Commit Graph

39 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan
ebfc33b556
DEV: Remove line of code that does not work (#30258)
We can't delete the file from disk as some of the assets are still
served by the app instead of going through the S3 bucket. It is a bug we
need to fix but it also means this ENV is unsafe now. Just drop the env
until we ensure all assets requested by the app are requested from the
S3 bucket directly.
2024-12-13 09:36:51 +08:00
Alan Guo Xiang Tan
19321a0b86
DEV: Fix s3:upload_assets not logging newlines (#30219)
Follow-up to 9a2e31b9af
2024-12-11 12:59:17 +08:00
Alan Guo Xiang Tan
9a2e31b9af
DEV: Use a Logger for s3:upload_assets (#30218)
Now that we run the `upload` method in different threads, we need to
synchronize writes to `STDOUT` which we can do so by using a `Logger`.

Follow-up to 49e8353959
2024-12-11 11:48:06 +08:00
Alan Guo Xiang Tan
49e8353959
FIX: s3:upload_assets was uploaded some source maps twice (#30216)
This is because Sprocket's manifest already contains the source maps.
The easy and safe fix here is to just use a `Set` to prevent
duplications.
2024-12-11 11:19:38 +08:00
Bianca Nenciu
b9f8a77d9b
DEV: Upload assets to S3 in parallel (#30210)
In my local setup (with Minio), this uploads the assets to S3 ~40% faster.
2024-12-11 10:51:05 +08:00
Matt Palmer
a98d2a8086
FEATURE: allow S3 ACLs to be disabled (#21769)
AWS recommends running buckets without ACLs, and to use resource policies to manage access control instead.
This is not a bad idea, because S3 ACLs are whack, and while resource policies are also whack, they're a more constrained form of whack.
Further, some compliance regimes get antsy if you don't go with the vendor's recommended settings, and arguing that you need to enable ACLs on a bucket just to store images in there is more hassle than it's worth.
The new site setting (s3_use_acls) cannot be disabled when secure
uploads is enabled -- the latter relies on private ACLs for security
at this point in time. We may want to reexamine this in future.
2023-06-06 15:47:40 +10:00
David Taylor
6417173082
DEV: Apply syntax_tree formatting to lib/* 2023-01-09 12:10:19 +00:00
David Taylor
eebe2f256c
DEV: Skip s3 asset deletion when in readonly mode (#19611)
In some situations (e.g. disaster recovery), it may make sense to spin up a temporary readonly version of a cluster. In that situation, the s3 `expire_missing_assets` job would delete assets which are still in use by the canonical read-write version of the cluster.

To avoid that, this commit will skip deletion if the site is currently in readonly mode.
2022-12-30 11:35:40 +00:00
David Taylor
f30f9ec5d9
PERF: Update s3:expire_missing_assets to delete in batches (#18908)
Some sites may have thousands of stale assets - deleting them one-by-one is very slow.

Followup to e8570b5cc9
2022-11-07 12:53:14 +00:00
David Taylor
e8570b5cc9
Fix and improve s3:expire_missing_assets task (#18863)
- Ensure it works with prefixed S3 buckets
- Perform a sanity check that all current assets are present on S3 before starting deletion
- Remove the lifecycle rule configuration and delete expired assets immediately. This task should be run post-deploy anyway, so adding a 10-day window is not required
2022-11-07 10:44:45 +00:00
David Taylor
b18ebc9648
PERF: Correct should_skip? logic in s3:upload (#18862)
This task is supposed to skip uploading if the asset is already present in S3. However, when a bucket 'folder path' was configured, this logic was broken and so the assets would be re-uploaded every time.

This commit fixes that logic to include the bucket 'folder path' in the check
2022-11-04 17:50:46 +00:00
David Taylor
51b88c0e2c
DEV: Ensure Ember CLI sourcemaps are uploaded to S3 (#15893)
Ember CLI gives sourcemaps their own digest. Our `s3.rake` logic assumes that the digest portion of sourcemap filenames remains the same.

The Ember CLI sourcemaps are included in the manifest file, so we can ensure they are uploaded by letting them past the MiniMime check.

