Merge stable branch

docsend · Jul 6, 2022 · 1d2df78 · 1d2df78
2 parents bc4c155 + 0717e2b
commit 1d2df78
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,15 @@ Included in: Uppy v3.0.0-beta
 - @uppy/companion: remove `searchProviders` wrapper & move `s3` options (Merlijn Vos / #3781)
 - @uppy/companion: remove support for EOL versions of Node.js (Antoine du Hamel / #3784)
 
+## 3.7.0
+
+Released: 2022-07-06
+Included in: Uppy v2.12.2
+
+- @uppy/companion: Getkey safe behavior (Mikael Finstad / #3592)
+- @uppy/companion: doc: fix Google Drive example (Antoine du Hamel / #3855)
+- @uppy/companion: build an ARM64 container (Stuart Auld / #3841)
+
 ## 3.6.0
 
 Released: 2022-05-30

diff --git a/README.md b/README.md
@@ -36,7 +36,7 @@ app.use(session({ secret: 'some secrety secret' }))
 // be sure to place this anywhere after app.use(bodyParser.json()) and app.use(session({...})
 const options = {
   providerOptions: {
-    google: {
+    drive: {
       key: 'GOOGLE_KEY',
       secret: 'GOOGLE_SECRET',
     },

diff --git a/src/companion.js b/src/companion.js
@@ -62,6 +62,10 @@ module.exports.app = (optionsArg = {}) => {
   validateConfig(optionsArg)
 
   const options = merge({}, defaultOptions, optionsArg)
+
+  // todo remove in next major and default to the safer getKey instead
+  if (options.providerOptions.s3.getKey === defaultOptions.providerOptions.s3.getKey) process.emitWarning('The current default getKey implementation is not safe because it will cause files with the same name to be overwritten and should be avoided. Please use the environment variable COMPANION_S3_GETKEY_SAFE_BEHAVIOR=true (standalone) or provide your own getKey implementation instead')
+
   const providers = providerManager.getDefaultProviders()
   const searchProviders = providerManager.getSearchProviders()
   providerManager.addProviderOptions(options, grantConfig)

diff --git a/src/standalone/helper.js b/src/standalone/helper.js
@@ -2,6 +2,8 @@ const fs = require('fs')
 const merge = require('lodash.merge')
 const stripIndent = require('common-tags/lib/stripIndent')
 const crypto = require('crypto')
+const uuid = require('uuid') // TODO: migrate to `crypto.getRandomUUID` when removing support for Node.js <14.
+
 const utils = require('../server/helpers/utils')
 const logger = require('../server/logger')
 // @ts-ignore
@@ -27,7 +29,7 @@ const getConfigFromEnv = () => {
   const domains = process.env.COMPANION_DOMAINS || process.env.COMPANION_DOMAIN || null
   const validHosts = domains ? domains.split(',') : []
 
-  return {
+  const envConfig = {
     providerOptions: {
       drive: {
         key: process.env.COMPANION_GOOGLE_KEY,
@@ -114,6 +116,13 @@ const getConfigFromEnv = () => {
       ? parseInt(process.env.COMPANION_CLIENT_SOCKET_CONNECT_TIMEOUT, 10) : undefined,
     metrics: process.env.COMPANION_HIDE_METRICS !== 'true',
   }
+
+  // todo remove COMPANION_S3_GETKEY_SAFE_BEHAVIOR in next major and use this getKey implementation instead by default
+  if (process.env.COMPANION_S3_GETKEY_SAFE_BEHAVIOR === 'true') {
+    envConfig.providerOptions.s3.getKey = (req, filename) => `${uuid.v4()}-${filename}`
+  }
+
+  return envConfig
 }
 
 /**