -04:00
|
|
|
use Aws\Credentials\CredentialProvider;
|
|
|
|
|
use Aws\Credentials\Credentials;
|
|
|
|
|
use Aws\Exception\CredentialsException;
|
2016-08-08 07:54:46 -04:00
|
|
|
use Aws\S3\Exception\S3Exception;
|
|
|
|
|
use Aws\S3\S3Client;
|
2024-06-14 14:20:19 -04:00
|
|
|
use GuzzleHttp\Promise\Create;
|
2020-05-09 10:22:56 -04:00
|
|
|
use GuzzleHttp\Promise\RejectedPromise;
|
2025-11-20 01:05:01 -05:00
|
|
|
use OCP\EventDispatcher\IEventDispatcher;
|
|
|
|
|
use OCP\Files\ObjectStore\Events\BucketCreatedEvent;
|
2024-11-26 10:49:55 -05:00
|
|
|
use OCP\Files\StorageNotAvailableException;
|
2025-11-12 08:14:06 -05:00
|
|
|
use OCP\ICache;
|
|
|
|
|
use OCP\ICacheFactory;
|
2022-03-14 13:09:48 -04:00
|
|
|
use OCP\ICertificateManager;
|
2024-07-05 04:49:10 -04:00
|
|
|
use OCP\Server;
|
2022-03-30 04:55:41 -04:00
|
|
|
use Psr\Log\LoggerInterface;
|
2016-08-08 07:54:46 -04:00
|
|
|
|
|
|
|
|
trait S3ConnectionTrait {
|
2024-03-16 16:14:16 -04:00
|
|
|
use S3ConfigTrait;
|
2016-08-08 07:54:46 -04:00
|
|
|
|
2024-03-16 16:14:16 -04:00
|
|
|
protected string $id;
|
2016-08-08 07:54:46 -04:00
|
|
|
|
2024-03-16 16:14:16 -04:00
|
|
|
protected bool $test;
|
2016-08-08 07:54:46 -04:00
|
|
|
|
2024-03-16 16:18:44 -04:00
|
|
|
protected ?S3Client $connection = null;
|
2025-11-12 08:14:06 -05:00
|
|
|
private ?ICache $existingBucketsCache = null;
|
2025-08-15 08:04:25 -04:00
|
|
|
private bool $usePresignedUrl = false;
|
2025-11-12 08:14:06 -05:00
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
protected function parseParams($params) {
|
2020-05-09 10:22:56 -04:00
|
|
|
if (empty($params['bucket'])) {
|
2024-08-23 09:10:27 -04:00
|
|
|
throw new \Exception('Bucket has to be configured.');
|
2016-08-08 07:54:46 -04:00
|
|
|
}
|
|
|
|
|
|
2025-12-18 18:31:29 -05:00
|
|
|
if (isset($params['perBucket'][$params['bucket']])) {
|
2025-12-01 09:18:33 -05:00
|
|
|
$params = array_merge($params, $params['perBucket'][$params['bucket']]);
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
$this->id = 'amazon::' . $params['bucket'];
|
|
|
|
|
|
|
|
|
|
$this->test = isset($params['test']);
|
|
|
|
|
$this->bucket = $params['bucket'];
|
2024-03-16 16:18:44 -04:00
|
|
|
// Default to 5 like the S3 SDK does
|
|
|
|
|
$this->concurrency = $params['concurrency'] ?? 5;
|
2021-07-08 09:19:39 -04:00
|
|
|
$this->proxy = $params['proxy'] ?? false;
|
2025-06-15 02:27:46 -04:00
|
|
|
$this->connectTimeout = $params['connect_timeout'] ?? 5;
|
2021-07-08 09:19:39 -04:00
|
|
|
$this->timeout = $params['timeout'] ?? 15;
|
2023-01-05 10:06:56 -05:00
|
|
|
$this->storageClass = !empty($params['storageClass']) ? $params['storageClass'] : 'STANDARD';
|
2021-07-08 09:19:39 -04:00
|
|
|
$this->uploadPartSize = $params['uploadPartSize'] ?? 524288000;
|
