minio/web-handlers.go

/*
 * Minio Cloud Storage, (C) 2016 Minio, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package main

import (
	"fmt"
	"net"
	"net/http"
	"time"

	jwtgo "github.com/dgrijalva/jwt-go"
	"github.com/minio/minio-go"
	"github.com/minio/minio-xl/pkg/probe"
	"github.com/minio/minio/pkg/disk"
)

// isAuthenticated validates if any incoming request to be a valid JWT
// authenticated request.
func isAuthenticated(req *http.Request) bool {
	jwt := InitJWT()
	tokenRequest, e := jwtgo.ParseFromRequest(req, func(token *jwtgo.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}
		return jwt.secretAccessKey, nil
	})
	if e != nil {
		return false
	}
	return tokenRequest.Valid
}

// DiskInfo - get disk statistics.
func (web *WebAPI) DiskInfo(r *http.Request, args *DiskInfoArgs, reply *disk.Info) error {
	if !isAuthenticated(r) {
		return errUnAuthorizedRequest
	}
	info, e := disk.GetInfo(web.FSPath)
	if e != nil {
		return e
	}
	*reply = info
	return nil
}

// MakeBucket - make a bucket.
func (web *WebAPI) MakeBucket(r *http.Request, args *MakeBucketArgs, reply *string) error {
	if !isAuthenticated(r) {
		return errUnAuthorizedRequest
	}
	return web.Client.MakeBucket(args.BucketName, "", "")
}

// ListBuckets - list buckets api.
func (web *WebAPI) ListBuckets(r *http.Request, args *ListBucketsArgs, reply *[]BucketInfo) error {
	if !isAuthenticated(r) {
		return errUnAuthorizedRequest
	}
	buckets, e := web.Client.ListBuckets()
	if e != nil {
		return e
	}
	for _, bucket := range buckets {
		*reply = append(*reply, BucketInfo{
			Name:         bucket.Name,
			CreationDate: bucket.CreationDate,
		})
	}
	return nil
}

// ListObjects - list objects api.
func (web *WebAPI) ListObjects(r *http.Request, args *ListObjectsArgs, reply *[]ObjectInfo) error {
	if !isAuthenticated(r) {
		return errUnAuthorizedRequest
	}
	doneCh := make(chan struct{})
	defer close(doneCh)

	for object := range web.Client.ListObjects(args.BucketName, args.Prefix, false, doneCh) {
		if object.Err != nil {
			return object.Err
		}
		// TODO - This can get slower for large directories, we can
		// perhaps extend the ListObjects XML to reply back
		// ContentType as well.
		objectInfo, e := web.Client.StatObject(args.BucketName, object.Key)
		if e != nil {
			return e
		}
		*reply = append(*reply, ObjectInfo{
			Key:          objectInfo.Key,
			LastModified: objectInfo.LastModified,
			Size:         objectInfo.Size,
			ContentType:  objectInfo.ContentType,
		})
	}
	return nil
}

func getTargetHost(apiAddress, targetHost string) (string, *probe.Error) {
	if targetHost != "" {
		_, port, e := net.SplitHostPort(apiAddress)
		if e != nil {
			return "", probe.NewError(e)
		}
		host, _, e := net.SplitHostPort(targetHost)
		if e != nil {
			return "", probe.NewError(e)
		}
		targetHost = net.JoinHostPort(host, port)
	}
	return targetHost, nil
}

// PutObjectURL - generates url for upload access.
func (web *WebAPI) PutObjectURL(r *http.Request, args *PutObjectURLArgs, reply *string) error {
	if !isAuthenticated(r) {
		return errUnAuthorizedRequest
	}
	targetHost, err := getTargetHost(web.apiAddress, args.TargetHost)
	if err != nil {
		return probe.WrapError(err)
	}
	client, e := minio.NewV4(targetHost, web.accessKeyID, web.secretAccessKey, web.inSecure)
	if e != nil {
		return e
	}
	signedURLStr, e := client.PresignedPutObject(args.BucketName, args.ObjectName, time.Duration(60*60)*time.Second)
	if e != nil {
		return e
	}
	*reply = signedURLStr
	return nil
}

// GetObjectURL - generates url for download access.
func (web *WebAPI) GetObjectURL(r *http.Request, args *GetObjectURLArgs, reply *string) error {
	if !isAuthenticated(r) {
		return errUnAuthorizedRequest
	}
	targetHost, err := getTargetHost(web.apiAddress, args.TargetHost)
	if err != nil {
		return probe.WrapError(err)
	}
	client, e := minio.NewV4(targetHost, web.accessKeyID, web.secretAccessKey, web.inSecure)
	if e != nil {
		return e
	}
	signedURLStr, e := client.PresignedGetObject(args.BucketName, args.ObjectName, time.Duration(60*60)*time.Second)
	if e != nil {
		return e
	}
	*reply = signedURLStr
	return nil
}

