oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1077 from harshavardhana/flags

Browse Source 
flags: Remove anonymous, ratelimit, json and web-address flags.
master
Harshavardhana 9 years ago
parent e39b6caada df91661ec6
commit 15924a8f05
8 changed files with 98 additions and 282 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 68
      bucket-handlers.go
  2. 25
      flags.go
  3. 4
      main.go
  4. 78
      object-handlers.go
  5. 7
      routers.go
  6. 42
      server-main.go
  7. 1
      server_fs_test.go
  8. 7
      signature-handler.go

68
bucket-handlers.go
Unescape View File

@ -34,13 +34,6 @@ func (api CloudStorageAPI) GetBucketLocationHandler(w http.ResponseWriter, req *
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
_, err := api.Filesystem.GetBucketMetadata(bucket)
if err != nil {
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
@ -75,13 +68,6 @@ func (api CloudStorageAPI) ListMultipartUploadsHandler(w http.ResponseWriter, re
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
resources := getBucketMultipartResources(req.URL.Query())
if resources.MaxUploads < 0 {
writeErrorResponse(w, req, InvalidMaxUploads, req.URL.Path)
@ -121,15 +107,6 @@ func (api CloudStorageAPI) ListObjectsHandler(w http.ResponseWriter, req *http.R
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
if api.Filesystem.IsPrivateBucket(bucket) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
}
// TODO handle encoding type.
prefix, marker, delimiter, maxkeys, _ := getBucketResources(req.URL.Query())
if maxkeys < 0 {
@ -171,12 +148,6 @@ func (api CloudStorageAPI) ListObjectsHandler(w http.ResponseWriter, req *http.R
// This implementation of the GET operation returns a list of all buckets
// owned by the authenticated sender of the request.
func (api CloudStorageAPI) ListBucketsHandler(w http.ResponseWriter, req *http.Request) {
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
buckets, err := api.Filesystem.ListBuckets()
if err == nil {
// generate response
@ -199,13 +170,6 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
// read from 'x-amz-acl'
aclType := getACLType(req)
if aclType == unsupportedACLType {
@ -214,7 +178,6 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
}
var signature *fs.Signature
if !api.Anonymous {
// Init signature V4 verification
if isRequestSignatureV4(req) {
var err *probe.Error
@ -236,7 +199,6 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
}
}
}
}
// if body of request is non-nil then check for validity of Content-Length
if req.Body != nil {
@ -374,13 +336,6 @@ func (api CloudStorageAPI) PutBucketACLHandler(w http.ResponseWriter, req *http.
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
// read from 'x-amz-acl'
aclType := getACLType(req)
if aclType == unsupportedACLType {
@ -413,13 +368,6 @@ func (api CloudStorageAPI) GetBucketACLHandler(w http.ResponseWriter, req *http.
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
bucketMetadata, err := api.Filesystem.GetBucketMetadata(bucket)
if err != nil {
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
@ -452,15 +400,6 @@ func (api CloudStorageAPI) HeadBucketHandler(w http.ResponseWriter, req *http.Re
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
if api.Filesystem.IsPrivateBucket(bucket) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
}
_, err := api.Filesystem.GetBucketMetadata(bucket)
if err != nil {
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
@ -482,13 +421,6 @@ func (api CloudStorageAPI) DeleteBucketHandler(w http.ResponseWriter, req *http.
vars := mux.Vars(req)
bucket := vars["bucket"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
err := api.Filesystem.DeleteBucket(bucket)
if err != nil {
errorIf(err.Trace(), "DeleteBucket failed.", nil)

25
flags.go
Unescape View File

@ -34,32 +34,12 @@ var (
Usage: "ADDRESS:PORT for cloud storage access.",
}
webAddressFlag = cli.StringFlag{
Name: "web-address",
Value: ":9001",
Hide: true,
Usage: "WEBADDRESS:PORT for cloud storage access.",
}
accessLogFlag = cli.BoolFlag{
Name: "enable-accesslog",
Hide: true,
Usage: "Enable access logs for all incoming HTTP request.",
}
rateLimitFlag = cli.IntFlag{
Name: "ratelimit",
Hide: true,
Value: 0,
Usage: "Limit for total concurrent requests: [DEFAULT: 0].",
}
anonymousFlag = cli.BoolFlag{
Name: "anonymous",
Hide: true,
Usage: "Make server run in anonymous mode where all client connections are accepted.",
}
certFlag = cli.StringFlag{
Name: "cert",
Usage: "Provide your domain certificate.",
@ -69,11 +49,6 @@ var (
Name: "key",
Usage: "Provide your domain private key.",
}
jsonFlag = cli.BoolFlag{
Name: "json",
Usage: "Enable json formatted output.",
}
)
// registerFlag registers a cli flag

4
main.go
Unescape View File

@ -121,13 +121,9 @@ func registerApp() *cli.App {
// register all flags
registerFlag(configFolderFlag)
registerFlag(addressFlag)
registerFlag(webAddressFlag)
registerFlag(accessLogFlag)
registerFlag(rateLimitFlag)
registerFlag(anonymousFlag)
registerFlag(certFlag)
registerFlag(keyFlag)
registerFlag(jsonFlag)
// set up app
app := cli.NewApp()

