From e3abc042a8a2e8c77e6ddb282368e0f7511f5e27 Mon Sep 17 00:00:00 2001 From: Felipe Nakandakari <76239+fenak@users.noreply.github.com> Date: Mon, 27 Feb 2023 12:58:18 +1100 Subject: [PATCH 1/3] Use credentials array only if values passed via conf.php --- lib/Data/S3Storage.php | 51 +++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/lib/Data/S3Storage.php b/lib/Data/S3Storage.php index 4411c97b..6761bbbb 100644 --- a/lib/Data/S3Storage.php +++ b/lib/Data/S3Storage.php @@ -82,31 +82,32 @@ class S3Storage extends AbstractData */ public function __construct(array $options) { - $this->_options['credentials'] = array(); - - if (is_array($options) && array_key_exists('region', $options)) { - $this->_options['region'] = $options['region']; - } - if (is_array($options) && array_key_exists('version', $options)) { - $this->_options['version'] = $options['version']; - } - if (is_array($options) && array_key_exists('endpoint', $options)) { - $this->_options['endpoint'] = $options['endpoint']; - } - if (is_array($options) && array_key_exists('accesskey', $options)) { - $this->_options['credentials']['key'] = $options['accesskey']; - } - if (is_array($options) && array_key_exists('secretkey', $options)) { - $this->_options['credentials']['secret'] = $options['secretkey']; - } - if (is_array($options) && array_key_exists('use_path_style_endpoint', $options)) { - $this->_options['use_path_style_endpoint'] = filter_var($options['use_path_style_endpoint'], FILTER_VALIDATE_BOOLEAN); - } - if (is_array($options) && array_key_exists('bucket', $options)) { - $this->_bucket = $options['bucket']; - } - if (is_array($options) && array_key_exists('prefix', $options)) { - $this->_prefix = $options['prefix']; + if (is_array($options)) { + // AWS SDK will try to load credentials from environment if credentials are not passed via configuration + // ref: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain + if (isset($options['accesskey']) && isset($options['secretkey'])) { + $this->_options['credentials'] = array(); + $this->_options['credentials']['key'] = $options['accesskey']; + $this->_options['credentials']['secret'] = $options['secretkey']; + } + if (array_key_exists('region', $options)) { + $this->_options['region'] = $options['region']; + } + if (array_key_exists('version', $options)) { + $this->_options['version'] = $options['version']; + } + if (array_key_exists('endpoint', $options)) { + $this->_options['endpoint'] = $options['endpoint']; + } + if (array_key_exists('use_path_style_endpoint', $options)) { + $this->_options['use_path_style_endpoint'] = filter_var($options['use_path_style_endpoint'], FILTER_VALIDATE_BOOLEAN); + } + if (array_key_exists('bucket', $options)) { + $this->_bucket = $options['bucket']; + } + if (array_key_exists('prefix', $options)) { + $this->_prefix = $options['prefix']; + } } $this->_client = new S3Client($this->_options); From 6d4d3af3774f36f260d76b4843cced7fbda0fba1 Mon Sep 17 00:00:00 2001 From: Felipe Nakandakari <76239+fenak@users.noreply.github.com> Date: Mon, 27 Feb 2023 13:26:45 +1100 Subject: [PATCH 2/3] Fix code style issues --- lib/Data/S3Storage.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/Data/S3Storage.php b/lib/Data/S3Storage.php index 6761bbbb..46703bdb 100644 --- a/lib/Data/S3Storage.php +++ b/lib/Data/S3Storage.php @@ -83,11 +83,12 @@ class S3Storage extends AbstractData public function __construct(array $options) { if (is_array($options)) { - // AWS SDK will try to load credentials from environment if credentials are not passed via configuration + // AWS SDK will try to load credentials from environment if credentials are not passed via configuration // ref: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain if (isset($options['accesskey']) && isset($options['secretkey'])) { $this->_options['credentials'] = array(); - $this->_options['credentials']['key'] = $options['accesskey']; + + $this->_options['credentials']['key'] = $options['accesskey']; $this->_options['credentials']['secret'] = $options['secretkey']; } if (array_key_exists('region', $options)) { From f48fffd7c267725590cae4b9a2e1eef52f64386f Mon Sep 17 00:00:00 2001 From: Felipe Nakandakari <76239+fenak@users.noreply.github.com> Date: Tue, 28 Feb 2023 08:30:58 +1100 Subject: [PATCH 3/3] Add sample config for S3 without hard-coded access keys --- cfg/conf.sample.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php index 7dca6d48..09bb9e19 100644 --- a/cfg/conf.sample.php +++ b/cfg/conf.sample.php @@ -230,6 +230,19 @@ dir = PATH "data" ;accesskey = "access key id" ;secretkey = "secret access key" +;[model] +; example of S3 configuration for AWS using its SDK default credential provider chain +; if relying on environment variables, the AWS SDK will look for the following: +; - AWS_ACCESS_KEY_ID +; - AWS_SECRET_ACCESS_KEY +; - AWS_SESSION_TOKEN (if needed) +; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain +;class = S3Storage +;[model_options] +;region = "eu-central-1" +;version = "latest" +;bucket = "my-bucket" + [yourls] ; When using YOURLS as a "urlshortener" config item: ; - By default, "urlshortener" will point to the YOURLS API URL, with or without