Followup to abefb1beff
2022-02-10 19:00:47 +00:00
Peter Zhu
c5fd8c42db
DEV: Fix methods removed in Ruby 3.2 (#15459)
* File.exists? is deprecated and removed in Ruby 3.2 in favor of
File.exist?
* Dir.exists? is deprecated and removed in Ruby 3.2 in favor of
Dir.exist?
2022-01-05 18:45:08 +01:00
Jarek Radosz
b72688340f
FIX: LocalJumpError in rake tasks (#14874)
`return` isn't allowed in a block context. A followup to #14865
2021-11-10 16:53:55 +01:00
Jarek Radosz
25ef395af8
FIX: Don't fail if s3_install_cors_rule is off (#14865)
Regressed in #14802
2021-11-10 08:00:30 +10:00
Martin Brennan
fc98d1edfa
DEV: Improve s3:ensure_cors_rules logging (#14832) 2021-11-08 11:44:12 +10:00
Martin Brennan
9a72a0945f
FIX: Ensure CORS rules exist for S3 using rake task (#14802)
This commit introduces a new s3:ensure_cors_rules rake task
that is run as a prerequisite to s3:upload_assets. This rake
task calls out to the S3CorsRulesets class to ensure that
the 3 relevant sets of CORS rules are applied, depending on
site settings:

* assets
* direct S3 backups
* direct S3 uploads

This works for both Global S3 settings and Database S3 settings
(the latter set directly via SiteSetting).

As it is, only one rule can be applied, which is generally
the assets rule as it is called first. This commit changes
the ensure_cors! method to be able to apply new rules as
well as the existing ones.

This commit also slightly changes the existing rules to cover
direct S3 uploads via uppy, especially multipart, which requires
some more headers.
2021-11-08 09:16:38 +10:00
Rafael dos Santos Silva
b2e4c91818
DEV: Allow removing local assets after s3 sync (#14013) 2021-08-12 14:20:05 -03:00
Robin Ward
08fbf199ad FIX: S3 rake task can ignore yarn.lock 2020-04-29 13:14:04 -04:00
Robin Ward
9ec908950d DEV: Better error handling for s3 task 2020-04-29 12:54:39 -04:00
Rafael dos Santos Silva
b810fc282d FEATURE: Digital Ocean Spaces compatibility for Object Storage
DO does not implement tagging support for S3 objects. Removing our default
empty tag fixes compatibility.

The expire_missing_assets rake task can't be used with that service still,
but this patch allows normal operation.
2020-04-22 13:57:14 -03:00
Martin Brennan
097851c135
FIX: Change secure media to encompass attachments as well (#9271)
If the “secure media” site setting is enabled then ALL files uploaded to Discourse (images, video, audio, pdf, txt, zip etc. etc.) will follow the secure media rules. The “prevent anons from downloading files” setting will no longer have any bearing on upload security. Basically, the feature will more appropriately be called “secure uploads” instead of “secure media”.

This is being done because there are communities out there that would like all attachments and media to be secure based on category rules but still allow anonymous users to download attachments in public places, which is not possible in the current arrangement.
2020-03-26 07:16:02 +10:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Rafael dos Santos Silva
606c0ed14d
FIX: S3 uploads were missing a cache-control header (#7902)
Admins still need to run the rake task to fix the files who where uploaded previously.
2019-08-06 14:55:17 -03:00
Ralph Rooding
04abf18194 Fixed typo in S3 rake task 2019-05-28 16:57:55 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Vinoth Kannan
902f535111 FIX: upload method in S3Helper will expect a file object param 2019-01-04 15:30:45 +05:30
Sam
e2dca641c6 handle exceptions in s3:correct_acl task
We need to handle arbitrary exceptions in this task, especially since the
task is not easily resumable.

Simply output problem uploads as you hit them for now.
2019-01-04 08:32:09 +11:00
Sam
05a3e3670f FEATURE: add rake task that resets ACL on every object in S3
Some previous migrations to S3 may have bad ACLs set on objects. This
introduces a new rake task (`rake s3:correct_acl`) that will reset ACL on
every S3 object.

Vast majority of users will never have to run it, but if you have ACL issues
this is the atomic solution.
2019-01-04 08:13:43 +11:00
Guo Xiang Tan
a895626d10 DB based S3 settings fixes for s3:upload_assets. 2018-11-15 15:48:40 +08:00
Guo Xiang Tan
68b640f6a9 Allow s3:upload_assets to use site settings from DB take 2. 2018-11-15 15:10:39 +08:00
Guo Xiang Tan
c56d682f45 Allow s3:upload_assets to use site settings from DB. 2018-11-15 15:06:19 +08:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Sam
a8b4255bae Correct rule installation in AWS 2017-10-09 10:26:58 +11:00
Sam
70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Sam
5b96463c40 in production there is no cached it seems 2017-10-03 18:27:09 +11:00
Sam
ac01885b60 FEATURE: rake tasks for uploading assets to S3
This opens the door to serving application.js and so on from s3.

Also updates s3 gem for some tagging support
2017-10-03 18:00:53 +11:00