-
Notifications
You must be signed in to change notification settings - Fork 402
/
cmd_share.go
291 lines (251 loc) · 9.13 KB
/
cmd_share.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.
package main
import (
"context"
"fmt"
"io/ioutil"
"net/url"
"os"
"path/filepath"
"strconv"
"strings"
"time"
"github.com/zeebo/clingy"
"github.com/zeebo/errs"
"storj.io/storj/cmd/uplink/ulext"
"storj.io/storj/cmd/uplink/ulloc"
"storj.io/uplink"
"storj.io/uplink/edge"
)
type cmdShare struct {
ex ulext.External
ap accessPermissions
access string
exportTo string
baseURL string
register bool
url bool
dns string
authService string
caCert string
public bool
}
func newCmdShare(ex ulext.External) *cmdShare {
return &cmdShare{ex: ex}
}
func (c *cmdShare) Setup(params clingy.Parameters) {
c.access = params.Flag("access", "Access name or value to share", "").(string)
params.Break()
c.exportTo = params.Flag("export-to", "Path to export the shared access to", "").(string)
c.baseURL = params.Flag("base-url", "The base url for link sharing", "https://link.us1.storjshare.io").(string)
c.register = params.Flag("register", "If true, creates and registers access grant", false,
clingy.Transform(strconv.ParseBool), clingy.Boolean,
).(bool)
c.url = params.Flag("url", "If true, returns a url for the shared path. implies --register and --public", false,
clingy.Transform(strconv.ParseBool), clingy.Boolean,
).(bool)
c.dns = params.Flag("dns", "Specify your custom hostname. if set, returns dns settings for web hosting. implies --register and --public", "").(string)
c.authService = params.Flag("auth-service", "URL for shared auth service", "https://auth.us1.storjshare.io").(string)
c.public = params.Flag("public", "If true, the access will be public. --dns and --url override this", false,
clingy.Transform(strconv.ParseBool), clingy.Boolean,
).(bool)
params.Break()
c.ap.Setup(params, false)
}
func (c *cmdShare) Execute(ctx clingy.Context) error {
if len(c.ap.prefixes) == 0 {
return errs.New("You must specify at least one prefix to share. Use the access restrict command to restrict with no prefixes.")
}
access, err := c.ex.OpenAccess(c.access)
if err != nil {
return err
}
access, err = c.ap.Apply(access)
if err != nil {
return err
}
isPublic := c.public || c.url || c.dns != ""
if isPublic {
if c.ap.notAfter.String() == "" {
fmt.Fprintf(ctx, "It's not recommended to create a shared Access without an expiration date.")
fmt.Fprintf(ctx, "If you wish to do so anyway, please run this command with --not-after=none.")
return nil
}
if c.ap.notAfter.String() == "none" {
c.ap.notAfter = time.Time{}
}
}
newAccessData, err := access.Serialize()
if err != nil {
return err
}
fmt.Fprintf(ctx, "Sharing access to satellite %s\n", access.SatelliteAddress())
fmt.Fprintf(ctx, "=========== ACCESS RESTRICTIONS ==========================================================\n")
fmt.Fprintf(ctx, "Download : %s\n", formatPermission(c.ap.AllowDownload()))
fmt.Fprintf(ctx, "Upload : %s\n", formatPermission(c.ap.AllowUpload()))
fmt.Fprintf(ctx, "Lists : %s\n", formatPermission(c.ap.AllowList()))
fmt.Fprintf(ctx, "Deletes : %s\n", formatPermission(c.ap.AllowDelete()))
fmt.Fprintf(ctx, "NotBefore : %s\n", formatTimeRestriction(c.ap.notBefore))
fmt.Fprintf(ctx, "NotAfter : %s\n", formatTimeRestriction(c.ap.notAfter))
fmt.Fprintf(ctx, "Paths : %s\n", formatPaths(c.ap.prefixes))
fmt.Fprintf(ctx, "=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========\n")
fmt.Fprintf(ctx, "Access : %s\n", newAccessData)
if c.register || c.url || c.dns != "" {
credentials, err := RegisterAccess(ctx, access, c.authService, isPublic, c.caCert)
if err != nil {
return err
}
err = DisplayGatewayCredentials(ctx, *credentials, "", "")
if err != nil {
return err
}
_, err = fmt.Fprintln(ctx, "Public Access: ", isPublic)
if err != nil {
return err
}
if len(c.ap.prefixes) == 1 && !c.ap.AllowUpload() && !c.ap.disallowDeletes {
if c.url {
if err = createURL(ctx, credentials.AccessKeyID, c.ap.prefixes[0], c.baseURL, c.ap.prefixes); err != nil {
return err
}
}
if c.dns != "" {
if err = createDNS(ctx, credentials.AccessKeyID, c.ap.prefixes[0], c.baseURL, c.dns); err != nil {
return err
}
}
}
}
if c.exportTo != "" {
// convert to an absolute path, mostly for output purposes.
exportTo, err := filepath.Abs(c.exportTo)
if err != nil {
return err
}
if err := ioutil.WriteFile(exportTo, []byte(newAccessData+"\n"), 0600); err != nil {
return err
}
fmt.Fprintln(ctx, "Exported to:", exportTo)
}
return nil
}
func formatPermission(allowed bool) string {
if allowed {
return "Allowed"
}
return "Disallowed"
}
func formatTimeRestriction(t time.Time) string {
if t.IsZero() {
return "No restriction"
}
return formatTime(true, t)
}
func formatPaths(sharePrefixes []uplink.SharePrefix) string {
if len(sharePrefixes) == 0 {
return "WARNING! The entire project is shared!"
