Merge pull request #1 from pixelfusion/feat/presigned-protected

Performance and behavioural changes to support autoscaling a bit nicer

Author: wilr

_config/assetadmin.yml

@@ -8,3 +8,8 @@ SilverStripe\AssetAdmin\Model\ThumbnailGenerator:
   thumbnail_links:
     protected: url
     public: url
+
+# Asset-admin adds a `vid` parameter to preview URLs by default.
+# This confuses the AWS signature for protected assets, so we disable it.
+SilverStripe\AssetAdmin\Controller\AssetAdmin:
+  bust_cache: false

_config/assets.yml

@@ -6,22 +6,15 @@ After:
   - '#assetsflysystem'
 ---
 SilverStripe\Core\Injector\Injector:
-  League\Flysystem\Adapter\Local:
-    class: League\Flysystem\Adapter\Local
-    constructor:
-      root: '`TEMP_PATH`'
   FullscreenInteractive\SilverStripe\AzureStorage\Adapter\PublicAdapter:
     constructor:
       connectionUrl: '`AZURE_CONNECTION_URL`'
       containerName: '`AZURE_CONTAINER_NAME`'
       assetDomain: '`AZURE_PUBLIC_BLOB_DOMAIN`'
-  League\Flysystem\Cached\Storage\Memory.public:
-    class: League\Flysystem\Cached\Storage\Memory
   League\Flysystem\Cached\Storage\Adapter.public:
-    class: League\Flysystem\Cached\Storage\Adapter
+    class: FullscreenInteractive\SilverStripe\AzureStorage\Adapter\DBCache
     constructor:
-      adapter: '%$League\Flysystem\Adapter\Local'
-      file: 'azuremetadata/public'
+      key: 'azuremetadata/public'
       expire: 259200
   SilverStripe\Assets\Flysystem\PublicAdapter:
     class: FullscreenInteractive\SilverStripe\AzureStorage\Adapter\PublicCachedAdapter
@@ -33,23 +26,12 @@ SilverStripe\Core\Injector\Injector:
       connectionUrl: '`AZURE_CONNECTION_URL`'
       containerName: '`AZURE_PROTECTED_CONTAINER_NAME`'
   League\Flysystem\Cached\Storage\Adapter.protected:
-      class: League\Flysystem\Cached\Storage\Adapter
-      constructor:
-        adapter: '%$League\Flysystem\Adapter\Local'
-        file: 'azuremetadata/protected'
-        expire: 259200
+    class: FullscreenInteractive\SilverStripe\AzureStorage\Adapter\DBCache
+    constructor:
+      key: 'azuremetadata/protected'
+      expire: 259200
   SilverStripe\Assets\Flysystem\ProtectedAdapter:
     class: FullscreenInteractive\SilverStripe\AzureStorage\Adapter\ProtectedCachedAdapter
     constructor:
       adapter: '%$FullscreenInteractive\SilverStripe\AzureStorage\Adapter\ProtectedAdapter'
       cache: '%$League\Flysystem\Cached\Storage\Adapter.protected'
----
-Name: silverstripe-azure-assetscore
-Only:
-  envvarset: AZURE_CONNECTION_URL
-After:
-  - '#assetscore'
----
-SilverStripe\Core\Injector\Injector:
-  SilverStripe\Assets\Storage\AssetStore:
-    class: SilverStripe\Assets\Flysystem\FlysystemAssetStore

_config/tinymce.yml

@@ -15,7 +15,7 @@
         }
     ],
     "require": {
-        "silverstripe/framework": "^4",
+        "silverstripe/framework": "^4.8",
         "silverstripe/vendor-plugin": "^1.0",
         "league/flysystem-azure-blob-storage": "^1.0",
         "league/flysystem-cached-adapter": "^1.0"