78
object-handlers.go
Unescape View File

@ -39,15 +39,6 @@ func (api CloudStorageAPI) GetObjectHandler(w http.ResponseWriter, req *http.Req
bucket = vars["bucket"]
object = vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
if api.Filesystem.IsPrivateBucket(bucket) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
}
metadata, err := api.Filesystem.GetObjectMetadata(bucket, object)
if err != nil {
errorIf(err.Trace(), "GetObject failed.", nil)
@ -87,15 +78,6 @@ func (api CloudStorageAPI) HeadObjectHandler(w http.ResponseWriter, req *http.Re
bucket = vars["bucket"]
object = vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
if api.Filesystem.IsPrivateBucket(bucket) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
}
metadata, err := api.Filesystem.GetObjectMetadata(bucket, object)
if err != nil {
switch err.ToGoError().(type) {
@ -125,15 +107,6 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
bucket = vars["bucket"]
object = vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
}
// get Content-MD5 sent by client and verify if valid
md5 := req.Header.Get("Content-MD5")
if !isValidMD5(md5) {
@ -153,7 +126,6 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
}
var signature *fs.Signature
if !api.Anonymous {
if isRequestSignatureV4(req) {
// Init signature V4 verification
var err *probe.Error
@ -175,7 +147,6 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
}
}
}
}
metadata, err := api.Filesystem.CreateObject(bucket, object, md5, size, req.Body, signature)
if err != nil {
@ -219,14 +190,6 @@ func (api CloudStorageAPI) NewMultipartUploadHandler(w http.ResponseWriter, req
bucket = vars["bucket"]
object = vars["object"]
if !api.Anonymous {
// Unauthorized multipart uploads are not supported
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
uploadID, err := api.Filesystem.NewMultipartUpload(bucket, object)
if err != nil {
errorIf(err.Trace(), "NewMultipartUpload failed.", nil)
@ -261,13 +224,6 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
bucket := vars["bucket"]
object := vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
// get Content-MD5 sent by client and verify if valid
md5 := req.Header.Get("Content-MD5")
if !isValidMD5(md5) {
@ -302,7 +258,6 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
}
var signature *fs.Signature
if !api.Anonymous {
if isRequestSignatureV4(req) {
// Init signature V4 verification
var err *probe.Error
@ -324,7 +279,6 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
}
}
}
}
calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, size, req.Body, signature)
if err != nil {
@ -361,13 +315,6 @@ func (api CloudStorageAPI) AbortMultipartUploadHandler(w http.ResponseWriter, re
bucket := vars["bucket"]
object := vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
objectResourcesMetadata := getObjectResources(req.URL.Query())
err := api.Filesystem.AbortMultipartUpload(bucket, object, objectResourcesMetadata.UploadID)
if err != nil {
@ -397,13 +344,6 @@ func (api CloudStorageAPI) ListObjectPartsHandler(w http.ResponseWriter, req *ht
bucket := vars["bucket"]
object := vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
objectResourcesMetadata := getObjectResources(req.URL.Query())
if objectResourcesMetadata.PartNumberMarker < 0 {
writeErrorResponse(w, req, InvalidPartNumberMarker, req.URL.Path)
@ -450,16 +390,8 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter,
bucket := vars["bucket"]
object := vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
objectResourcesMetadata := getObjectResources(req.URL.Query())
var signature *fs.Signature
if !api.Anonymous {
if isRequestSignatureV4(req) {
// Init signature V4 verification
var err *probe.Error
@ -481,7 +413,6 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter,
}
}
}
}
metadata, err := api.Filesystem.CompleteMultipartUpload(bucket, object, objectResourcesMetadata.UploadID, req.Body, signature)
if err != nil {
@ -528,15 +459,6 @@ func (api CloudStorageAPI) DeleteObjectHandler(w http.ResponseWriter, req *http.
bucket := vars["bucket"]
object := vars["object"]
if !api.Anonymous {
if isRequestRequiresACLCheck(req) {
if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return
}
}
}
err := api.Filesystem.DeleteObject(bucket, object)
if err != nil {
errorIf(err.Trace(), "DeleteObject failed.", nil)

7
routers.go
Unescape View File

@ -30,8 +30,6 @@ import (
// CloudStorageAPI container for S3 compatible API.
type CloudStorageAPI struct {
// Do not check for incoming signatures, allow all requests.
Anonymous bool
// Once true log all incoming requests.
AccessLog bool
// Filesystem instance.
@ -153,7 +151,6 @@ func getNewCloudStorageAPI(conf cloudServerConfig) CloudStorageAPI {
}
return CloudStorageAPI{
Filesystem: fs,
Anonymous: conf.Anonymous,
AccessLog: conf.AccessLog,
}
}
@ -163,9 +160,7 @@ func getCloudStorageAPIHandler(api CloudStorageAPI) http.Handler {
TimeValidityHandler,
IgnoreResourcesHandler,
IgnoreSignatureV2RequestHandler,
}
if !api.Anonymous {
mwHandlers = append(mwHandlers, SignatureHandler)
SignatureHandler,
}
if api.AccessLog {
mwHandlers = append(mwHandlers, AccessLogHandler)

