support direct url for azure blob

yp05327 · yp05327 · commit 5ade5261d672 · 2023-11-17T07:11:32.000Z
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
@@ -1832,7 +1832,7 @@ LEVEL = Info
 ;STORAGE_TYPE = local
 ;;
 ;; Allows the storage driver to redirect to authenticated URLs to serve files directly
-;; Currently, only `minio` is supported.
+;; Currently, only `minio` and `azureblob` is supported.
 ;SERVE_DIRECT = false
 ;;
 ;; Path for attachments. Defaults to `attachments`. Only available when STORAGE_TYPE is `local`
@@ -1865,10 +1865,21 @@ LEVEL = Info
 ;;
 ;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
 ;MINIO_CHECKSUM_ALGORITHM = default
+;;
+;; Azure Blob endpoint to connect only available when STORAGE_TYPE is `azureblob`
+;AZURE_BLOB_ENDPOINT =
+;;
+;; Azure Blob account name to connect only available when STORAGE_TYPE is `azureblob`
+;AZURE_BLOB_ACCOUNT_NAME =
+;;
+;; Azure Blob account key to connect only available when STORAGE_TYPE is `azureblob`
+;AZURE_BLOB_ACCOUNT_KEY =
+;;
+;; Azure Blob container to store the attachments only available when STORAGE_TYPE is `azureblob`
+;AZURE_BLOB_CONTAINER = gitea
+;;
 ;; override the azure blob base path if storage type is azureblob
 ;AZURE_BLOB_BASE_PATH = attachments/
-;; override the azure blob base path if storage type is azureblob
-;AZURE_BLOB_CONTAINER = attachments/
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2433,6 +2444,9 @@ LEVEL = Info
 ;MINIO_BASE_PATH = packages/
 ;; override the azure blob base path if storage type is azureblob
 ;AZURE_BLOB_BASE_PATH = packages/
+;; Allows the storage driver to redirect to authenticated URLs to serve files directly
+;; Currently, only `minio` and `azureblob` is supported.
+;SERVE_DIRECT = false
 ;;
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
@@ -2529,8 +2543,13 @@ LEVEL = Info
 ;; Where your lfs files reside, default is data/lfs.
 ;PATH = data/lfs
 ;;
+;; Allows the storage driver to redirect to authenticated URLs to serve files directly
+;; Currently, only `minio` and `azureblob` is supported.
+;SERVE_DIRECT = false
+;;
 ;; override the minio base path if storage type is minio
 ;MINIO_BASE_PATH = lfs/
+;;
 ;; override the azure blob base path if storage type is azureblob
 ;AZURE_BLOB_BASE_PATH = lfs/
 
@@ -2547,7 +2566,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; customize storage
-;[storage.my_minio]
+;[storage.minio]
 ;STORAGE_TYPE = minio
 ;;
 ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
@@ -2572,19 +2591,19 @@ LEVEL = Info
 ;MINIO_INSECURE_SKIP_VERIFY = false
 
 ;[storage.azureblob]
-;STORAGE_TYPE=azureblob
+;STORAGE_TYPE = azureblob
 ;;
 ;; Azure Blob endpoint to connect only available when STORAGE_TYPE is `azureblob`
-;AZUREBLOB_ENDPOINT = https://<account_name>.blob.core.windows.net/
+;AZURE_BLOB_ENDPOINT =
 ;;
 ;; Azure Blob account name to connect only available when STORAGE_TYPE is `azureblob`
-;AZUREBLOB_ACCOUNT_NAME =
+;AZURE_BLOB_ACCOUNT_NAME =
 ;;
 ;; Azure Blob account key to connect only available when STORAGE_TYPE is `azureblob`
-;AZUREBLOB_ACCOUNT_KEY =
+;AZURE_BLOB_ACCOUNT_KEY =
 ;;
 ;; Azure Blob container to store the attachments only available when STORAGE_TYPE is `azureblob`
-;AZUREBLOB_CONTAINER =
+;AZURE_BLOB_CONTAINER = gitea
 
 ;[proxy]
 ;; Enable the proxy, all requests to external via HTTP will be affected
diff --git a/modules/setting/storage.go b/modules/setting/storage.go
@@ -54,11 +54,12 @@ type MinioStorageConfig struct {
 
