Malin/WPS3Media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
WPS3Media/vendor/Aws3/Aws/EndpointV2/EndpointV2Middleware.php
Malin 3248cbb029 feat: add S3-compatible storage provider (MinIO, Ceph, R2, etc.) 
Adds a new 'S3-Compatible Storage' provider that works with any
S3-API-compatible object storage service, including MinIO, Ceph,
Cloudflare R2, Backblaze B2, and others.

Changes:
- New provider class: classes/providers/storage/s3-compatible-provider.php
  - Provider key: s3compatible
  - Reads user-configured endpoint URL from settings
  - Uses path-style URL access (required by most S3-compatible services)
  - Supports credentials via AS3CF_S3COMPAT_ACCESS_KEY_ID /
    AS3CF_S3COMPAT_SECRET_ACCESS_KEY wp-config.php constants
  - Disables AWS-specific features (Block Public Access, Object Ownership)
- New provider SVG icons (s3compatible.svg, -link.svg, -round.svg)
- Registered provider in main plugin class with endpoint setting support
- Updated StorageProviderSubPage to show endpoint URL input for S3-compatible
- Built pro settings bundle with rollup (Svelte 4.2.19)
- Added package.json and updated rollup.config.mjs for pro-only builds
2026-03-03 12:30:18 +01:00

