From dd99394cb92ddde790283f1b986936d7ddf2bb04 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 21 Aug 2020 09:40:45 -0400 Subject: [PATCH] ref_download: add access check, stream from S3 --- gitsrht/blueprints/artifacts.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/gitsrht/blueprints/artifacts.py b/gitsrht/blueprints/artifacts.py index cece6af..af2fc0e 100644 --- a/gitsrht/blueprints/artifacts.py +++ b/gitsrht/blueprints/artifacts.py @@ -2,7 +2,7 @@ import hashlib import os import pygit2 from flask import Blueprint, redirect, render_template, request, redirect -from flask import abort, url_for +from flask import abort, url_for, send_file from gitsrht.git import Repository as GitRepository from gitsrht.repos import delete_artifact, upload_artifact from gitsrht.types import Artifact @@ -59,7 +59,7 @@ def ref_upload(owner, repo, ref): @artifacts.route("///refs//") def ref_download(owner, repo, ref, filename): - owner, repo = get_repo_or_redir(owner, repo) + owner, repo = check_access(owner, repo, UserAccess.read) with GitRepository(repo.path) as git_repo: try: tag = git_repo.revparse_single(ref) @@ -80,8 +80,10 @@ def ref_download(owner, repo, ref, filename): abort(404) prefix = os.path.join(s3_prefix, "artifacts", repo.owner.canonical_name, repo.name) - url = f"https://{s3_upstream}/{s3_bucket}/{prefix}/{filename}" - return redirect(url) + minio = Minio(s3_upstream, access_key=s3_access_key, + secret_key=s3_secret_key, secure=True) + f = minio.get_object(s3_bucket, os.path.join(prefix, filename)) + return send_file(f, as_attachment=True, attachment_filename=filename) @artifacts.route("///refs//", methods=["POST"]) @loginrequired -- 2.38.4