2021-08-20 11:05:49 -04:00
|
|
|
$this->putSizeLimit = $params['putSizeLimit'] ?? 104857600;
|
2023-11-29 11:31:34 -05:00
|
|
|
$this->copySizeLimit = $params['copySizeLimit'] ?? 5242880000;
|
2023-12-28 09:31:08 -05:00
|
|
|
$this->useMultipartCopy = (bool)($params['useMultipartCopy'] ?? true);
|
2025-11-17 18:18:57 -05:00
|
|
|
$this->retriesMaxAttempts = $params['retriesMaxAttempts'] ?? 5;
|
2016-08-08 07:54:46 -04:00
|
|
|
$params['region'] = empty($params['region']) ? 'eu-west-1' : $params['region'];
|
2017-04-20 11:08:22 -04:00
|
|
|
$params['hostname'] = empty($params['hostname']) ? 's3.' . $params['region'] . '.amazonaws.com' : $params['hostname'];
|
2024-06-03 17:31:26 -04:00
|
|
|
$params['s3-accelerate'] = $params['hostname'] === 's3-accelerate.amazonaws.com' || $params['hostname'] === 's3-accelerate.dualstack.amazonaws.com';
|
2016-08-08 07:54:46 -04:00
|
|
|
if (!isset($params['port']) || $params['port'] === '') {
|
|
|
|
|
$params['port'] = (isset($params['use_ssl']) && $params['use_ssl'] === false) ? 80 : 443;
|
|
|
|
|
}
|
2023-06-26 10:43:07 -04:00
|
|
|
$params['verify_bucket_exists'] = $params['verify_bucket_exists'] ?? true;
|
2024-03-26 10:47:14 -04:00
|
|
|
|
|
|
|
|
if ($params['s3-accelerate']) {
|
|
|
|
|
$params['verify_bucket_exists'] = false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
$this->params = $params;
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-24 08:02:03 -04:00
|
|
|
public function getBucket() {
|
|
|
|
|
return $this->bucket;
|
|
|
|
|
}
|
2016-08-08 07:54:46 -04:00
|
|
|
|
2021-03-13 06:05:27 -05:00
|
|
|
public function getProxy() {
|
|
|
|
|
return $this->proxy;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
/**
|
|
|
|
|
* Returns the connection
|
|
|
|
|
*
|
|
|
|
|
* @return S3Client connected client
|
|
|
|
|
* @throws \Exception if connection could not be made
|
|
|
|
|
*/
|
2019-05-24 08:02:03 -04:00
|
|
|
public function getConnection() {
|
2024-03-16 16:18:44 -04:00
|
|
|
if ($this->connection !== null) {
|
2016-08-08 07:54:46 -04:00
|
|
|
return $this->connection;
|
|
|
|
|
}
|
|
|
|
|
|
2025-11-12 08:14:06 -05:00
|
|
|
if ($this->existingBucketsCache === null) {
|
|
|
|
|
$this->existingBucketsCache = Server::get(ICacheFactory::class)
|
|
|
|
|
->createLocal('s3-bucket-exists-cache');
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
$scheme = (isset($this->params['use_ssl']) && $this->params['use_ssl'] === false) ? 'http' : 'https';
|
|
|
|
|
$base_url = $scheme . '://' . $this->params['hostname'] . ':' . $this->params['port'] . '/';
|
|
|
|
|
|
2020-05-09 10:22:56 -04:00
|
|
|
// Adding explicit credential provider to the beginning chain.
|
2021-06-13 07:12:43 -04:00
|
|
|
// Including default credential provider (skipping AWS shared config files).
