diff options
| author | Tejay Cardon <tejay.cardon@gmail.com> | 2017-08-08 08:15:20 -0600 |
|---|---|---|
| committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-08-08 10:15:20 -0400 |
| commit | 2105b10ccdff58a6d1986776c37fc179249f369f (patch) | |
| tree | 2f9192a951ce39c3c2dceaf14d48fb0b756d331f /app/file.go | |
| parent | 7683e751ab7c8dee28e8ec8f2dcf3edd1048fe29 (diff) | |
| download | chat-2105b10ccdff58a6d1986776c37fc179249f369f.tar.gz chat-2105b10ccdff58a6d1986776c37fc179249f369f.tar.bz2 chat-2105b10ccdff58a6d1986776c37fc179249f369f.zip | |
FIXES PLT-6648 Add support for Server Side Encryption on S3 (#6467)
Help from Jason Blais on wording
Update storage_settings.jsx
Update en.json
Diffstat (limited to 'app/file.go')
| -rw-r--r-- | app/file.go | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/app/file.go b/app/file.go index 74f70ec16..03d898acd 100644 --- a/app/file.go +++ b/app/file.go @@ -115,6 +115,7 @@ func MoveFile(oldPath, newPath string) *model.AppError { secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey secure := *utils.Cfg.FileSettings.AmazonS3SSL signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2 + encrypt := *utils.Cfg.FileSettings.AmazonS3SSE region := utils.Cfg.FileSettings.AmazonS3Region s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region) if err != nil { @@ -123,7 +124,7 @@ func MoveFile(oldPath, newPath string) *model.AppError { bucket := utils.Cfg.FileSettings.AmazonS3Bucket source := s3.NewSourceInfo(bucket, oldPath, nil) - destination, err := s3.NewDestinationInfo(bucket, newPath, nil, nil) + destination, err := s3.NewDestinationInfo(bucket, newPath, nil, CopyMetadata(encrypt)) if err != nil { return model.NewLocAppError("moveFile", "api.file.write_file.s3.app_error", nil, err.Error()) } @@ -155,6 +156,7 @@ func WriteFile(f []byte, path string) *model.AppError { secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey secure := *utils.Cfg.FileSettings.AmazonS3SSL signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2 + encrypt := *utils.Cfg.FileSettings.AmazonS3SSE region := utils.Cfg.FileSettings.AmazonS3Region s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region) if err != nil { @@ -163,12 +165,12 @@ func WriteFile(f []byte, path string) *model.AppError { bucket := utils.Cfg.FileSettings.AmazonS3Bucket ext := filepath.Ext(path) - + metaData := S3Metadata(encrypt, "binary/octet-stream") if model.IsFileExtImage(ext) { - _, err = s3Clnt.PutObject(bucket, path, bytes.NewReader(f), model.GetImageMimeType(ext)) - } else { - _, err = s3Clnt.PutObject(bucket, path, bytes.NewReader(f), "binary/octet-stream") + metaData = S3Metadata(encrypt, model.GetImageMimeType(ext)) } + + _, err = s3Clnt.PutObjectWithMetadata(bucket, path, bytes.NewReader(f), metaData, nil) if err != nil { return model.NewLocAppError("WriteFile", "api.file.write_file.s3.app_error", nil, err.Error()) } @@ -633,3 +635,20 @@ func GetFileInfo(fileId string) (*model.FileInfo, *model.AppError) { return result.Data.(*model.FileInfo), nil } } + +func S3Metadata(encrypt bool, contentType string) map[string][]string { + metaData := make(map[string][]string) + if contentType != "" { + metaData["Content-Type"] = []string{"contentType"} + } + if encrypt { + metaData["x-amz-server-side-encryption"] = []string{"AES256"} + } + return metaData +} + +func CopyMetadata(encrypt bool) map[string]string { + metaData := make(map[string]string) + metaData["x-amz-server-side-encryption"] = "AES256" + return metaData +} |