From ae1bfc49a7399ee89e26e3e5a781714214b964ed Mon Sep 17 00:00:00 2001
From: Rob <rob@ishigoya.com>
Date: Sat, 18 Nov 2023 13:49:06 +0900
Subject: [PATCH] Add s3-insecure for S3 backend (#658)

---
 docs/installation.rst |  5 +++++
 takahe/settings.py    | 12 +++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/docs/installation.rst b/docs/installation.rst
index 8c13c82..67fb598 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -167,6 +167,11 @@ If you omit the keys or the endpoint URL, then Takahē will try to use implicit
 authentication for them. The keys, if included, should be urlencoded, as AWS
 secret keys commonly contain eg + characters.
 
+With the above examples, Takahē connects to an S3 bucket using **HTTPS**. If
+you wish to connect to an S3 bucket using **HTTP** (for example, to connect to
+an S3 API endpoint on a private network), replace `s3` in the examples above
+with `s3-insecure`.
+
 Your S3 bucket *must* be set to allow publically-readable files, as Takahē will
 set all files it uploads to be ``public-read``. We randomise uploaded file
 names to prevent enumeration attacks.
diff --git a/takahe/settings.py b/takahe/settings.py
index 93ad285..f06f8f4 100644
--- a/takahe/settings.py
+++ b/takahe/settings.py
@@ -432,7 +432,7 @@ if SETUP.MEDIA_BACKEND:
         if parsed.hostname is not None:
             port = parsed.port or 443
             GS_CUSTOM_ENDPOINT = f"https://{parsed.hostname}:{port}"
-    elif parsed.scheme == "s3":
+    elif (parsed.scheme == "s3") or (parsed.scheme == "s3-insecure"):
         STORAGES["default"]["BACKEND"] = "core.uploads.TakaheS3Storage"
         AWS_STORAGE_BUCKET_NAME = parsed.path.lstrip("/")
         AWS_QUERYSTRING_AUTH = False
@@ -441,8 +441,14 @@ if SETUP.MEDIA_BACKEND:
             AWS_ACCESS_KEY_ID = parsed.username
             AWS_SECRET_ACCESS_KEY = urllib.parse.unquote(parsed.password)
         if parsed.hostname is not None:
-            port = parsed.port or 443
-            AWS_S3_ENDPOINT_URL = f"https://{parsed.hostname}:{port}"
+            if parsed.scheme == "s3-insecure":
+                s3_default_port = 80
+                s3_scheme = "http"
+            else:
+                s3_default_port = 443
+                s3_scheme = "https"
+            port = parsed.port or s3_default_port
+            AWS_S3_ENDPOINT_URL = f"{s3_scheme}://{parsed.hostname}:{port}"
         if SETUP.MEDIA_URL is not None:
             media_url_parsed = urllib.parse.urlparse(SETUP.MEDIA_URL)
             AWS_S3_CUSTOM_DOMAIN = media_url_parsed.hostname