2020-05-24 12:31:00 +08:00
# photos
A photo bucket management suite.
2020-05-31 18:24:35 +08:00
There are two modes of operation:
- Domain
- Buckets are exactly equal to their domain names
- `unset MINIO_DOMAIN`
- Subdomain
- Buckets are named after subdomains
- `export MINIO_DOMAIN=your.domain`
2020-05-26 12:45:55 +08:00
## `admin`
Create new buckets. Standalone tool.
2020-05-24 12:31:00 +08:00
## `control`
Implement access controls by signing or proxying requests.
2020-05-26 12:45:55 +08:00
### Operations
#### `GET /list?bucket=BUCKET&auth=TOKEN`
1. Consult the bucket for metadata.json
2020-05-31 02:22:25 +08:00
2. Get list access method for the bucket
2020-05-26 12:45:55 +08:00
3. Validate the token against the access method
4. Return ListObjectsV2 for prefix `photo/`
- Can also 307 redirect to the bucket read URL, if is public readable
#### `GET /read?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME`
1. Consult the bucket for metadata.json
2. Get read access method for the bucket
3. Validate the token against the access method
4. Validate that OBJECTNAME starts with `photo/`
5. If necessary, presign an object URL for 4 days
- Cache presigned URLs for 2 days in memory/Redis
6. 307 redirect to presigned URL
#### `PUT /write?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME`
1. Consult the bucket for metadata.json
2. Get write access method for the bucket
3. Validate the token against the access method
4. Validate that OBJECTNAME starts with `photo/`
2020-05-26 13:36:04 +08:00
5. If necessary, presign an object URL for 30 minutes
2020-05-26 12:45:55 +08:00
6. 307 redirect to presigned URL
### Authentication
#### Token
The read/write token is checked against a simple string defined in the bucket.
#### OpenID Connect
Recommended IDP: [dex ](https://github.com/dexidp/dex )
The read/write operation is gated by a signed key corresponding to allowed
users defined in the bucket.
2020-05-24 12:31:00 +08:00
## `web`
2020-05-26 12:45:55 +08:00
Generates the web interface for a photo bucket. Also updates the shared asset bucket on start.
### Operations
#### `POST /webhook`
#### `POST /update?bucket=BUCKET`
Regenerate and upload `index.html` and `manage/index.html` to bucket.
2020-05-31 18:24:35 +08:00
## `preview`
2020-05-26 12:45:55 +08:00
2020-05-31 18:24:35 +08:00
Generate previews from photo buckets. Registers webhooks.
2020-05-24 12:31:00 +08:00
2020-05-26 12:45:55 +08:00
### Operations
2020-05-24 12:31:00 +08:00
2020-05-26 12:45:55 +08:00
#### `POST /webhook`
2020-05-31 02:22:25 +08:00
#### `POST /update?bucket=BUCKET&photo=OBJECT`
2020-05-26 12:45:55 +08:00
2020-05-31 18:24:35 +08:00
1. Perform preview generation using libvips (maybe limit?)
2020-05-26 12:45:55 +08:00
2. Block until done
2020-05-31 18:24:35 +08:00
## `proxy`
Reverse proxies buckets to the minio endpoint, as a substitute for the AWS S3 website hosting features. Serves up `index.html` when URLs end in a slash.
2020-06-13 14:49:35 +08:00
In production, [replace this with Nginx ](https://docs.min.io/docs/setup-nginx-proxy-with-minio ).
2020-05-26 12:45:55 +08:00
<!-- vim: set conceallevel=2 et ts=2 sw=2: -->
