mirror of
https://activitypub.software/TransFem-org/Sharkey.git
synced 2025-01-07 17:52:16 +01:00
add option filePermissionBits to override permissions on locally-stored files
This is useful for custom deployments, such as using a reverse proxy to serve static files directly
This commit is contained in:
Hazelnoot
parent
0efd5eff2b
commit
3d3cf5bd7a
6 changed files with 38 additions and 4 deletions
|
|
@ -229,3 +229,8 @@ checkActivityPubGetSignature: false
|
||||||
|
|
||||||
# Upload or download file size limits (bytes)
|
# Upload or download file size limits (bytes)
|
||||||
#maxFileSize: 262144000
|
#maxFileSize: 262144000
|
||||||
|
|
||||||
|
# CHMod-style permission bits to apply to uploaded files.
|
||||||
|
# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
|
||||||
|
# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
|
||||||
|
#filePermissionBits: '644'
|
||||||
|
|
|
||||||
|
|
@ -222,3 +222,8 @@ allowedPrivateNetworks: [
|
||||||
|
|
||||||
# Upload or download file size limits (bytes)
|
# Upload or download file size limits (bytes)
|
||||||
#maxFileSize: 262144000
|
#maxFileSize: 262144000
|
||||||
|
|
||||||
|
# CHMod-style permission bits to apply to uploaded files.
|
||||||
|
# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
|
||||||
|
# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
|
||||||
|
#filePermissionBits: '644'
|
||||||
|
|
|
||||||
|
|
@ -312,3 +312,8 @@ checkActivityPubGetSignature: false
|
||||||
|
|
||||||
# Upload or download file size limits (bytes)
|
# Upload or download file size limits (bytes)
|
||||||
#maxFileSize: 262144000
|
#maxFileSize: 262144000
|
||||||
|
|
||||||
|
# CHMod-style permission bits to apply to uploaded files.
|
||||||
|
# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
|
||||||
|
# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
|
||||||
|
#filePermissionBits: '644'
|
||||||
|
|
|
||||||
|
|
@ -334,3 +334,8 @@ checkActivityPubGetSignature: false
|
||||||
|
|
||||||
# PID File of master process
|
# PID File of master process
|
||||||
#pidFile: /tmp/misskey.pid
|
#pidFile: /tmp/misskey.pid
|
||||||
|
|
||||||
|
# CHMod-style permission bits to apply to uploaded files.
|
||||||
|
# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
|
||||||
|
# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
|
||||||
|
#filePermissionBits: '644'
|
||||||
|
|
|
||||||
|
|
@ -115,6 +115,7 @@ type Source = {
|
||||||
};
|
};
|
||||||
|
|
||||||
pidFile: string;
|
pidFile: string;
|
||||||
|
filePermissionBits?: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
export type Config = {
|
export type Config = {
|
||||||
|
|
@ -212,6 +213,7 @@ export type Config = {
|
||||||
} | undefined;
|
} | undefined;
|
||||||
|
|
||||||
pidFile: string;
|
pidFile: string;
|
||||||
|
filePermissionBits?: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
const _filename = fileURLToPath(import.meta.url);
|
const _filename = fileURLToPath(import.meta.url);
|
||||||
|
|
@ -347,6 +349,7 @@ export function loadConfig(): Config {
|
||||||
deactivateAntennaThreshold: config.deactivateAntennaThreshold ?? (1000 * 60 * 60 * 24 * 7),
|
deactivateAntennaThreshold: config.deactivateAntennaThreshold ?? (1000 * 60 * 60 * 24 * 7),
|
||||||
import: config.import,
|
import: config.import,
|
||||||
pidFile: config.pidFile,
|
pidFile: config.pidFile,
|
||||||
|
filePermissionBits: config.filePermissionBits,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -452,7 +455,10 @@ function applyEnvOverrides(config: Source) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const alwaysStrings = { 'chmodSocket': true } as { [key: string]: boolean };
|
const alwaysStrings: { [key in string]?: boolean } = {