|
2020-05-09 10:22:56 -04:00
|
|
|
$provider = CredentialProvider::memoize(
|
|
|
|
|
CredentialProvider::chain(
|
|
|
|
|
$this->paramCredentialProvider(),
|
2021-06-13 07:12:43 -04:00
|
|
|
CredentialProvider::defaultProvider(['use_aws_shared_config_files' => false])
|
2020-05-09 10:22:56 -04:00
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
2025-08-15 08:04:25 -04:00
|
|
|
$this->usePresignedUrl = $this->params['use_presigned_url'] ?? false;
|
|
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
$options = [
|
2023-07-07 06:13:21 -04:00
|
|
|
'version' => $this->params['version'] ?? 'latest',
|
2020-05-09 10:22:56 -04:00
|
|
|
'credentials' => $provider,
|
2017-04-20 11:08:22 -04:00
|
|
|
'endpoint' => $base_url,
|
2016-08-08 07:54:46 -04:00
|
|
|
'region' => $this->params['region'],
|
2017-12-19 05:54:55 -05:00
|
|
|
'use_path_style_endpoint' => isset($this->params['use_path_style']) ? $this->params['use_path_style'] : false,
|
2025-08-15 08:04:25 -04:00
|
|
|
'proxy' => isset($this->params['proxy']) ? $this->params['proxy'] : false,
|
2020-06-15 03:12:42 -04:00
|
|
|
'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()),
|
|
|
|
|
'csm' => false,
|
2020-10-08 04:56:35 -04:00
|
|
|
'use_arn_region' => false,
|
2024-07-05 04:49:10 -04:00
|
|
|
'http' => [
|
|
|
|
|
'verify' => $this->getCertificateBundlePath(),
|
2025-06-15 02:27:46 -04:00
|
|
|
'connect_timeout' => $this->connectTimeout,
|
2024-07-05 04:49:10 -04:00
|
|
|
],
|
2022-06-07 07:39:14 -04:00
|
|
|
'use_aws_shared_config_files' => false,
|
2025-04-22 11:35:33 -04:00
|
|
|
'retries' => [
|
|
|
|
|
'mode' => 'standard',
|
2025-11-17 18:18:57 -05:00
|
|
|
'max_attempts' => $this->retriesMaxAttempts,
|
2025-04-22 11:35:33 -04:00
|
|
|
],
|
2016-08-08 07:54:46 -04:00
|
|
|
];
|
2024-03-26 10:47:14 -04:00
|
|
|
|
|
|
|
|
if ($this->params['s3-accelerate']) {
|
|
|
|
|
$options['use_accelerate_endpoint'] = true;
|
|
|
|
|
} else {
|
|
|
|
|
$options['endpoint'] = $base_url;
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-29 06:48:16 -04:00
|
|
|
if (isset($this->params['request_checksum_calculation'])) {
|
|
|
|
|
$options['request_checksum_calculation'] = $this->params['request_checksum_calculation'];
|
2025-11-25 12:00:59 -05:00
|
|
|
} else {
|
|
|
|
|
$options['request_checksum_calculation'] = 'when_required';
|
2025-10-29 06:48:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isset($this->params['response_checksum_validation'])) {
|
|
|
|
|
$options['response_checksum_validation'] = $this->params['response_checksum_validation'];
|
2025-11-25 12:00:59 -05:00
|
|
|
} else {
|
|
|
|
|
$options['response_checksum_validation'] = 'when_required';
|
2025-10-29 06:48:16 -04:00
|
|
|
}
|
|
|
|
|
|
2021-06-28 11:58:50 -04:00
|
|
|
if ($this->getProxy()) {
|
2022-03-14 13:09:48 -04:00
|
|
|
$options['http']['proxy'] = $this->getProxy();
|
2016-08-08 07:54:46 -04:00
|
|
|
}
|
2017-12-19 05:54:55 -05:00
|
|
|
if (isset($this->params['legacy_auth']) && $this->params['legacy_auth']) {
|
|
|
|
|
$options['signature_version'] = 'v2';
|
|
|
|
|
}
|
2017-04-20 11:08:22 -04:00
|
|
|
$this->connection = new S3Client($options);
|
2016-08-08 07:54:46 -04:00
|
|
|
|
