npm - @strapi/provider-upload-aws-s3 - Versions diffs - 4.9.0-exp.90df253ba90fd6879eb56a720a1f80d04ff745b8 → 4.9.1 - Mend

@strapi/provider-upload-aws-s3 4.9.0-exp.90df253ba90fd6879eb56a720a1f80d04ff745b8 → 4.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/.eslintignore ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ node_modules/
2	+ .eslintrc.js

package/.eslintrc.js ADDED Viewed

@@ -0,0 +1,4 @@
+module.exports = {
+  root: true,
+  extends: ['custom/back'],
+};

package/README.md CHANGED Viewed

@@ -25,14 +25,59 @@ npm install @strapi/provider-upload-aws-s3 --save
 - `provider` defines the name of the provider
 - `providerOptions` is passed down during the construction of the provider. (ex: `new AWS.S3(config)`). [Complete list of options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property)
+- `providerOptions.params` is passed directly to the parameters to each method respectively.
+  - `ACL` is the access control list for the object. Defaults to `public-read`.
+  - `signedUrlExpires` is the number of seconds before a signed URL expires. (See [how signed URLs work](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html)). Defaults to 15 minutes and URLs are only signed when ACL is set to `private`.
+  - `Bucket` is the name of the bucket to upload to.
 - `actionOptions` is passed directly to the parameters to each method respectively. You can find the complete list of [upload/ uploadStream options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#upload-property) and [delete options](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#deleteObject-property)
 See the [documentation about using a provider](https://docs.strapi.io/developer-docs/latest/plugins/upload.html#using-a-provider) for information on installing and using a provider. To understand how environment variables are used in Strapi, please refer to the [documentation about environment variables](https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#environment-variables).
+If you're using the bucket as a CDN and deliver the content on a custom domain, you can get use of the `baseUrl` and `rootPath` properties to configure how your assets' urls will be saved inside Strapi.
 ### Provider Configuration
 `./config/plugins.js` or `./config/plugins.ts` for TypeScript projects:
+```js
+module.exports = ({ env }) => ({
+  // ...
+  upload: {
+    config: {
+      provider: 'aws-s3',
+      providerOptions: {
+        baseUrl: env('CDN_URL'),
+        rootPath: env('CDN_ROOT_PATH'),
+        s3Options: {
+          accessKeyId: env('AWS_ACCESS_KEY_ID'),
+          secretAccessKey: env('AWS_ACCESS_SECRET'),
+          region: env('AWS_REGION'),
+          params: {
+            ACL: env('AWS_ACL', 'public-read'),
+            signedUrlExpires: env('AWS_SIGNED_URL_EXPIRES', 15 * 60),
+            Bucket: env('AWS_BUCKET'),
+          },
+        },
+      },
+      actionOptions: {
+        upload: {},
+        uploadStream: {},
+        delete: {},
+      },
+    },
+  },
+  // ...
+});
+```
+### Configuration for a private S3 bucket
+If your bucket is configured to be private, you will need to set the `ACL` option to `private` in the `params` object. This will ensure that the signed URL is generated with the correct permissions.
+You can also define the expiration time of the signed URL by setting the `signedUrlExpires` option in the `params` object. The default value is 7 days.
+`./config/plugins.js`
 ```js
 module.exports = ({ env }) => ({
   // ...
@@ -44,6 +89,8 @@ module.exports = ({ env }) => ({
         secretAccessKey: env('AWS_ACCESS_SECRET'),
         region: env('AWS_REGION'),
         params: {
+          ACL: 'private', // <== set ACL to private
+          signedUrlExpires: env('AWS_SIGNED_URL_EXPIRES', 60 * 60 * 24 * 7),
           Bucket: env('AWS_BUCKET'),
         },
       },

package/lib/index.js CHANGED Viewed

@@ -6,8 +6,9 @@
 /* eslint-disable no-unused-vars */
 // Public node modules.
-const _ = require('lodash');
+const { getOr } = require('lodash/fp');
 const AWS = require('aws-sdk');
+const { getBucketFromUrl } = require('./utils');
 function assertUrlProtocol(url) {
   // Regex to test protocol like "http://", "https://"
@@ -15,21 +16,39 @@ function assertUrlProtocol(url) {
 }
 module.exports = {
-  init(config) {
+  init({ baseUrl = null, rootPath = null, s3Options, ...legacyS3Options }) {
+    if (legacyS3Options) {
+      process.emitWarning(
+        "S3 configuration options passed at root level of the plugin's providerOptions is deprecated and will be removed in a future release. Please wrap them inside the 's3Options:{}' property."
+      );
+    }
+    const config = { ...s3Options, ...legacyS3Options };
     const S3 = new AWS.S3({
       apiVersion: '2006-03-01',
       ...config,
     });
+    const filePrefix = rootPath ? `${rootPath.replace(/\/+$/, '')}/` : '';
+    const getFileKey = (file) => {
+      const path = file.path ? `${file.path}/` : '';
+      return `${filePrefix}${path}${file.hash}${file.ext}`;
+    };
+    const ACL = getOr('public-read', ['params', 'ACL'], config);
     const upload = (file, customParams = {}) =>
       new Promise((resolve, reject) => {
