Malin
3248cbb029
Adds a new 'S3-Compatible Storage' provider that works with any
S3-API-compatible object storage service, including MinIO, Ceph,
Cloudflare R2, Backblaze B2, and others.
Changes:
- New provider class: classes/providers/storage/s3-compatible-provider.php
- Provider key: s3compatible
- Reads user-configured endpoint URL from settings
- Uses path-style URL access (required by most S3-compatible services)
- Supports credentials via AS3CF_S3COMPAT_ACCESS_KEY_ID /
AS3CF_S3COMPAT_SECRET_ACCESS_KEY wp-config.php constants
- Disables AWS-specific features (Block Public Access, Object Ownership)
- New provider SVG icons (s3compatible.svg, -link.svg, -round.svg)
- Registered provider in main plugin class with endpoint setting support
- Updated StorageProviderSubPage to show endpoint URL input for S3-compatible
- Built pro settings bundle with rollup (Svelte 4.2.19)
- Added package.json and updated rollup.config.mjs for pro-only builds
142 lines
6.7 KiB
PHP
142 lines
6.7 KiB
PHP
<?php
|
|
|
|
namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\Crypto;
|
|
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Crypto\AbstractCryptoClient;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Crypto\EncryptionTrait;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Crypto\MetadataEnvelope;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Crypto\Cipher\CipherBuilderTrait;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\MultipartUploader;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\S3\S3ClientInterface;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\GuzzleHttp\Promise;
|
|
/**
|
|
* Encapsulates the execution of a multipart upload of an encrypted object to S3.
|
|
*
|
|
* Legacy implementation using older encryption workflow. Use
|
|
* S3EncryptionMultipartUploaderV2 if possible.
|
|
*
|
|
* @deprecated
|
|
*/
|
|
class S3EncryptionMultipartUploader extends MultipartUploader
|
|
{
|
|
use CipherBuilderTrait;
|
|
use CryptoParamsTrait;
|
|
use EncryptionTrait;
|
|
use UserAgentTrait;
|
|
const CRYPTO_VERSION = '1n';
|
|
/**
|
|
* Returns if the passed cipher name is supported for encryption by the SDK.
|
|
*
|
|
* @param string $cipherName The name of a cipher to verify is registered.
|
|
*
|
|
* @return bool If the cipher passed is in our supported list.
|
|
*/
|
|
public static function isSupportedCipher($cipherName)
|
|
{
|
|
return \in_array($cipherName, AbstractCryptoClient::$supportedCiphers);
|
|
}
|
|
private $provider;
|
|
private $instructionFileSuffix;
|
|
private $strategy;
|
|
/**
|
|
* Creates a multipart upload for an S3 object after encrypting it.
|
|
*
|
|
* The required configuration options are as follows:
|
|
*
|
|
* - @MaterialsProvider: (MaterialsProvider) Provides Cek, Iv, and Cek
|
|
* encrypting/decrypting for encryption metadata.
|
|
* - @CipherOptions: (array) Cipher options for encrypting data. A Cipher
|
|
* is required. Accepts the following options:
|
|
* - Cipher: (string) cbc|gcm
|
|
* See also: AbstractCryptoClient::$supportedCiphers. Note that
|
|
* cbc is deprecated and gcm should be used when possible.
|
|
* - KeySize: (int) 128|192|256
|
|
* See also: MaterialsProvider::$supportedKeySizes
|
|
* - Aad: (string) Additional authentication data. This option is
|
|
* passed directly to OpenSSL when using gcm. It is ignored when
|
|
* using cbc.
|
|
* - bucket: (string) Name of the bucket to which the object is
|
|
* being uploaded.
|
|
* - key: (string) Key to use for the object being uploaded.
|
|
*
|
|
* The optional configuration arguments are as follows:
|
|
*
|
|
* - @MetadataStrategy: (MetadataStrategy|string|null) Strategy for storing
|
|
* MetadataEnvelope information. Defaults to using a
|
|
* HeadersMetadataStrategy. Can either be a class implementing
|
|
* MetadataStrategy, a class name of a predefined strategy, or empty/null
|
|
* to default.