42
server-main.go
Unescape View File

@ -70,9 +70,7 @@ EXAMPLES:
type cloudServerConfig struct {
/// HTTP server options
Address string // Address:Port listening
WebAddress string // WebAddress:Port listening
AccessLog bool // Enable access log handler
Anonymous bool // No signature turn off
// Credentials.
AccessKeyID string // Access key id.
@ -87,15 +85,25 @@ type cloudServerConfig struct {
TLS bool // TLS on when certs are specified
CertFile string // Domain certificate
KeyFile string // Domain key
/// Advanced HTTP server options
RateLimit int // Ratelimited server of incoming connections
}
func configureWebServer(conf cloudServerConfig) (*http.Server, *probe.Error) {
// Split the api address into host and port.
host, port, e := net.SplitHostPort(conf.Address)
if e != nil {
return nil, probe.NewError(e)
}
webPort, e := strconv.Atoi(port)
if e != nil {
return nil, probe.NewError(e)
}
// Always choose the next port, based on the API address port.
webPort = webPort + 1
webAddress := net.JoinHostPort(host, strconv.Itoa(webPort))
// Minio server config
webServer := &http.Server{
Addr: conf.WebAddress,
Addr: webAddress,
Handler: getWebAPIHandler(getNewWebAPI(conf)),
MaxHeaderBytes: 1 << 20,
}
@ -133,8 +141,8 @@ func configureAPIServer(conf cloudServerConfig) (*http.Server, *probe.Error) {
return apiServer, nil
}
func printServerMsg(conf cloudServerConfig) {
host, port, e := net.SplitHostPort(conf.Address)
func printServerMsg(serverConf *http.Server) {
host, port, e := net.SplitHostPort(serverConf.Addr)
fatalIf(probe.NewError(e), "Unable to split host port.", nil)
var hosts []string
@ -155,7 +163,7 @@ func printServerMsg(conf cloudServerConfig) {
}
}
for _, host := range hosts {
if conf.TLS {
if serverConf.TLSConfig != nil {
Printf(" https://%s:%s\n", host, port)
} else {
Printf(" http://%s:%s\n", host, port)
@ -328,9 +336,7 @@ func serverMain(c *cli.Context) {
tls := (certFile != "" && keyFile != "")
serverConfig := cloudServerConfig{
Address: c.GlobalString("address"),
WebAddress: c.GlobalString("web-address"),
AccessLog: c.GlobalBool("enable-accesslog"),
Anonymous: c.GlobalBool("anonymous"),
AccessKeyID: conf.Credentials.AccessKeyID,
SecretAccessKey: conf.Credentials.SecretAccessKey,
Path: path,
@ -339,23 +345,22 @@ func serverMain(c *cli.Context) {
TLS: tls,
CertFile: certFile,
KeyFile: keyFile,
RateLimit: c.GlobalInt("ratelimit"),
}
Println("\nMinio Object Storage:")
printServerMsg(serverConfig)
// configure API server.
apiServer, err := configureAPIServer(serverConfig)
errorIf(err.Trace(), "Failed to configure API server.", nil)
Println("\nMinio Browser:")
printServerMsg(serverConfig)
Println("\nMinio Object Storage:")
printServerMsg(apiServer)
// configure Web server.
webServer, err := configureWebServer(serverConfig)
errorIf(err.Trace(), "Failed to configure Web server.", nil)
Println("\nMinio Browser:")
printServerMsg(webServer)
Println("\nTo configure Minio Client:")
if runtime.GOOS == "windows" {
Println(" Download \"mc\" from https://dl.minio.io/client/mc/release/" + runtime.GOOS + "-" + runtime.GOARCH + "/mc.exe")
@ -367,7 +372,6 @@ func serverMain(c *cli.Context) {
}
// Start server.
rateLimit := serverConfig.RateLimit
err = minhttp.ListenAndServeLimited(rateLimit, apiServer, webServer)
err = minhttp.ListenAndServe(apiServer, webServer)
errorIf(err.Trace(), "Failed to start the minio server.", nil)
}

1
server_fs_test.go
Unescape View File

@ -78,7 +78,6 @@ func (s *MyAPIFSCacheSuite) SetUpSuite(c *C) {
cloudServer := cloudServerConfig{
Path: fsroot,
MinFreeDisk: 0,
Anonymous: false,
}
cloudStorageAPI := getNewCloudStorageAPI(cloudServer)
httpHandler := getCloudStorageAPIHandler(cloudStorageAPI)

7
signature-handler.go
Unescape View File

@ -60,13 +60,6 @@ func isRequestPostPolicySignatureV4(req *http.Request) bool {
return false
}
func isRequestRequiresACLCheck(req *http.Request) bool {
if isRequestSignatureV4(req) || isRequestPresignedSignatureV4(req) || isRequestPostPolicySignatureV4(req) {
return false
}
return true
}
func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if isRequestPostPolicySignatureV4(r) && r.Method == "POST" {
s.handler.ServeHTTP(w, r)

Write Preview
Loading…
Cancel
Save