Add a new validateContentTypeHandler{}, verify Accept header earlier

master
Harshavardhana 10 years ago
parent fdbfa5070b
commit 5498c90788
  1. 22
      pkg/api/api_bucket_handlers.go
  2. 52
      pkg/api/api_generic_handlers.go
  3. 40
      pkg/api/api_object_handlers.go
  4. 11
      pkg/api/api_router.go

@ -69,10 +69,6 @@ func (server *minioAPI) isValidOp(w http.ResponseWriter, req *http.Request, acce
// //
func (server *minioAPI) listObjectsHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) listObjectsHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if bucket allows this operation // verify if bucket allows this operation
if !server.isValidOp(w, req, acceptsContentType) { if !server.isValidOp(w, req, acceptsContentType) {
return return
@ -123,10 +119,6 @@ func (server *minioAPI) listObjectsHandler(w http.ResponseWriter, req *http.Requ
// owned by the authenticated sender of the request. // owned by the authenticated sender of the request.
func (server *minioAPI) listBucketsHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) listBucketsHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// uncomment this when we have webcli // uncomment this when we have webcli
// without access key credentials one cannot list buckets // without access key credentials one cannot list buckets
// if _, err := stripAuth(req); err != nil { // if _, err := stripAuth(req); err != nil {
@ -161,10 +153,6 @@ func (server *minioAPI) listBucketsHandler(w http.ResponseWriter, req *http.Requ
// This implementation of the PUT operation creates a new bucket for authenticated request // This implementation of the PUT operation creates a new bucket for authenticated request
func (server *minioAPI) putBucketHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) putBucketHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// uncomment this when we have webcli // uncomment this when we have webcli
// without access key credentials one cannot create a bucket // without access key credentials one cannot create a bucket
// if _, err := stripAuth(req); err != nil { // if _, err := stripAuth(req); err != nil {
@ -217,11 +205,6 @@ func (server *minioAPI) putBucketHandler(w http.ResponseWriter, req *http.Reques
// This implementation of the PUT operation modifies the bucketACL for authenticated request // This implementation of the PUT operation modifies the bucketACL for authenticated request
func (server *minioAPI) putBucketACLHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) putBucketACLHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// read from 'x-amz-acl' // read from 'x-amz-acl'
aclType := getACLType(req) aclType := getACLType(req)
if aclType == unsupportedACLType { if aclType == unsupportedACLType {
@ -261,11 +244,6 @@ func (server *minioAPI) putBucketACLHandler(w http.ResponseWriter, req *http.Req
// return responses such as 404 Not Found and 403 Forbidden. // return responses such as 404 Not Found and 403 Forbidden.
func (server *minioAPI) headBucketHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) headBucketHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if bucket allows this operation // verify if bucket allows this operation
if !server.isValidOp(w, req, acceptsContentType) { if !server.isValidOp(w, req, acceptsContentType) {
return return

