From 91a7b13529db5f7a5e3b981caebdf8ce5dbbb61a Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@harshavardhana.net>
Date: Fri, 19 Feb 2016 21:45:37 -0800
Subject: [PATCH] web: Handle private bucket match from prefix to exact match.

Filter out 'privateBucket' if any from listBuckets output.
---
 generic-handlers.go | 25 +++++++++++--------------
 web-handlers.go     | 11 +++++++----
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/generic-handlers.go b/generic-handlers.go
index a24316a88..8d8f96d84 100644
--- a/generic-handlers.go
+++ b/generic-handlers.go
@@ -19,6 +19,8 @@ package main
 import (
 	"errors"
 	"net/http"
+	"path"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -28,7 +30,7 @@ import (
 
 const (
 	iso8601Format = "20060102T150405Z"
-	privateBucket = "/minio"
+	privateBucket = "minio"
 )
 
 // HandlerFunc - useful to chain different middleware http.Handler
@@ -99,19 +101,14 @@ func setBrowserRedirectHandler(h http.Handler) http.Handler {
 func (h redirectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Re-direction handled specifically for browsers.
 	if strings.Contains(r.Header.Get("User-Agent"), "Mozilla") {
+		// Following re-direction code handles redirects only for
+		// these specific incoming URLs.
+		// '/' is redirected to '/locationPrefix'
+		// '/rpc' is redirected to '/locationPrefix/rpc'
+		// '/login' is redirected to '/locationPrefix/login'
 		switch r.URL.Path {
-		case "/":
-			// This could be the default route for browser, redirect
-			// to 'locationPrefix/'.
-			fallthrough
-		case "/rpc":
-			// This is '/rpc' API route for browser, redirect to
-			// 'locationPrefix/rpc'.
-			fallthrough
-		case "/login":
-			// This is '/login' route for browser, redirect to
-			// 'locationPrefix/login'.
-			location := h.locationPrefix + r.URL.Path
+		case "/", "/rpc", "/login":
+			location := path.Join(h.locationPrefix, r.URL.Path)
 			// Redirect to new location.
 			http.Redirect(w, r, location, http.StatusTemporaryRedirect)
 			return
@@ -149,7 +146,7 @@ func setPrivateBucketHandler(h http.Handler) http.Handler {
 
 func (h minioPrivateBucketHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// For all non browser requests, reject access to 'privateBucket'.
-	if !strings.Contains(r.Header.Get("User-Agent"), "Mozilla") && strings.HasPrefix(r.URL.Path, privateBucket) {
+	if !strings.Contains(r.Header.Get("User-Agent"), "Mozilla") && filepath.Base(r.URL.Path) == privateBucket {
 		writeErrorResponse(w, r, AllAccessDisabled, r.URL.Path)
 		return
 	}
diff --git a/web-handlers.go b/web-handlers.go
index c21e4d8c2..41d08be4c 100644
--- a/web-handlers.go
+++ b/web-handlers.go
@@ -174,10 +174,13 @@ func (web *webAPI) ListBuckets(r *http.Request, args *ListBucketsArgs, reply *Li
 		return &json2.Error{Message: e.Error()}
 	}
 	for _, bucket := range buckets {
-		reply.Buckets = append(reply.Buckets, BucketInfo{
-			Name:         bucket.Name,
-			CreationDate: bucket.CreationDate,
-		})
+		// List all buckets which are not private.
+		if bucket.Name != privateBucket {
+			reply.Buckets = append(reply.Buckets, BucketInfo{
+				Name:         bucket.Name,
+				CreationDate: bucket.CreationDate,
+			})
+		}
 	}
 	reply.UIVersion = uiVersion
 	return nil