/* * Minio Cloud Storage, (C) 2015 Minio, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implieapi.Filesystem. * See the License for the specific language governing permissions and * limitations under the License. */ package main import ( "net/http" "net/url" "strconv" "github.com/gorilla/mux" "github.com/minio/minio/pkg/fs" ) const ( maxPartsList = 1000 ) // supportedGetReqParams - supported request parameters for GET // presigned request. var supportedGetReqParams = map[string]string{ "response-expires": "Expires", "response-content-type": "Content-Type", "response-cache-control": "Cache-Control", "response-content-disposition": "Content-Disposition", } // setResponseHeaders - set any requested parameters as response headers. func setResponseHeaders(w http.ResponseWriter, reqParams url.Values) { for k, v := range reqParams { if header, ok := supportedGetReqParams[k]; ok { w.Header()[header] = v } } } // GetObjectHandler - GET Object // ---------- // This implementation of the GET operation retrieves object. To use GET, // you must have READ access to the object. func (api storageAPI) GetObjectHandler(w http.ResponseWriter, r *http.Request) { var object, bucket string vars := mux.Vars(r) bucket = vars["bucket"] object = vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } if !isSignV4ReqAuthenticated(api.Signature, r) { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } metadata, err := api.Filesystem.GetObjectMetadata(bucket, object) if err != nil { errorIf(err.Trace(), "GetObject failed.", nil) switch err.ToGoError().(type) { case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.ObjectNotFound: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.ObjectNameInvalid: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } var hrange *httpRange hrange, err = getRequestedRange(r.Header.Get("Range"), metadata.Size) if err != nil { writeErrorResponse(w, r, InvalidRange, r.URL.Path) return } // Set standard object headers. setObjectHeaders(w, metadata, hrange) // Set any additional ruested response headers. setResponseHeaders(w, r.URL.Query()) // Get the object. if _, err = api.Filesystem.GetObject(w, bucket, object, hrange.start, hrange.length); err != nil { errorIf(err.Trace(), "GetObject failed.", nil) return } } // HeadObjectHandler - HEAD Object // ----------- // The HEAD operation retrieves metadata from an object without returning the object itself. func (api storageAPI) HeadObjectHandler(w http.ResponseWriter, r *http.Request) { var object, bucket string vars := mux.Vars(r) bucket = vars["bucket"] object = vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } if !isSignV4ReqAuthenticated(api.Signature, r) { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } metadata, err := api.Filesystem.GetObjectMetadata(bucket, object) if err != nil { switch err.ToGoError().(type) { case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.ObjectNotFound: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.ObjectNameInvalid: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } setObjectHeaders(w, metadata, nil) w.WriteHeader(http.StatusOK) } // PutObjectHandler - PUT Object // ---------- // This implementation of the PUT operation adds an object to a bucket. func (api storageAPI) PutObjectHandler(w http.ResponseWriter, r *http.Request) { var object, bucket string vars := mux.Vars(r) bucket = vars["bucket"] object = vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } // get Content-MD5 sent by client and verify if valid md5 := r.Header.Get("Content-MD5") if !isValidMD5(md5) { writeErrorResponse(w, r, InvalidDigest, r.URL.Path) return } /// if Content-Length is unknown/missing, deny the request size := r.ContentLength if size == -1 && !contains(r.TransferEncoding, "chunked") { writeErrorResponse(w, r, MissingContentLength, r.URL.Path) return } /// maximum Upload size for objects in a single operation if isMaxObjectSize(size) { writeErrorResponse(w, r, EntityTooLarge, r.URL.Path) return } // Set http request for signature. auth := api.Signature.SetHTTPRequestToVerify(r) // For presigned requests verify them right here. if isRequestPresignedSignatureV4(r) { ok, err := auth.DoesPresignedSignatureMatch() if err != nil { errorIf(err.Trace(r.URL.String()), "Presigned signature verification failed.", nil) writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } if !ok { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } auth = nil } // Create object. metadata, err := api.Filesystem.CreateObject(bucket, object, md5, size, r.Body, auth) if err != nil { errorIf(err.Trace(), "CreateObject failed.", nil) switch err.ToGoError().