|
|
* - @InstructionFileSuffix: (string|null) Suffix used when writing to an
|
|
* instruction file if an using an InstructionFileMetadataHandler was
|
|
* determined.
|
|
* - acl: (string) ACL to set on the object being upload. Objects are
|
|
* private by default.
|
|
* - before_complete: (callable) Callback to invoke before the
|
|
* `CompleteMultipartUpload` operation. The callback should have a
|
|
* function signature like `function (Aws\Command $command) {...}`.
|
|
* - before_initiate: (callable) Callback to invoke before the
|
|
* `CreateMultipartUpload` operation. The callback should have a function
|
|
* signature like `function (Aws\Command $command) {...}`.
|
|
* - before_upload: (callable) Callback to invoke before any `UploadPart`
|
|
* operations. The callback should have a function signature like
|
|
* `function (Aws\Command $command) {...}`.
|
|
* - concurrency: (int, default=int(5)) Maximum number of concurrent
|
|
* `UploadPart` operations allowed during the multipart upload.
|
|
* - params: (array) An array of key/value parameters that will be applied
|
|
* to each of the sub-commands run by the uploader as a base.
|
|
* Auto-calculated options will override these parameters. If you need
|
|
* more granularity over parameters to each sub-command, use the before_*
|
|
* options detailed above to update the commands directly.
|
|
* - part_size: (int, default=int(5242880)) Part size, in bytes, to use when
|
|
* doing a multipart upload. This must between 5 MB and 5 GB, inclusive.
|
|
* - state: (Aws\Multipart\UploadState) An object that represents the state
|
|
* of the multipart upload and that is used to resume a previous upload.
|
|
* When this option is provided, the `bucket`, `key`, and `part_size`
|
|
* options are ignored.
|
|
*
|
|
* @param S3ClientInterface $client Client used for the upload.
|
|
* @param mixed $source Source of the data to upload.
|
|
* @param array $config Configuration used to perform the upload.
|
|
*/
|
|
public function __construct(S3ClientInterface $client, $source, array $config = [])
|
|
{
|
|
$this->appendUserAgent($client, 'feat/s3-encrypt/' . self::CRYPTO_VERSION);
|
|
$this->client = $client;
|
|
$config['params'] = [];
|
|
if (!empty($config['bucket'])) {
|
|
$config['params']['Bucket'] = $config['bucket'];
|
|
}
|
|
if (!empty($config['key'])) {
|
|
$config['params']['Key'] = $config['key'];
|
|
}
|
|
$this->provider = $this->getMaterialsProvider($config);
|
|
unset($config['@MaterialsProvider']);
|
|
$this->instructionFileSuffix = $this->getInstructionFileSuffix($config);
|
|
unset($config['@InstructionFileSuffix']);
|
|
$this->strategy = $this->getMetadataStrategy($config, $this->instructionFileSuffix);
|
|
if ($this->strategy === null) {
|
|
$this->strategy = self::getDefaultStrategy();
|
|
}
|
|
unset($config['@MetadataStrategy']);
|
|
$config['prepare_data_source'] = $this->getEncryptingDataPreparer();
|
|
parent::__construct($client, $source, $config);
|
|
}
|
|
private static function getDefaultStrategy()
|
|
{
|
|
return new HeadersMetadataStrategy();
|
|
}
|
|
private function getEncryptingDataPreparer()
|
|
{
|
|
return function () {
|
|
// Defer encryption work until promise is executed
|
|
$envelope = new MetadataEnvelope();
|
|
list($this->source, $params) = Promise\Create::promiseFor($this->encrypt($this->source, $this->config['@cipheroptions'] ?: [], $this->provider, $envelope))->then(function ($bodyStream) use($envelope) {
|
|
$params = $this->strategy->save($envelope, $this->config['params']);
|
|
return [$bodyStream, $params];
|
|
})->wait();
|
|
$this->source->rewind();
|
|
$this->config['params'] = $params;
|
|
};
|
|
}
|
|
}
|