@ -25,12 +25,15 @@ import (
"github.com/minio/minio/pkg/api/config" "github.com/minio/minio/pkg/api/config"
) )
type contentTypeHandler struct {
handler http.Handler
}
type timeHandler struct { type timeHandler struct {
handler http.Handler handler http.Handler
} }
type validateAuthHandler struct { type validateAuthHandler struct {
conf config.Config
handler http.Handler handler http.Handler
} }
@ -46,6 +49,10 @@ type auth struct {
accessKey string accessKey string
} }
const (
timeFormat = "20060102T150405Z"
)
// strip auth from authorization header // strip auth from authorization header
func stripAuth(r *http.Request) (*auth, error) { func stripAuth(r *http.Request) (*auth, error) {
authHeader := r.Header.Get("Authorization") authHeader := r.Header.Get("Authorization")
@ -74,10 +81,6 @@ func stripAuth(r *http.Request) (*auth, error) {
return a, nil return a, nil
} }
const (
timeFormat = "20060102T150405Z"
)
func getDate(req *http.Request) (time.Time, error) { func getDate(req *http.Request) (time.Time, error) {
amzDate := req.Header.Get("X-Amz-Date") amzDate := req.Header.Get("X-Amz-Date")
switch { switch {
@ -108,16 +111,25 @@ func getDate(req *http.Request) (time.Time, error) {
return time.Time{}, errors.New("invalid request") return time.Time{}, errors.New("invalid request")
} }
func timeValidityHandler(h http.Handler) http.Handler { func validContentTypeHandler(h http.Handler) http.Handler {
return timeHandler{h} return contentTypeHandler{h}
} }
func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h contentTypeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r) acceptsContentType := getContentType(r)
if acceptsContentType == unknownContentType { if acceptsContentType == unknownContentType {
writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path) writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path)
return return
} }
h.handler.ServeHTTP(w, r)
}
func timeValidityHandler(h http.Handler) http.Handler {
return timeHandler{h}
}
func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r)
// Verify if date headers are set, if not reject the request // Verify if date headers are set, if not reject the request
if r.Header.Get("Authorization") != "" { if r.Header.Get("Authorization") != "" {
if r.Header.Get("X-Amz-Date") == "" && r.Header.Get("Date") == "" { if r.Header.Get("X-Amz-Date") == "" && r.Header.Get("Date") == "" {
@ -143,29 +155,27 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// validate auth header handler is wrapper handler used for API request validation with authorization header. // validate auth header handler is wrapper handler used for API request validation with authorization header.
// Current authorization layer supports S3's standard HMAC based signature request. // Current authorization layer supports S3's standard HMAC based signature request.
func validateAuthHeaderHandler(conf config.Config, h http.Handler) http.Handler { func validateAuthHeaderHandler(h http.Handler) http.Handler {
return validateAuthHandler{ return validateAuthHandler{h}
conf: conf,
handler: h,
}
} }
// validate auth header handler ServeHTTP() wrapper // validate auth header handler ServeHTTP() wrapper
func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r) acceptsContentType := getContentType(r)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path)
return
}
_, err := stripAuth(r) _, err := stripAuth(r)
switch err.(type) { switch err.(type) {
case nil: case nil:
if err := h.conf.ReadConfig(); err != nil { var conf = config.Config{}
if err := conf.SetupConfig(); err != nil {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
return
}
if err := conf.ReadConfig(); err != nil {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path) writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
return return
} }
// uncomment this when we have webcli // uncomment this when we have webcli
// _, ok := h.conf.Users[auth.accessKey] // _, ok := conf.Users[auth.accessKey]
//if !ok { //if !ok {
// writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path) // writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
// return // return
@ -189,10 +199,6 @@ func ignoreResourcesHandler(h http.Handler) http.Handler {
// Resource handler ServeHTTP() wrapper // Resource handler ServeHTTP() wrapper
func (h resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r) acceptsContentType := getContentType(r)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path)
return
}
if ignoreNotImplementedObjectResources(r) || ignoreNotImplementedBucketResources(r) { if ignoreNotImplementedObjectResources(r) || ignoreNotImplementedBucketResources(r) {
error := getErrorCode(NotImplemented) error := getErrorCode(NotImplemented)
errorResponse := getErrorResponse(error, "") errorResponse := getErrorResponse(error, "")