}
var paths []string
for _, prefix := range sharePrefixes {
path := "sj://" + prefix.Bucket
if len(prefix.Prefix) == 0 {
path += "/ (entire bucket)"
} else {
path += "/" + prefix.Prefix
}
paths = append(paths, path)
}
return strings.Join(paths, "\n ")
}
// RegisterAccess registers an access grant with a Gateway Authorization Service.
func RegisterAccess(ctx context.Context, access *uplink.Access, authService string, public bool, certificateFile string) (credentials *edge.Credentials, err error) {
if authService == "" {
return nil, errs.New("no auth service address provided")
}
// preserve compatibility with previous https service
authService = strings.TrimPrefix(authService, "https://")
authService = strings.TrimSuffix(authService, "/")
if !strings.Contains(authService, ":") {
authService += ":7777"
}
var certificatePEM []byte
if certificateFile != "" {
certificatePEM, err = os.ReadFile(certificateFile)
if err != nil {
return nil, errs.New("can't read certificate file: %w", err)
}
}
edgeConfig := edge.Config{
AuthServiceAddress: authService,
CertificatePEM: certificatePEM,
}
return edgeConfig.RegisterAccess(ctx, access, &edge.RegisterAccessOptions{Public: public})
}
// Creates linksharing url for allowed path prefixes.
func createURL(ctx clingy.Context, newAccessData string, prefix uplink.SharePrefix, baseURL string, sharePrefixes []uplink.SharePrefix) (err error) {
loc := ulloc.NewRemote(prefix.Bucket, prefix.Prefix)
bucket, key, _ := loc.RemoteParts()
fmt.Fprintf(ctx, "=========== BROWSER URL ==================================================================\n")
fmt.Fprintf(ctx, "REMINDER : Object key must end in '/' when trying to share recursively\n")
fmt.Fprintf(ctx, "URL : %s/s/%s/%s/%s\n", baseURL, url.PathEscape(newAccessData), bucket, key)
return nil
}
// Creates dns record info for allowed path prefixes.
func createDNS(ctx clingy.Context, accessKey string, prefix uplink.SharePrefix, baseURL, dns string) (err error) {
CNAME, err := url.Parse(baseURL)
if err != nil {
return err
}
rootString := ulloc.NewRemote(prefix.Bucket, prefix.Prefix).String()[5:]
printStorjRoot := fmt.Sprintf("txt-%s\tIN\tTXT \tstorj-root:%s", dns, rootString)
fmt.Fprintf(ctx, "=========== DNS INFO =====================================================================\n")
fmt.Fprintf(ctx, "Remember to update the $ORIGIN with your domain name. You may also change the $TTL.\n")
fmt.Fprintf(ctx, "$ORIGIN example.com.\n")
fmt.Fprintf(ctx, "$TTL 3600\n")
fmt.Fprintf(ctx, "%s \tIN\tCNAME\t%s.\n", dns, CNAME.Host)
fmt.Fprintln(ctx, printStorjRoot)
fmt.Fprintf(ctx, "txt-%s\tIN\tTXT \tstorj-access:%s\n", dns, accessKey)
return nil
}
// DisplayGatewayCredentials formats and writes credentials to stdout.
func DisplayGatewayCredentials(ctx clingy.Context, credentials edge.Credentials, format string, awsProfile string) (err error) {
switch format {
case "env": // export / set compatible format
// note that AWS_ENDPOINT configuration is not natively utilized by the AWS CLI
_, err = fmt.Fprintf(ctx, "AWS_ACCESS_KEY_ID=%s\n"+
"AWS_SECRET_ACCESS_KEY=%s\n"+
"AWS_ENDPOINT=%s\n",
credentials.AccessKeyID, credentials.SecretKey, credentials.Endpoint)
if err != nil {
return err
}
case "aws": // aws configuration commands
profile := ""
if awsProfile != "" {
profile = " --profile " + awsProfile
_, err = fmt.Fprintf(ctx, "aws configure %s\n", profile)
if err != nil {
return err
}
}
// note that the endpoint_url configuration is not natively utilized by the AWS CLI
_, err = fmt.Fprintf(ctx, "aws configure %s set aws_access_key_id %s\n"+
"aws configure %s set aws_secret_access_key %s\n"+
"aws configure %s set s3.endpoint_url %s\n",
profile, credentials.AccessKeyID, profile, credentials.SecretKey, profile, credentials.Endpoint)
if err != nil {
return err
}
default: // plain text
_, err = fmt.Fprintf(ctx, "========== CREDENTIALS ===================================================================\n"+
"Access Key ID: %s\n"+
"Secret Key : %s\n"+
"Endpoint : %s\n",
credentials.AccessKeyID, credentials.SecretKey, credentials.Endpoint)
if err != nil {
return err
}
}
return nil
}