262 lines
10 KiB
PHP
Raw Permalink Blame History

<?php
namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\EndpointV2;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Api\Operation;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Api\Service;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Auth\Exception\UnresolvedAuthSchemeException;
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\CommandInterface;
use Closure;
use DeliciousBrains\WP_Offload_Media\Aws3\GuzzleHttp\Promise\Promise;
/**
* Handles endpoint rule evaluation and endpoint resolution.
*
* IMPORTANT: this middleware must be added to the "build" step.
* Specifically, it must precede the 'builder' step.
*
* @internal
*/
class EndpointV2Middleware
{
const ACCOUNT_ID_PARAM = 'AccountId';
const ACCOUNT_ID_ENDPOINT_MODE_PARAM = 'AccountIdEndpointMode';
private static $validAuthSchemes = ['sigv4' => 'v4', 'sigv4a' => 'v4a', 'none' => 'anonymous', 'bearer' => 'bearer', 'sigv4-s3express' => 'v4-s3express'];
/** @var callable */
private $nextHandler;
/** @var EndpointProviderV2 */
private $endpointProvider;
/** @var Service */
private $api;
/** @var array */
private $clientArgs;
/** @var Closure */
private $credentialProvider;
/**
* Create a middleware wrapper function
*
* @param EndpointProviderV2 $endpointProvider
* @param Service $api
* @param array $args
* @param callable $credentialProvider
*
* @return Closure
*/
public static function wrap(EndpointProviderV2 $endpointProvider, Service $api, array $args, callable $credentialProvider) : Closure
{
return function (callable $handler) use($endpointProvider, $api, $args, $credentialProvider) {
return new self($handler, $endpointProvider, $api, $args, $credentialProvider);
};
}
/**
* @param callable $nextHandler
* @param EndpointProviderV2 $endpointProvider
* @param Service $api
* @param array $args
*/
public function __construct(callable $nextHandler, EndpointProviderV2 $endpointProvider, Service $api, array $args, callable $credentialProvider = null)
{
$this->nextHandler = $nextHandler;
$this->endpointProvider = $endpointProvider;
$this->api = $api;
$this->clientArgs = $args;
$this->credentialProvider = $credentialProvider;
}
/**
* @param CommandInterface $command
*
* @return Promise
*/
public function __invoke(CommandInterface $command)
{
$nextHandler = $this->nextHandler;
$operation = $this->api->getOperation($command->getName());
$commandArgs = $command->toArray();
$providerArgs = $this->resolveArgs($commandArgs, $operation);
$endpoint = $this->endpointProvider->resolveEndpoint($providerArgs);
if (!empty($authSchemes = $endpoint->getProperty('authSchemes'))) {
$this->applyAuthScheme($authSchemes, $command);
}
return $nextHandler($command, $endpoint);
}
/**
* Resolves client, context params, static context params and endpoint provider
* arguments provided at the command level.
*
* @param array $commandArgs
* @param Operation $operation
*
* @return array
*/
private function resolveArgs(array $commandArgs, Operation $operation) : array
{
$rulesetParams = $this->endpointProvider->getRuleset()->getParameters();
if (isset($rulesetParams[self::ACCOUNT_ID_PARAM]) && isset($rulesetParams[self::ACCOUNT_ID_ENDPOINT_MODE_PARAM])) {
$this->clientArgs[self::ACCOUNT_ID_PARAM] = $this->resolveAccountId();
}
$endpointCommandArgs = $this->filterEndpointCommandArgs($rulesetParams, $commandArgs);
$staticContextParams = $this->bindStaticContextParams($operation->getStaticContextParams());
$contextParams = $this->bindContextParams($commandArgs, $operation->getContextParams());
return \array_merge($this->clientArgs, $contextParams, $staticContextParams, $endpointCommandArgs);
}
/**
* Compares Ruleset parameters against Command arguments
* to create a mapping of arguments to pass into the
* endpoint provider for endpoint resolution.
*
* @param array $rulesetParams
* @param array $commandArgs
* @return array
*/
private function filterEndpointCommandArgs(array $rulesetParams, array $commandArgs) : array
{
$endpointMiddlewareOpts = ['@use_dual_stack_endpoint' => 'UseDualStack', '@use_accelerate_endpoint' => 'Accelerate', '@use_path_style_endpoint' => 'ForcePathStyle'];
$filteredArgs = [];
foreach ($rulesetParams as $name => $value) {
if (isset($commandArgs[$name])) {
if (!empty($value->getBuiltIn())) {
continue;
}
$filteredArgs[$name] = $commandArgs[$name];
}
}
if ($this->api->getServiceName() === 's3') {
foreach ($endpointMiddlewareOpts as $optionName => $newValue) {
if (isset($commandArgs[$optionName])) {
$filteredArgs[$newValue] = $commandArgs[$optionName];
}
}
}
return $filteredArgs;
}
/**
* Binds static context params to their corresponding values.
*
* @param $staticContextParams
*
* @return array
*/
private function bindStaticContextParams($staticContextParams) : array
{
$scopedParams = [];
foreach ($staticContextParams as $paramName => $paramValue) {
$scopedParams[$paramName] = $paramValue['value'];
}
return $scopedParams;
}
/**
* Binds context params to their corresponding values found in
* command arguments.
*
* @param array $commandArgs
* @param array $contextParams
*
* @return array
*/
private function bindContextParams(array $commandArgs, array $contextParams) : array
{
$scopedParams = [];
foreach ($contextParams as $name => $spec) {
if (isset($commandArgs[$spec['shape']])) {
$scopedParams[$name] = $commandArgs[$spec['shape']];
}
}
return $scopedParams;
}
/**
* Applies resolved auth schemes to the command object.
*
* @param $authSchemes
* @param $command
*
* @return void
*/
private function applyAuthScheme(array $authSchemes, CommandInterface $command) : void
{
$authScheme = $this->resolveAuthScheme($authSchemes);
$command['@context']['signature_version'] = $authScheme['version'];
if (isset($authScheme['name'])) {
$command['@context']['signing_service'] = $authScheme['name'];
}
if (isset($authScheme['region'])) {
$command['@context']['signing_region'] = $authScheme['region'];
} elseif (isset($authScheme['signingRegionSet'])) {
$command['@context']['signing_region_set'] = $authScheme['signingRegionSet'];
}
}
/**
* Returns the first compatible auth scheme in an endpoint object's
* auth schemes.
*
* @param array $authSchemes
*
* @return array
*/
private function resolveAuthScheme(array $authSchemes) : array
{
$invalidAuthSchemes = [];
foreach ($authSchemes as $authScheme) {
if ($this->isValidAuthScheme($authScheme['name'])) {
return $this->normalizeAuthScheme($authScheme);
}
$invalidAuthSchemes[$authScheme['name']] = \false;
}
$invalidAuthSchemesString = '`' . \implode('`, `', \array_keys($invalidAuthSchemes)) . '`';
$validAuthSchemesString = '`' . \implode('`, `', \array_keys(\array_diff_key(self::$validAuthSchemes, $invalidAuthSchemes))) . '`';
throw new UnresolvedAuthSchemeException("This operation requests {$invalidAuthSchemesString}" . " auth schemes, but the client currently supports {$validAuthSchemesString}.");
}
/**
* Normalizes an auth scheme's name, signing region or signing region set
* to the auth keys recognized by the SDK.
*
* @param array $authScheme
* @return array
*/
private function normalizeAuthScheme(array $authScheme) : array
{
/*
sigv4a will contain a regionSet property. which is guaranteed to be `*`
for now. The SigV4 class handles this automatically for now. It seems
complexity will be added here in the future.
*/
$normalizedAuthScheme = [];
if (isset($authScheme['disableDoubleEncoding']) && $authScheme['disableDoubleEncoding'] === \true && $authScheme['name'] !== 'sigv4a' && $authScheme['name'] !== 'sigv4-s3express') {
$normalizedAuthScheme['version'] = 's3v4';
} else {
$normalizedAuthScheme['version'] = self::$validAuthSchemes[$authScheme['name']];
}
$normalizedAuthScheme['name'] = $authScheme['signingName'] ?? null;
$normalizedAuthScheme['region'] = $authScheme['signingRegion'] ?? null;
$normalizedAuthScheme['signingRegionSet'] = $authScheme['signingRegionSet'] ?? null;
return $normalizedAuthScheme;
}
private function isValidAuthScheme($signatureVersion) : bool
{
if (isset(self::$validAuthSchemes[$signatureVersion])) {
if ($signatureVersion === 'sigv4a') {
return \extension_loaded('awscrt');
}
return \true;
}
return \false;
}
/**
* This method tries to resolve an `AccountId` parameter from a resolved identity.
* We will just perform this operation if the parameter `AccountId` is part of the ruleset parameters and
* `AccountIdEndpointMode` is not disabled, otherwise, we will ignore it.
*
* @return null|string
*/
private function resolveAccountId() : ?string
{
if (isset($this->clientArgs[self::ACCOUNT_ID_ENDPOINT_MODE_PARAM]) && $this->clientArgs[self::ACCOUNT_ID_ENDPOINT_MODE_PARAM] === 'disabled') {
return null;
}
if (\is_null($this->credentialProvider)) {
return null;
}
$identityProviderFn = $this->credentialProvider;
$identity = $identityProviderFn()->wait();
return $identity->getAccountId();
}
}
Reference in New Issue View Git Blame Copy Permalink