npm - @strapi/provider-upload-aws-s3 - Versions diffs - 0.0.0-fee711c4e2d9a317dcad4559ef10c87071da6272 → 0.0.0-next.2c917f23cab47f84d4099912c53506cffefef6fe - Mend

@strapi/provider-upload-aws-s3 0.0.0-fee711c4e2d9a317dcad4559ef10c87071da6272 → 0.0.0-next.2c917f23cab47f84d4099912c53506cffefef6fe

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/.eslintignore ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ node_modules/
2	+ .eslintrc.js

package/.eslintrc.js ADDED Viewed

@@ -0,0 +1,4 @@
+module.exports = {
+  root: true,
+  extends: ['custom/back'],
+};

package/README.md CHANGED Viewed

@@ -25,12 +25,57 @@ npm install @strapi/provider-upload-aws-s3 --save
 - `provider` defines the name of the provider
 - `providerOptions` is passed down during the construction of the provider. (ex: `new AWS.S3(config)`). [Complete list of options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property)
+- `providerOptions.params` is passed directly to the parameters to each method respectively.
+  - `ACL` is the access control list for the object. Defaults to `public-read`.
+  - `signedUrlExpires` is the number of seconds before a signed URL expires. (See [how signed URLs work](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html)). Defaults to 15 minutes and URLs are only signed when ACL is set to `private`.
+  - `Bucket` is the name of the bucket to upload to.
 - `actionOptions` is passed directly to the parameters to each method respectively. You can find the complete list of [upload/ uploadStream options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#upload-property) and [delete options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#deleteObject-property)
 See the [documentation about using a provider](https://docs.strapi.io/developer-docs/latest/plugins/upload.html#using-a-provider) for information on installing and using a provider. To understand how environment variables are used in Strapi, please refer to the [documentation about environment variables](https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#environment-variables).
+If you're using the bucket as a CDN and deliver the content on a custom domain, you can get use of the `baseUrl` and `rootPath` properties to configure how your assets' urls will be saved inside Strapi.
 ### Provider Configuration
+`./config/plugins.js` or `./config/plugins.ts` for TypeScript projects:
+```js
+module.exports = ({ env }) => ({
+  // ...
+  upload: {
+    config: {
+      provider: 'aws-s3',
+      providerOptions: {
+        baseUrl: env('CDN_URL'),
+        rootPath: env('CDN_ROOT_PATH'),
+        s3Options: {
+          accessKeyId: env('AWS_ACCESS_KEY_ID'),
+          secretAccessKey: env('AWS_ACCESS_SECRET'),
+          region: env('AWS_REGION'),
+          params: {
+            ACL: env('AWS_ACL', 'public-read'),
+            signedUrlExpires: env('AWS_SIGNED_URL_EXPIRES', 15 * 60),
+            Bucket: env('AWS_BUCKET'),
+          },
+        },
+      },
+      actionOptions: {
+        upload: {},
+        uploadStream: {},
+        delete: {},
+      },
+    },
+  },
+  // ...
+});
+```
+### Configuration for a private S3 bucket
+If your bucket is configured to be private, you will need to set the `ACL` option to `private` in the `params` object. This will ensure that the signed URL is generated with the correct permissions.
+You can also define the expiration time of the signed URL by setting the `signedUrlExpires` option in the `params` object. The default value is 7 days.
 `./config/plugins.js`
 ```js
@@ -44,6 +89,8 @@ module.exports = ({ env }) => ({
         secretAccessKey: env('AWS_ACCESS_SECRET'),
         region: env('AWS_REGION'),
         params: {
+          ACL: 'private', // <== set ACL to private
+          signedUrlExpires: env('AWS_SIGNED_URL_EXPIRES', 60 * 60 * 24 * 7),
           Bucket: env('AWS_BUCKET'),