@ -39,11 +39,6 @@ const (
// you must have READ access to the object. // you must have READ access to the object.
func (server *minioAPI) getObjectHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) getObjectHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if this operation is allowed // verify if this operation is allowed
if !server.isValidOp(w, req, acceptsContentType) { if !server.isValidOp(w, req, acceptsContentType) {
return return
@ -101,11 +96,6 @@ func (server *minioAPI) getObjectHandler(w http.ResponseWriter, req *http.Reques
// The HEAD operation retrieves metadata from an object without returning the object itself. // The HEAD operation retrieves metadata from an object without returning the object itself.
func (server *minioAPI) headObjectHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) headObjectHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if this operation is allowed // verify if this operation is allowed
if !server.isValidOp(w, req, acceptsContentType) { if !server.isValidOp(w, req, acceptsContentType) {
return return
@ -144,11 +134,6 @@ func (server *minioAPI) headObjectHandler(w http.ResponseWriter, req *http.Reque
// This implementation of the PUT operation adds an object to a bucket. // This implementation of the PUT operation adds an object to a bucket.
func (server *minioAPI) putObjectHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) putObjectHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if this operation is allowed // verify if this operation is allowed
if !server.isValidOp(w, req, acceptsContentType) { if !server.isValidOp(w, req, acceptsContentType) {
return return
@ -224,13 +209,7 @@ func (server *minioAPI) putObjectHandler(w http.ResponseWriter, req *http.Reques
} }
func (server *minioAPI) newMultipartUploadHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) newMultipartUploadHandler(w http.ResponseWriter, req *http.Request) {
// TODO ensure ?uploads is part of URL
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// handle ACL's here at bucket level // handle ACL's here at bucket level
if !server.isValidOp(w, req, acceptsContentType) { if !server.isValidOp(w, req, acceptsContentType) {
return return
@ -262,11 +241,6 @@ func (server *minioAPI) newMultipartUploadHandler(w http.ResponseWriter, req *ht
func (server *minioAPI) putObjectPartHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) putObjectPartHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// handle ACL's here at bucket level // handle ACL's here at bucket level
if !server.isValidOp(w, req, acceptsContentType) { if !server.isValidOp(w, req, acceptsContentType) {
return return
@ -356,10 +330,7 @@ func (server *minioAPI) putObjectPartHandler(w http.ResponseWriter, req *http.Re
func (server *minioAPI) abortMultipartUploadHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) abortMultipartUploadHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
vars := mux.Vars(req) vars := mux.Vars(req)
bucket := vars["bucket"] bucket := vars["bucket"]
object := vars["object"] object := vars["object"]
@ -381,10 +352,7 @@ func (server *minioAPI) abortMultipartUploadHandler(w http.ResponseWriter, req *
func (server *minioAPI) listObjectPartsHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) listObjectPartsHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
vars := mux.Vars(req) vars := mux.Vars(req)
bucket := vars["bucket"] bucket := vars["bucket"]
object := vars["object"] object := vars["object"]
@ -415,10 +383,6 @@ func (server *minioAPI) listObjectPartsHandler(w http.ResponseWriter, req *http.
func (server *minioAPI) completeMultipartUploadHandler(w http.ResponseWriter, req *http.Request) { func (server *minioAPI) completeMultipartUploadHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req) acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
decoder := xml.NewDecoder(req.Body) decoder := xml.NewDecoder(req.Body)
parts := &CompleteMultipartUpload{} parts := &CompleteMultipartUpload{}

@ -21,11 +21,9 @@ import (
"net/http" "net/http"
router "github.com/gorilla/mux" router "github.com/gorilla/mux"
"github.com/minio/minio/pkg/api/config"
"github.com/minio/minio/pkg/api/logging" "github.com/minio/minio/pkg/api/logging"
"github.com/minio/minio/pkg/api/quota" "github.com/minio/minio/pkg/api/quota"
"github.com/minio/minio/pkg/featureflags" "github.com/minio/minio/pkg/featureflags"
"github.com/minio/minio/pkg/iodine"
"github.com/minio/minio/pkg/storage/drivers" "github.com/minio/minio/pkg/storage/drivers"
) )
@ -57,13 +55,10 @@ func HTTPHandler(driver drivers.Driver) http.Handler {
mux.HandleFunc("/{bucket}/{object:.*}", api.getObjectHandler).Methods("GET") mux.HandleFunc("/{bucket}/{object:.*}", api.getObjectHandler).Methods("GET")
mux.HandleFunc("/{bucket}/{object:.*}", api.putObjectHandler).Methods("PUT") mux.HandleFunc("/{bucket}/{object:.*}", api.putObjectHandler).Methods("PUT")
var conf = config.Config{} h := validContentTypeHandler(mux)
if err := conf.SetupConfig(); err != nil { h = timeValidityHandler(h)
log.Fatal(iodine.New(err, nil))
}
h := timeValidityHandler(mux)
h = ignoreResourcesHandler(h) h = ignoreResourcesHandler(h)
h = validateAuthHeaderHandler(conf, h) h = validateAuthHeaderHandler(h)
// h = quota.BandwidthCap(h, 25*1024*1024, time.Duration(30*time.Minute)) // h = quota.BandwidthCap(h, 25*1024*1024, time.Duration(30*time.Minute))
// h = quota.BandwidthCap(h, 100*1024*1024, time.Duration(24*time.Hour)) // h = quota.BandwidthCap(h, 100*1024*1024, time.Duration(24*time.Hour))
// h = quota.RequestLimit(h, 100, time.Duration(30*time.Minute)) // h = quota.RequestLimit(h, 100, time.Duration(30*time.Minute))

Loading…
Cancel
Save