From 2105b10ccdff58a6d1986776c37fc179249f369f Mon Sep 17 00:00:00 2001
From: Tejay Cardon <tejay.cardon@gmail.com>
Date: Tue, 8 Aug 2017 08:15:20 -0600
Subject: FIXES PLT-6648 Add support for Server Side Encryption on S3 (#6467)

Help from Jason Blais on wording
Update storage_settings.jsx
Update en.json
---
 app/file.go | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

(limited to 'app/file.go')

diff --git a/app/file.go b/app/file.go
index 74f70ec16..03d898acd 100644
--- a/app/file.go
+++ b/app/file.go
@@ -115,6 +115,7 @@ func MoveFile(oldPath, newPath string) *model.AppError {
 		secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *utils.Cfg.FileSettings.AmazonS3SSL
 		signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
+		encrypt := *utils.Cfg.FileSettings.AmazonS3SSE
 		region := utils.Cfg.FileSettings.AmazonS3Region
 		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
@@ -123,7 +124,7 @@ func MoveFile(oldPath, newPath string) *model.AppError {
 		bucket := utils.Cfg.FileSettings.AmazonS3Bucket
 
 		source := s3.NewSourceInfo(bucket, oldPath, nil)
-		destination, err := s3.NewDestinationInfo(bucket, newPath, nil, nil)
+		destination, err := s3.NewDestinationInfo(bucket, newPath, nil, CopyMetadata(encrypt))
 		if err != nil {
 			return model.NewLocAppError("moveFile", "api.file.write_file.s3.app_error", nil, err.Error())
 		}
@@ -155,6 +156,7 @@ func WriteFile(f []byte, path string) *model.AppError {
 		secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *utils.Cfg.FileSettings.AmazonS3SSL
 		signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
+		encrypt := *utils.Cfg.FileSettings.AmazonS3SSE
 		region := utils.Cfg.FileSettings.AmazonS3Region
 		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
@@ -163,12 +165,12 @@ func WriteFile(f []byte, path string) *model.AppError {
 
 		bucket := utils.Cfg.FileSettings.AmazonS3Bucket
 		ext := filepath.Ext(path)
-
+		metaData := S3Metadata(encrypt, "binary/octet-stream")
 		if model.IsFileExtImage(ext) {
-			_, err = s3Clnt.PutObject(bucket, path, bytes.NewReader(f), model.GetImageMimeType(ext))
-		} else {
-			_, err = s3Clnt.PutObject(bucket, path, bytes.NewReader(f), "binary/octet-stream")
+			metaData = S3Metadata(encrypt, model.GetImageMimeType(ext))
 		}
+
+		_, err = s3Clnt.PutObjectWithMetadata(bucket, path, bytes.NewReader(f), metaData, nil)
 		if err != nil {
 			return model.NewLocAppError("WriteFile", "api.file.write_file.s3.app_error", nil, err.Error())
 		}
@@ -633,3 +635,20 @@ func GetFileInfo(fileId string) (*model.FileInfo, *model.AppError) {
 		return result.Data.(*model.FileInfo), nil
 	}
 }
+
+func S3Metadata(encrypt bool, contentType string) map[string][]string {
+	metaData := make(map[string][]string)
+	if contentType != "" {
+		metaData["Content-Type"] = []string{"contentType"}
+	}
+	if encrypt {
+		metaData["x-amz-server-side-encryption"] = []string{"AES256"}
+	}
+	return metaData
+}
+
+func CopyMetadata(encrypt bool) map[string]string {
+	metaData := make(map[string]string)
+	metaData["x-amz-server-side-encryption"] = "AES256"
+	return metaData
+}
-- 
cgit v1.2.3-1-g7c22