         // upload file on S3 bucket
-        const path = file.path ? `${file.path}/` : '';
+        const fileKey = getFileKey(file);
         S3.upload(
           {
-            Key: `${path}${file.hash}${file.ext}`,
+            Key: fileKey,
             Body: file.stream || Buffer.from(file.buffer, 'binary'),
-            ACL: 'public-read',
+            ACL,
             ContentType: file.mime,
             ...customParams,
           },
@@ -40,18 +59,54 @@ module.exports = {
             // set the bucket file url
             if (assertUrlProtocol(data.Location)) {
-              file.url = data.Location;
+              file.url = baseUrl ? `${baseUrl}/${fileKey}` : data.Location;
             } else {
               // Default protocol to https protocol
               file.url = `https://${data.Location}`;
             }
             resolve();
           }
         );
       });
     return {
+      isPrivate() {
+        return ACL === 'private';
+      },
+      /**
+       * @param {Object} file
+       * @param {string} file.path
+       * @param {string} file.hash
+       * @param {string} file.ext
+       * @param {Object} customParams
+       * @returns {Promise<{url: string}>}
+       */
+      getSignedUrl(file, customParams = {}) {
+        // Do not sign the url if it does not come from the same bucket.
+        const { bucket } = getBucketFromUrl(file.url);
+        if (bucket !== config.params.Bucket) {
+          return { url: file.url };
+        }
+        return new Promise((resolve, reject) => {
+          const fileKey = getFileKey(file);
+          S3.getSignedUrl(
+            'getObject',
+            {
+              Bucket: config.params.Bucket,
+              Key: fileKey,
+              Expires: getOr(15 * 60, ['params', 'signedUrlExpires'], config), // 15 minutes
+            },
+            (err, url) => {
+              if (err) {
+                return reject(err);
+              }
+              resolve({ url });
+            }
+          );
+        });
+      },
       uploadStream(file, customParams = {}) {
         return upload(file, customParams);
       },
@@ -61,13 +116,13 @@ module.exports = {
       delete(file, customParams = {}) {
         return new Promise((resolve, reject) => {
           // delete file on S3 bucket
-          const path = file.path ? `${file.path}/` : '';
+          const fileKey = getFileKey(file);
           S3.deleteObject(
             {
-              Key: `${path}${file.hash}${file.ext}`,
+              Key: fileKey,
               ...customParams,
             },
-            (err, data) => {
+            (err) => {
               if (err) {
                 return reject(err);
               }

package/lib/utils.js ADDED Viewed

@@ -0,0 +1,63 @@
+'use strict';
+const ENDPOINT_PATTERN = /^(.+\.)?s3[.-]([a-z0-9-]+)\./;
+/**
+ * Parse the bucket name from a URL.
+ * See all URL formats in https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html
+ *
+ * @param {string} fileUrl - the URL to parse
+ * @returns {object} result
+ * @returns {string} result.bucket - the bucket name
+ * @returns {string} result.error - if any
+ */
+function getBucketFromUrl(fileUrl) {
+  const uri = new URL(fileUrl);
+  // S3://<bucket-name>/<key>
+  if (uri.protocol === 's3:') {
+    const bucket = uri.host;
+    if (!bucket) {
+      return { err: `Invalid S3 URI: no bucket: ${uri}` };
+    }
+    return { bucket };
+  }
+  if (!uri.host) {
+    return { err: `Invalid S3 URI: no hostname: ${uri}` };
+  }
+  const matches = uri.host.match(ENDPOINT_PATTERN);
+  if (!matches) {
+    return { err: `Invalid S3 URI: hostname does not appear to be a valid S3 endpoint: ${uri}` };
+  }
+  const prefix = matches[1];
+  // https://s3.amazonaws.com/<bucket-name>
+  if (!prefix) {
+    if (uri.pathname === '/') {
+      return { bucket: null };
+    }
+    const index = uri.pathname.indexOf('/', 1);
+    // https://s3.amazonaws.com/<bucket-name>
+    if (index === -1) {
+      return { bucket: uri.pathname.substring(1) };
+    }
+    // https://s3.amazonaws.com/<bucket-name>/
+    if (index === uri.pathname.length - 1) {
+      return { bucket: uri.pathname.substring(1, index) };
+    }
+    // https://s3.amazonaws.com/<bucket-name>/key
+    return { bucket: uri.pathname.substring(1, index) };
+  }
+  // https://<bucket-name>.s3.amazonaws.com/
+  return { bucket: prefix.substring(0, prefix.length - 1) };
+}
+module.exports = { getBucketFromUrl };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/provider-upload-aws-s3",
-  "version": "4.9.0-exp.90df253ba90fd6879eb56a720a1f80d04ff745b8",
+  "version": "4.9.1",
   "description": "AWS S3 provider for strapi upload",
   "keywords": [
     "upload",
@@ -34,7 +34,9 @@
     "lib": "./lib"
   },
   "scripts": {
-    "test": "echo \"no tests yet\""
+    "test:unit": "run -T jest",
+    "test:unit:watch": "run -T jest --watch",
+    "lint": "run -T eslint ."
   },
   "dependencies": {
     "aws-sdk": "2.1287.0",
@@ -44,5 +46,5 @@
     "node": ">=14.19.1 <=18.x.x",
     "npm": ">=6.0.0"
   },
-  "gitHead": "366eb8a0d0f06935914854c6d9c4b3fe859468e0"
+  "gitHead": "c8f2f0543b45dda8eadde21a0782b64d156fc786"
 }