composer.json

@@ -0,0 +1,56 @@
+<?php
+
+namespace FullscreenInteractive\SilverStripe\AzureStorage\Adapter;
+
+use FullscreenInteractive\SilverStripe\AzureStorage\Service\BlobService;
+use InvalidArgumentException;
+use League\Flysystem\AzureBlobStorage\AzureBlobStorageAdapter as BaseAdapter;
+use MicrosoftAzure\Storage\Common\Internal\StorageServiceSettings;
+
+abstract class AzureBlobStorageAdapter extends BaseAdapter
+{
+    /**
+     * @var string
+     */
+    protected $assetDomain = null;
+
+    /**
+     * @var StorageServiceSettings
+     */
+    protected $container = null;
+
+    /**
+     * @var StorageServiceSettings|null
+     */
+    protected $settings = null;
+
+    public function __construct($connectionUrl = '', $containerName = '', $assetDomain = '')
+    {
+        if (!$connectionUrl) {
+            throw new InvalidArgumentException("AZURE_CONNECTION_URL environment variable not set");
+        }
+
+        if (!$containerName) {
+            throw new InvalidArgumentException("AZURE_CONTAINER_NAME environment variable not set");
+        }
+
+        // Store settings
+        $this->container = $containerName;
+        $this->settings = StorageServiceSettings::createFromConnectionString($connectionUrl);
+
+        // Generate client
+        $client = BlobService::clientForConnection($connectionUrl);
+
+        // Determine url
+        if ($assetDomain) {
+            $this->assetDomain = $assetDomain;
+        } else {
+            $this->assetDomain = $client
+                ->getPsrPrimaryUri()
+                ->withPath($containerName)
+                ->__toString();
+        }
+
+        parent::__construct($client, $containerName);
+    }
+}

src/Adapter/AzureBlobStorageAdapter.php

@@ -0,0 +1,71 @@
+<?php
+
+namespace FullscreenInteractive\SilverStripe\AzureStorage\Adapter;
+
+use Exception;
+use FullscreenInteractive\SilverStripe\AzureStorage\Model\BlobCache;
+use League\Flysystem\Cached\Storage\AbstractCache;
+
+class DBCache extends AbstractCache
+{
+    /**
+     * Cache key
+     *
+     * @var string|null
+     */
+    protected $key = null;
+
+    /**
+     * @var int|null seconds until cache expiration
+     */
+    protected $expire = null;
+
+    protected $ready = false;
+
+    /**
+     * Constructor.
+     *
+     * @param string $key storage key
+     * @param int|null $expire
+     */
+    public function __construct(string $key = 'flysystem', int $expire = null)
+    {
+        $this->key = $key;
+        $this->expire = $expire;
+        $this->ready = BlobCache::ready();
+    }
+
+    /**
+     * @throws Exception
+     */
+    public function load()
+    {
+        if (!$this->ready) {
+            return;
+        }
+
+        $cache = BlobCache::instance($this->key, $this->expire);
+        $contents = $cache->Contents;
+
+        if ($contents) {
+            $this->setFromStorage($contents);
+        }
+    }
+
+    /**
+     * @throws Exception
+     */
+    public function save()
+    {
+        if (!$this->ready) {
+            return;
+        }
+
+        $contents = $this->getForStorage();
+        $blobCache = BlobCache::instance($this->key, $this->expire);
+        $blobCache->Contents = $contents;
+
+        // Force write to ensure modified date is refreshed
+        $blobCache->write(false, false, true);
+    }
+}

src/Adapter/DBCache.php

@@ -2,9 +2,9 @@
 
 namespace FullscreenInteractive\SilverStripe\AzureStorage\Adapter;
 
-use FullscreenInteractive\SilverStripe\AzureStorage\Service\BlobService;
-use InvalidArgumentException;
-use League\Flysystem\AzureBlobStorage\AzureBlobStorageAdapter;
+use DateTime;
+use MicrosoftAzure\Storage\Blob\BlobSharedAccessSignatureHelper;
+use MicrosoftAzure\Storage\Common\Internal\Resources;
 use SilverStripe\Assets\Flysystem\ProtectedAdapter as SilverstripeProtectedAdapter;
 use SilverStripe\Control\Controller;
 
@@ -15,22 +15,7 @@ class ProtectedAdapter extends AzureBlobStorageAdapter implements SilverstripePr
      *
      * @var int|string
      */
-    protected $expiry = 300;
-
-    public function __construct($connectionUrl = '', $containerName = '')
-    {
-        if (!$connectionUrl) {
-            throw new InvalidArgumentException("AZURE_CONNECTION_URL environment variable not set");
-        }
-
-        if (!$containerName) {
-            throw new InvalidArgumentException("AZURE_PROTECTED_CONTAINER_NAME environment variable not set");
-        }
-
-        $client = BlobService::clientForConnection($connectionUrl);
-
-        parent::__construct($client, $containerName);
-    }
+    protected $expiry = 3600;
 
