ii64/obs-access-signer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

server: add secure redirect option
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details

Browse source
This commit is contained in:
Nugraha 2022-12-07 14:49:17 +07:00
parent e70c29a9ba
commit 61986da0b1
Signed by: ii64
GPG key ID: E41C08AD390E7C49
6 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.config/example.env
View file

@ -10,6 +10,7 @@ AWS_SECRET_KEY=example-minio-secret
# AWS_SESSION_TOKEN # AWS_SESSION_TOKEN
# accessible S3 gateway # accessible S3 gateway
OBS_REDIRECT_SECURE=false
OBS_HOST_REDIRECT=127.0.0.1:9000 OBS_HOST_REDIRECT=127.0.0.1:9000

1
.env.example
View file

@ -10,4 +10,5 @@ AWS_SECRET_KEY=example-minio-secret
# AWS_SESSION_TOKEN # AWS_SESSION_TOKEN
# accessible S3 gateway # accessible S3 gateway
OBS_REDIRECT_SECURE=false
OBS_HOST_REDIRECT=127.0.0.1:9000 OBS_HOST_REDIRECT=127.0.0.1:9000

6
docker/docker-compose.yaml
View file

@ -3,11 +3,11 @@ version: '3'
services: services:
# obs access signer # obs access signer
obs-access-signer: obs-access-signer:
image: obs-access-signer:dev # image: obs-access-signer:dev
networks:
- obs
build: build:
context: .. context: ..
networks:
- obs
env_file: env_file:
- ../.config/example.env - ../.config/example.env
ports: ports:

3
main.go
View file

@ -40,6 +40,7 @@ func init() {
flag.BoolVar(&defaultObsOpts.Secure, "obs-secure", ok1(strconv.ParseBool(os.Getenv("OBS_SECURE"))), "OBS secure transport") flag.BoolVar(&defaultObsOpts.Secure, "obs-secure", ok1(strconv.ParseBool(os.Getenv("OBS_SECURE"))), "OBS secure transport")
flag.StringVar(&defaultObsOpts.BucketName, "obs-bucket", os.Getenv("OBS_BUCKET_NAME"), "OBS bucket name") flag.StringVar(&defaultObsOpts.BucketName, "obs-bucket", os.Getenv("OBS_BUCKET_NAME"), "OBS bucket name")
flag.BoolVar(&defaultObsOpts.RedirectSecure, "obs-redirect-secure", ok1(strconv.ParseBool(os.Getenv("OBS_REDIRECT_SECURE"))), "OBS redirect secure transport")
flag.StringVar(&defaultObsOpts.HostRedirect, "obs-host-redirect", os.Getenv("OBS_HOST_REDIRECT"), "OBS host redirect") flag.StringVar(&defaultObsOpts.HostRedirect, "obs-host-redirect", os.Getenv("OBS_HOST_REDIRECT"), "OBS host redirect")
// obsSignedUrlExpiry, err = time.ParseDuration(os.Getenv("OBS_SIGNED_URL_EXPIRY")) // obsSignedUrlExpiry, err = time.ParseDuration(os.Getenv("OBS_SIGNED_URL_EXPIRY"))
@ -72,7 +73,9 @@ func main() {
sug := logger.Named("main").Sugar() sug := logger.Named("main").Sugar()
sug.Infow("starting", sug.Infow("starting",
"log_level", zapLogLevel, "log_level", zapLogLevel,
"obs_bucket", defaultObsOpts.BucketName,
"obs_endpoint", defaultObsOpts.Endpoint, "obs_endpoint", defaultObsOpts.Endpoint,
"obs_redirect_secure", defaultObsOpts.RedirectSecure,
"obs_host_redirect", defaultObsOpts.HostRedirect, "obs_host_redirect", defaultObsOpts.HostRedirect,
) )

1
obs.go
View file

@ -20,6 +20,7 @@ type obsOptions struct {
Secure bool Secure bool
BucketName string BucketName string
RedirectSecure bool
HostRedirect string HostRedirect string
} }

6
server.go
View file

@ -130,6 +130,12 @@ func (s *server) handle(ctx *fasthttp.RequestCtx) {
query := req.URL.Query() query := req.URL.Query()
query.Set("Expires", exp) query.Set("Expires", exp)
req.URL.RawQuery = s3utils.QueryEncode(query) req.URL.RawQuery = s3utils.QueryEncode(query)
if s.opts.OBS.RedirectSecure {
req.URL.Scheme = "https"
} else {
req.URL.Scheme = "http"
}
if hostRedirect := s.opts.OBS.HostRedirect; hostRedirect != "" { if hostRedirect := s.opts.OBS.HostRedirect; hostRedirect != "" {
req.URL.Host = hostRedirect req.URL.Host = hostRedirect
} }