2024-07-05 04:49:10 -04:00
|
|
|
try {
|
|
|
|
|
$logger = Server::get(LoggerInterface::class);
|
|
|
|
|
if (!$this->connection::isBucketDnsCompatible($this->bucket)) {
|
|
|
|
|
$logger->debug('Bucket "' . $this->bucket . '" This bucket name is not dns compatible, it may contain invalid characters.',
|
|
|
|
|
['app' => 'objectstore']);
|
|
|
|
|
}
|
2025-02-06 09:43:47 -05:00
|
|
|
|
2025-11-12 08:14:06 -05:00
|
|
|
if ($this->params['verify_bucket_exists']) {
|
|
|
|
|
$cacheKey = $this->params['hostname'] . $this->bucket;
|
|
|
|
|
$exist = $this->existingBucketsCache->get($cacheKey) === 1;
|
|
|
|
|
|
2025-11-20 10:50:14 -05:00
|
|
|
if (!$exist) {
|
|
|
|
|
if (!$this->connection->doesBucketExist($this->bucket)) {
|
|
|
|
|
try {
|
|
|
|
|
$logger->info('Bucket "' . $this->bucket . '" does not exist - creating it.', ['app' => 'objectstore']);
|
|
|
|
|
if (!$this->connection::isBucketDnsCompatible($this->bucket)) {
|
|
|
|
|
throw new StorageNotAvailableException('The bucket will not be created because the name is not dns compatible, please correct it: ' . $this->bucket);
|
|
|
|
|
}
|
|
|
|
|
$this->connection->createBucket(['Bucket' => $this->bucket]);
|
2025-11-20 01:05:01 -05:00
|
|
|
Server::get(IEventDispatcher::class)
|
|
|
|
|
->dispatchTyped(new BucketCreatedEvent(
|
|
|
|
|
$this->bucket,
|
|
|
|
|
$options['endpoint'],
|
|
|
|
|
$options['region'],
|
|
|
|
|
$options['version']
|
|
|
|
|
));
|
2025-11-20 10:50:14 -05:00
|
|
|
$this->testTimeout();
|
|
|
|
|
} catch (S3Exception $e) {
|
|
|
|
|
$logger->debug('Invalid remote storage.', [
|
|
|
|
|
'exception' => $e,
|
|
|
|
|
'app' => 'objectstore',
|
|
|
|
|
]);
|
|
|
|
|
if ($e->getAwsErrorCode() !== 'BucketAlreadyOwnedByYou') {
|
|
|
|
|
throw new StorageNotAvailableException('Creation of bucket "' . $this->bucket . '" failed. ' . $e->getMessage());
|
|
|
|
|
}
|
2025-11-12 08:14:06 -05:00
|
|
|
}
|
2024-07-05 04:49:10 -04:00
|
|
|
}
|
2025-11-12 08:14:06 -05:00
|
|
|
$this->existingBucketsCache->set($cacheKey, 1);
|
2024-03-26 10:47:14 -04:00
|
|
|
}
|
2016-08-08 07:54:46 -04:00
|
|
|
}
|
2024-11-26 10:49:55 -05:00
|
|
|
|
2024-07-05 04:49:10 -04:00
|
|
|
// google cloud's s3 compatibility doesn't like the EncodingType parameter
|
|
|
|
|
if (strpos($base_url, 'storage.googleapis.com')) {
|
|
|
|
|
$this->connection->getHandlerList()->remove('s3.auto_encode');
|
|
|
|
|
}
|
|
|
|
|
} catch (S3Exception $e) {
|
2024-11-26 10:49:55 -05:00
|
|
|
throw new StorageNotAvailableException('S3 service is unable to handle request: ' . $e->getMessage());
|
2018-06-11 11:10:57 -04:00
|
|
|
}
|
|
|
|
|
|
2016-08-08 07:54:46 -04:00
|
|
|
return $this->connection;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* when running the tests wait to let the buckets catch up
|
|
|
|
|
*/
|
|
|
|
|
private function testTimeout() {
|
|
|
|
|
if ($this->test) {
|
|
|
|
|
sleep($this->timeout);
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-12-19 05:54:55 -05:00
|
|
|
|
|
|
|
|
public static function legacySignatureProvider($version, $service, $region) {
|
|
|
|
|
switch ($version) {
|
|
|
|
|
case 'v2':
|
|
|
|
|
case 's3':
|
|
|
|
|
return new S3Signature();
|
|
|
|
|
default:
