2.4 KiB
photos
A photo bucket management suite.
There are two modes of operation:
- Domain
- Buckets are exactly equal to their domain names
unset MINIO_DOMAIN
- Subdomain
- Buckets are named after subdomains
export MINIO_DOMAIN=your.domain
admin
Create new buckets. Standalone tool.
control
Implement access controls by signing or proxying requests.
Operations
GET /list?bucket=BUCKET&auth=TOKEN
- Consult the bucket for metadata.json
- Get list access method for the bucket
- Validate the token against the access method
- Return ListObjectsV2 for prefix
photo/
- Can also 307 redirect to the bucket read URL, if is public readable
GET /read?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME
- Consult the bucket for metadata.json
- Get read access method for the bucket
- Validate the token against the access method
- Validate that OBJECTNAME starts with
photo/
- If necessary, presign an object URL for 4 days
- Cache presigned URLs for 2 days in memory/Redis
- 307 redirect to presigned URL
PUT /write?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME
- Consult the bucket for metadata.json
- Get write access method for the bucket
- Validate the token against the access method
- Validate that OBJECTNAME starts with
photo/
- If necessary, presign an object URL for 30 minutes
- 307 redirect to presigned URL
Authentication
Token
The read/write token is checked against a simple string defined in the bucket.
OpenID Connect
Recommended IDP: dex
The read/write operation is gated by a signed key corresponding to allowed users defined in the bucket.
web
Generates the web interface for a photo bucket. Also updates the shared asset bucket on start.
Operations
POST /webhook
POST /update?bucket=BUCKET
Regenerate and upload index.html
and manage/index.html
to bucket.
preview
Generate previews from photo buckets. Registers webhooks.
Operations
POST /webhook
POST /update?bucket=BUCKET&photo=OBJECT
- Perform preview generation using libvips (maybe limit?)
- Block until done
proxy
Reverse proxies buckets to the minio endpoint, as a substitute for the AWS S3 website hosting features. Serves up index.html
when URLs end in a slash.
In production, replace this with Nginx.