open-im-server icon indicating copy to clipboard operation
open-im-server copied to clipboard
verified publisher icon openimsdk

[BUG] OSS setting PUBLICREAD will cause inaccessibility

Open cipchk opened this issue 1 year ago • 2 comments

OpenIM Server Version

3.8.1

Operating System and CPU Architecture

Linux (AMD)

Deployment Method

Docker Deployment

Bug Description and Steps to Reproduce

事实上在 openimsdk/open-im-server#2317 已经有人报告过,但是被自动关闭了。

OPENIM_RPC_THIRD_OBJECT_ENABLE=oss
OPENIM_RPC_THIRD_OBJECT_OSS_ENDPOINT=https://xxxx.aliyuncs.com
OPENIM_RPC_THIRD_OBJECT_OSS_BUCKET=xxx-im
OPENIM_RPC_THIRD_OBJECT_OSS_BUCKETURL=https://xxxx.xxxx.xxxx
OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYID=xxxxx
OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYSECRET=xxxxx
OPENIM_RPC_THIRD_OBJECT_OSS_PUBLICREAD=true # 是否公开读取

Docker compose:

      - IMENV_OPENIM_RPC_THIRD_OBJECT_ENABLE=${OPENIM_RPC_THIRD_OBJECT_ENABLE}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_ENDPOINT=${OPENIM_RPC_THIRD_OBJECT_OSS_ENDPOINT}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_BUCKET=${OPENIM_RPC_THIRD_OBJECT_OSS_BUCKET}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_BUCKETURL=${OPENIM_RPC_THIRD_OBJECT_OSS_BUCKETURL}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYID=${OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYID}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYSECRET=${OPENIM_RPC_THIRD_OBJECT_OSS_ACCESSKEYSECRET}
      - IMENV_OPENIM_RPC_THIRD_OBJECT_OSS_PUBLICREAD=${OPENIM_RPC_THIRD_OBJECT_OSS_PUBLICREAD}

图片的请求地址为:

https://im_api(port: 10002)/api/object/3/msg_picture_cc83598702168c07b2533b125b340f6d.jpg

会被 302 跳转到

请求网址:
https://xxx-im.oss-xxxx.aliyuncs.com/openim%2Fdata%2Fhash%2F14b34f8be36f792d0dc61c876df69129
请求方法:
GET
状态代码:
403 Forbidden

另外一个细节就是BUCKETURL

当我设置提自己的域名时(OSS已经绑定正确了),但是消息里面依然还是使用 OSS 域的址,就像 https://xxx-im.oss-xxxx.aliyuncs.com/openim%2Fdata%2Fhash%2F14b34f8be36f792d0dc61c876df69129 ,依然使用的是 aliyuncs.cm,而不是我所配置的域名。

当然这一点我不确认是不是因为 publicRead 错误产生的并发症。

Screenshots Link

No response

cipchk avatar Oct 16 '24 07:10 cipchk

这个问题有人看下吗?

WindRain20140210 avatar Oct 18 '24 02:10 WindRain20140210

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Does anyone have a look at this issue?

OpenIM-Robot avatar Oct 18 '24 02:10 OpenIM-Robot

请问这个bug修复了吗?

WindRain20140210 avatar Oct 23 '24 09:10 WindRain20140210

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Could you please ask this question?

OpenIM-Robot avatar Oct 23 '24 09:10 OpenIM-Robot

oss是没实现分片上传吗?没看到调用UploadPart方法

WindRain20140210 avatar Nov 05 '24 11:11 WindRain20140210

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Does oss not implement multipart upload? I didn’t see the UploadPart method being called.

OpenIM-Robot avatar Nov 05 '24 11:11 OpenIM-Robot

OSS 预签名url上传,如何让前端上传呢?

WindRain20140210 avatar Nov 06 '24 03:11 WindRain20140210

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

OSS pre-signed URL upload, how to let the front end upload it?

OpenIM-Robot avatar Nov 06 '24 03:11 OpenIM-Robot

The returned URL is the API address and will be redirected to the corresponding S3 There is sharding, refer to SDK implementation, no OSS. https://github.com/openimsdk/openim-sdk-core/blob/main/internal/third/file/upload.go

withchao avatar Nov 13 '24 08:11 withchao

@withchao 我觉得 BUCKETURL 的存在说明我们想走域名的流量(例如我们域名会通过 Cloudflare 来解决 CDN 问题),而不是再次重写向 aliyuncs.com 域名的吧。

我认可以讨论一下,而不是直接关掉 ISSUES,事实上我们所有 CDN 流量都会走我们自己的域名的,BUCKETURL 与 PUBLICREAD 的存在,应该是流量走向 CDN,而不是 aliyuncs.com。

cipchk avatar Nov 13 '24 09:11 cipchk

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

@withchao I think the existence of BUCKETURL means that we want to use domain name traffic (for example, our domain name will use Cloudflare to solve CDN problems), rather than rewriting the domain name aliyuncs.com again.

OpenIM-Robot avatar Nov 13 '24 09:11 OpenIM-Robot