Add external asset URl

leighmacdonald · Sep 23, 2023 · 2930dee · 2930dee
1 parent 4b2ce88
commit 2930dee
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 34 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -12,18 +12,18 @@ jobs:
     runs-on: "ubuntu-latest"
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - run: git fetch --force --tags
       - uses: actions/setup-go@v4
         with:
           go-version: 'stable'
-          cache: true
 
       - run: go mod tidy
 
-      - uses: docker/login-action@v1
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -41,13 +41,6 @@ jobs:
           DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Build & publish gbans image
         run: |
           docker build . --tag ghcr.io/leighmacdonald/gbans:${GITHUB_REF##*/}

diff --git a/gbans_example.yml b/gbans_example.yml
@@ -71,13 +71,21 @@ word_filter:
 # When enabled, will use s3-compatible backend for storing demos and media uploads. They will otherwise be served from the
 # database. The data will *not* also be duplicated in the local database when using s3.
 s3:
-  enabled: true
+  # S3 Access Key (Username)
   access_key: "xxxxxxxxxxxxxxxxxxxx"
+  # S3 Secret Key (Password
   secret_key: "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
+  # S3 API Endpoint
   endpoint: "localhost:9001"
+  # Use SSL (HTTPS) to access API
   ssl: false
+  # External URL users use to access the asset
+  external_url: "http://asset.localhost:9000"
+  # Optional S3 Region
   region: ""
+  # Name of the buckete used for storing media
   bucket_media: media
+  # Name of the buckete used for storing demos
   bucket_demo: demos
 
 discord:

diff --git a/internal/app/config.go b/internal/app/config.go
@@ -48,21 +48,13 @@ type s3Config struct {
 	AccessKey   string `mapstructure:"access_key"`
 	SecretKey   string `mapstructure:"secret_key"`
 	Endpoint    string `mapstructure:"endpoint"`
+	ExternalURL string `mapstructure:"external_url"`
 	Region      string `mapstructure:"region"`
 	SSL         bool   `mapstructure:"ssl"`
 	BucketMedia string `mapstructure:"bucket_media"`
 	BucketDemo  string `mapstructure:"bucket_demo"`
 }
 
-func (s s3Config) URL() string {
-	proto := "http"
-	if s.SSL {
-		proto += "s"
-	}
-
-	return fmt.Sprintf("%s://%s", proto, s.Endpoint)
-}
-
 type dbConfig struct {
 	DSN         string `mapstructure:"dsn"`
 	AutoMigrate bool   `mapstructure:"auto_migrate"`

diff --git a/internal/app/http_routes.go b/internal/app/http_routes.go
@@ -37,14 +37,14 @@ func httpErrorHandler(logger *zap.Logger) gin.HandlerFunc {
 	}
 }
 
-func useSecure(mode RunMode) gin.HandlerFunc {
+func useSecure(mode RunMode, cspOrigin string) gin.HandlerFunc {
 	cspBuilder := cspbuilder.Builder{
 		Directives: map[string][]string{
-			cspbuilder.DefaultSrc: {"'self'"},
+			cspbuilder.DefaultSrc: {"'self'", cspOrigin},
 			cspbuilder.StyleSrc:   {"'self'", "'unsafe-inline'", "https://fonts.cdnfonts.com", "https://fonts.googleapis.com"},
 			cspbuilder.ScriptSrc:  {"'self'", "'unsafe-inline'", "https://www.google-analytics.com"}, // TODO  "'strict-dynamic'", "$NONCE",
 			cspbuilder.FontSrc:    {"'self'", "https://fonts.gstatic.com", "https://fonts.cdnfonts.com"},
-			cspbuilder.ImgSrc:     {"'self'", "data:", "https://*.tile.openstreetmap.org", "https://*.steamstatic.com", "http://localhost:9000"},
+			cspbuilder.ImgSrc:     append([]string{"'self'", "data:", "https://*.tile.openstreetmap.org", "https://*.steamstatic.com", "http://localhost:9000"}, cspOrigin),
 			cspbuilder.BaseURI:    {"'self'"},
 			cspbuilder.ObjectSrc:  {"'none'"},
 		},
@@ -78,9 +78,10 @@ type jsConfig struct {
 	SiteName        string `json:"site_name"`
 	DiscordClientID string `json:"discord_client_id"`
 	DiscordLinkID   string `json:"discord_link_id"`
-	AssetURL        string `json:"asset_url"`
-	BucketDemo      string `json:"bucket_demo"`
-	BucketMedia     string `json:"bucket_media"`
+	// External URL used to access S3 assets. media:// links are replaces with this url
+	AssetURL    string `json:"asset_url"`
+	BucketDemo  string `json:"bucket_demo"`
+	BucketMedia string `json:"bucket_media"`
 }
 
 //nolint:contextcheck
@@ -92,7 +93,7 @@ func createRouter(ctx context.Context, app *App) *gin.Engine {
 	}
 
 	engine.Use(httpErrorHandler(app.log), gin.Recovery())
-	engine.Use(useSecure(app.conf.General.Mode))
+	engine.Use(useSecure(app.conf.General.Mode, app.conf.S3.ExternalURL))
 
 	corsConfig := cors.DefaultConfig()
 	corsConfig.AllowOrigins = app.conf.HTTP.CorsOrigins
@@ -139,7 +140,7 @@ func createRouter(ctx context.Context, app *App) *gin.Engine {
 				SiteName:        app.conf.General.SiteName,
 				DiscordClientID: app.conf.Discord.AppID,
 				DiscordLinkID:   app.conf.Discord.LinkID,
-				AssetURL:        app.conf.S3.URL(),
+				AssetURL:        app.conf.S3.ExternalURL,
 				BucketDemo:      app.conf.S3.BucketDemo,
 				BucketMedia:     app.conf.S3.BucketMedia,
 			})

diff --git a/internal/app/s3_test.go b/internal/app/s3_test.go
@@ -6,7 +6,6 @@ import (
 	"io"
 	"net/http"
 	"os"
-	"strings"
 	"testing"
 	"time"
 
@@ -32,11 +31,7 @@ func TestS3Client(t *testing.T) {
 	}
 
 	if err := client.CreateBucketIfNotExists(context.Background(), testBucket); err != nil {
-		if strings.Contains(err.Error(), "No connection could") {
-			t.Skipf("No server available")
-		}
-
-		require.NoError(t, err)
+		t.Skipf("No server available")
 	}
 
 	randID, _ := uuid.NewV4()