oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1037 from harshavardhana/add-config

Browse Source 
serverConfig: Add a new region config entry.
master
Harshavardhana 9 years ago
parent 8a7bf0dde0 cb7b2762f9
commit 092ed972d0
5 changed files with 76 additions and 23 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 26
      api-signature.go
  2. 11
      bucket-handlers.go
  3. 33
      object-handlers.go
  4. 2
      server-config.go
  5. 3
      server-main.go

26
api-signature.go
Unescape View File

@ -90,9 +90,12 @@ func getSignedHeadersFromAuth(authHeaderValue string) ([]string, *probe.Error) {
return signedHeaders, nil return signedHeaders, nil
} }
// verify if region value is valid. // verify if region value is valid with configured minioRegion.
func isValidRegion(region string) *probe.Error { func isValidRegion(region string, minioRegion string) *probe.Error {
if region != "us-east-1" && region != "US" { if minioRegion == "" {
minioRegion = "us-east-1"
}
if region != minioRegion && region != "US" {
return probe.NewError(errInvalidRegion) return probe.NewError(errInvalidRegion)
} }
return nil return nil
@ -105,9 +108,6 @@ func stripRegion(authHeaderValue string) (string, *probe.Error) {
return "", err.Trace(authHeaderValue) return "", err.Trace(authHeaderValue)
} }
region := credentialElements[2] region := credentialElements[2]
if err = isValidRegion(region); err != nil {
return "", err.Trace(authHeaderValue)
}
return region, nil return region, nil
} }
@ -129,10 +129,20 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
// strip auth from authorization header. // strip auth from authorization header.
authHeaderValue := req.Header.Get("Authorization") authHeaderValue := req.Header.Get("Authorization")
config, err := loadConfigV2()
if err != nil {
return nil, err.Trace()
}
region, err := stripRegion(authHeaderValue) region, err := stripRegion(authHeaderValue)
if err != nil { if err != nil {
return nil, err.Trace(authHeaderValue) return nil, err.Trace(authHeaderValue)
} }
if err = isValidRegion(region, config.Credentials.Region); err != nil {
return nil, err.Trace(authHeaderValue)
}
accessKeyID, err := stripAccessKeyID(authHeaderValue) accessKeyID, err := stripAccessKeyID(authHeaderValue)
if err != nil { if err != nil {
return nil, err.Trace(authHeaderValue) return nil, err.Trace(authHeaderValue)
@ -145,10 +155,6 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
if err != nil { if err != nil {
return nil, err.Trace(authHeaderValue) return nil, err.Trace(authHeaderValue)
} }
config, err := loadConfigV2()
if err != nil {
return nil, err.Trace()
}
if config.Credentials.AccessKeyID == accessKeyID { if config.Credentials.AccessKeyID == accessKeyID {
signature := &fs.Signature{ signature := &fs.Signature{
AccessKeyID: config.Credentials.AccessKeyID, AccessKeyID: config.Credentials.AccessKeyID,

11
bucket-handlers.go
Unescape View File

@ -217,12 +217,23 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
var err *probe.Error var err *probe.Error
signature, err = initSignatureV4(req) signature, err = initSignatureV4(req)
if err != nil { if err != nil {
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil) errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path) writeErrorResponse(w, req, InternalError, req.URL.Path)
return return
} }
} }
} }
}
// if body of request is non-nil then check for validity of Content-Length // if body of request is non-nil then check for validity of Content-Length
if req.Body != nil { if req.Body != nil {

33
object-handlers.go
Unescape View File

@ -159,12 +159,23 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
var err *probe.Error var err *probe.Error
signature, err = initSignatureV4(req) signature, err = initSignatureV4(req)
if err != nil { if err != nil {
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil) errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path) writeErrorResponse(w, req, InternalError, req.URL.Path)
return return
} }
} }
} }
}
metadata, err := api.Filesystem.CreateObject(bucket, object, md5, size, req.Body, signature) metadata, err := api.Filesystem.CreateObject(bucket, object, md5, size, req.Body, signature)
if err != nil { if err != nil {
@ -295,12 +306,23 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
var err *probe.Error var err *probe.Error
signature, err = initSignatureV4(req) signature, err = initSignatureV4(req)
if err != nil { if err != nil {
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil) errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path) writeErrorResponse(w, req, InternalError, req.URL.Path)
return return
} }
} }
} }
}
calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, size, req.Body, signature) calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, size, req.Body, signature)
if err != nil { if err != nil {
@ -439,12 +461,23 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter,
var err *probe.Error var err *probe.Error
signature, err = initSignatureV4(req) signature, err = initSignatureV4(req)
if err != nil { if err != nil {
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil) errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path) writeErrorResponse(w, req, InternalError, req.URL.Path)
return return
} }
} }
} }
}
metadata, err := api.Filesystem.CompleteMultipartUpload(bucket, object, objectResourcesMetadata.UploadID, req.Body, signature) metadata, err := api.Filesystem.CompleteMultipartUpload(bucket, object, objectResourcesMetadata.UploadID, req.Body, signature)
if err != nil { if err != nil {

2
server-config.go
Unescape View File

@ -42,6 +42,7 @@ type configV2 struct {
Credentials struct { Credentials struct {
AccessKeyID string `json:"accessKeyId"` AccessKeyID string `json:"accessKeyId"`
SecretAccessKey string `json:"secretAccessKey"` SecretAccessKey string `json:"secretAccessKey"`
Region string `json:"region"`
} `json:"credentials"` } `json:"credentials"`
MongoLogger struct { MongoLogger struct {
Addr string `json:"addr"` Addr string `json:"addr"`
@ -249,6 +250,7 @@ func newConfigV2() *configV2 {
config.Version = "2" config.Version = "2"
config.Credentials.AccessKeyID = "" config.Credentials.AccessKeyID = ""
config.Credentials.SecretAccessKey = "" config.Credentials.SecretAccessKey = ""
config.Credentials.Region = "us-east-1"
config.MongoLogger.Addr = "" config.MongoLogger.Addr = ""
config.MongoLogger.DB = "" config.MongoLogger.DB = ""
config.MongoLogger.Collection = "" config.MongoLogger.Collection = ""

3
server-main.go
Unescape View File

@ -78,7 +78,7 @@ type cloudServerConfig struct {
MinFreeDisk int64 // Minimum free disk space for filesystem MinFreeDisk int64 // Minimum free disk space for filesystem
Expiry time.Duration // Set auto expiry for filesystem Expiry time.Duration // Set auto expiry for filesystem
// TLS service /// TLS service
TLS bool // TLS on when certs are specified TLS bool // TLS on when certs are specified
CertFile string // Domain certificate CertFile string // Domain certificate
KeyFile string // Domain key KeyFile string // Domain key
@ -206,6 +206,7 @@ func getConfig() (*configV2, *probe.Error) {
config.Version = "2" config.Version = "2"
config.Credentials.AccessKeyID = string(mustGenerateAccessKeyID()) config.Credentials.AccessKeyID = string(mustGenerateAccessKeyID())
config.Credentials.SecretAccessKey = string(mustGenerateSecretAccessKey()) config.Credentials.SecretAccessKey = string(mustGenerateSecretAccessKey())
config.Credentials.Region = "us-east-1"
if err := saveConfig(config); err != nil { if err := saveConfig(config); err != nil {
return nil, err.Trace() return nil, err.Trace()
} }

Write Preview
Loading…
Cancel
Save