 // MinioStorageConfig represents the configuration for a minio storage
 type AzureBlobStorageConfig struct {
-	Endpoint    string `ini:"AZUREBLOB_ENDPOINT" json:",omitempty"`
-	AccountName string `ini:"AZUREBLOB_ACCOUNT_NAME" json:",omitempty"`
-	AccountKey  string `ini:"AZUREBLOB_ACCOUNT_KEY" json:",omitempty"`
-	Container   string `ini:"AZUREBLOB_CONTAINER" json:",omitempty"`
-	BasePath    string `ini:"AZUREBLOB_BASE_PATH" json:",omitempty"`
+	Endpoint    string `ini:"AZURE_BLOB_ENDPOINT" json:",omitempty"`
+	AccountName string `ini:"AZURE_BLOB_ACCOUNT_NAME" json:",omitempty"`
+	AccountKey  string `ini:"AZURE_BLOB_ACCOUNT_KEY" json:",omitempty"`
+	Container   string `ini:"AZURE_BLOB_CONTAINER" json:",omitempty"`
+	BasePath    string `ini:"AZURE_BLOB_BASE_PATH" json:",omitempty"`
+	ServeDirect bool   `ini:"SERVE_DIRECT"`
 }
 
 // Storage represents configuration of storages
@@ -95,6 +96,10 @@ func getDefaultStorageSection(rootCfg ConfigProvider) ConfigSection {
 	storageSec.Key("MINIO_USE_SSL").MustBool(false)
 	storageSec.Key("MINIO_INSECURE_SKIP_VERIFY").MustBool(false)
 	storageSec.Key("MINIO_CHECKSUM_ALGORITHM").MustString("default")
+	storageSec.Key("AZURE_BLOB_ENDPOINT").MustString("")
+	storageSec.Key("AZURE_BLOB_ACCOUNT_NAME").MustString("")
+	storageSec.Key("AZURE_BLOB_ACCOUNT_KEY").MustString("")
+	storageSec.Key("AZURE_BLOB_CONTAINER").MustString("gitea")
 	return storageSec
 }
 
@@ -307,8 +312,9 @@ func getStorageForAzureBlob(targetSec, overrideSec ConfigSection, tp targetSecTy
 	}
 
 	if overrideSec != nil {
-		storage.AzureBlobConfig.BasePath = ConfigSectionKeyString(overrideSec, "AZUREBLOB_BASE_PATH", storage.AzureBlobConfig.BasePath)
-		storage.AzureBlobConfig.Container = ConfigSectionKeyString(overrideSec, "AZUREBLOB_CONTAINER", storage.AzureBlobConfig.Container)
+		storage.AzureBlobConfig.ServeDirect = ConfigSectionKeyBool(overrideSec, "SERVE_DIRECT", storage.MinioConfig.ServeDirect)
+		storage.AzureBlobConfig.BasePath = ConfigSectionKeyString(overrideSec, "AZURE_BLOB_BASE_PATH", storage.AzureBlobConfig.BasePath)
+		storage.AzureBlobConfig.Container = ConfigSectionKeyString(overrideSec, "AZURE_BLOB_CONTAINER", storage.AzureBlobConfig.Container)
 	} else {
 		storage.AzureBlobConfig.BasePath = defaultPath
 	}
diff --git a/modules/storage/azureblob.go b/modules/storage/azureblob.go
@@ -25,6 +25,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/bloberror"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blockblob"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/sas"
 )
 
 var _ ObjectStorage = &AzureBlobStorage{}
@@ -255,8 +256,15 @@ func (a *AzureBlobStorage) Delete(path string) error {
 
 // URL gets the redirect URL to a file. The presigned link is valid for 5 minutes.
 func (a *AzureBlobStorage) URL(path, name string) (*url.URL, error) {
-	// TODO: Support download blobs directly from azure
-	return nil, ErrURLNotSupported
+	blobClient := a.client.ServiceClient().NewContainerClient(a.container).NewBlobClient(a.buildAzureBlobPath(path))
+	perm := sas.BlobPermissions{
+		Read: true,
+	}
+	u, err := blobClient.GetSASURL(perm, time.Now().Add(5*time.Minute), &blob.GetSASURLOptions{})
+	if err != nil {
+		return nil, err
+	}
+	return url.Parse(u)
 }
 
 // IterateObjects iterates across the objects in the azureblobstorage
diff --git a/routers/web/repo/download.go b/routers/web/repo/download.go
@@ -53,8 +53,9 @@ func ServeBlobOrLFS(ctx *context.Context, blob *git.Blob, lastModified *time.Tim
 			return nil
 		}
 
-		if setting.LFS.Storage.MinioConfig.ServeDirect {
-			// If we have a signed url (S3, object storage), redirect to this directly.
+		if (setting.LFS.Storage.MinioConfig.ServeDirect && setting.LFS.Storage.Type == setting.MinioStorageType) ||
+			(setting.LFS.Storage.AzureBlobConfig.ServeDirect && setting.LFS.Storage.Type == setting.AzureBlobStorageType) {
+			// If we have a signed url (S3, object storage, blob storage), redirect to this directly.
 			u, err := storage.LFS.URL(pointer.RelativePath(), blob.Name())
 			if u != nil && err == nil {
 				ctx.Redirect(u.String())
