mirror of
https://github.com/minio/minio.git
synced 2024-12-26 23:25:54 -05:00
Merge pull request #1077 from harshavardhana/flags
flags: Remove anonymous, ratelimit, json and web-address flags.
This commit is contained in:
commit
15924a8f05
@ -34,13 +34,6 @@ func (api CloudStorageAPI) GetBucketLocationHandler(w http.ResponseWriter, req *
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
_, err := api.Filesystem.GetBucketMetadata(bucket)
|
_, err := api.Filesystem.GetBucketMetadata(bucket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
|
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
|
||||||
@ -75,13 +68,6 @@ func (api CloudStorageAPI) ListMultipartUploadsHandler(w http.ResponseWriter, re
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resources := getBucketMultipartResources(req.URL.Query())
|
resources := getBucketMultipartResources(req.URL.Query())
|
||||||
if resources.MaxUploads < 0 {
|
if resources.MaxUploads < 0 {
|
||||||
writeErrorResponse(w, req, InvalidMaxUploads, req.URL.Path)
|
writeErrorResponse(w, req, InvalidMaxUploads, req.URL.Path)
|
||||||
@ -121,15 +107,6 @@ func (api CloudStorageAPI) ListObjectsHandler(w http.ResponseWriter, req *http.R
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
if api.Filesystem.IsPrivateBucket(bucket) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO handle encoding type.
|
// TODO handle encoding type.
|
||||||
prefix, marker, delimiter, maxkeys, _ := getBucketResources(req.URL.Query())
|
prefix, marker, delimiter, maxkeys, _ := getBucketResources(req.URL.Query())
|
||||||
if maxkeys < 0 {
|
if maxkeys < 0 {
|
||||||
@ -171,12 +148,6 @@ func (api CloudStorageAPI) ListObjectsHandler(w http.ResponseWriter, req *http.R
|
|||||||
// This implementation of the GET operation returns a list of all buckets
|
// This implementation of the GET operation returns a list of all buckets
|
||||||
// owned by the authenticated sender of the request.
|
// owned by the authenticated sender of the request.
|
||||||
func (api CloudStorageAPI) ListBucketsHandler(w http.ResponseWriter, req *http.Request) {
|
func (api CloudStorageAPI) ListBucketsHandler(w http.ResponseWriter, req *http.Request) {
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
buckets, err := api.Filesystem.ListBuckets()
|
buckets, err := api.Filesystem.ListBuckets()
|
||||||
if err == nil {
|
if err == nil {
|
||||||
// generate response
|
// generate response
|
||||||
@ -199,13 +170,6 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// read from 'x-amz-acl'
|
// read from 'x-amz-acl'
|
||||||
aclType := getACLType(req)
|
aclType := getACLType(req)
|
||||||
if aclType == unsupportedACLType {
|
if aclType == unsupportedACLType {
|
||||||
@ -214,26 +178,24 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
|
|||||||
}
|
}
|
||||||
|
|
||||||
var signature *fs.Signature
|
var signature *fs.Signature
|
||||||
if !api.Anonymous {
|
// Init signature V4 verification
|
||||||
// Init signature V4 verification
|
if isRequestSignatureV4(req) {
|
||||||
if isRequestSignatureV4(req) {
|
var err *probe.Error
|
||||||
var err *probe.Error
|
signature, err = initSignatureV4(req)
|
||||||
signature, err = initSignatureV4(req)
|
if err != nil {
|
||||||
if err != nil {
|
switch err.ToGoError() {
|
||||||
switch err.ToGoError() {
|
case errInvalidRegion:
|
||||||
case errInvalidRegion:
|
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
return
|
||||||
return
|
case errAccessKeyIDInvalid:
|
||||||
case errAccessKeyIDInvalid:
|
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
return
|
||||||
return
|
default:
|
||||||
default:
|
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
return
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -374,13 +336,6 @@ func (api CloudStorageAPI) PutBucketACLHandler(w http.ResponseWriter, req *http.
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// read from 'x-amz-acl'
|
// read from 'x-amz-acl'
|
||||||
aclType := getACLType(req)
|
aclType := getACLType(req)
|
||||||
if aclType == unsupportedACLType {
|
if aclType == unsupportedACLType {
|
||||||
@ -413,13 +368,6 @@ func (api CloudStorageAPI) GetBucketACLHandler(w http.ResponseWriter, req *http.
