diff --git a/src/aws.js b/src/aws.js index 44cd7dc0c..fc4914f07 100644 --- a/src/aws.js +++ b/src/aws.js @@ -60,7 +60,8 @@ function getAWSCredentials(callback) { return callback(null, { accessKeyId: result.body.credentials.AccessKeyId, secretAccessKey: result.body.credentials.SecretAccessKey, - region: 'us-east-1', + sessionToken: result.body.credentials.SessionToken, + region: 'us-east-1' }); }); } else { @@ -68,7 +69,8 @@ function getAWSCredentials(callback) { callback(null, { accessKeyId: config.aws().accessKeyId, - secretAccessKey: config.aws().secretAccessKey + secretAccessKey: config.aws().secretAccessKey, + region: 'us-east-1' }); } } @@ -92,7 +94,10 @@ function getSignedUploadUrl(filename, callback) { s3.getSignedUrl('putObject', params, function (error, url) { if (error) return callback(error); - callback(null, url); + callback(null, { + url: url, + sessionToken: credentials.sessionToken + }); }); }); } diff --git a/src/backups.js b/src/backups.js index 9800b86a2..b5d9ef722 100644 --- a/src/backups.js +++ b/src/backups.js @@ -62,12 +62,13 @@ function getBackupUrl(app, appBackupIds, callback) { var filename = util.format('backup_%s-v%s.tar.gz', (new Date()).toISOString(), config.version()); - aws.getSignedUploadUrl(filename, function (error, url) { + aws.getSignedUploadUrl(filename, function (error, result) { if (error) return callback(error); var obj = { id: filename, - url: url, + url: result.url, + sessionToken: result.sessionToken, backupKey: config.backupKey }; diff --git a/src/cloudron.js b/src/cloudron.js index 039dc6d2d..943a53c5e 100644 --- a/src/cloudron.js +++ b/src/cloudron.js @@ -554,7 +554,7 @@ function backupBoxWithAppBackupIds(appBackupIds, callback) { async.series([ ignoreError(shell.sudo.bind(null, 'mountSwap', [ BACKUP_SWAP_CMD, '--on' ])), - shell.sudo.bind(null, 'backupBox', [ BACKUP_BOX_CMD, result.url, result.backupKey ]), + shell.sudo.bind(null, 'backupBox', [ BACKUP_BOX_CMD, result.url, result.backupKey, result.sessionToken ]), ignoreError(shell.sudo.bind(null, 'unmountSwap', [ BACKUP_SWAP_CMD, '--off' ])), ], function (error) { if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error)); diff --git a/src/scripts/backupbox.sh b/src/scripts/backupbox.sh index 74f12efcb..afd43c9aa 100755 --- a/src/scripts/backupbox.sh +++ b/src/scripts/backupbox.sh @@ -12,13 +12,14 @@ if [[ $# == 1 && "$1" == "--check" ]]; then exit 0 fi -if [ $# -lt 2 ]; then - echo "Usage: backupbox.sh " +if [ $# -lt 3 ]; then + echo "Usage: backupbox.sh " exit 1 fi backup_url="$1" backup_key="$2" +session_token="$3" now=$(date "+%Y-%m-%dT%H:%M:%S") BOX_DATA_DIR="${HOME}/data/box" box_snapshot_dir="${HOME}/data/snapshots/box-${now}" @@ -34,7 +35,7 @@ for try in `seq 1 5`; do error_log=$(mktemp) if tar -cvzf - -C "${box_snapshot_dir}" . \ | openssl aes-256-cbc -e -pass "pass:${backup_key}" \ - | curl --fail -H "Content-Type:" -X PUT --data-binary @- "${backup_url}" 2>"${error_log}"; then + | curl --fail -H "Content-Type:" -X PUT -H "x-amz-security-token: ${session_token}" --data-binary @- "${backup_url}" 2>"${error_log}"; then break fi cat "${error_log}" && rm "${error_log}"