Krishnan Parthasarathi
b408d0e87d
Add aws:Referer condition key support. ( #3641 )
...
This change implements bucket policy enhancements required to restrict access based on HTTP referer.
See https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-4 for more information.
Fixes #3540
8 years ago
Harshavardhana
62f8343879
Add constants for commonly used values. ( #3588 )
...
This is a consolidation effort, avoiding usage
of naked strings in codebase. Whenever possible
use constants which can be repurposed elsewhere.
This also fixes `goconst ./...` reported issues.
8 years ago
Harshavardhana
926c75d0b5
api: Set appropriate content-type for success/error responses. ( #3537 )
...
Golang HTTP client automatically detects content-type but
for S3 clients this content-type might be incorrect or
might misbehave.
For example:
```
Content-Type: text/xml; charset=utf-8
```
Should be
```
Content-Type: application/xml
```
Allow this to be set properly.
8 years ago
Bala FA
ee0172dfe4
Have simpler JWT authentication. ( #3501 )
8 years ago
Bala FA
bef0a50bc1
Cleanup and fixes ( #3273 )
...
* newRequestID() (previously generateUploadID()) returns string than byte array.
* Remove unclear comments and added appropriate comments.
* SHA-256, MD5 Hash functions return Hex/Base64 encoded string than byte array.
* Remove duplicate MD5 hasher functions.
* Rename listObjectsValidateArgs() into validateListObjectsArgs()
* Remove repeated auth check code in all bucket request handlers.
* Remove abbreviated names in bucket-metadata
* Avoid nested if in bucketPolicyMatchStatement()
* Use ioutil.ReadFile() instead of os.Open() and ioutil.ReadAll()
* Set crossDomainXML as constant.
8 years ago
Harshavardhana
a8ab02a73a
v4/presign: Fix presign requests when there are more signed headers. ( #3222 )
...
This fix removes a wrong logic which fails for requests which
have more signed headers in a presign request.
Fixes #3217
8 years ago
Krishna Srinivas
61a18ed48f
sha256: Verify sha256 along with md5sum, signature is verified on the request early. ( #2813 )
8 years ago
Harshavardhana
5885ffc8ae
signature: Add legacy signature v2 support transparently. ( #2811 )
...
Add new tests as well.
8 years ago
Harshavardhana
64083b9227
signature: Region changes should be handled just like AWS. ( #2805 )
...
- PutBucket happens with 'us-east-1'.
- ListBuckets happens with any region.
- GetBucketLocation happens with 'us-east-1' and location is returned.
8 years ago
Mohit Agarwal
418921de89
minor cleanup
...
- Reused contains() from utils.go at a couple of places
- Cleanup in return statements and boolean checks
8 years ago
Harshavardhana
bccf549463
server: Move all the top level files into cmd folder. ( #2490 )
...
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
8 years ago
Harshavardhana
7e46055a15
api/handlers: Implement streaming signature v4 support. ( #2370 )
...
* api/handlers: Implement streaming signature v4 support.
Fixes #2326
* tests: Add tests for quick/safe
8 years ago
Harshavardhana
86d31e99d5
api: use checkAuth now at PutBucket, DeleteBucket handlers. ( #2225 )
...
Additionally add a unit test for isReqAuthenticated function.
9 years ago
Harshavardhana
aeac902747
API: ListBuckets doesn't have a body, we should never read the body. ( #2218 )
...
ListBuckets was incorrectly reading the body of the request, fix it.
9 years ago
Harshavardhana
8a028a9efb
handler/PUT: Handle signature verification through a custom reader. ( #2066 )
...
Change brings in a new signVerifyReader which provides a io.Reader
compatible reader, additionally implements Verify() function.
Verify() function validates the signature present in the incoming
request. This approach is choosen to avoid complexities involved
in using io.Pipe().
Thanks to Krishna for his inputs on this.
Fixes #2058
Fixes #2054
Fixes #2087
9 years ago
Krishna Srinivas
eb5f782c74
object-handler: skip sha256 calculation if x-amz-content-sha256=="UNSIGNED-PAYLOAD" ( #2038 )
...
fixes #2024 #2056
9 years ago
Harshavardhana
9472299308
logging: Log only for unhandled errors, remove all the debug logging. ( #1652 )
...
This patch brings in the removal of debug logging altogether, instead
we bring in the functionality of being able to trace the errors properly
pointing back to the origination of the problem.
To enable tracing you need to enable "MINIO_TRACE" set to "1" or "true"
environment variable which would print back traces whenever there is an
error which is unhandled or at the handler layer.
By default this tracing is turned off and only user level logging is
provided.
9 years ago
karthic rao
26e2c4bf4d
Replacing fastsha256 with crypto/sha256 package from golang standard package ( #1584 )
9 years ago
Harshavardhana
4e34e03dd4
xl/fs: Split object layer into interface. ( #1415 )
9 years ago
Harshavardhana
b182e94acc
signature: Handle presigned payload if set.
...
Validate payload with incoming content.
Fixes #1288
9 years ago
Harshavardhana
a6a4e7e297
signature: No need to validate region for getBucketLocation and listBuckets.
...
This type of check is added for making sure that we can support
custom regions.
ListBuckets and GetBucketLocation are always "us-east-1" rest
should look for the configured region.
Fixes #1278
9 years ago
Harshavardhana
02ad48466d
error: Signature errors should be returned with APIErrorCode.
...
The reasoning is that we can reply back with wide range of
S3 error responses, which would provide more richer context
to S3 client.
Fixes #1267
9 years ago
Harshavardhana
9dca46e156
signature: Use a layered approach for signature verification.
...
Signature calculation has now moved out from being a package to
top-level as a layered mechanism.
In case of payload calculation with body, go-routines are initiated
to simultaneously write and calculate shasum. Errors are sent
over the writer so that the lower layer removes the temporary files
properly.
9 years ago
Harshavardhana
902aa05021
main: Remove all the dead/unused code.
...
This patch removes some dead and unused code.
9 years ago
Harshavardhana
fdf3d64793
error: Add proper prefixes for s3Error codes.
...
This patch adds 'Err' prefix for all standard API
error codes and also adds a proper type for them.
9 years ago
Harshavardhana
166ef09c3d
auth: Detect anonymous as the last resort.
9 years ago
Harshavardhana
d5057b3c51
accessPolicy: Implement Put, Get, Delete access policy.
...
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
9 years ago
Harshavardhana
653ceee9ee
signV4: Move pkg/signature to pkg/s3/signature4
...
Cleanup and move this to relevant path.
9 years ago
Harshavardhana
91a092792a
presigned: Fix a bug in presigned request verification.
...
Additionally add Docker proxy configuration.
9 years ago
Harshavardhana
dd9aaa855c
web/rpc: Merge ports with API server.
...
Fixes #1081 and #1130
9 years ago
Harshavardhana
5a9333a67b
signature: Rewrite signature handling and move it into a library.
9 years ago