From cb7b2762f9d3eefcea072a6827d08f545b68258f Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Sun, 17 Jan 2016 01:39:09 -0800 Subject: [PATCH] serverConfig: Add a new region config entry. To change default region from 'us-east-1' to 'custom'. Add a region value in your 'config.json'. "version": "2", "credentials": { "accessKeyId": "****************", "secretAccessKey": "***************", "region": "my-region" }, --- api-signature.go | 26 ++++++++++++++--------- bucket-handlers.go | 17 +++++++++++++--- object-handlers.go | 51 ++++++++++++++++++++++++++++++++++++++-------- server-config.go | 2 ++ server-main.go | 3 ++- 5 files changed, 76 insertions(+), 23 deletions(-) diff --git a/api-signature.go b/api-signature.go index 3bdb947b0..74e337306 100644 --- a/api-signature.go +++ b/api-signature.go @@ -90,9 +90,12 @@ func getSignedHeadersFromAuth(authHeaderValue string) ([]string, *probe.Error) { return signedHeaders, nil } -// verify if region value is valid. -func isValidRegion(region string) *probe.Error { - if region != "us-east-1" && region != "US" { +// verify if region value is valid with configured minioRegion. +func isValidRegion(region string, minioRegion string) *probe.Error { + if minioRegion == "" { + minioRegion = "us-east-1" + } + if region != minioRegion && region != "US" { return probe.NewError(errInvalidRegion) } return nil @@ -105,9 +108,6 @@ func stripRegion(authHeaderValue string) (string, *probe.Error) { return "", err.Trace(authHeaderValue) } region := credentialElements[2] - if err = isValidRegion(region); err != nil { - return "", err.Trace(authHeaderValue) - } return region, nil } @@ -129,10 +129,20 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) { // strip auth from authorization header. authHeaderValue := req.Header.Get("Authorization") + config, err := loadConfigV2() + if err != nil { + return nil, err.Trace() + } + region, err := stripRegion(authHeaderValue) if err != nil { return nil, err.Trace(authHeaderValue) } + + if err = isValidRegion(region, config.Credentials.Region); err != nil { + return nil, err.Trace(authHeaderValue) + } + accessKeyID, err := stripAccessKeyID(authHeaderValue) if err != nil { return nil, err.Trace(authHeaderValue) @@ -145,10 +155,6 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) { if err != nil { return nil, err.Trace(authHeaderValue) } - config, err := loadConfigV2() - if err != nil { - return nil, err.Trace() - } if config.Credentials.AccessKeyID == accessKeyID { signature := &fs.Signature{ AccessKeyID: config.Credentials.AccessKeyID, diff --git a/bucket-handlers.go b/bucket-handlers.go index 275a3ab76..c2f0d74a1 100644 --- a/bucket-handlers.go +++ b/bucket-handlers.go @@ -217,9 +217,20 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req var err *probe.Error signature, err = initSignatureV4(req) if err != nil { - errorIf(err.Trace(), "Initializing signature v4 failed.", nil) - writeErrorResponse(w, req, InternalError, req.URL.Path) - return + switch err.ToGoError() { + case errInvalidRegion: + errorIf(err.Trace(), "Unknown region in authorization header.", nil) + writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path) + return + case errAccessKeyIDInvalid: + errorIf(err.Trace(), "Invalid access key id.", nil) + writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path) + return + default: + errorIf(err.Trace(), "Initializing signature v4 failed.", nil) + writeErrorResponse(w, req, InternalError, req.URL.Path) + return + } } } } diff --git a/object-handlers.go b/object-handlers.go index 52111941a..04a911f4e 100644 --- a/object-handlers.go +++ b/object-handlers.go @@ -159,9 +159,20 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req var err *probe.Error signature, err = initSignatureV4(req) if err != nil { - errorIf(err.Trace(), "Initializing signature v4 failed.", nil) - writeErrorResponse(w, req, InternalError, req.URL.Path) - return + switch err.ToGoError() { + case errInvalidRegion: + errorIf(err.Trace(), "Unknown region in authorization header.", nil) + writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path) + return + case errAccessKeyIDInvalid: + errorIf(err.Trace(), "Invalid access key id.", nil) + writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path) + return + default: + errorIf(err.Trace(), "Initializing signature v4 failed.", nil) + writeErrorResponse(w, req, InternalError, req.URL.Path) + return + } } } } @@ -295,9 +306,20 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http var err *probe.Error signature, err = initSignatureV4(req) if err != nil { - errorIf(err.Trace(), "Initializing signature v4 failed.", nil) - writeErrorResponse(w, req, InternalError, req.URL.Path) - return + switch err.ToGoError() { + case errInvalidRegion: + errorIf(err.Trace(), "Unknown region in authorization header.", nil) + writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path) + return + case errAccessKeyIDInvalid: + errorIf(err.Trace(), "Invalid access key id.", nil) + writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path) + return + default: + errorIf(err.Trace(), "Initializing signature v4 failed.", nil) + writeErrorResponse(w, req, InternalError, req.URL.Path) + return + } } } } @@ -439,9 +461,20 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter, var err *probe.Error signature, err = initSignatureV4(req) if err != nil { - errorIf(err.Trace(), "Initializing signature v4 failed.", nil) - writeErrorResponse(w, req, InternalError, req.URL.Path) - return + switch err.ToGoError() { + case errInvalidRegion: + errorIf(err.Trace(), "Unknown region in authorization header.", nil) + writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path) + return + case errAccessKeyIDInvalid: + errorIf(err.Trace(), "Invalid access key id.", nil) + writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path) + return + default: + errorIf(err.Trace(), "Initializing signature v4 failed.", nil) + writeErrorResponse(w, req, InternalError, req.URL.Path) + return + } } } } diff --git a/server-config.go b/server-config.go index acdc27029..c6c1c3368 100644 --- a/server-config.go +++ b/server-config.go @@ -42,6 +42,7 @@ type configV2 struct { Credentials struct { AccessKeyID string `json:"accessKeyId"` SecretAccessKey string `json:"secretAccessKey"` + Region string `json:"region"` } `json:"credentials"` MongoLogger struct { Addr string `json:"addr"` @@ -249,6 +250,7 @@ func newConfigV2() *configV2 { config.Version = "2" config.Credentials.AccessKeyID = "" config.Credentials.SecretAccessKey = "" + config.Credentials.Region = "us-east-1" config.MongoLogger.Addr = "" config.MongoLogger.DB = "" config.MongoLogger.Collection = "" diff --git a/server-main.go b/server-main.go index 8a2099310..bc0e92054 100644 --- a/server-main.go +++ b/server-main.go @@ -78,7 +78,7 @@ type cloudServerConfig struct { MinFreeDisk int64 // Minimum free disk space for filesystem Expiry time.Duration // Set auto expiry for filesystem - // TLS service + /// TLS service TLS bool // TLS on when certs are specified CertFile string // Domain certificate KeyFile string // Domain key @@ -206,6 +206,7 @@ func getConfig() (*configV2, *probe.Error) { config.Version = "2" config.Credentials.AccessKeyID = string(mustGenerateAccessKeyID()) config.Credentials.SecretAccessKey = string(mustGenerateSecretAccessKey()) + config.Credentials.Region = "us-east-1" if err := saveConfig(config); err != nil { return nil, err.Trace() }