From 61986da0b131f047d56cc6a16499650311897958 Mon Sep 17 00:00:00 2001 From: Nugraha Date: Wed, 7 Dec 2022 14:49:17 +0700 Subject: [PATCH] server: add secure redirect option --- .config/example.env | 1 + .env.example | 1 + docker/docker-compose.yaml | 6 +++--- main.go | 3 +++ obs.go | 3 ++- server.go | 6 ++++++ 6 files changed, 16 insertions(+), 4 deletions(-) diff --git a/.config/example.env b/.config/example.env index 47c2571..c7eb256 100644 --- a/.config/example.env +++ b/.config/example.env @@ -10,6 +10,7 @@ AWS_SECRET_KEY=example-minio-secret # AWS_SESSION_TOKEN # accessible S3 gateway +OBS_REDIRECT_SECURE=false OBS_HOST_REDIRECT=127.0.0.1:9000 diff --git a/.env.example b/.env.example index e50fd82..1766585 100644 --- a/.env.example +++ b/.env.example @@ -10,4 +10,5 @@ AWS_SECRET_KEY=example-minio-secret # AWS_SESSION_TOKEN # accessible S3 gateway +OBS_REDIRECT_SECURE=false OBS_HOST_REDIRECT=127.0.0.1:9000 \ No newline at end of file diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 9ebe65b..9b373c2 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -3,11 +3,11 @@ version: '3' services: # obs access signer obs-access-signer: - image: obs-access-signer:dev - networks: - - obs + # image: obs-access-signer:dev build: context: .. + networks: + - obs env_file: - ../.config/example.env ports: diff --git a/main.go b/main.go index 8c81e53..bae2250 100644 --- a/main.go +++ b/main.go @@ -40,6 +40,7 @@ func init() { flag.BoolVar(&defaultObsOpts.Secure, "obs-secure", ok1(strconv.ParseBool(os.Getenv("OBS_SECURE"))), "OBS secure transport") flag.StringVar(&defaultObsOpts.BucketName, "obs-bucket", os.Getenv("OBS_BUCKET_NAME"), "OBS bucket name") + flag.BoolVar(&defaultObsOpts.RedirectSecure, "obs-redirect-secure", ok1(strconv.ParseBool(os.Getenv("OBS_REDIRECT_SECURE"))), "OBS redirect secure transport") flag.StringVar(&defaultObsOpts.HostRedirect, "obs-host-redirect", os.Getenv("OBS_HOST_REDIRECT"), "OBS host redirect") // obsSignedUrlExpiry, err = time.ParseDuration(os.Getenv("OBS_SIGNED_URL_EXPIRY")) @@ -72,7 +73,9 @@ func main() { sug := logger.Named("main").Sugar() sug.Infow("starting", "log_level", zapLogLevel, + "obs_bucket", defaultObsOpts.BucketName, "obs_endpoint", defaultObsOpts.Endpoint, + "obs_redirect_secure", defaultObsOpts.RedirectSecure, "obs_host_redirect", defaultObsOpts.HostRedirect, ) diff --git a/obs.go b/obs.go index 2ef2071..e18d700 100644 --- a/obs.go +++ b/obs.go @@ -20,7 +20,8 @@ type obsOptions struct { Secure bool BucketName string - HostRedirect string + RedirectSecure bool + HostRedirect string } var defaultObsOpts obsOptions diff --git a/server.go b/server.go index 676aa9e..f4fc9bd 100644 --- a/server.go +++ b/server.go @@ -130,6 +130,12 @@ func (s *server) handle(ctx *fasthttp.RequestCtx) { query := req.URL.Query() query.Set("Expires", exp) req.URL.RawQuery = s3utils.QueryEncode(query) + if s.opts.OBS.RedirectSecure { + req.URL.Scheme = "https" + } else { + req.URL.Scheme = "http" + } + if hostRedirect := s.opts.OBS.HostRedirect; hostRedirect != "" { req.URL.Host = hostRedirect }