         },
       },
@@ -124,6 +171,22 @@ module.exports = [
 If you use dots in your bucket name, the url of the ressource is in directory style (`s3.yourRegion.amazonaws.com/your.bucket.name/image.jpg`) instead of `yourBucketName.s3.yourRegion.amazonaws.com/image.jpg`. Then only add `s3.yourRegion.amazonaws.com` to img-src and media-src directives.
+## Bucket CORS Configuration
+If you are planning on uploading content like GIFs and videos to your S3 bucket, you will want to edit its CORS configuration so that thumbnails are properly shown in Strapi. To do so, open your Bucket on the AWS console and locate the _Cross-origin resource sharing (CORS)_ field under the _Permissions_ tab, then amend the policies by writing your own JSON configuration, or copying and pasting the following one:
+```json
+[
+  {
+    "AllowedHeaders": ["*"],
+    "AllowedMethods": ["GET"],
+    "AllowedOrigins": ["YOUR STRAPI URL"],
+    "ExposeHeaders": [],
+    "MaxAgeSeconds": 3000
+  }
+]
+```
 ## Required AWS Policy Actions
 These are the minimum amount of permissions needed for this provider to work.

package/lib/index.js CHANGED Viewed

@@ -6,25 +6,49 @@
 /* eslint-disable no-unused-vars */
 // Public node modules.
-const _ = require('lodash');
+const { getOr } = require('lodash/fp');
 const AWS = require('aws-sdk');
+const { getBucketFromUrl } = require('./utils');
+function assertUrlProtocol(url) {
+  // Regex to test protocol like "http://", "https://"
+  return /^\w*:\/\//.test(url);
+}
 module.exports = {
-  init(config) {
+  init({ baseUrl = null, rootPath = null, s3Options, ...legacyS3Options }) {
+    if (legacyS3Options) {
+      process.emitWarning(
+        "S3 configuration options passed at root level of the plugin's providerOptions is deprecated and will be removed in a future release. Please wrap them inside the 's3Options:{}' property."
+      );
+    }
+    const config = { ...s3Options, ...legacyS3Options };
     const S3 = new AWS.S3({
       apiVersion: '2006-03-01',
       ...config,
     });
+    const filePrefix = rootPath ? `${rootPath.replace(/\/+$/, '')}/` : '';
+    const getFileKey = (file) => {
+      const path = file.path ? `${file.path}/` : '';
+      return `${filePrefix}${path}${file.hash}${file.ext}`;
+    };
+    const ACL = getOr('public-read', ['params', 'ACL'], config);
     const upload = (file, customParams = {}) =>
       new Promise((resolve, reject) => {
         // upload file on S3 bucket
-        const path = file.path ? `${file.path}/` : '';
+        const fileKey = getFileKey(file);
         S3.upload(
           {
-            Key: `${path}${file.hash}${file.ext}`,
+            Key: fileKey,
             Body: file.stream || Buffer.from(file.buffer, 'binary'),
-            ACL: 'public-read',
+            ACL,
             ContentType: file.mime,
             ...customParams,
           },
@@ -34,14 +58,55 @@ module.exports = {
             }
             // set the bucket file url
-            file.url = data.Location;
+            if (assertUrlProtocol(data.Location)) {
+              file.url = baseUrl ? `${baseUrl}/${fileKey}` : data.Location;
+            } else {
+              // Default protocol to https protocol
+              file.url = `https://${data.Location}`;
+            }
             resolve();
           }
         );
       });
     return {
+      isPrivate() {
+        return ACL === 'private';
+      },
+      /**
+       * @param {Object} file
+       * @param {string} file.path
+       * @param {string} file.hash
+       * @param {string} file.ext
+       * @param {Object} customParams
+       * @returns {Promise<{url: string}>}
+       */
+      getSignedUrl(file, customParams = {}) {
+        // Do not sign the url if it does not come from the same bucket.
+        const { bucket } = getBucketFromUrl(file.url);