(type) { case fs.RootPathFull: writeErrorResponse(w, r, RootPathFull, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BadDigest: writeErrorResponse(w, r, BadDigest, r.URL.Path) case fs.SignDoesNotMatch: writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) case fs.IncompleteBody: writeErrorResponse(w, r, IncompleteBody, r.URL.Path) case fs.InvalidDigest: writeErrorResponse(w, r, InvalidDigest, r.URL.Path) case fs.ObjectExistsAsPrefix: writeErrorResponse(w, r, ObjectExistsAsPrefix, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } if metadata.MD5 != "" { w.Header().Set("ETag", "\""+metadata.MD5+"\"") } writeSuccessResponse(w, nil) } /// Multipart storageAPI // NewMultipartUploadHandler - New multipart upload func (api storageAPI) NewMultipartUploadHandler(w http.ResponseWriter, r *http.Request) { var object, bucket string vars := mux.Vars(r) bucket = vars["bucket"] object = vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } if !isSignV4ReqAuthenticated(api.Signature, r) { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } uploadID, err := api.Filesystem.NewMultipartUpload(bucket, object) if err != nil { errorIf(err.Trace(), "NewMultipartUpload failed.", nil) switch err.ToGoError().(type) { case fs.RootPathFull: writeErrorResponse(w, r, RootPathFull, r.URL.Path) case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.ObjectNotFound: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.ObjectNameInvalid: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } response := generateInitiateMultipartUploadResponse(bucket, object, uploadID) encodedSuccessResponse := encodeSuccessResponse(response) // write headers setCommonHeaders(w) // write success response. writeSuccessResponse(w, encodedSuccessResponse) } // PutObjectPartHandler - Upload part func (api storageAPI) PutObjectPartHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) bucket := vars["bucket"] object := vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } // get Content-MD5 sent by client and verify if valid md5 := r.Header.Get("Content-MD5") if !isValidMD5(md5) { writeErrorResponse(w, r, InvalidDigest, r.URL.Path) return } /// if Content-Length is unknown/missing, throw away size := r.ContentLength if size == -1 { writeErrorResponse(w, r, MissingContentLength, r.URL.Path) return } /// maximum Upload size for multipart objects in a single operation if isMaxObjectSize(size) { writeErrorResponse(w, r, EntityTooLarge, r.URL.Path) return } uploadID := r.URL.Query().Get("uploadId") partIDString := r.URL.Query().Get("partNumber") var partID int { var err error partID, err = strconv.Atoi(partIDString) if err != nil { writeErrorResponse(w, r, InvalidPart, r.URL.Path) return } } // Set http request for signature. auth := api.Signature.SetHTTPRequestToVerify(r) // For presigned requests verify right here. if isRequestPresignedSignatureV4(r) { ok, err := auth.DoesPresignedSignatureMatch() if err != nil { errorIf(err.Trace(r.URL.String()), "Presigned signature verification failed.", nil) writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } if !ok { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } // Signature verified, set this to nil payload verification // not necessary. auth = nil } calculatedMD5, err := api.Filesystem.CreateObjectPart(bucket, object, uploadID, md5, partID, size, r.Body, auth) if err != nil { errorIf(err.Trace(), "CreateObjectPart failed.", nil) switch err.ToGoError().(type) { case fs.RootPathFull: writeErrorResponse(w, r, RootPathFull, r.URL.Path) case fs.InvalidUploadID: writeErrorResponse(w, r, NoSuchUpload, r.URL.Path) case fs.BadDigest: writeErrorResponse(w, r, BadDigest, r.URL.Path) case fs.SignDoesNotMatch: writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) case fs.IncompleteBody: writeErrorResponse(w, r, IncompleteBody, r.URL.Path) case fs.InvalidDigest: writeErrorResponse(w, r, InvalidDigest, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } if calculatedMD5 != "" { w.Header().Set("ETag", "\""+calculatedMD5+"\"") } writeSuccessResponse(w, nil) } // AbortMultipartUploadHandler - Abort multipart upload func (api storageAPI) AbortMultipartUploadHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) bucket := vars["bucket"] object := vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } if !isSignV4ReqAuthenticated(api.Signature, r) { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } objectResourcesMetadata := getObjectResources(r.URL.Query()) err := api.Filesystem.AbortMultipartUpload(bucket, object, objectResourcesMetadata.UploadID) if err != nil { errorIf(err.Trace(), "AbortMutlipartUpload failed.", nil) switch err.ToGoError().