storage/minio: Add options to disable signature and multipart for Minio Client

modules/setting/storage.go

@@ -41,7 +41,10 @@ func getStorage(rootCfg ConfigProvider, name, typ string, targetSec *ini.Section
 	sec.Key("MINIO_BUCKET").MustString("gitea")
 	sec.Key("MINIO_LOCATION").MustString("us-east-1")
 	sec.Key("MINIO_USE_SSL").MustBool(false)
-	sec.Key("MINIO_INSECURE_SKIP_VERIFY").MustBool(false)
+
+	sec.Key("MINIO_DISABLE_SIGNATURE").MustBool(false)
+	sec.Key("MINIO_DISABLE_MULTIPART").MustBool(false)
+  sec.Key("MINIO_INSECURE_SKIP_VERIFY").MustBool(false)
 
 	if targetSec == nil {
 		targetSec, _ = rootCfg.NewSection(name)

modules/storage/minio.go

@@ -4,6 +4,7 @@
 package storage
 
 import (
+	"bytes"
 	"context"
 	"crypto/tls"
 	"io"
@@ -45,14 +46,17 @@ const MinioStorageType Type = "minio"
 
 // MinioStorageConfig represents the configuration for a minio storage
 type MinioStorageConfig struct {
+
 	Endpoint           string `ini:"MINIO_ENDPOINT"`
 	AccessKeyID        string `ini:"MINIO_ACCESS_KEY_ID"`
 	SecretAccessKey    string `ini:"MINIO_SECRET_ACCESS_KEY"`
 	Bucket             string `ini:"MINIO_BUCKET"`
 	Location           string `ini:"MINIO_LOCATION"`
 	BasePath           string `ini:"MINIO_BASE_PATH"`
 	UseSSL             bool   `ini:"MINIO_USE_SSL"`
-	InsecureSkipVerify bool   `ini:"MINIO_INSECURE_SKIP_VERIFY"`
+  InsecureSkipVerify bool   `ini:"MINIO_INSECURE_SKIP_VERIFY"`
+	DisableSignature   bool   `ini:"MINIO_DISABLE_SIGNATURE"`
+	DisableMultipart   bool   `ini:"MINIO_DISABLE_MULTIPART"`
 }
 
 // MinioStorage returns a minio bucket storage
@@ -61,6 +65,7 @@ type MinioStorage struct {
 	client   *minio.Client
 	bucket   string
 	basePath string
+	config   *MinioStorageConfig
 }
 
 func convertMinioErr(err error) error {
@@ -117,6 +122,7 @@ func NewMinioStorage(ctx context.Context, cfg interface{}) (ObjectStorage, error
 		client:   minioClient,
 		bucket:   config.Bucket,
 		basePath: config.BasePath,
+		config:   &config,
 	}, nil
 }
 
@@ -136,13 +142,35 @@ func (m *MinioStorage) Open(path string) (Object, error) {
 
 // Save save a file to minio
 func (m *MinioStorage) Save(path string, r io.Reader, size int64) (int64, error) {
+	disableSignature, disableMultipart := false, false
+	if m.config != nil {
+		disableSignature, disableMultipart = m.config.DisableSignature, m.config.DisableMultipart
+	}
+
+	if disableMultipart && size < 0 {
+		// Attempts to read everything from the source into memory. This can take a big toll on memory, and it can become a potential DoS source
+		// but since we have disabled multipart upload this mean we can't really stream write anymore...
+		// well, unless we have a better way to estimate the stream size, this would be a workaround
+
+		buf := &bytes.Buffer{}
+		n, err := io.Copy(buf, r)
+		if err != nil {
+			// I guess this would likely be EOF or OOM...?
+			return -1, err
+		}
+
+		// Since we read all the data from the source, it might not be usable again,
+		// so we should swap the reader location to our memory buffer
+		r, size = buf, n
+	}
+
 	uploadInfo, err := m.client.PutObject(
 		m.ctx,
 		m.bucket,
 		m.buildMinioPath(path),
 		r,
 		size,
-		minio.PutObjectOptions{ContentType: "application/octet-stream"},
+		minio.PutObjectOptions{ContentType: "application/octet-stream", DisableContentSha256: disableSignature, DisableMultipart: disableMultipart},
 	)
 	if err != nil {
 		return 0, convertMinioErr(err)