npm - @strapi/provider-upload-aws-s3 - Versions diffs - 4.9.0-beta.2 → 4.9.0 - Mend

@strapi/provider-upload-aws-s3 4.9.0-beta.2 → 4.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/.eslintignore ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ node_modules/
2	+ .eslintrc.js

package/.eslintrc.js ADDED Viewed

@@ -0,0 +1,4 @@
+module.exports = {
+  root: true,
+  extends: ['custom/back'],
+};

package/README.md CHANGED Viewed

@@ -25,6 +25,10 @@ npm install @strapi/provider-upload-aws-s3 --save
 - `provider` defines the name of the provider
 - `providerOptions` is passed down during the construction of the provider. (ex: `new AWS.S3(config)`). [Complete list of options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property)
+- `providerOptions.params` is passed directly to the parameters to each method respectively.
+  - `ACL` is the access control list for the object. Defaults to `public-read`.
+  - `signedUrlExpires` is the number of seconds before a signed URL expires. (See [how signed URLs work](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html)). Defaults to 15 minutes and URLs are only signed when ACL is set to `private`.
+  - `Bucket` is the name of the bucket to upload to.
 - `actionOptions` is passed directly to the parameters to each method respectively. You can find the complete list of [upload/ uploadStream options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#upload-property) and [delete options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#deleteObject-property)
 See the [documentation about using a provider](https://docs.strapi.io/developer-docs/latest/plugins/upload.html#using-a-provider) for information on installing and using a provider. To understand how environment variables are used in Strapi, please refer to the [documentation about environment variables](https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#environment-variables).
@@ -49,6 +53,8 @@ module.exports = ({ env }) => ({
           secretAccessKey: env('AWS_ACCESS_SECRET'),
           region: env('AWS_REGION'),
           params: {
+            ACL: env('AWS_ACL', 'public-read'),
+            signedUrlExpires: env('AWS_SIGNED_URL_EXPIRES', 15 * 60),
             Bucket: env('AWS_BUCKET'),
           },
         },
@@ -64,6 +70,41 @@ module.exports = ({ env }) => ({
 });
 ```
+### Configuration for a private S3 bucket
+If your bucket is configured to be private, you will need to set the `ACL` option to `private` in the `params` object. This will ensure that the signed URL is generated with the correct permissions.
+You can also define the expiration time of the signed URL by setting the `signedUrlExpires` option in the `params` object. The default value is 7 days.
+`./config/plugins.js`
+```js
+module.exports = ({ env }) => ({
+  // ...
+  upload: {
+    config: {
+      provider: 'aws-s3',
+      providerOptions: {
+        accessKeyId: env('AWS_ACCESS_KEY_ID'),
+        secretAccessKey: env('AWS_ACCESS_SECRET'),
+        region: env('AWS_REGION'),
+        params: {
+          ACL: 'private', // <== set ACL to private
+          signedUrlExpires: env('AWS_SIGNED_URL_EXPIRES', 60 * 60 * 24 * 7),
+          Bucket: env('AWS_BUCKET'),
+        },
+      },
+      actionOptions: {
+        upload: {},
+        uploadStream: {},
+        delete: {},
+      },
+    },
+  },
+  // ...
+});
+```
 #### Configuration for S3 compatible services
 This plugin may work with S3 compatible services by using the `endpoint` option instead of `region`. Scaleway example:

package/lib/index.js CHANGED Viewed

@@ -6,8 +6,9 @@
 /* eslint-disable no-unused-vars */
 // Public node modules.
-const _ = require('lodash');
+const { getOr } = require('lodash/fp');
 const AWS = require('aws-sdk');
+const { getBucketFromUrl } = require('./utils');
 function assertUrlProtocol(url) {
   // Regex to test protocol like "http://", "https://"
@@ -22,10 +23,11 @@ module.exports = {
       );
     }
+    const config = { ...s3Options, ...legacyS3Options };
     const S3 = new AWS.S3({
       apiVersion: '2006-03-01',
-      ...s3Options,
-      ...legacyS3Options,
+      ...config,
     });
     const filePrefix = rootPath ? `${rootPath.replace(/\/+$/, '')}/` : '';
@@ -36,6 +38,8 @@ module.exports = {
       return `${filePrefix}${path}${file.hash}${file.ext}`;
     };
