diff --git a/config/default.yaml b/config/default.yaml index 42ce12c18..6db8d3803 100644 --- a/config/default.yaml +++ b/config/default.yaml @@ -138,6 +138,9 @@ object_storage: region: 'us-east-1' + # Set this ACL on each uploaded object + upload_acl: 'public-read' + credentials: # You can also use AWS_ACCESS_KEY_ID env variable access_key_id: '' diff --git a/config/production.yaml.example b/config/production.yaml.example index bb1b4615b..e6e85da12 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example @@ -134,6 +134,9 @@ object_storage: region: 'us-east-1' + # Set this ACL on each uploaded object + upload_acl: 'public' + credentials: # You can also use AWS_ACCESS_KEY_ID env variable access_key_id: '' diff --git a/server/initializers/config.ts b/server/initializers/config.ts index 3aadd9cbd..1658298c5 100644 --- a/server/initializers/config.ts +++ b/server/initializers/config.ts @@ -114,6 +114,7 @@ const CONFIG = { MAX_UPLOAD_PART: bytes.parse(config.get('object_storage.max_upload_part')), ENDPOINT: config.get('object_storage.endpoint'), REGION: config.get('object_storage.region'), + UPLOAD_ACL: config.get('object_storage.upload_acl'), CREDENTIALS: { ACCESS_KEY_ID: config.get('object_storage.credentials.access_key_id'), SECRET_ACCESS_KEY: config.get('object_storage.credentials.secret_access_key') diff --git a/server/lib/object-storage/shared/object-storage-helpers.ts b/server/lib/object-storage/shared/object-storage-helpers.ts index 47c37ffda..ecb82856e 100644 --- a/server/lib/object-storage/shared/object-storage-helpers.ts +++ b/server/lib/object-storage/shared/object-storage-helpers.ts @@ -6,10 +6,12 @@ import { CompletedPart, CompleteMultipartUploadCommand, CreateMultipartUploadCommand, + CreateMultipartUploadCommandInput, DeleteObjectCommand, GetObjectCommand, ListObjectsV2Command, PutObjectCommand, + PutObjectCommandInput, UploadPartCommand } from '@aws-sdk/client-s3' import { pipelinePromise } from '@server/helpers/core-utils' @@ -143,12 +145,17 @@ async function objectStoragePut (options: { }) { const { objectStorageKey, content, bucketInfo } = options - const command = new PutObjectCommand({ + const input: PutObjectCommandInput = { Bucket: bucketInfo.BUCKET_NAME, Key: buildKey(objectStorageKey, bucketInfo), - Body: content, - ACL: 'public-read' - }) + Body: content + } + + if (CONFIG.OBJECT_STORAGE.UPLOAD_ACL) { + input.ACL = CONFIG.OBJECT_STORAGE.UPLOAD_ACL + } + + const command = new PutObjectCommand(input) await getClient().send(command) @@ -167,11 +174,16 @@ async function multiPartUpload (options: { const statResult = await stat(inputPath) - const createMultipartCommand = new CreateMultipartUploadCommand({ + const input: CreateMultipartUploadCommandInput = { Bucket: bucketInfo.BUCKET_NAME, - Key: key, - ACL: 'public-read' - }) + Key: buildKey(objectStorageKey, bucketInfo) + } + + if (CONFIG.OBJECT_STORAGE.UPLOAD_ACL) { + input.ACL = CONFIG.OBJECT_STORAGE.UPLOAD_ACL + } + + const createMultipartCommand = new CreateMultipartUploadCommand(input) const createResponse = await s3Client.send(createMultipartCommand) const fd = await open(inputPath, 'r') diff --git a/support/docker/production/config/custom-environment-variables.yaml b/support/docker/production/config/custom-environment-variables.yaml index 32552964d..9c84428b7 100644 --- a/support/docker/production/config/custom-environment-variables.yaml +++ b/support/docker/production/config/custom-environment-variables.yaml @@ -66,6 +66,7 @@ object_storage: bucket_name: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME" prefix: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX" base_url: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BASE_URL" + upload_acl: "PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL" videos: bucket_name: "PEERTUBE_OBJECT_STORAGE_VIDEOS_BUCKET_NAME"