+        if (bucket !== config.params.Bucket) {
+          return { url: file.url };
+        }
+        return new Promise((resolve, reject) => {
+          const fileKey = getFileKey(file);
+          S3.getSignedUrl(
+            'getObject',
+            {
+              Bucket: config.params.Bucket,
+              Key: fileKey,
+              Expires: getOr(15 * 60, ['params', 'signedUrlExpires'], config), // 15 minutes
+            },
+            (err, url) => {
+              if (err) {
+                return reject(err);
+              }
+              resolve({ url });
+            }
+          );
+        });
+      },
       uploadStream(file, customParams = {}) {
         return upload(file, customParams);
       },
@@ -51,13 +116,13 @@ module.exports = {
       delete(file, customParams = {}) {
         return new Promise((resolve, reject) => {
           // delete file on S3 bucket
-          const path = file.path ? `${file.path}/` : '';
+          const fileKey = getFileKey(file);
           S3.deleteObject(
             {
-              Key: `${path}${file.hash}${file.ext}`,
+              Key: fileKey,
               ...customParams,
             },
-            (err, data) => {
+            (err) => {
               if (err) {
                 return reject(err);
               }

package/lib/utils.js ADDED Viewed

@@ -0,0 +1,63 @@
+'use strict';
+const ENDPOINT_PATTERN = /^(.+\.)?s3[.-]([a-z0-9-]+)\./;
+/**
+ * Parse the bucket name from a URL.
+ * See all URL formats in https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html
+ *
+ * @param {string} fileUrl - the URL to parse
+ * @returns {object} result
+ * @returns {string} result.bucket - the bucket name
+ * @returns {string} result.error - if any
+ */
+function getBucketFromUrl(fileUrl) {
+  const uri = new URL(fileUrl);
+  // S3://<bucket-name>/<key>
+  if (uri.protocol === 's3:') {
+    const bucket = uri.host;
+    if (!bucket) {
+      return { err: `Invalid S3 URI: no bucket: ${uri}` };
+    }
+    return { bucket };
+  }
+  if (!uri.host) {
+    return { err: `Invalid S3 URI: no hostname: ${uri}` };
+  }
+  const matches = uri.host.match(ENDPOINT_PATTERN);
+  if (!matches) {
+    return { err: `Invalid S3 URI: hostname does not appear to be a valid S3 endpoint: ${uri}` };
+  }
+  const prefix = matches[1];
+  // https://s3.amazonaws.com/<bucket-name>
+  if (!prefix) {
+    if (uri.pathname === '/') {
+      return { bucket: null };
+    }
+    const index = uri.pathname.indexOf('/', 1);
+    // https://s3.amazonaws.com/<bucket-name>
+    if (index === -1) {
+      return { bucket: uri.pathname.substring(1) };
+    }
+    // https://s3.amazonaws.com/<bucket-name>/
+    if (index === uri.pathname.length - 1) {
+      return { bucket: uri.pathname.substring(1, index) };
+    }
+    // https://s3.amazonaws.com/<bucket-name>/key
+    return { bucket: uri.pathname.substring(1, index) };
+  }
+  // https://<bucket-name>.s3.amazonaws.com/
+  return { bucket: prefix.substring(0, prefix.length - 1) };
+}
+module.exports = { getBucketFromUrl };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/provider-upload-aws-s3",
-  "version": "0.0.0-fee711c4e2d9a317dcad4559ef10c87071da6272",
+  "version": "0.0.0-next.2c917f23cab47f84d4099912c53506cffefef6fe",
   "description": "AWS S3 provider for strapi upload",
   "keywords": [
     "upload",
@@ -34,15 +34,17 @@
     "lib": "./lib"
   },
   "scripts": {
-    "test": "echo \"no tests yet\""
+    "test:unit": "jest",
+    "test:unit:watch": "jest --watch",
+    "lint": "eslint ."
   },
   "dependencies": {
-    "aws-sdk": "2.1215.0",
+    "aws-sdk": "2.1287.0",
     "lodash": "4.17.21"
   },
   "engines": {
     "node": ">=14.19.1 <=18.x.x",
     "npm": ">=6.0.0"
   },
-  "gitHead": "fee711c4e2d9a317dcad4559ef10c87071da6272"
+  "gitHead": "2c917f23cab47f84d4099912c53506cffefef6fe"
 }