Fix bugs in post policy and presigned signature handling

master
Harshavardhana 9 years ago
parent f1c099af5f
commit 2d0cc80646
  1. 40
      server-api-bucket-handlers.go
  2. 32
      server-api-object-handlers.go
  3. 16
      server-api-signature-handler.go

@ -25,38 +25,6 @@ import (
signv4 "github.com/minio/minio/pkg/signature"
)
func (api API) isValidOp(w http.ResponseWriter, req *http.Request) bool {
vars := mux.Vars(req)
bucket := vars["bucket"]
bucketMetadata, err := api.Donut.GetBucketMetadata(bucket)
if err != nil {
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
switch err.ToGoError().(type) {
case donut.BucketNotFound:
writeErrorResponse(w, req, NoSuchBucket, req.URL.Path)
return false
case donut.BucketNameInvalid:
writeErrorResponse(w, req, InvalidBucketName, req.URL.Path)
return false
default:
writeErrorResponse(w, req, InternalError, req.URL.Path)
return false
}
}
if _, err = stripAccessKeyID(req.Header.Get("Authorization")); err != nil {
if bucketMetadata.ACL.IsPrivate() {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return false
}
if bucketMetadata.ACL.IsPublicRead() && req.Method == "PUT" {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return false
}
}
return true
}
// ListMultipartUploadsHandler - GET Bucket (List Multipart uploads)
// -------------------------
// This operation lists in-progress multipart uploads. An in-progress
@ -74,10 +42,6 @@ func (api API) ListMultipartUploadsHandler(w http.ResponseWriter, req *http.Requ
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
resources := getBucketMultipartResources(req.URL.Query())
if resources.MaxUploads < 0 {
writeErrorResponse(w, req, InvalidMaxUploads, req.URL.Path)
@ -126,10 +90,6 @@ func (api API) ListObjectsHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
if isRequestUploads(req.URL.Query()) {
api.ListMultipartUploadsHandler(w, req)
return

@ -44,10 +44,6 @@ func (api API) GetObjectHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
var object, bucket string
vars := mux.Vars(req)
bucket = vars["bucket"]
@ -96,10 +92,6 @@ func (api API) HeadObjectHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
var object, bucket string
vars := mux.Vars(req)
bucket = vars["bucket"]
@ -139,10 +131,6 @@ func (api API) PutObjectHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
var object, bucket string
vars := mux.Vars(req)
bucket = vars["bucket"]
@ -243,10 +231,6 @@ func (api API) NewMultipartUploadHandler(w http.ResponseWriter, req *http.Reques
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
if !isRequestUploads(req.URL.Query()) {
writeErrorResponse(w, req, MethodNotAllowed, req.URL.Path)
return
@ -288,10 +272,6 @@ func (api API) PutObjectPartHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
// get Content-MD5 sent by client and verify if valid
md5 := req.Header.Get("Content-MD5")
if !isValidMD5(md5) {
@ -391,10 +371,6 @@ func (api API) AbortMultipartUploadHandler(w http.ResponseWriter, req *http.Requ
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
vars := mux.Vars(req)
bucket := vars["bucket"]
object := vars["object"]
@ -427,10 +403,6 @@ func (api API) ListObjectPartsHandler(w http.ResponseWriter, req *http.Request)
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
objectResourcesMetadata := getObjectResources(req.URL.Query())
if objectResourcesMetadata.PartNumberMarker < 0 {
writeErrorResponse(w, req, InvalidPartNumberMarker, req.URL.Path)
@ -478,10 +450,6 @@ func (api API) CompleteMultipartUploadHandler(w http.ResponseWriter, req *http.R
<-op.ProceedCh
}
if !api.isValidOp(w, req) {
return
}
vars := mux.Vars(req)
bucket := vars["bucket"]
object := vars["object"]

@ -19,6 +19,7 @@ package main
import (
"encoding/hex"
"net/http"
"strings"
"github.com/minio/minio/pkg/crypto/sha256"
"github.com/minio/minio/pkg/probe"
@ -48,7 +49,21 @@ func isRequestPresignedSignatureV4(req *http.Request) bool {
return false
}
func isRequestPostPolicySignatureV4(req *http.Request) bool {
if _, ok := req.Header["Content-Type"]; ok {
if strings.Contains(req.Header.Get("Content-Type"), "multipart/form-data") {
return true
}
}
return false
}
func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if isRequestPostPolicySignatureV4(r) && r.Method == "POST" {
s.handler.ServeHTTP(w, r)
return
}
var signature *signv4.Signature
if isRequestSignatureV4(r) {
// For PUT and POST requests with payload, send the call upwards for verification.
@ -113,6 +128,7 @@ func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
s.handler.ServeHTTP(w, r)
return
}
writeErrorResponse(w, r, AccessDenied, r.URL.Path)
}

Loading…
Cancel
Save