fix(s3): Don't wait indefinitely for S3 to return

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: lint Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: use AwsException Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: Throw on connection failure Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: Wrap all in try catch block Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: use RequestTimeout error message Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> log: use OCP Server class Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
nextcloud · Jul 5, 2024 · 1ce2838 · 1ce2838
1 parent a98a0eb
commit 1ce2838
Showing 1 changed file with 40 additions and 29 deletions.
diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -14,6 +14,7 @@
 use GuzzleHttp\Promise\Create;
 use GuzzleHttp\Promise\RejectedPromise;
 use OCP\ICertificateManager;
+use OCP\Server;
 use Psr\Log\LoggerInterface;
 
 trait S3ConnectionTrait {
@@ -98,7 +99,11 @@ public function getConnection() {
 			'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()),
 			'csm' => false,
 			'use_arn_region' => false,
-			'http' => ['verify' => $this->getCertificateBundlePath()],
+			'http' => [
+				'verify' => $this->getCertificateBundlePath(),
+				'connect_timeout' => 10,
+				'timeout' => 60
+			],
 			'use_aws_shared_config_files' => false,
 		];
 
@@ -116,35 +121,41 @@ public function getConnection() {
 		}
 		$this->connection = new S3Client($options);
 
-		if (!$this->connection::isBucketDnsCompatible($this->bucket)) {
-			$logger = \OC::$server->get(LoggerInterface::class);
-			$logger->debug('Bucket "' . $this->bucket . '" This bucket name is not dns compatible, it may contain invalid characters.',
-				['app' => 'objectstore']);
-		}
-
-		if ($this->params['verify_bucket_exists'] && !$this->connection->doesBucketExist($this->bucket)) {
-			$logger = \OC::$server->get(LoggerInterface::class);
-			try {
-				$logger->info('Bucket "' . $this->bucket . '" does not exist - creating it.', ['app' => 'objectstore']);
-				if (!$this->connection::isBucketDnsCompatible($this->bucket)) {
-					throw new \Exception("The bucket will not be created because the name is not dns compatible, please correct it: " . $this->bucket);
-				}
-				$this->connection->createBucket(['Bucket' => $this->bucket]);
-				$this->testTimeout();
-			} catch (S3Exception $e) {
-				$logger->debug('Invalid remote storage.', [
-					'exception' => $e,
-					'app' => 'objectstore',
-				]);
-				if ($e->getAwsErrorCode() !== "BucketAlreadyOwnedByYou") {
-					throw new \Exception('Creation of bucket "' . $this->bucket . '" failed. ' . $e->getMessage());
+		try {
+			$logger = Server::get(LoggerInterface::class);
+			if (!$this->connection::isBucketDnsCompatible($this->bucket)) {
+				$logger->debug('Bucket "' . $this->bucket . '" This bucket name is not dns compatible, it may contain invalid characters.',
+					['app' => 'objectstore']);
+			}
+
+			if ($this->params['verify_bucket_exists'] && !$this->connection->doesBucketExist($this->bucket)) {
+				try {
+					$logger->info('Bucket "' . $this->bucket . '" does not exist - creating it.', ['app' => 'objectstore']);
+					if (!$this->connection::isBucketDnsCompatible($this->bucket)) {
+						throw new \Exception("The bucket will not be created because the name is not dns compatible, please correct it: " . $this->bucket);
+					}
+					$this->connection->createBucket(['Bucket' => $this->bucket]);
+					$this->testTimeout();
+				} catch (S3Exception $e) {
+					$logger->debug('Invalid remote storage.', [
+						'exception' => $e,
+						'app' => 'objectstore',
+					]);
+					if ($e->getAwsErrorCode() !== "BucketAlreadyOwnedByYou") {
+						throw new \Exception('Creation of bucket "' . $this->bucket . '" failed. ' . $e->getMessage());
+					}
 				}
 			}
-		}
-
-		// google cloud's s3 compatibility doesn't like the EncodingType parameter
-		if (strpos($base_url, 'storage.googleapis.com')) {
-			$this->connection->getHandlerList()->remove('s3.auto_encode');
+
+			// google cloud's s3 compatibility doesn't like the EncodingType parameter
+			if (strpos($base_url, 'storage.googleapis.com')) {
+				$this->connection->getHandlerList()->remove('s3.auto_encode');
+			}
+		} catch (S3Exception $e) {
+			if ($e->getAwsErrorCode() == "RequestTimeout") {
+				throw new \Exception('S3 connection failed due to timeout or connection issues: ' . $e->getMessage());
+			}
+			throw new \Exception('S3 service is unable to handle request: ' . $e->getMessage());
 		}
 
 		return $this->connection;
@@ -193,7 +204,7 @@ protected function getCertificateBundlePath(): ?string {
 			// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
 			if (!isset($this->params['primary_storage'])) {
 				/** @var ICertificateManager $certManager */
-				$certManager = \OC::$server->get(ICertificateManager::class);
+				$certManager = Server::get(ICertificateManager::class);
 				return $certManager->getAbsoluteBundlePath();
 			} else {
 				return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';