feat: add S3-compatible storage provider (MinIO, Ceph, R2, etc.)
Adds a new 'S3-Compatible Storage' provider that works with any
S3-API-compatible object storage service, including MinIO, Ceph,
Cloudflare R2, Backblaze B2, and others.
Changes:
- New provider class: classes/providers/storage/s3-compatible-provider.php
- Provider key: s3compatible
- Reads user-configured endpoint URL from settings
- Uses path-style URL access (required by most S3-compatible services)
- Supports credentials via AS3CF_S3COMPAT_ACCESS_KEY_ID /
AS3CF_S3COMPAT_SECRET_ACCESS_KEY wp-config.php constants
- Disables AWS-specific features (Block Public Access, Object Ownership)
- New provider SVG icons (s3compatible.svg, -link.svg, -round.svg)
- Registered provider in main plugin class with endpoint setting support
- Updated StorageProviderSubPage to show endpoint URL input for S3-compatible
- Built pro settings bundle with rollup (Svelte 4.2.19)
- Added package.json and updated rollup.config.mjs for pro-only builds
This commit is contained in:
115
vendor/Aws3/Aws/CloudFront/Signer.php
vendored
Normal file
115
vendor/Aws3/Aws/CloudFront/Signer.php
vendored
Normal file
@@ -0,0 +1,115 @@
|
||||
<?php
|
||||
|
||||
namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\CloudFront;
|
||||
|
||||
/**
|
||||
* @internal
|
||||
*/
|
||||
class Signer
|
||||
{
|
||||
private $keyPairId;
|
||||
private $pkHandle;
|
||||
/**
|
||||
* A signer for creating the signature values used in CloudFront signed URLs
|
||||
* and signed cookies.
|
||||
*
|
||||
* @param $keyPairId string ID of the key pair
|
||||
* @param $privateKey string Path to the private key used for signing
|
||||
* @param $passphrase string Passphrase to private key file, if one exists
|
||||
*
|
||||
* @throws \RuntimeException if the openssl extension is missing
|
||||
* @throws \InvalidArgumentException if the private key cannot be found.
|
||||
*/
|
||||
public function __construct($keyPairId, $privateKey, $passphrase = "")
|
||||
{
|
||||
if (!\extension_loaded('openssl')) {
|
||||
//@codeCoverageIgnoreStart
|
||||
throw new \RuntimeException('The openssl extension is required to ' . 'sign CloudFront urls.');
|
||||
//@codeCoverageIgnoreEnd
|
||||
}
|
||||
$this->keyPairId = $keyPairId;
|
||||
if (!($this->pkHandle = \openssl_pkey_get_private($privateKey, $passphrase))) {
|
||||
if (!\file_exists($privateKey)) {
|
||||
throw new \InvalidArgumentException("PK file not found: {$privateKey}");
|
||||
}
|
||||
$this->pkHandle = \openssl_pkey_get_private("file://{$privateKey}", $passphrase);
|
||||
if (!$this->pkHandle) {
|
||||
$errorMessages = [];
|
||||
while (($newMessage = \openssl_error_string()) !== \false) {
|
||||
$errorMessages[] = $newMessage;
|
||||
}
|
||||
throw new \InvalidArgumentException(\implode("\n", $errorMessages));
|
||||
}
|
||||
}
|
||||
}
|
||||
public function __destruct()
|
||||
{
|
||||
if (\PHP_MAJOR_VERSION < 8) {
|
||||
$this->pkHandle && \openssl_pkey_free($this->pkHandle);
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Create the values used to construct signed URLs and cookies.
|
||||
*
|
||||
* @param string $resource The CloudFront resource to which
|
||||
* this signature will grant access.
|
||||
* Not used when a custom policy is
|
||||
* provided.
|
||||
* @param string|integer|null $expires UTC Unix timestamp used when
|
||||
* signing with a canned policy.
|
||||
* Not required when passing a
|
||||
* custom $policy.
|
||||
* @param string $policy JSON policy. Use this option when
|
||||
* creating a signature for a custom
|
||||
* policy.
|
||||
*
|
||||
* @return array The values needed to construct a signed URL or cookie
|
||||
* @throws \InvalidArgumentException when not provided either a policy or a
|
||||
* resource and a expires
|
||||
* @throws \RuntimeException when generated signature is empty
|
||||
*
|
||||
* @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html
|
||||
*/
|
||||
public function getSignature($resource = null, $expires = null, $policy = null)
|
||||
{
|
||||
$signatureHash = [];
|
||||
if ($policy) {
|
||||
$policy = \preg_replace('/\\s/s', '', $policy);
|
||||
$signatureHash['Policy'] = $this->encode($policy);
|
||||
} elseif ($resource && $expires) {
|
||||
$expires = (int) $expires;
|
||||
// Handle epoch passed as string
|
||||
$policy = $this->createCannedPolicy($resource, $expires);
|
||||
$signatureHash['Expires'] = $expires;
|
||||
} else {
|
||||
throw new \InvalidArgumentException('Either a policy or a resource' . ' and an expiration time must be provided.');
|
||||
}
|
||||
$signatureHash['Signature'] = $this->encode($this->sign($policy));
|
||||
$signatureHash['Key-Pair-Id'] = $this->keyPairId;
|
||||
return $signatureHash;
|
||||
}
|
||||
private function createCannedPolicy($resource, $expiration)
|
||||
{
|
||||
return \json_encode(['Statement' => [['Resource' => $resource, 'Condition' => ['DateLessThan' => ['AWS:EpochTime' => $expiration]]]]], \JSON_UNESCAPED_SLASHES);
|
||||
}
|
||||
private function sign($policy)
|
||||
{
|
||||
$signature = '';
|
||||
if (!\openssl_sign($policy, $signature, $this->pkHandle)) {
|
||||
$errorMessages = [];
|
||||
while (($newMessage = \openssl_error_string()) !== \false) {
|
||||
$errorMessages[] = $newMessage;
|
||||
}
|
||||
$exceptionMessage = "An error has occurred when signing the policy";
|
||||
if (\count($errorMessages) > 0) {
|
||||
$exceptionMessage = \implode("\n", $errorMessages);
|
||||
}
|
||||
throw new \RuntimeException($exceptionMessage);
|
||||
}
|
||||
return $signature;
|
||||
}
|
||||
private function encode($policy)
|
||||
{
|
||||
return \strtr(\base64_encode($policy), '+=/', '-_~');
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user