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-05-09 10:22:56 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This function creates a credential provider based on user parameter file
|
|
|
|
|
*/
|
2022-07-05 10:06:55 -04:00
|
|
|
protected function paramCredentialProvider(): callable {
|
2020-05-09 10:22:56 -04:00
|
|
|
return function () {
|
|
|
|
|
$key = empty($this->params['key']) ? null : $this->params['key'];
|
|
|
|
|
$secret = empty($this->params['secret']) ? null : $this->params['secret'];
|
2025-02-06 09:43:47 -05:00
|
|
|
$sessionToken = empty($this->params['session_token']) ? null : $this->params['session_token'];
|
2020-05-09 10:22:56 -04:00
|
|
|
|
|
|
|
|
if ($key && $secret) {
|
2024-06-14 14:20:19 -04:00
|
|
|
return Create::promiseFor(
|
2025-02-06 09:43:47 -05:00
|
|
|
// a null sessionToken match the default signature of the constructor
|
|
|
|
|
new Credentials($key, $secret, $sessionToken)
|
2020-05-09 10:22:56 -04:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$msg = 'Could not find parameters set for credentials in config file.';
|
|
|
|
|
return new RejectedPromise(new CredentialsException($msg));
|
|
|
|
|
};
|
|
|
|
|
}
|
2022-06-21 10:50:06 -04:00
|
|
|
|
2022-07-05 10:06:55 -04:00
|
|
|
protected function getCertificateBundlePath(): ?string {
|
2024-08-23 09:10:27 -04:00
|
|
|
if ((int)($this->params['use_nextcloud_bundle'] ?? '0')) {
|
2025-05-11 10:40:26 -04:00
|
|
|
/** @var ICertificateManager $certManager */
|
|
|
|
|
$certManager = Server::get(ICertificateManager::class);
|
2022-07-05 10:06:55 -04:00
|
|
|
// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
|
|
|
|
|
if (!isset($this->params['primary_storage'])) {
|
|
|
|
|
return $certManager->getAbsoluteBundlePath();
|
|
|
|
|
} else {
|
2025-05-11 10:40:26 -04:00
|
|
|
return $certManager->getDefaultCertificatesBundlePath();
|
2022-07-05 10:06:55 -04:00
|
|
|
}
|
2022-06-21 10:50:06 -04:00
|
|
|
} else {
|
2022-07-05 10:06:55 -04:00
|
|
|
return null;
|
2022-06-21 10:50:06 -04:00
|
|
|
}
|
|
|
|
|
}
|
2022-06-09 14:56:18 -04:00
|
|
|
|
|
|
|
|
protected function getSSECKey(): ?string {
|
2025-01-28 16:57:38 -05:00
|
|
|
if (isset($this->params['sse_c_key']) && !empty($this->params['sse_c_key'])) {
|
2022-06-09 14:56:18 -04:00
|
|
|
return $this->params['sse_c_key'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function getSSECParameters(bool $copy = false): array {
|
|
|
|
|
$key = $this->getSSECKey();
|
|
|
|
|
|
|
|
|
|
if ($key === null) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$rawKey = base64_decode($key);
|
|
|
|
|
if ($copy) {
|
|
|
|
|
return [
|
|
|
|
|
'CopySourceSSECustomerAlgorithm' => 'AES256',
|
|
|
|
|
'CopySourceSSECustomerKey' => $rawKey,
|
|
|
|
|
'CopySourceSSECustomerKeyMD5' => md5($rawKey, true)
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
return [
|
|
|
|
|
'SSECustomerAlgorithm' => 'AES256',
|
|
|
|
|
'SSECustomerKey' => $rawKey,
|
|
|
|
|
'SSECustomerKeyMD5' => md5($rawKey, true)
|
|
|
|
|
];
|
|
|
|
|
}
|
2025-08-15 08:04:25 -04:00
|
|
|
|
|
|
|
|
public function isUsePresignedUrl(): bool {
|
|
|
|
|
return $this->usePresignedUrl;
|
|
|
|
|
}
|
2016-08-08 07:54:46 -04:00
|
|
|
}
|