     /**
      * @return int|string
@@ -47,7 +32,7 @@ public function getExpiry()
      * @param int|string $expiry
      * @return $this
      */
-    public function setExpiry($expiry)
+    public function setExpiry($expiry): self
     {
         $this->expiry = $expiry;
         return $this;
@@ -61,18 +46,50 @@ public function setExpiry($expiry)
     public function getProtectedUrl($path)
     {
         if ($meta = $this->getMetadata($path)) {
-            return Controller::join_links(ASSETS_DIR, $meta['path']);
+            $token = '?' . $this->presignToken($meta['path']);
+            return Controller::join_links($this->assetDomain, $meta['path'], $token);
         }
 
         return '';
     }
 
-    public function getVisibility($path)
+    public function getVisibility($path): array
     {
         // Save an API call
         return [
-            'path' => $path,
+            'path'       => $path,
             'visibility' => self::VISIBILITY_PRIVATE
         ];
     }
+
+    /**
+     * Build a presigned token with an expiry
+     *
+     * @param string $path
+     * @return string
+     */
+    protected function presignToken(string $path): string
+    {
+        $sasHelper = new BlobSharedAccessSignatureHelper(
+            $this->settings->getName(),
+            $this->settings->getKey()
+        );
+
+        // Get expiry string
+        $expiry = $this->getExpiry();
+        if (is_int($expiry)) {
+            $expiry = "+{$expiry} seconds";
+        }
+        $validFrom = new DateTime();
+        $expiry = (new DateTime())->modify($expiry);
+
+        // Build token
+        return $sasHelper->generateBlobServiceSharedAccessSignatureToken(
+            Resources::RESOURCE_TYPE_BLOB,
+            $this->container . '/' . $path,
+            'r',
+            $expiry,
+            $validFrom
+        );
+    }
 }

src/Adapter/ProtectedAdapter.php

@@ -2,54 +2,22 @@
 
 namespace FullscreenInteractive\SilverStripe\AzureStorage\Adapter;
 
-use FullscreenInteractive\SilverStripe\AzureStorage\Service\BlobService;
-use InvalidArgumentException;
-use League\Flysystem\AzureBlobStorage\AzureBlobStorageAdapter;
 use SilverStripe\Assets\Flysystem\PublicAdapter as SilverstripePublicAdapter;
 use SilverStripe\Control\Controller;
 
 class PublicAdapter extends AzureBlobStorageAdapter implements SilverstripePublicAdapter
 {
-    private $assetDomain;
-
-    public function __construct($connectionUrl = '', $containerName = '', $assetDomain = '')
-    {
-        if (!$connectionUrl) {
-            throw new InvalidArgumentException("AZURE_CONNECTION_URL environment variable not set");
-        }
-
-        if (!$containerName) {
-            throw new InvalidArgumentException("AZURE_CONTAINER_NAME environment variable not set");
-        }
-
-        $client = BlobService::clientForConnection($connectionUrl);
-
-        if ($assetDomain && !empty($assetDomain)) {
-            $this->assetDomain = $assetDomain;
-        } else {
-            $this->assetDomain = (string) BlobService::getClient()
-                ->getPsrPrimaryUri()
-                ->withPath($containerName);
-        }
-
-        parent::__construct($client, $containerName);
-    }
-
     /**
      * @param string $path
      *
      * @return string
      */
-    public function getPublicUrl($path)
+    public function getPublicUrl($path): string
     {
-        $parts = explode('/', $path);
-
-        if (isset($parts[0]) && $parts[0] === ASSETS_DIR) {
-            array_shift($parts);
+        if ($meta = $this->getMetadata($path)) {
+            return Controller::join_links($this->assetDomain, $meta['path']);
         }
 
-        $path = implode('/', $parts);
-
-        return Controller::join_links($this->assetDomain, $path);
+        return '';
     }
 }