Malin
3248cbb029
Adds a new 'S3-Compatible Storage' provider that works with any
S3-API-compatible object storage service, including MinIO, Ceph,
Cloudflare R2, Backblaze B2, and others.
Changes:
- New provider class: classes/providers/storage/s3-compatible-provider.php
- Provider key: s3compatible
- Reads user-configured endpoint URL from settings
- Uses path-style URL access (required by most S3-compatible services)
- Supports credentials via AS3CF_S3COMPAT_ACCESS_KEY_ID /
AS3CF_S3COMPAT_SECRET_ACCESS_KEY wp-config.php constants
- Disables AWS-specific features (Block Public Access, Object Ownership)
- New provider SVG icons (s3compatible.svg, -link.svg, -round.svg)
- Registered provider in main plugin class with endpoint setting support
- Updated StorageProviderSubPage to show endpoint URL input for S3-compatible
- Built pro settings bundle with rollup (Svelte 4.2.19)
- Added package.json and updated rollup.config.mjs for pro-only builds
114 lines
5.0 KiB
PHP
114 lines
5.0 KiB
PHP
<?php
|
|
|
|
namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts;
|
|
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Arn\ArnParser;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\AwsClient;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\CacheInterface;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Credentials\Credentials;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Result;
|
|
use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\RegionalEndpoints\ConfigurationProvider;
|
|
/**
|
|
* This client is used to interact with the **AWS Security Token Service (AWS STS)**.
|
|
*
|
|
* @method \Aws\Result assumeRole(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise assumeRoleAsync(array $args = [])
|
|
* @method \Aws\Result assumeRoleWithSAML(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise assumeRoleWithSAMLAsync(array $args = [])
|
|
* @method \Aws\Result assumeRoleWithWebIdentity(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise assumeRoleWithWebIdentityAsync(array $args = [])
|
|
* @method \Aws\Result decodeAuthorizationMessage(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise decodeAuthorizationMessageAsync(array $args = [])
|
|
* @method \Aws\Result getAccessKeyInfo(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise getAccessKeyInfoAsync(array $args = [])
|
|
* @method \Aws\Result getCallerIdentity(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise getCallerIdentityAsync(array $args = [])
|
|
* @method \Aws\Result getFederationToken(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise getFederationTokenAsync(array $args = [])
|
|
* @method \Aws\Result getSessionToken(array $args = [])
|
|
* @method \GuzzleHttp\Promise\Promise getSessionTokenAsync(array $args = [])
|
|
*/
|
|
class StsClient extends AwsClient
|
|
{
|
|
/**
|
|
* {@inheritdoc}
|
|
*
|
|
* In addition to the options available to
|
|
* {@see \Aws\AwsClient::__construct}, StsClient accepts the following
|
|
* options:
|
|
*
|
|
* - sts_regional_endpoints:
|
|
* (Aws\Sts\RegionalEndpoints\ConfigurationInterface|Aws\CacheInterface\|callable|string|array)
|
|
* Specifies whether to use regional or legacy endpoints for legacy regions.
|
|
* Provide an Aws\Sts\RegionalEndpoints\ConfigurationInterface object, an
|
|
* instance of Aws\CacheInterface, a callable configuration provider used
|
|
* to create endpoint configuration, a string value of `legacy` or
|
|
* `regional`, or an associative array with the following keys:
|
|
* endpoint_types (string) Set to `legacy` or `regional`, defaults to
|
|
* `legacy`
|
|
*
|
|
* @param array $args
|
|
*/
|
|
public function __construct(array $args)
|
|
{
|
|
if (!isset($args['sts_regional_endpoints']) || $args['sts_regional_endpoints'] instanceof CacheInterface) {
|
|
$args['sts_regional_endpoints'] = ConfigurationProvider::defaultProvider($args);
|
|
}
|
|
$this->addBuiltIns($args);
|
|
parent::__construct($args);
|
|
}
|
|
/**
|
|
* Creates credentials from the result of an STS operations
|
|
*
|
|
* @param Result $result Result of an STS operation
|
|
*
|
|
* @return Credentials
|
|
* @throws \InvalidArgumentException if the result contains no credentials
|
|
*/
|
|
public function createCredentials(Result $result)
|
|
{
|
|
if (!$result->hasKey('Credentials')) {
|
|
throw new \InvalidArgumentException('Result contains no credentials');
|
|
}
|
|
$accountId = null;
|
|
if ($result->hasKey('AssumedRoleUser')) {
|
|
$parsedArn = ArnParser::parse($result->get('AssumedRoleUser')['Arn']);
|
|
$accountId = $parsedArn->getAccountId();
|
|
} elseif ($result->hasKey('FederatedUser')) {
|
|
$parsedArn = ArnParser::parse($result->get('FederatedUser')['Arn']);
|
|
$accountId = $parsedArn->getAccountId();
|
|
}
|
|
$credentials = $result['Credentials'];
|
|
$expiration = isset($credentials['Expiration']) && $credentials['Expiration'] instanceof \DateTimeInterface ? (int) $credentials['Expiration']->format('U') : null;
|
|
return new Credentials($credentials['AccessKeyId'], $credentials['SecretAccessKey'], isset($credentials['SessionToken']) ? $credentials['SessionToken'] : null, $expiration, $accountId);
|
|
}
|
|
/**
|
|
* Adds service-specific client built-in value
|
|
*
|
|
* @return void
|
|
*/
|
|
private function addBuiltIns($args)
|
|
{
|
|
$key = 'AWS::STS::UseGlobalEndpoint';
|
|
$result = $args['sts_regional_endpoints'] instanceof \Closure ? $args['sts_regional_endpoints']()->wait() : $args['sts_regional_endpoints'];
|
|
if (\is_string($result)) {
|
|
if ($result === 'regional') {
|
|
$value = \false;
|
|
} else {
|
|
if ($result === 'legacy') {
|
|
$value = \true;
|
|
} else {
|
|
return;
|
|
}
|
|
}
|
|
} else {
|
|
if ($result->getEndpointsType() === 'regional') {
|
|
$value = \false;
|
|
} else {
|
|
$value = \true;
|
|
}
|
|
}
|
|
$this->clientBuiltIns[$key] = $value;
|
|
}
|
|
}
|