// Login - user login handler.
func (web *WebAPI) Login(r *http.Request, args *LoginArgs, reply *AuthToken) error {
	jwt := InitJWT()
	if jwt.Authenticate(args.Username, args.Password) {
		token, err := jwt.GenerateToken(args.Username)
		if err != nil {
			return probe.WrapError(err.Trace())
		}
		reply.Token = token
		return nil
	}
	return errUnAuthorizedRequest
}

// RefreshToken - refresh token handler.
func (web *WebAPI) RefreshToken(r *http.Request, args *LoginArgs, reply *AuthToken) error {
	if isAuthenticated(r) {
		jwt := InitJWT()
		token, err := jwt.GenerateToken(args.Username)
		if err != nil {
			return probe.WrapError(err.Trace())
		}
		reply.Token = token
		return nil
	}
	return errUnAuthorizedRequest
}

// Logout - user logout.
func (web *WebAPI) Logout(r *http.Request, arg *string, reply *string) error {
	if isAuthenticated(r) {
		return nil
	}
	return errUnAuthorizedRequest
}
api: More cleanups at WebAPI. - Fixes a bug where bucketName was not denormalized. - Remove unneeded functions from jwt.go 9 years ago			`/*`
			`* Minio Cloud Storage, (C) 2016 Minio, Inc.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`package main`

			`import (`
			`"fmt"`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`"net"`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`"net/http"`
			`"time"`

Add MakeBucket API. 9 years ago			`jwtgo "github.com/dgrijalva/jwt-go"`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`"github.com/minio/minio-go"`
			`"github.com/minio/minio-xl/pkg/probe"`
diskInfo: Add DiskInfo API 9 years ago			`"github.com/minio/minio/pkg/disk"`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`)`

api: More cleanups at WebAPI. - Fixes a bug where bucketName was not denormalized. - Remove unneeded functions from jwt.go 9 years ago			`// isAuthenticated validates if any incoming request to be a valid JWT`
			`// authenticated request.`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`func isAuthenticated(req *http.Request) bool {`
Add MakeBucket API. 9 years ago			`jwt := InitJWT()`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`tokenRequest, e := jwtgo.ParseFromRequest(req, func(token *jwtgo.Token) (interface{}, error) {`
			`if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])`
			`}`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`return jwt.secretAccessKey, nil`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`})`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`if e != nil {`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`return false`
			`}`
			`return tokenRequest.Valid`
			`}`

diskInfo: Add DiskInfo API 9 years ago			`// DiskInfo - get disk statistics.`
			`func (web WebAPI) DiskInfo(r http.Request, args DiskInfoArgs, reply disk.Info) error {`
			`if !isAuthenticated(r) {`
			`return errUnAuthorizedRequest`
			`}`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`info, e := disk.GetInfo(web.FSPath)`
			`if e != nil {`
			`return e`
diskInfo: Add DiskInfo API 9 years ago			`}`
			`*reply = info`
			`return nil`
			`}`

Add MakeBucket API. 9 years ago			`// MakeBucket - make a bucket.`
			`func (web WebAPI) MakeBucket(r http.Request, args MakeBucketArgs, reply string) error {`
			`if !isAuthenticated(r) {`
			`return errUnAuthorizedRequest`
			`}`
			`return web.Client.MakeBucket(args.BucketName, "", "")`
			`}`

Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`// ListBuckets - list buckets api.`
Add MakeBucket API. 9 years ago			`func (web WebAPI) ListBuckets(r http.Request, args ListBucketsArgs, reply []BucketInfo) error {`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`if !isAuthenticated(r) {`
			`return errUnAuthorizedRequest`
			`}`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`buckets, e := web.Client.ListBuckets()`
			`if e != nil {`
			`return e`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`}`
Add MakeBucket API. 9 years ago			`for _, bucket := range buckets {`
			`reply = append(reply, BucketInfo{`
			`Name: bucket.Name,`
			`CreationDate: bucket.CreationDate,`
			`})`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`}`
			`return nil`
			`}`

			`// ListObjects - list objects api.`
Add MakeBucket API. 9 years ago			`func (web WebAPI) ListObjects(r http.Request, args ListObjectsArgs, reply []ObjectInfo) error {`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`if !isAuthenticated(r) {`
			`return errUnAuthorizedRequest`
			`}`
			`doneCh := make(chan struct{})`
			`defer close(doneCh)`