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
bucketMetadata, err := api.Filesystem.GetBucketMetadata(bucket)
|
bucketMetadata, err := api.Filesystem.GetBucketMetadata(bucket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
|
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
|
||||||
@ -452,15 +400,6 @@ func (api CloudStorageAPI) HeadBucketHandler(w http.ResponseWriter, req *http.Re
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
if api.Filesystem.IsPrivateBucket(bucket) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
_, err := api.Filesystem.GetBucketMetadata(bucket)
|
_, err := api.Filesystem.GetBucketMetadata(bucket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
|
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
|
||||||
@ -482,13 +421,6 @@ func (api CloudStorageAPI) DeleteBucketHandler(w http.ResponseWriter, req *http.
|
|||||||
vars := mux.Vars(req)
|
vars := mux.Vars(req)
|
||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
err := api.Filesystem.DeleteBucket(bucket)
|
err := api.Filesystem.DeleteBucket(bucket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "DeleteBucket failed.", nil)
|
errorIf(err.Trace(), "DeleteBucket failed.", nil)
|
||||||
|
25
flags.go
25
flags.go
@ -34,32 +34,12 @@ var (
|
|||||||
Usage: "ADDRESS:PORT for cloud storage access.",
|
Usage: "ADDRESS:PORT for cloud storage access.",
|
||||||
}
|
}
|
||||||
|
|
||||||
webAddressFlag = cli.StringFlag{
|
|
||||||
Name: "web-address",
|
|
||||||
Value: ":9001",
|
|
||||||
Hide: true,
|
|
||||||
Usage: "WEBADDRESS:PORT for cloud storage access.",
|
|
||||||
}
|
|
||||||
|
|
||||||
accessLogFlag = cli.BoolFlag{
|
accessLogFlag = cli.BoolFlag{
|
||||||
Name: "enable-accesslog",
|
Name: "enable-accesslog",
|
||||||
Hide: true,
|
Hide: true,
|
||||||
Usage: "Enable access logs for all incoming HTTP request.",
|
Usage: "Enable access logs for all incoming HTTP request.",
|
||||||
}
|
}
|
||||||
|
|
||||||
rateLimitFlag = cli.IntFlag{
|
|
||||||
Name: "ratelimit",
|
|
||||||
Hide: true,
|
|
||||||
Value: 0,
|
|
||||||
Usage: "Limit for total concurrent requests: [DEFAULT: 0].",
|
|
||||||
}
|
|
||||||
|
|
||||||
anonymousFlag = cli.BoolFlag{
|
|
||||||
Name: "anonymous",
|
|
||||||
Hide: true,
|
|
||||||
Usage: "Make server run in anonymous mode where all client connections are accepted.",
|
|
||||||
}
|
|
||||||
|
|
||||||
certFlag = cli.StringFlag{
|
certFlag = cli.StringFlag{
|
||||||
Name: "cert",
|
Name: "cert",
|
||||||
Usage: "Provide your domain certificate.",
|
Usage: "Provide your domain certificate.",
|
||||||
@ -69,11 +49,6 @@ var (
|
|||||||
Name: "key",
|
Name: "key",
|
||||||
Usage: "Provide your domain private key.",
|
Usage: "Provide your domain private key.",
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonFlag = cli.BoolFlag{
|
|
||||||
Name: "json",
|
|
||||||
Usage: "Enable json formatted output.",
|
|
||||||
}
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// registerFlag registers a cli flag
|
// registerFlag registers a cli flag
|
||||||
|
4
main.go
4
main.go
@ -121,13 +121,9 @@ func registerApp() *cli.App {
|
|||||||
// register all flags
|
// register all flags
|
||||||
registerFlag(configFolderFlag)
|
registerFlag(configFolderFlag)
|
||||||
registerFlag(addressFlag)
|
registerFlag(addressFlag)
|
||||||
registerFlag(webAddressFlag)
|
|
||||||
registerFlag(accessLogFlag)
|
registerFlag(accessLogFlag)
|
||||||
registerFlag(rateLimitFlag)
|
|
||||||
registerFlag(anonymousFlag)
|
|
||||||
registerFlag(certFlag)
|
registerFlag(certFlag)
|
||||||
registerFlag(keyFlag)
|
registerFlag(keyFlag)
|
||||||
registerFlag(jsonFlag)
|
|
||||||
|
|
||||||
// set up app
|
// set up app
|
||||||
app := cli.NewApp()
|
app := cli.NewApp()
|
||||||
|
@ -39,15 +39,6 @@ func (api CloudStorageAPI) GetObjectHandler(w http.ResponseWriter, req *http.Req
|
|||||||
bucket = vars["bucket"]
|
bucket = vars["bucket"]
|
||||||
object = vars["object"]
|
object = vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
if api.Filesystem.IsPrivateBucket(bucket) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
metadata, err := api.Filesystem.GetObjectMetadata(bucket, object)
|
metadata, err := api.Filesystem.GetObjectMetadata(bucket, object)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "GetObject failed.", nil)
|
errorIf(err.Trace(), "GetObject failed.", nil)
|
||||||
@ -87,15 +78,6 @@ func (api CloudStorageAPI) HeadObjectHandler(w http.ResponseWriter, req *http.Re
