Skip to content

Commit

Permalink
feat(storage): add allow list check on S3 creation
Browse files Browse the repository at this point in the history
  • Loading branch information
sihamais committed Mar 28, 2024
1 parent 52c49f6 commit d599d4e
Showing 1 changed file with 24 additions and 7 deletions.
31 changes: 24 additions & 7 deletions storage/s3.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,29 +62,43 @@ type S3 struct {
partSize int64
}

type s3Opt func(s3 *S3)
type s3Opt func(s3 *S3) error

// WithRetryPolicy is an option to constructor NewS3 to add a Retry Policy
// impacting GET operations
func WithRetryPolicy(policy RetryPolicy) s3Opt {
return s3Opt(func(s3 *S3) {
return s3Opt(func(s3 *S3) error {
s3.retryPolicy = policy
return nil
})
}

func WithPartSize(size int64) s3Opt {
return s3Opt(func(s3 *S3) {
return s3Opt(func(s3 *S3) error {
s3.partSize = size
return nil
})
}

func WithUploadConcurrency(concurrency int) s3Opt {
return s3Opt(func(s3 *S3) {
return s3Opt(func(s3 *S3) error {
s3.uploadConcurrency = concurrency
return nil
})
}

func WithAllowList(l []string) s3Opt {
return s3Opt(func(s3 *S3) error {
for _, url := range l {
if strings.HasPrefix(s3.cfg.Endpoint, url) {
return nil
}
}
return errors.New("endpoint is not in allow list")
})
}

func NewS3(cfg S3Config, opts ...s3Opt) *S3 {
func NewS3(cfg S3Config, opts ...s3Opt) (*S3, error) {
s3config := s3Config(cfg)
s3client := s3.NewFromConfig(s3config)
s3 := &S3{
Expand All @@ -99,7 +113,10 @@ func NewS3(cfg S3Config, opts ...s3Opt) *S3 {
},
}
for _, opt := range opts {
opt(s3)
err := opt(s3)
if err != nil {
return nil, err
}
}

partSize := DefaultPartSize
Expand All @@ -114,7 +131,7 @@ func NewS3(cfg S3Config, opts ...s3Opt) *S3 {
u.PartSize = partSize
u.Concurrency = concurrency
})
return s3
return s3, nil
}

func (s *S3) Get(ctx context.Context, path string) (io.ReadCloser, error) {
Expand Down

0 comments on commit d599d4e

Please sign in to comment.