Add MakeBucket API. 9 years ago			`for object := range web.Client.ListObjects(args.BucketName, args.Prefix, false, doneCh) {`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`if object.Err != nil {`
			`return object.Err`
			`}`
contentType: Reply back proper contentTypes based on the file extension. Currently the server would set 'application/octet-stream' for all objects, set this value based on the file extension transparently. This is useful in case of minio browser to facilitate displaying proper icons for the different mime data types. 9 years ago			`// TODO - This can get slower for large directories, we can`
			`// perhaps extend the ListObjects XML to reply back`
			`// ContentType as well.`
			`objectInfo, e := web.Client.StatObject(args.BucketName, object.Key)`
			`if e != nil {`
			`return e`
			`}`
Add MakeBucket API. 9 years ago			`reply = append(reply, ObjectInfo{`
contentType: Reply back proper contentTypes based on the file extension. Currently the server would set 'application/octet-stream' for all objects, set this value based on the file extension transparently. This is useful in case of minio browser to facilitate displaying proper icons for the different mime data types. 9 years ago			`Key: objectInfo.Key,`
			`LastModified: objectInfo.LastModified,`
			`Size: objectInfo.Size,`
			`ContentType: objectInfo.ContentType,`
Add MakeBucket API. 9 years ago			`})`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`}`
			`return nil`
			`}`

jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`func getTargetHost(apiAddress, targetHost string) (string, *probe.Error) {`
			`if targetHost != "" {`
			`_, port, e := net.SplitHostPort(apiAddress)`
			`if e != nil {`
			`return "", probe.NewError(e)`
			`}`
			`host, _, e := net.SplitHostPort(targetHost)`
			`if e != nil {`
			`return "", probe.NewError(e)`
			`}`
			`targetHost = net.JoinHostPort(host, port)`
			`}`
			`return targetHost, nil`
			`}`

			`// PutObjectURL - generates url for upload access.`
			`func (web WebAPI) PutObjectURL(r http.Request, args PutObjectURLArgs, reply string) error {`
			`if !isAuthenticated(r) {`
			`return errUnAuthorizedRequest`
			`}`
			`targetHost, err := getTargetHost(web.apiAddress, args.TargetHost)`
			`if err != nil {`
			`return probe.WrapError(err)`
			`}`
			`client, e := minio.NewV4(targetHost, web.accessKeyID, web.secretAccessKey, web.inSecure)`
			`if e != nil {`
			`return e`
			`}`
			`signedURLStr, e := client.PresignedPutObject(args.BucketName, args.ObjectName, time.Duration(6060)time.Second)`
			`if e != nil {`
			`return e`
			`}`
			`*reply = signedURLStr`
			`return nil`
			`}`

			`// GetObjectURL - generates url for download access.`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`func (web WebAPI) GetObjectURL(r http.Request, args GetObjectURLArgs, reply string) error {`
			`if !isAuthenticated(r) {`
			`return errUnAuthorizedRequest`
			`}`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`targetHost, err := getTargetHost(web.apiAddress, args.TargetHost)`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`if err != nil {`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`return probe.WrapError(err)`
			`}`
			`client, e := minio.NewV4(targetHost, web.accessKeyID, web.secretAccessKey, web.inSecure)`
			`if e != nil {`
			`return e`
			`}`
			`signedURLStr, e := client.PresignedGetObject(args.BucketName, args.ObjectName, time.Duration(6060)time.Second)`
			`if e != nil {`
			`return e`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`}`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`*reply = signedURLStr`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`return nil`
			`}`

			`// Login - user login handler.`
			`func (web WebAPI) Login(r http.Request, args LoginArgs, reply AuthToken) error {`
Add MakeBucket API. 9 years ago			`jwt := InitJWT()`
api: More cleanups at WebAPI. - Fixes a bug where bucketName was not denormalized. - Remove unneeded functions from jwt.go 9 years ago			`if jwt.Authenticate(args.Username, args.Password) {`
Add MakeBucket API. 9 years ago			`token, err := jwt.GenerateToken(args.Username)`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`if err != nil {`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`return probe.WrapError(err.Trace())`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`}`
			`reply.Token = token`
			`return nil`
			`}`
			`return errUnAuthorizedRequest`
			`}`

			`// RefreshToken - refresh token handler.`
			`func (web WebAPI) RefreshToken(r http.Request, args LoginArgs, reply AuthToken) error {`
			`if isAuthenticated(r) {`
Add MakeBucket API. 9 years ago			`jwt := InitJWT()`
			`token, err := jwt.GenerateToken(args.Username)`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`if err != nil {`
jwt: Deprecate RSA usage, use HMAC instead. HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls. 9 years ago			`return probe.WrapError(err.Trace())`
Bring in the list APIs implemented by Bala <bala@minio.io> 9 years ago			`}`
			`reply.Token = token`
			`return nil`
			`}`
			`return errUnAuthorizedRequest`
			`}`

			`// Logout - user logout.`
			`func (web WebAPI) Logout(r http.Request, arg string, reply string) error {`
			`if isAuthenticated(r) {`
			`return nil`
			`}`
			`return errUnAuthorizedRequest`
			`}`