|
|||||||
bucket = vars["bucket"]
|
bucket = vars["bucket"]
|
||||||
object = vars["object"]
|
object = vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
if api.Filesystem.IsPrivateBucket(bucket) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
metadata, err := api.Filesystem.GetObjectMetadata(bucket, object)
|
metadata, err := api.Filesystem.GetObjectMetadata(bucket, object)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch err.ToGoError().(type) {
|
switch err.ToGoError().(type) {
|
||||||
@ -125,15 +107,6 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
|
|||||||
bucket = vars["bucket"]
|
bucket = vars["bucket"]
|
||||||
object = vars["object"]
|
object = vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// get Content-MD5 sent by client and verify if valid
|
// get Content-MD5 sent by client and verify if valid
|
||||||
md5 := req.Header.Get("Content-MD5")
|
md5 := req.Header.Get("Content-MD5")
|
||||||
if !isValidMD5(md5) {
|
if !isValidMD5(md5) {
|
||||||
@ -153,26 +126,24 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
|
|||||||
}
|
}
|
||||||
|
|
||||||
var signature *fs.Signature
|
var signature *fs.Signature
|
||||||
if !api.Anonymous {
|
if isRequestSignatureV4(req) {
|
||||||
if isRequestSignatureV4(req) {
|
// Init signature V4 verification
|
||||||
// Init signature V4 verification
|
var err *probe.Error
|
||||||
var err *probe.Error
|
signature, err = initSignatureV4(req)
|
||||||
signature, err = initSignatureV4(req)
|
if err != nil {
|
||||||
if err != nil {
|
switch err.ToGoError() {
|
||||||
switch err.ToGoError() {
|
case errInvalidRegion:
|
||||||
case errInvalidRegion:
|
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
return
|
||||||
return
|
case errAccessKeyIDInvalid:
|
||||||
case errAccessKeyIDInvalid:
|
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
return
|
||||||
return
|
default:
|
||||||
default:
|
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
return
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -219,14 +190,6 @@ func (api CloudStorageAPI) NewMultipartUploadHandler(w http.ResponseWriter, req
|
|||||||
bucket = vars["bucket"]
|
bucket = vars["bucket"]
|
||||||
object = vars["object"]
|
object = vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
// Unauthorized multipart uploads are not supported
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
uploadID, err := api.Filesystem.NewMultipartUpload(bucket, object)
|
uploadID, err := api.Filesystem.NewMultipartUpload(bucket, object)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "NewMultipartUpload failed.", nil)
|
errorIf(err.Trace(), "NewMultipartUpload failed.", nil)
|
||||||
@ -261,13 +224,6 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
|
|||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
object := vars["object"]
|
object := vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// get Content-MD5 sent by client and verify if valid
|
// get Content-MD5 sent by client and verify if valid
|
||||||
md5 := req.Header.Get("Content-MD5")
|
md5 := req.Header.Get("Content-MD5")
|
||||||
if !isValidMD5(md5) {
|
if !isValidMD5(md5) {
|
||||||
@ -302,26 +258,24 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
|
|||||||
}
|
}
|
||||||
|
|
||||||
var signature *fs.Signature
|
var signature *fs.Signature
|
||||||
if !api.Anonymous {
|
if isRequestSignatureV4(req) {
|
||||||
if isRequestSignatureV4(req) {
|
// Init signature V4 verification
|
||||||
// Init signature V4 verification
|
var err *probe.Error
|
||||||
var err *probe.Error
|
signature, err = initSignatureV4(req)
|
||||||
signature, err = initSignatureV4(req)
|
if err != nil {
|
||||||
if err != nil {
|
switch err.ToGoError() {
|
||||||
switch err.ToGoError() {
|
case errInvalidRegion:
|
||||||
case errInvalidRegion:
|
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
return
|
||||||
return
|
case errAccessKeyIDInvalid:
|
||||||
case errAccessKeyIDInvalid:
|
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
return
|
||||||
return
|
default:
|
||||||
default:
|
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
return
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -361,13 +315,6 @@ func (api CloudStorageAPI) AbortMultipartUploadHandler(w http.ResponseWriter, re
|
|||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
object := vars["object"]
|
object := vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
objectResourcesMetadata := getObjectResources(req.URL.Query())
