AWS SDK PHP v3.339.0+ introduced a breaking change requiring the Content-MD5
header for DeleteObjects operations. This causes 'MissingContentMD5' errors when
using S3-compatible services like MinIO.
Add middleware to automatically calculate and inject the Content-MD5 header on
all DeleteObjects requests. This is applied universally at the S3ConnectionTrait
level, fixing both external storage (AmazonS3) and core ObjectStore (S3) classes.
Fixes: https://github.com/aws/aws-sdk-php/issues/3068
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Add support for Server-Side Encryption with AWS Key Management Service
(SSE-KMS) for S3 object storage. This allows Nextcloud to encrypt data
at rest in S3 using AWS-managed keys.
Key features:
- New config options: sse_kms_enabled and sse_kms_key_id
- Backward compatible with existing SSE-C (customer-provided keys)
- SSE-C takes precedence when both SSE-C and SSE-KMS are configured
Implementation details:
- Added getServerSideEncryptionParameters() method to centralize
encryption parameter logic for both SSE-C and SSE-KMS
- Updated multipart uploads to use unified encryption parameters
- Added comprehensive PHPUnit tests for SSE-KMS scenarios
- Tested with AWS bucket and KMS keys in us-east-1 region
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
The non-v2 version is deprecated, but more importantly the V2 implementation makes fewer assumptions about ambiguous or unexpected status codes. For example, a 403 would result in a false (object does not exist) in V1, but that's not necessarily what that means. V2 returns true/false on a much more narrow set of scenarios. And it throws for all others so they can be diagnosed properly.
Signed-off-by: Josh <josh.t.richards@gmail.com>
a setup can have multiple bucket without having `multibucket` enabled trough things like per-groupfolder buckets
Signed-off-by: Robin Appelman <robin@icewind.nl>
This is faster than going back to nextcloud to download the files.
This is an opt-in setting that can be enabled by setting
use_presigned_url in the object store config.
Additionally add support for the proxy config which is needed in a
docker setup. See https://github.com/juliusknorr/nextcloud-docker-dev/pull/431
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
Add retriesMaxAttempts parameter to S3 objectstore configuration
to allow customization of AWS SDK retry behavior for handling
unreliable network conditions or proxy issues.
Defaults to 5 retries (AWS SDK default) if not specified.
Signed-off-by: nfebe <fenn25.fn@gmail.com>
Otherwise, we call doesBucketExist all the time which does a network
request to the S3 server adding some non-trivial latency when creating a
S3 connection object.
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
Fix https://github.com/nextcloud/server/issues/56077
This commit makes the configuration settings 'request_checksum_calculation' and 'response_checksum_validation' of the S3Client from the AWS SDK for PHP configurable.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
to avoid 'object::%' to be considered as a column
(`la colonne \\u00ab object::% \\u00bb n'existe pas` on PG)
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Simplify migration by not moving the actual files and just updating
the DB
* Don't store the storageid in the preview table as it is not needed
* Start adding tests
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
The new oc_previews table is optimized for storing previews and should
decrease significantly the space taken by previews in the filecache
table.
This attend to reuse the IObjectStore abstraction over S3/Swift/Azure
but currently only support one single bucket configuration.
Signed-off-by: Carl Schwan <carl.schwan@nextclound.com>
