adding serverside encryption

thumbor · Jun 24, 2024 · bf27d8f · bf27d8f
1 parent 3291c1b
commit bf27d8f
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 3 deletions.
diff --git a/thumbor_aws/result_storage.py b/thumbor_aws/result_storage.py
@@ -69,6 +69,13 @@
     "AWS Result Storage",
 )
 
+Config.define(
+    "AWS_RESULT_STORAGE_S3_SSE",
+    False,
+    "Use server side encryption for result storage.",
+    "AWS Result Storage",
+)
+
 
 class Storage(BaseStorage, S3Client):
     def __init__(self, context):
@@ -143,6 +150,7 @@ async def put(self, image_bytes: bytes) -> str:
             image_bytes,
             content_type,
             self.context.config.AWS_DEFAULT_LOCATION,
+            self.context.config.AWS_RESULT_STORAGE_S3_SSE,
         )
         logger.info(
             "[RESULT_STORAGE] Image uploaded successfully to %s", file_abspath

diff --git a/thumbor_aws/s3_client.py b/thumbor_aws/s3_client.py
@@ -104,21 +104,23 @@ async def upload(
         data: bytes,
         content_type,
         default_location,
+        encryption 
     ) -> str:
         """Uploads a File to S3"""
-
         async with self.get_client() as client:
             response = None
             try:
                 settings = {
                     "Bucket": self.bucket_name,
                     "Key": path,
                     "Body": data,
-                    "ContentType": content_type,
+                    "ContentType": content_type
                 }
                 if self.file_acl is not None:
                     settings["ACL"] = self.file_acl
-
+                if encryption:
+                  settings["ServerSideEncryption"] = "AES256"
+
                 response = await client.put_object(**settings)
             except Exception as error:
                 msg = f"Unable to upload image to {path}: {error} ({type(error)})"

diff --git a/thumbor_aws/storage.py b/thumbor_aws/storage.py
@@ -68,6 +68,14 @@
     "AWS Storage",
 )
 
+Config.define(
+    "AWS_STORAGE_S3_SSE",
+    False,
+    "Use server side encryption for storage.",
+    "AWS Storage",
+)
+
+
 
 class Storage(storages.BaseStorage, S3Client):
     def __init__(self, context):
@@ -100,6 +108,7 @@ async def put(self, path: str, file_bytes: bytes) -> str:
             file_bytes,
             content_type,
             self.context.config.AWS_DEFAULT_LOCATION,
+            self.context.config.AWS_STORAGE_S3_SSE,
         )
         return path
 
@@ -121,6 +130,7 @@ async def put_crypto(self, path: str) -> str:
             key,
             "application/text",
             self.context.config.AWS_DEFAULT_LOCATION,
+            self.context.config.AWS_STORAGE_S3_SSE,
         )
 
         logger.debug("Stored crypto at %s", crypto_path)
@@ -136,6 +146,7 @@ async def put_detector_data(self, path: str, data: Any) -> str:
             details,
             "application/json",
             self.context.config.AWS_DEFAULT_LOCATION,
+            self.context.config.AWS_STORAGE_S3_SSE,
         )
 
     async def get(self, path: str) -> bytes: