From 0707a0d7e16a23212212af8319787b970d7fddd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BA=95=E5=A4=A9?= <13609528708@163.com>
Date: Sat, 12 Jul 2025 16:44:57 +0800
Subject: [PATCH] The s3 signature_version supports transparent passing of
 environment variables.

---
 .../middleware/storage/amazon_s3_storage_config.py    |  5 +++++
 api/extensions/storage/aws_s3_storage.py              | 11 ++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/api/configs/middleware/storage/amazon_s3_storage_config.py b/api/configs/middleware/storage/amazon_s3_storage_config.py
index e14c210718..8be618960a 100644
--- a/api/configs/middleware/storage/amazon_s3_storage_config.py
+++ b/api/configs/middleware/storage/amazon_s3_storage_config.py
@@ -43,3 +43,8 @@ class S3StorageConfig(BaseSettings):
         description="Use AWS managed IAM roles for authentication instead of access/secret keys",
         default=False,
     )
+    
+    S3_SIGNATURE_VERSION: str = Field(
+        description="S3 signature version: 'unsigned', 's3', 's3v4'",
+        default="s3",
+    )
diff --git a/api/extensions/storage/aws_s3_storage.py b/api/extensions/storage/aws_s3_storage.py
index 7b6b2eedd6..ceafc51bca 100644
--- a/api/extensions/storage/aws_s3_storage.py
+++ b/api/extensions/storage/aws_s3_storage.py
@@ -4,6 +4,7 @@ from collections.abc import Generator
 import boto3  # type: ignore
 from botocore.client import Config  # type: ignore
 from botocore.exceptions import ClientError  # type: ignore
+import botocore
 
 from configs import dify_config
 from extensions.storage.base_storage import BaseStorage
@@ -25,6 +26,11 @@ class AwsS3Storage(BaseStorage):
             self.client = session.client(service_name="s3", region_name=region_name)
         else:
             logger.info("Using ak and sk for S3")
+            
+            if dify_config.S3_SIGNATURE_VERSION == 'unsigned':
+                s_version = botocore.UNSIGNED
+            else:
+                s_version = dify_config.S3_SIGNATURE_VERSION
 
             self.client = boto3.client(
                 "s3",
@@ -32,7 +38,10 @@ class AwsS3Storage(BaseStorage):
                 aws_access_key_id=dify_config.S3_ACCESS_KEY,
                 endpoint_url=dify_config.S3_ENDPOINT,
                 region_name=dify_config.S3_REGION,
-                config=Config(s3={"addressing_style": dify_config.S3_ADDRESS_STYLE}),
+                config=Config(
+                    s3={"addressing_style": dify_config.S3_ADDRESS_STYLE},
+                    signature_version=s_version
+                ),
             )
         # create bucket
         try: