update lock clucknut
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 14s
Build, Push and Deploy / build-and-push (push) Successful in 3m14s
Build, Push and Deploy / deploy-staging (push) Successful in 25s
Build, Push and Deploy / deploy-production (push) Has been skipped

This commit is contained in:
2026-04-18 20:32:18 +07:00
parent 4554035227
commit dcaf267458
3359 changed files with 153185 additions and 205489 deletions

View File

@@ -500,10 +500,23 @@ private function resolveUploadOptions(array $args)
}
$validate = $this->chooseValidationMethod($args);
if ($validate === 'md5') {
$args['metadata']['md5Hash'] = base64_encode(Utils::hash($args['data'], 'md5', true));
} elseif ($validate === 'crc32') {
$args['metadata']['crc32c'] = $this->crcFromStream($args['data']);
$xGoogHashHeader = '';
if ($validate !== false) {
$md5Hash = base64_encode(Utils::hash($args['data'], 'md5', true));
$crc32c = $this->crcFromStream($args['data']);
// Add validation metadata
if ($validate === 'md5') {
$args['metadata']['md5Hash'] = $md5Hash;
} elseif ($validate === 'crc32') {
$args['metadata']['crc32c'] = $crc32c;
}
// Prepare the X-Goog-Hash header string
$xGoogHashHeader = implode(',', array_filter([
$md5Hash ? 'md5=' . $md5Hash : null,
$crc32c ? 'crc32c=' . $crc32c : null,
]));
}
$args['metadata']['name'] = $args['name'];
@@ -532,6 +545,19 @@ private function resolveUploadOptions(array $args)
$args['uploaderOptions'] = array_intersect_key($args, array_flip($uploaderOptionKeys));
$args = array_diff_key($args, array_flip($uploaderOptionKeys));
// Add the X-Goog-Hash header only if there are hashes to include
if (!empty($xGoogHashHeader)) {
$args['uploaderOptions']['restOptions']['headers']['X-Goog-Hash'] = $xGoogHashHeader;
}
if (!empty($args['headers'])) {
$args['uploaderOptions']['restOptions']['headers'] = array_merge(
$args['uploaderOptions']['restOptions']['headers'] ?? [],
$args['headers']
);
}
unset($args['headers']);
// Passing on custom retry function to $args['uploaderOptions']
$retryFunc = $this->getRestRetryFunction(
'objects',
@@ -714,7 +740,10 @@ private function buildDownloadObjectParams(array $args)
private function chooseValidationMethod(array $args)
{
// If the user provided a hash, skip hashing.
if (isset($args['metadata']['md5Hash']) || isset($args['metadata']['crc32c'])) {
if (isset($args['metadata']['md5Hash'])
|| isset($args['metadata']['crc32c'])
|| isset($args['headers']['X-Goog-Hash'])
) {
return false;
}

View File

@@ -195,6 +195,78 @@
"defaultKmsKeyName": {
"type": "string",
"description": "A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified."
},
"googleManagedEncryptionEnforcementConfig": {
"type": "object",
"description": "If set, the new objects created in this bucket must comply with this enforcement config. Changing this has no effect on existing objects; it applies to new objects only. If omitted, the new objects are allowed to be encrypted with Google Managed Encryption type by default.",
"properties": {
"restrictionMode": {
"type": "string",
"description": "Restriction mode for Google-Managed Encryption Keys. Defaults to NotRestricted.",
"enum": [
"NotRestricted",
"FullyRestricted"
],
"enumDescriptions": [
"Creation of new objects with Google Managed Encryption is not restricted.",
"Creation of new objects with Google Managed Encryption is fully restricted."
]
},
"effectiveTime": {
"type": "string",
"description": "Server-determined value indicating when this configuration became effective. In RFC 3339 format.",
"format": "date-time",
"readOnly": true
}
}
},
"customerManagedEncryptionEnforcementConfig": {
"type": "object",
"description": "If set, the new objects created in this bucket must comply with this enforcement config. Changing this has no effect on existing objects; it applies to new objects only. If omitted, the new objects are allowed to be encrypted with Customer Managed Encryption type by default.",
"properties": {
"restrictionMode": {
"type": "string",
"description": "Restriction mode for Customer-Managed Encryption Keys. Defaults to NotRestricted.",
"enum": [
"NotRestricted",
"FullyRestricted"
],
"enumDescriptions": [
"Creation of new objects with Customer-Managed Encryption is not restricted.",
"Creation of new objects with Customer-Managed Encryption is fully restricted."
]
},
"effectiveTime": {
"type": "string",
"description": "Server-determined value indicating when this configuration became effective. In RFC 3339 format.",
"format": "date-time",
"readOnly": true
}
}
},
"customerSuppliedEncryptionEnforcementConfig": {
"type": "object",
"description": "If set, the new objects created in this bucket must comply with this enforcement config. Changing this has no effect on existing objects; it applies to new objects only. If omitted, the new objects are allowed to be encrypted with Customer Supplied Encryption type by default.",
"properties": {
"restrictionMode": {
"type": "string",
"description": "Restriction mode for Customer-Supplied Encryption Keys. Defaults to NotRestricted.",
"enum": [
"NotRestricted",
"FullyRestricted"
],
"enumDescriptions": [
"Creation of new objects with Customer-Supplied Encryption is not restricted.",
"Creation of new objects with Customer-Supplied Encryption is fully restricted."
]
},
"effectiveTime": {
"type": "string",
"description": "Server-determined value indicating when this configuration became effective. In RFC 3339 format.",
"format": "date-time",
"readOnly": true
}
}
}
}
},