(type) { case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.ObjectNotFound: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.ObjectNameInvalid: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.InvalidUploadID: writeErrorResponse(w, r, NoSuchUpload, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } writeSuccessNoContent(w) } // ListObjectPartsHandler - List object parts func (api storageAPI) ListObjectPartsHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) bucket := vars["bucket"] object := vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } if !isSignV4ReqAuthenticated(api.Signature, r) { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } objectResourcesMetadata := getObjectResources(r.URL.Query()) if objectResourcesMetadata.PartNumberMarker < 0 { writeErrorResponse(w, r, InvalidPartNumberMarker, r.URL.Path) return } if objectResourcesMetadata.MaxParts < 0 { writeErrorResponse(w, r, InvalidMaxParts, r.URL.Path) return } if objectResourcesMetadata.MaxParts == 0 { objectResourcesMetadata.MaxParts = maxPartsList } objectResourcesMetadata, err := api.Filesystem.ListObjectParts(bucket, object, objectResourcesMetadata) if err != nil { errorIf(err.Trace(), "ListObjectParts failed.", nil) switch err.ToGoError().(type) { case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.ObjectNotFound: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.ObjectNameInvalid: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.InvalidUploadID: writeErrorResponse(w, r, NoSuchUpload, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } response := generateListPartsResponse(objectResourcesMetadata) encodedSuccessResponse := encodeSuccessResponse(response) // write headers. setCommonHeaders(w) // write success response. writeSuccessResponse(w, encodedSuccessResponse) } // CompleteMultipartUploadHandler - Complete multipart upload func (api storageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) bucket := vars["bucket"] object := vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } // Set http request for signature. auth := api.Signature.SetHTTPRequestToVerify(r) // For presigned requests verify right here. if isRequestPresignedSignatureV4(r) { ok, err := auth.DoesPresignedSignatureMatch() if err != nil { errorIf(err.Trace(r.URL.String()), "Presigned signature verification failed.", nil) writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } if !ok { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } auth = nil } // Extract object resources. objectResourcesMetadata := getObjectResources(r.URL.Query()) // Complete multipart upload. metadata, err := api.Filesystem.CompleteMultipartUpload(bucket, object, objectResourcesMetadata.UploadID, r.Body, api.Signature) if err != nil { errorIf(err.Trace(), "CompleteMultipartUpload failed.", nil) switch err.ToGoError().(type) { case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.ObjectNotFound: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.ObjectNameInvalid: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.InvalidUploadID: writeErrorResponse(w, r, NoSuchUpload, r.URL.Path) case fs.InvalidPart: writeErrorResponse(w, r, InvalidPart, r.URL.Path) case fs.InvalidPartOrder: writeErrorResponse(w, r, InvalidPartOrder, r.URL.Path) case fs.SignDoesNotMatch: writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) case fs.IncompleteBody: writeErrorResponse(w, r, IncompleteBody, r.URL.Path) case fs.MalformedXML: writeErrorResponse(w, r, MalformedXML, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } return } response := generateCompleteMultpartUploadResponse(bucket, object, r.URL.String(), metadata.MD5) encodedSuccessResponse := encodeSuccessResponse(response) // write headers setCommonHeaders(w) // write success response. writeSuccessResponse(w, encodedSuccessResponse) } /// Delete storageAPI // DeleteObjectHandler - Delete object func (api storageAPI) DeleteObjectHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) bucket := vars["bucket"] object := vars["object"] if isRequestRequiresACLCheck(r) { if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) { writeErrorResponse(w, r, AccessDenied, r.URL.Path) return } } if !isSignV4ReqAuthenticated(api.Signature, r) { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } err := api.Filesystem.DeleteObject(bucket, object) if err != nil { errorIf(err.Trace(), "DeleteObject failed.", nil) switch err.ToGoError().(type) { case fs.BucketNameInvalid: writeErrorResponse(w, r, InvalidBucketName, r.URL.Path) case fs.BucketNotFound: writeErrorResponse(w, r, NoSuchBucket, r.URL.Path) case fs.ObjectNotFound: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) case fs.ObjectNameInvalid: writeErrorResponse(w, r, NoSuchKey, r.URL.Path) default: writeErrorResponse(w, r, InternalError, r.URL.Path) } } writeSuccessNoContent(w) }