serverConfig: Add a new region config entry.

To change default region from 'us-east-1' to 'custom'. Add a region value in your 'config.json'. "version": "2", "credentials": { "accessKeyId": "****************", "secretAccessKey": "***************", "region": "my-region" },
9 years ago · cb7b2762f9
parent 8a7bf0dde0
commit cb7b2762f9
5 changed files with 76 additions and 23 deletions
--- a/api-signature.go
+++ b/api-signature.go
@ -90,9 +90,12 @@ func getSignedHeadersFromAuth(authHeaderValue string) ([]string, *probe.Error) {
 	return signedHeaders, nil
 }

-// verify if region value is valid.
-func isValidRegion(region string) *probe.Error {
-	if region != "us-east-1" && region != "US" {
+// verify if region value is valid with configured minioRegion.
+func isValidRegion(region string, minioRegion string) *probe.Error {
+	if minioRegion == "" {
+		minioRegion = "us-east-1"
+	}
+	if region != minioRegion && region != "US" {
 		return probe.NewError(errInvalidRegion)
 	}
 	return nil
@ -105,9 +108,6 @@ func stripRegion(authHeaderValue string) (string, *probe.Error) {
 		return "", err.Trace(authHeaderValue)
 	}
 	region := credentialElements[2]
-	if err = isValidRegion(region); err != nil {
-		return "", err.Trace(authHeaderValue)
-	}
 	return region, nil
 }

@ -129,10 +129,20 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
 	// strip auth from authorization header.
 	authHeaderValue := req.Header.Get("Authorization")

+	config, err := loadConfigV2()
+	if err != nil {
+		return nil, err.Trace()
+	}
+
 	region, err := stripRegion(authHeaderValue)
 	if err != nil {
 		return nil, err.Trace(authHeaderValue)
 	}
+
+	if err = isValidRegion(region, config.Credentials.Region); err != nil {
+		return nil, err.Trace(authHeaderValue)
+	}
+
 	accessKeyID, err := stripAccessKeyID(authHeaderValue)
 	if err != nil {
 		return nil, err.Trace(authHeaderValue)
@ -145,10 +155,6 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
 	if err != nil {
 		return nil, err.Trace(authHeaderValue)
 	}
-	config, err := loadConfigV2()
-	if err != nil {
-		return nil, err.Trace()
-	}
 	if config.Credentials.AccessKeyID == accessKeyID {
 		signature := &fs.Signature{
 			AccessKeyID:     config.Credentials.AccessKeyID,
--- a/bucket-handlers.go
+++ b/bucket-handlers.go
@ -217,12 +217,23 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
 			var err *probe.Error
 			signature, err = initSignatureV4(req)
 			if err != nil {
+				switch err.ToGoError() {
+				case errInvalidRegion:
+					errorIf(err.Trace(), "Unknown region in authorization header.", nil)
+					writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
+					return
+				case errAccessKeyIDInvalid:
+					errorIf(err.Trace(), "Invalid access key id.", nil)
+					writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
+					return
+				default:
 					errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
 					writeErrorResponse(w, req, InternalError, req.URL.Path)
 					return
 				}
 			}
 		}
+	}

 	// if body of request is non-nil then check for validity of Content-Length
 	if req.Body != nil {
--- a/object-handlers.go
+++ b/object-handlers.go
@ -159,12 +159,23 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
 			var err *probe.Error
 			signature, err = initSignatureV4(req)
 			if err != nil {
+				switch err.ToGoError() {
+				case errInvalidRegion:
+					errorIf(err.Trace(), "Unknown region in authorization header.", nil)
+					writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
+					return
+				case errAccessKeyIDInvalid:
+					errorIf(err.Trace(), "Invalid access key id.", nil)
+					writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
+					return
+				default:
 					errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
 					writeErrorResponse(w, req, InternalError, req.URL.Path)
 					return
 				}
 			}
 		}
+	}

 	metadata, err := api.Filesystem.CreateObject(bucket, object, md5, size, req.Body, signature)
 	if err != nil {
@ -295,12 +306,23 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
 			var err *probe.Error
 			signature, err = initSignatureV4(req)
 			if err != nil {
+				switch err.ToGoError() {
+				case errInvalidRegion:
+					errorIf(err.Trace(), "Unknown region in authorization header.", nil)
+					writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
+					return
+				case errAccessKeyIDInvalid:
+					errorIf(err.Trace(), "Invalid access key id.", nil)
+					writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
+					return
+				default:
 					errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
 					writeErrorResponse(w, req, InternalError, req.URL.Path)
 					return
 				}
 			}
 		}
+	}

 	calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, size, req.Body, signature)
 	if err != nil {
@ -439,12 +461,23 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter,
 			var err *probe.Error
 			signature, err = initSignatureV4(req)
 			if err != nil {
+				switch err.ToGoError() {
+				case errInvalidRegion:
+					errorIf(err.Trace(), "Unknown region in authorization header.", nil)
+					writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
+					return
+				case errAccessKeyIDInvalid:
+					errorIf(err.Trace(), "Invalid access key id.", nil)
+					writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
+					return
+				default:
 					errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
 					writeErrorResponse(w, req, InternalError, req.URL.Path)
 					return
 				}
 			}
 		}
+	}

 	metadata, err := api.Filesystem.CompleteMultipartUpload(bucket, object, objectResourcesMetadata.UploadID, req.Body, signature)
 	if err != nil {
--- a/server-config.go
+++ b/server-config.go
@ -42,6 +42,7 @@ type configV2 struct {
 	Credentials struct {
 		AccessKeyID     string `json:"accessKeyId"`
 		SecretAccessKey string `json:"secretAccessKey"`
+		Region          string `json:"region"`
 	} `json:"credentials"`
 	MongoLogger struct {
 		Addr       string `json:"addr"`
@ -249,6 +250,7 @@ func newConfigV2() *configV2 {
 	config.Version = "2"
 	config.Credentials.AccessKeyID = ""
 	config.Credentials.SecretAccessKey = ""
+	config.Credentials.Region = "us-east-1"
 	config.MongoLogger.Addr = ""
 	config.MongoLogger.DB = ""
 	config.MongoLogger.Collection = ""
--- a/server-main.go
+++ b/server-main.go
@ -78,7 +78,7 @@ type cloudServerConfig struct {
 	MinFreeDisk int64         // Minimum free disk space for filesystem
 	Expiry      time.Duration // Set auto expiry for filesystem

-	// TLS service
+	/// TLS service
 	TLS      bool   // TLS on when certs are specified
 	CertFile string // Domain certificate
 	KeyFile  string // Domain key
@ -206,6 +206,7 @@ func getConfig() (*configV2, *probe.Error) {
 			config.Version = "2"
 			config.Credentials.AccessKeyID = string(mustGenerateAccessKeyID())
 			config.Credentials.SecretAccessKey = string(mustGenerateSecretAccessKey())
+			config.Credentials.Region = "us-east-1"
 			if err := saveConfig(config); err != nil {
 				return nil, err.Trace()
 			}