comparison mod_storage_s3/mod_storage_s3.lua @ 5669:30f91daa40b4

mod_storage_s3: Beginnings of an experimental S3 storage driver Tested against MinIO
author Kim Alvefur <zash@zash.se>
date Sat, 14 Oct 2023 17:31:06 +0200
parents
children 2c9d72ef829e
comparison
equal deleted inserted replaced
5668:ecfd7aece33b 5669:30f91daa40b4
1 local http = require "prosody.net.http";
2 local array = require "prosody.util.array";
3 local async = require "prosody.util.async";
4 local hashes = require "prosody.util.hashes";
5 local httputil = require "prosody.util.http";
6 local it = require "prosody.util.iterators";
7 local jid = require "prosody.util.jid";
8 local json = require "prosody.util.json";
9 local st = require "prosody.util.stanza";
10 local xml = require "prosody.util.xml";
11 local url = require "socket.url";
12
13 local hmac_sha256 = hashes.hmac_sha256;
14 local sha256 = hashes.sha256;
15
16 local driver = {};
17
18 local bucket = module:get_option_string("s3_bucket", "prosody");
19 local base_uri = module:get_option_string("s3_base_uri", "http://localhost:9000");
20 local region = module:get_option_string("s3_region", "us-east-1");
21
22 local access_key = module:get_option_string("s3_access_key");
23 local secret_key = module:get_option_string("s3_secret_key");
24
25 function driver:open(store, typ)
26 local mt = self[typ or "keyval"]
27 if not mt then
28 return nil, "unsupported-store";
29 end
30 return setmetatable({ store = store; bucket = bucket; type = typ }, mt);
31 end
32
33 local keyval = { };
34 driver.keyval = { __index = keyval; __name = module.name .. " keyval store" };
35
36 local aws4_format = "AWS4-HMAC-SHA256 Credential=%s/%s, SignedHeaders=%s, Signature=%s";
37
38 local function new_request(method, path, payload)
39 local request = url.parse(base_uri);
40 request.path = path;
41
42 local payload_type = nil;
43 if st.is_stanza(payload) then
44 payload_type = "application/xml";
45 payload = tostring(payload);
46 elseif payload ~= nil then
47 payload_type = "application/json";
48 payload = json.encode(payload);
49 end
50
51 local payload_hash = sha256(payload or "", true);
52
53 local now = os.time();
54 local aws_datetime = os.date("!%Y%m%dT%H%M%SZ", now);
55 local aws_date = os.date("!%Y%m%d", now);
56
57 local headers = {
58 ["Accept"] = "*/*";
59 ["Authorization"] = nil;
60 ["Content-Type"] = payload_type;
61 ["Host"] = request.authority;
62 ["User-Agent"] = "Prosody XMPP Server";
63 ["X-Amz-Content-Sha256"] = payload_hash;
64 ["X-Amz-Date"] = aws_datetime;
65 };
66
67 local canonical_uri = url.build({ path = request.path });
68 local canonical_query = "";
69 local canonical_headers = array();
70 local signed_headers = array()
71
72 for header_name, header_value in it.sorted_pairs(headers) do
73 header_name = header_name:lower();
74 canonical_headers:push(header_name .. ":" .. header_value .. "\n");
75 signed_headers:push(header_name);
76 end
77
78 canonical_headers = canonical_headers:concat();
79 signed_headers = signed_headers:concat(";");
80
81 local scope = aws_date .. "/" .. region .. "/s3/aws4_request";
82
83 local canonical_request = method .. "\n"
84 .. canonical_uri .. "\n"
85 .. canonical_query .. "\n"
86 .. canonical_headers .. "\n"
87 .. signed_headers .. "\n"
88 .. payload_hash;
89
90 local signature_payload = "AWS4-HMAC-SHA256" .. "\n" .. aws_datetime .. "\n" .. scope .. "\n" .. sha256(canonical_request, true);
91
92 -- This can be cached?
93 local date_key = hmac_sha256("AWS4" .. secret_key, aws_date);
94 local date_region_key = hmac_sha256(date_key, region);
95 local date_region_service_key = hmac_sha256(date_region_key, "s3");
96 local signing_key = hmac_sha256(date_region_service_key, "aws4_request");
97
98 local signature = hmac_sha256(signing_key, signature_payload, true);
99
100 headers["Authorization"] = string.format(aws4_format, access_key, scope, signed_headers, signature);
101
102 return http.request(url.build(request), { method = method; headers = headers; body = payload });
103 end
104
105 -- coerce result back into Prosody data type
106 local function on_result(response)
107 local content_type = response.headers["content-type"];
108 if content_type == "application/json" then
109 return json.decode(response.body);
110 elseif content_type == "application/xml" then
111 return xml.parse(response.body);
112 elseif content_type == "application/x-www-form-urlencoded" then
113 return httputil.formdecode(response.body);
114 else
115 response.log("warn", "Unknown response data type %s", content_type);
116 return response.body;
117 end
118 end
119
120 function keyval:_path(key)
121 return url.build_path({
122 is_absolute = true;
123 bucket;
124 jid.escape(module.host);
125 jid.escape(self.store);
126 jid.escape(key or "");
127 })
128 end
129
130 function keyval:get(user)
131 return async.wait_for(new_request("GET", self:_path(user)):next(on_result));
132 end
133
134 function keyval:set(user, data)
135 return async.wait_for(new_request("PUT", self:_path(user), data));
136 end
137
138 function keyval:users()
139 return nil, "not-implemented";
140 end
141
142 module:provides("storage", driver);