|
|
@ -21,6 +21,7 @@ import ( |
|
|
|
"encoding/json" |
|
|
|
"encoding/json" |
|
|
|
"errors" |
|
|
|
"errors" |
|
|
|
"fmt" |
|
|
|
"fmt" |
|
|
|
|
|
|
|
"io" |
|
|
|
"io/ioutil" |
|
|
|
"io/ioutil" |
|
|
|
"net/http" |
|
|
|
"net/http" |
|
|
|
"os" |
|
|
|
"os" |
|
|
@ -567,19 +568,26 @@ func (web *webAPIHandlers) DownloadZip(w http.ResponseWriter, r *http.Request) { |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
token := r.URL.Query().Get("token") |
|
|
|
// Auth is done after reading the body to accommodate for anonymous requests
|
|
|
|
|
|
|
|
// when bucket policy is enabled.
|
|
|
|
if !isAuthTokenValid(token) { |
|
|
|
|
|
|
|
writeWebErrorResponse(w, errAuthentication) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
var args DownloadZipArgs |
|
|
|
var args DownloadZipArgs |
|
|
|
decodeErr := json.NewDecoder(r.Body).Decode(&args) |
|
|
|
tenKB := 10 * 1024 // To limit r.Body to take care of misbehaving anonymous client.
|
|
|
|
|
|
|
|
decodeErr := json.NewDecoder(io.LimitReader(r.Body, int64(tenKB))).Decode(&args) |
|
|
|
if decodeErr != nil { |
|
|
|
if decodeErr != nil { |
|
|
|
writeWebErrorResponse(w, decodeErr) |
|
|
|
writeWebErrorResponse(w, decodeErr) |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
token := r.URL.Query().Get("token") |
|
|
|
|
|
|
|
if !isAuthTokenValid(token) { |
|
|
|
|
|
|
|
for _, object := range args.Objects { |
|
|
|
|
|
|
|
if !isBucketActionAllowed("s3:GetObject", args.BucketName, pathJoin(args.Prefix, object)) { |
|
|
|
|
|
|
|
writeWebErrorResponse(w, errAuthentication) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
archive := zip.NewWriter(w) |
|
|
|
archive := zip.NewWriter(w) |
|
|
|
defer archive.Close() |
|
|
|
defer archive.Close() |
|
|
|
|
|
|
|
|
|
|
|