|
||||||
|
'chmodSocket': true,
|
||||||
|
'filePermissionBits': true,
|
||||||
|
};
|
||||||
|
|
||||||
function _assign(path: (string | number)[], lastStep: string | number, value: string) {
|
function _assign(path: (string | number)[], lastStep: string | number, value: string) {
|
||||||
let thisConfig = config as any;
|
let thisConfig = config as any;
|
||||||
|
|
@ -490,7 +496,7 @@ function applyEnvOverrides(config: Source) {
|
||||||
_apply_top(['sentryForBackend', 'enableNodeProfiling']);
|
_apply_top(['sentryForBackend', 'enableNodeProfiling']);
|
||||||
_apply_top([['clusterLimit', 'deliverJobConcurrency', 'inboxJobConcurrency', 'relashionshipJobConcurrency', 'deliverJobPerSec', 'inboxJobPerSec', 'relashionshipJobPerSec', 'deliverJobMaxAttempts', 'inboxJobMaxAttempts']]);
|
_apply_top([['clusterLimit', 'deliverJobConcurrency', 'inboxJobConcurrency', 'relashionshipJobConcurrency', 'deliverJobPerSec', 'inboxJobPerSec', 'relashionshipJobPerSec', 'deliverJobMaxAttempts', 'inboxJobMaxAttempts']]);
|
||||||
_apply_top([['outgoingAddress', 'outgoingAddressFamily', 'proxy', 'proxySmtp', 'mediaProxy', 'proxyRemoteFiles', 'videoThumbnailGenerator']]);
|
_apply_top([['outgoingAddress', 'outgoingAddressFamily', 'proxy', 'proxySmtp', 'mediaProxy', 'proxyRemoteFiles', 'videoThumbnailGenerator']]);
|
||||||
_apply_top([['maxFileSize', 'maxNoteLength', 'maxRemoteNoteLength', 'maxAltTextLength', 'maxRemoteAltTextLength', 'pidFile']]);
|
_apply_top([['maxFileSize', 'maxNoteLength', 'maxRemoteNoteLength', 'maxAltTextLength', 'maxRemoteAltTextLength', 'pidFile', 'filePermissionBits']]);
|
||||||
_apply_top(['import', ['downloadTimeout', 'maxFileSize']]);
|
_apply_top(['import', ['downloadTimeout', 'maxFileSize']]);
|
||||||
_apply_top([['signToActivityPubGet', 'checkActivityPubGetSignature']]);
|
_apply_top([['signToActivityPubGet', 'checkActivityPubGetSignature']]);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import * as fs from 'node:fs';
|
import * as fs from 'node:fs';
|
||||||
import { copyFile, unlink, writeFile } from 'node:fs/promises';
|
import { copyFile, unlink, writeFile, chmod } from 'node:fs/promises';
|
||||||
import * as Path from 'node:path';
|
import * as Path from 'node:path';
|
||||||
import { fileURLToPath } from 'node:url';
|
import { fileURLToPath } from 'node:url';
|
||||||
import { dirname } from 'node:path';
|
import { dirname } from 'node:path';
|
||||||
|
|
@ -41,12 +41,20 @@ export class InternalStorageService {
|
||||||
@bindThis
|
@bindThis
|
||||||
public async saveFromPath(key: string, srcPath: string): Promise<string> {
|
public async saveFromPath(key: string, srcPath: string): Promise<string> {
|
||||||
await copyFile(srcPath, this.resolvePath(key));
|
await copyFile(srcPath, this.resolvePath(key));
|
||||||
return `${this.config.url}/files/${key}`;
|
return await this.finalizeSavedFile(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
@bindThis
|
@bindThis
|
||||||
public async saveFromBuffer(key: string, data: Buffer): Promise<string> {
|
public async saveFromBuffer(key: string, data: Buffer): Promise<string> {
|
||||||
await writeFile(this.resolvePath(key), data);
|
await writeFile(this.resolvePath(key), data);
|
||||||
|
return await this.finalizeSavedFile(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async finalizeSavedFile(key: string): Promise<string> {
|
||||||
|
if (this.config.filePermissionBits) {
|
||||||
|
const path = this.resolvePath(key);
|
||||||
|
await chmod(path, this.config.filePermissionBits);
|
||||||
|
}
|
||||||
return `${this.config.url}/files/${key}`;
|
return `${this.config.url}/files/${key}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue