Malin/WPS3Media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
WPS3Media/vendor/Aws3/Aws/Signature/S3SignatureV4.php

89 lines
3.8 KiB
PHP
Raw Permalink Normal View History

feat: add S3-compatible storage provider (MinIO, Ceph, R2, etc.) Adds a new 'S3-Compatible Storage' provider that works with any S3-API-compatible object storage service, including MinIO, Ceph, Cloudflare R2, Backblaze B2, and others. Changes: - New provider class: classes/providers/storage/s3-compatible-provider.php - Provider key: s3compatible - Reads user-configured endpoint URL from settings - Uses path-style URL access (required by most S3-compatible services) - Supports credentials via AS3CF_S3COMPAT_ACCESS_KEY_ID / AS3CF_S3COMPAT_SECRET_ACCESS_KEY wp-config.php constants - Disables AWS-specific features (Block Public Access, Object Ownership) - New provider SVG icons (s3compatible.svg, -link.svg, -round.svg) - Registered provider in main plugin class with endpoint setting support - Updated StorageProviderSubPage to show endpoint URL input for S3-compatible - Built pro settings bundle with rollup (Svelte 4.2.19) - Added package.json and updated rollup.config.mjs for pro-only builds
2026-03-03 12:30:18 +01:00
<?php
namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Signature;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Credentials\CredentialsInterface;
use DeliciousBrains\WP_Offload_Media\Aws3\AWS\CRT\Auth\SignatureType;
use DeliciousBrains\WP_Offload_Media\Aws3\AWS\CRT\Auth\SigningAlgorithm;
use DeliciousBrains\WP_Offload_Media\Aws3\AWS\CRT\Auth\SigningConfigAWS;
use DeliciousBrains\WP_Offload_Media\Aws3\Psr\Http\Message\RequestInterface;
/**
* Amazon S3 signature version 4 support.
*/
class S3SignatureV4 extends SignatureV4
{
/**
* S3-specific signing logic
*
* {@inheritdoc}
*/
use SignatureTrait;
public function signRequest(RequestInterface $request, CredentialsInterface $credentials, $signingService = null)
{
// Always add a x-amz-content-sha-256 for data integrity
if (!$request->hasHeader('x-amz-content-sha256')) {
$request = $request->withHeader('x-amz-content-sha256', $this->getPayload($request));
}
$useCrt = \strpos($request->getUri()->getHost(), "accesspoint.s3-global") !== \false;
if (!$useCrt) {
if (\strpos($request->getUri()->getHost(), "s3-object-lambda")) {
return parent::signRequest($request, $credentials, "s3-object-lambda");
}
return parent::signRequest($request, $credentials);
}
$signingService = $signingService ?: 's3';
return $this->signWithV4a($credentials, $request, $signingService);
}
/**
* @param CredentialsInterface $credentials
* @param RequestInterface $request
* @param $signingService
* @param SigningConfigAWS|null $signingConfig
* @return RequestInterface
*
* Instantiates a separate sigv4a signing config. All services except S3
* use double encoding. All services except S3 require path normalization.
*/
protected function signWithV4a(CredentialsInterface $credentials, RequestInterface $request, $signingService, SigningConfigAWS $signingConfig = null)
{
$this->verifyCRTLoaded();
$credentials_provider = $this->createCRTStaticCredentialsProvider($credentials);
$signingConfig = new SigningConfigAWS(['algorithm' => SigningAlgorithm::SIGv4_ASYMMETRIC, 'signature_type' => SignatureType::HTTP_REQUEST_HEADERS, 'credentials_provider' => $credentials_provider, 'signed_body_value' => $this->getPayload($request), 'region' => $this->region, 'should_normalize_uri_path' => \false, 'use_double_uri_encode' => \false, 'service' => $signingService, 'date' => \time()]);
return parent::signWithV4a($credentials, $request, $signingService, $signingConfig);
}
/**
* Always add a x-amz-content-sha-256 for data integrity.
*
* {@inheritdoc}
*/
public function presign(RequestInterface $request, CredentialsInterface $credentials, $expires, array $options = [])
{
if (!$request->hasHeader('x-amz-content-sha256')) {
$request = $request->withHeader('X-Amz-Content-Sha256', $this->getPresignedPayload($request));
}
if (\strpos($request->getUri()->getHost(), "accesspoint.s3-global")) {
$request = $request->withHeader("x-amz-region-set", "*");
}
return parent::presign($request, $credentials, $expires, $options);
}
/**
* Override used to allow pre-signed URLs to be created for an
* in-determinate request payload.
*/
protected function getPresignedPayload(RequestInterface $request)
{
return SignatureV4::UNSIGNED_PAYLOAD;
}
/**
* Amazon S3 does not double-encode the path component in the canonical request
*/
protected function createCanonicalizedPath($path)
{
// Only remove one slash in case of keys that have a preceding slash
if (\substr($path, 0, 1) === '/') {
$path = \substr($path, 1);
}
return '/' . $path;
}
}
Reference in New Issue Copy Permalink