Prepare v0.5.17-pre.2

This release fixes configuration for strict object storage
implementations

Cargo.lock

@@ -1971,7 +1971,7 @@ dependencies = [
 
 [[package]]
 name = "pict-rs"
-version = "0.5.17-pre.1"
+version = "0.5.17-pre.2"
 dependencies = [
  "actix-form-data",
  "actix-web",

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "pict-rs"
 description = "A simple image hosting service"
-version = "0.5.17-pre.1"
+version = "0.5.17-pre.2"
 authors = ["asonix <asonix@asonix.dog>"]
 license = "AGPL-3.0"
 readme = "README.md"

pict-rs.nix

@@ -11,7 +11,7 @@
 
 rustPlatform.buildRustPackage {
   pname = "pict-rs";
-  version = "0.5.17-pre.1";
+  version = "0.5.17-pre.2";
   src = ./.;
 
   cargoLock = {

pict-rs.toml

@@ -741,14 +741,6 @@ secret_key = 'SECRET_KEY'
 # default: empty
 session_token = 'SESSION_TOKEN'
 
-## Optional: set how long object storage signatures are valid for (in seconds)
-# environment variable: PICTRS__STORE__SIGNATURE_DURATION
-# default: 15
-#
-# This can be useful if your object storage might take a while to process requests. It should not be
-# increased more than needed to prevent replay attacks.
-signature_duration = 15
-
 ## Optional: set how long pict-rs will wait (in seconds) for a response from object storage
 # environment variable: PICTRS__STORE__CLIENT_TIMEOUT
 # default: 30

releases/0.5.17-pre.2.md

@@ -0,0 +1,14 @@
+# pict-rs 0.5.17-pre.2
+
+pict-rs is a simple image hosting microservice, designed to handle storing and retrieving images,
+animations, and videos, as well as providing basic image processing functionality.
+
+## Overview
+
+pict-rs 0.5.17-pre.2 fixes bugs with object storage configuration introduced in 0.5.17-pre.1, and
+removes unused configuration options.
+
+## Upgrade Notes
+
+There are no significant changes from 0.5.17-pre.1. Upgrading should be as simple as pulling a new
+version of pict-rs.

src/config/commandline.rs

@@ -1490,13 +1490,6 @@ struct ObjectStorage {
     #[serde(skip_serializing_if = "Option::is_none")]
     session_token: Option<String>,
 
-    /// How long signatures for object storage requests are valid (in seconds)
-    ///
-    /// This defaults to 15 seconds
-    #[arg(long)]
-    #[serde(skip_serializing_if = "Option::is_none")]
-    signature_duration: Option<u64>,
-
     /// How long a client can wait on an object storage request before giving up (in seconds)
     ///
     /// This defaults to 30 seconds

src/config/defaults.rs

@@ -201,8 +201,6 @@ pub(super) struct FilesystemDefaults {
 #[derive(Clone, Debug, serde::Serialize)]
 #[serde(rename_all = "snake_case")]
 pub(super) struct ObjectStorageDefaults {
-    pub(super) signature_duration: u64,
-
     pub(super) client_timeout: u64,
 }
 
@@ -390,10 +388,7 @@ impl Default for FilesystemDefaults {
 
 impl Default for ObjectStorageDefaults {
     fn default() -> Self {
-        Self {
+        Self { client_timeout: 30 }
-            signature_duration: 15,
-            client_timeout: 30,
-        }
     }
 }
 

src/config/file.rs

@@ -81,11 +81,6 @@ pub(crate) struct ObjectStorage {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub(crate) session_token: Option<String>,
 
-    /// How long signatures for object storage requests are valid (in seconds)
-    ///
-    /// This defaults to 15 seconds
-    pub(crate) signature_duration: u64,
-
     /// How long a client can wait on an object storage request before giving up (in seconds)
     ///
     /// This defaults to 30 seconds
@@ -107,9 +102,6 @@ impl From<crate::config::primitives::ObjectStorage> for ObjectStorage {
             access_key: value.access_key,
             secret_key: value.secret_key,
             session_token: value.session_token,
-            signature_duration: value
-                .signature_duration
-                .unwrap_or(defaults.signature_duration),
             client_timeout: value.client_timeout.unwrap_or(defaults.client_timeout),
             public_endpoint: value.public_endpoint,
         }

src/config/primitives.rs

@@ -191,13 +191,6 @@ pub(crate) struct ObjectStorage {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub(crate) session_token: Option<String>,
 
-    /// How long signatures for object storage requests are valid (in seconds)
-    ///
-    /// This defaults to 15 seconds
-    #[arg(long)]
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub(crate) signature_duration: Option<u64>,
-
     /// How long a client can wait on an object storage request before giving up (in seconds)
     ///
     /// This defaults to 30 seconds

src/store/object_store.rs

@@ -20,6 +20,9 @@ const CHUNK_SIZE: usize = 8_388_608; // 8 Mebibytes, min is 5 (5_242_880);
 
 #[derive(Debug, thiserror::Error)]
 pub(crate) enum ObjectError {
+    #[error("Failed to set the vhost-style bucket name")]
+    SetHost,
+
     #[error("IO Error")]
     IO(#[from] std::io::Error),
 
@@ -36,7 +39,9 @@ pub(crate) enum ObjectError {
 impl ObjectError {
     pub(super) const fn error_code(&self) -> ErrorCode {
         match self {
-            Self::BuildClient(_) | Self::Request(_) => ErrorCode::OBJECT_REQUEST_ERROR,
+            Self::SetHost | Self::BuildClient(_) | Self::Request(_) => {
+                ErrorCode::OBJECT_REQUEST_ERROR
+            }
             Self::IO(_) => ErrorCode::OBJECT_IO_ERROR,
             Self::Canceled => ErrorCode::PANIC,
         }
@@ -306,7 +311,7 @@ impl ObjectStore {
     #[tracing::instrument(skip(access_key, secret_key, session_token))]
     pub(crate) async fn new(
         crate::config::ObjectStorage {
-            endpoint,
+            mut endpoint,
             bucket_name,
             use_path_style,
             region,
@@ -315,7 +320,6 @@ impl ObjectStore {
             session_token,
             client_timeout,
             public_endpoint,
-            signature_duration: _,
         }: crate::config::ObjectStorage,
     ) -> Result<ObjectStore, StoreError> {
         let https = endpoint.scheme() == "https";
@@ -324,10 +328,23 @@ impl ObjectStore {
             .with_timeout(Duration::from_secs(client_timeout))
             .with_allow_http(!https);
 
+        let use_vhost_style = !use_path_style;
+
+        if use_vhost_style {
+            if let Some(host) = endpoint.host() {
+                if !host.to_string().starts_with(&bucket_name) {
+                    let new_host = format!("{bucket_name}.{host}");
+                    endpoint
+                        .set_host(Some(&new_host))
+                        .map_err(|_| ObjectError::SetHost)?;
+                }
+            }
+        }
+
         let builder = AmazonS3Builder::new()
-            .with_endpoint(endpoint)
+            .with_endpoint(endpoint.as_str().trim_end_matches('/'))
             .with_bucket_name(bucket_name)
-            .with_virtual_hosted_style_request(!use_path_style)
+            .with_virtual_hosted_style_request(use_vhost_style)
             .with_region(region)
             .with_access_key_id(access_key)
             .with_secret_access_key(secret_key)