+    const ACL = getOr('public-read', ['params', 'ACL'], config);
     const upload = (file, customParams = {}) =>
       new Promise((resolve, reject) => {
         // upload file on S3 bucket
@@ -44,7 +48,7 @@ module.exports = {
           {
             Key: fileKey,
             Body: file.stream || Buffer.from(file.buffer, 'binary'),
-            ACL: 'public-read',
+            ACL,
             ContentType: file.mime,
             ...customParams,
           },
@@ -60,13 +64,49 @@ module.exports = {
               // Default protocol to https protocol
               file.url = `https://${data.Location}`;
             }
             resolve();
           }
         );
       });
     return {
+      isPrivate() {
+        return ACL === 'private';
+      },
+      /**
+       * @param {Object} file
+       * @param {string} file.path
+       * @param {string} file.hash
+       * @param {string} file.ext
+       * @param {Object} customParams
+       * @returns {Promise<{url: string}>}
+       */
+      getSignedUrl(file, customParams = {}) {
+        // Do not sign the url if it does not come from the same bucket.
+        const { bucket } = getBucketFromUrl(file.url);
+        if (bucket !== config.params.Bucket) {
+          return { url: file.url };
+        }
+        return new Promise((resolve, reject) => {
+          const fileKey = getFileKey(file);
+          S3.getSignedUrl(
+            'getObject',
+            {
+              Bucket: config.params.Bucket,
+              Key: fileKey,
+              Expires: getOr(15 * 60, ['params', 'signedUrlExpires'], config), // 15 minutes
+            },
+            (err, url) => {
+              if (err) {
+                return reject(err);
+              }
+              resolve({ url });
+            }
+          );
+        });
+      },
       uploadStream(file, customParams = {}) {
         return upload(file, customParams);
       },

package/lib/utils.js ADDED Viewed

@@ -0,0 +1,63 @@
+'use strict';
+const ENDPOINT_PATTERN = /^(.+\.)?s3[.-]([a-z0-9-]+)\./;
+/**
+ * Parse the bucket name from a URL.
+ * See all URL formats in https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html
+ *
+ * @param {string} fileUrl - the URL to parse
+ * @returns {object} result
+ * @returns {string} result.bucket - the bucket name
+ * @returns {string} result.error - if any
+ */
+function getBucketFromUrl(fileUrl) {
+  const uri = new URL(fileUrl);
+  // S3://<bucket-name>/<key>
+  if (uri.protocol === 's3:') {
+    const bucket = uri.host;
+    if (!bucket) {
+      return { err: `Invalid S3 URI: no bucket: ${uri}` };
+    }
+    return { bucket };
+  }
+  if (!uri.host) {
+    return { err: `Invalid S3 URI: no hostname: ${uri}` };
+  }
+  const matches = uri.host.match(ENDPOINT_PATTERN);
+  if (!matches) {
+    return { err: `Invalid S3 URI: hostname does not appear to be a valid S3 endpoint: ${uri}` };
+  }
+  const prefix = matches[1];
+  // https://s3.amazonaws.com/<bucket-name>
+  if (!prefix) {
+    if (uri.pathname === '/') {
+      return { bucket: null };
+    }
+    const index = uri.pathname.indexOf('/', 1);
+    // https://s3.amazonaws.com/<bucket-name>
+    if (index === -1) {
+      return { bucket: uri.pathname.substring(1) };
+    }
+    // https://s3.amazonaws.com/<bucket-name>/
+    if (index === uri.pathname.length - 1) {
+      return { bucket: uri.pathname.substring(1, index) };
+    }
+    // https://s3.amazonaws.com/<bucket-name>/key
+    return { bucket: uri.pathname.substring(1, index) };
+  }
+  // https://<bucket-name>.s3.amazonaws.com/
+  return { bucket: prefix.substring(0, prefix.length - 1) };
+}
+module.exports = { getBucketFromUrl };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/provider-upload-aws-s3",
-  "version": "4.9.0-beta.2",
+  "version": "4.9.0",
   "description": "AWS S3 provider for strapi upload",
   "keywords": [
     "upload",
@@ -34,7 +34,9 @@
     "lib": "./lib"
   },
   "scripts": {
-    "test": "echo \"no tests yet\""
+    "test:unit": "jest",
+    "test:unit:watch": "jest --watch",
+    "lint": "eslint ."
   },
   "dependencies": {
     "aws-sdk": "2.1287.0",
@@ -44,5 +46,5 @@
     "node": ">=14.19.1 <=18.x.x",
     "npm": ">=6.0.0"
   },
-  "gitHead": "d893ead642592a15a95fefb71c544aaabe4db20b"
+  "gitHead": "ffe3f4621ccc968ce56fda9a8317ec30d4bad205"
 }