feat: add s3 server side encryption to config

README.md

@@ -23,13 +23,16 @@ cp -r ./node_modules/ghost-storage-adapter-s3 ./content/adapters/storage/s3
     "secretAccessKey": "YOUR_SECRET_ACCESS_KEY",
     "region": "YOUR_REGION_SLUG",
     "bucket": "YOUR_BUCKET_NAME",
-    "assetHost": "YOUR_OPTIONAL_CDN_URL (See note below)",
+    "assetHost": "YOUR_OPTIONAL_CDN_URL (See note 1 below)",
     "pathPrefix": "YOUR_OPTIONAL_BUCKET_SUBDIRECTORY",
-    "endpoint": "YOUR_OPTIONAL_ENDPOINT_URL (only needed for 3rd party S3 providers)"
+    "endpoint": "YOUR_OPTIONAL_ENDPOINT_URL (only needed for 3rd party S3 providers)",
+    "serverSideEncryption": "YOUR_OPTIONAL_SSE (See note 2 below)"
   }
 }
 ```
-Note: Be sure to include "//" or the appropriate protocol within your assetHost string/variable to ensure that your site's domain is not prepended to the CDN URL.
+Note 1: Be sure to include "//" or the appropriate protocol within your assetHost string/variable to ensure that your site's domain is not prepended to the CDN URL.
+
+Note 2: if your s3 bucket enforces SSE use serverSideEncryption with the [appropriate supported](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#putObject-property) value.
 
 ### Via environment variables
 
@@ -41,6 +44,7 @@ GHOST_STORAGE_ADAPTER_S3_PATH_BUCKET
 GHOST_STORAGE_ADAPTER_S3_ASSET_HOST  // optional
 GHOST_STORAGE_ADAPTER_S3_PATH_PREFIX // optional
 GHOST_STORAGE_ADAPTER_S3_ENDPOINT // optional
+GHOST_STORAGE_ADAPTER_S3_SSE // optional
 ```
 
 ## License

src/index.js

@@ -21,7 +21,8 @@ class Store extends BaseStore {
       pathPrefix,
       region,
       secretAccessKey,
-      endpoint
+      endpoint,
+      serverSideEncryption
     } = config
 
     // Compatible with the aws-sdk's default environment variables
@@ -35,6 +36,7 @@ class Store extends BaseStore {
     this.host = process.env.GHOST_STORAGE_ADAPTER_S3_ASSET_HOST || assetHost || `https://s3${this.region === 'us-east-1' ? '' : `-${this.region}`}.amazonaws.com/${this.bucket}`
     this.pathPrefix = stripLeadingSlash(process.env.GHOST_STORAGE_ADAPTER_S3_PATH_PREFIX || pathPrefix || '')
     this.endpoint = process.env.GHOST_STORAGE_ADAPTER_S3_ENDPOINT || endpoint || ''
+    this.serverSideEncryption = process.env.GHOST_STORAGE_ADAPTER_S3_SSE || serverSideEncryption || ''
   }
 
   delete (fileName, targetDir) {
@@ -85,19 +87,23 @@ class Store extends BaseStore {
       Promise.all([
         this.getUniqueFileName(image, directory),
         readFileAsync(image.path)
-      ]).then(([ fileName, file ]) => (
+      ]).then(([ fileName, file ]) => {
+        let config = {
+          ACL: 'public-read',
+          Body: file,
+          Bucket: this.bucket,
+          CacheControl: `max-age=${30 * 24 * 60 * 60}`,
+          ContentType: image.type,
+          Key: stripLeadingSlash(fileName)
+        }
+        if (this.serverSideEncryption !== '') {
+          config.ServerSideEncryption = this.serverSideEncryption
+        }
         this.s3()
-          .putObject({
-            ACL: 'public-read',
-            Body: file,
-            Bucket: this.bucket,
-            CacheControl: `max-age=${30 * 24 * 60 * 60}`,
-            ContentType: image.type,
-            Key: stripLeadingSlash(fileName)
-          })
+          .putObject(config)
           .promise()
           .then(() => resolve(`${this.host}/${fileName}`))
-      )).catch(error => reject(error))
+      }).catch(error => reject(error))
     })
   }