|
objectResourcesMetadata := getObjectResources(req.URL.Query())
|
||||||
err := api.Filesystem.AbortMultipartUpload(bucket, object, objectResourcesMetadata.UploadID)
|
err := api.Filesystem.AbortMultipartUpload(bucket, object, objectResourcesMetadata.UploadID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -397,13 +344,6 @@ func (api CloudStorageAPI) ListObjectPartsHandler(w http.ResponseWriter, req *ht
|
|||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
object := vars["object"]
|
object := vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
objectResourcesMetadata := getObjectResources(req.URL.Query())
|
objectResourcesMetadata := getObjectResources(req.URL.Query())
|
||||||
if objectResourcesMetadata.PartNumberMarker < 0 {
|
if objectResourcesMetadata.PartNumberMarker < 0 {
|
||||||
writeErrorResponse(w, req, InvalidPartNumberMarker, req.URL.Path)
|
writeErrorResponse(w, req, InvalidPartNumberMarker, req.URL.Path)
|
||||||
@ -450,35 +390,26 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter,
|
|||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
object := vars["object"]
|
object := vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
objectResourcesMetadata := getObjectResources(req.URL.Query())
|
objectResourcesMetadata := getObjectResources(req.URL.Query())
|
||||||
var signature *fs.Signature
|
var signature *fs.Signature
|
||||||
if !api.Anonymous {
|
if isRequestSignatureV4(req) {
|
||||||
if isRequestSignatureV4(req) {
|
// Init signature V4 verification
|
||||||
// Init signature V4 verification
|
var err *probe.Error
|
||||||
var err *probe.Error
|
signature, err = initSignatureV4(req)
|
||||||
signature, err = initSignatureV4(req)
|
if err != nil {
|
||||||
if err != nil {
|
switch err.ToGoError() {
|
||||||
switch err.ToGoError() {
|
case errInvalidRegion:
|
||||||
case errInvalidRegion:
|
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
return
|
||||||
return
|
case errAccessKeyIDInvalid:
|
||||||
case errAccessKeyIDInvalid:
|
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
return
|
||||||
return
|
default:
|
||||||
default:
|
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
return
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -528,15 +459,6 @@ func (api CloudStorageAPI) DeleteObjectHandler(w http.ResponseWriter, req *http.
|
|||||||
bucket := vars["bucket"]
|
bucket := vars["bucket"]
|
||||||
object := vars["object"]
|
object := vars["object"]
|
||||||
|
|
||||||
if !api.Anonymous {
|
|
||||||
if isRequestRequiresACLCheck(req) {
|
|
||||||
if api.Filesystem.IsPrivateBucket(bucket) || api.Filesystem.IsReadOnlyBucket(bucket) {
|
|
||||||
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
err := api.Filesystem.DeleteObject(bucket, object)
|
err := api.Filesystem.DeleteObject(bucket, object)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err.Trace(), "DeleteObject failed.", nil)
|
errorIf(err.Trace(), "DeleteObject failed.", nil)
|
||||||
|
@ -30,8 +30,6 @@ import (
|
|||||||
|
|
||||||
// CloudStorageAPI container for S3 compatible API.
|
// CloudStorageAPI container for S3 compatible API.
|
||||||
type CloudStorageAPI struct {
|
type CloudStorageAPI struct {
|
||||||
// Do not check for incoming signatures, allow all requests.
|
|
||||||
Anonymous bool
|
|
||||||
// Once true log all incoming requests.
|
// Once true log all incoming requests.
|
||||||
AccessLog bool
|
AccessLog bool
|
||||||
// Filesystem instance.
|
// Filesystem instance.
|
||||||
@ -153,7 +151,6 @@ func getNewCloudStorageAPI(conf cloudServerConfig) CloudStorageAPI {
|
|||||||
}
|
}
|
||||||
return CloudStorageAPI{
|
return CloudStorageAPI{
|
||||||
Filesystem: fs,
|
Filesystem: fs,
|
||||||
Anonymous: conf.Anonymous,
|
|
||||||
AccessLog: conf.AccessLog,
|
AccessLog: conf.AccessLog,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -163,9 +160,7 @@ func getCloudStorageAPIHandler(api CloudStorageAPI) http.Handler {
|
|||||||
TimeValidityHandler,
|
TimeValidityHandler,
|
||||||
IgnoreResourcesHandler,
|
IgnoreResourcesHandler,
|
||||||
IgnoreSignatureV2RequestHandler,
|
IgnoreSignatureV2RequestHandler,
|
||||||
}
|
SignatureHandler,
|
||||||
if !api.Anonymous {
|
|
||||||
mwHandlers = append(mwHandlers, SignatureHandler)
|
|
||||||
}
|
}
|
||||||
if api.AccessLog {
|
if api.AccessLog {
|
||||||
mwHandlers = append(mwHandlers, AccessLogHandler)
|
mwHandlers = append(mwHandlers, AccessLogHandler)
|
||||||
|
@ -69,10 +69,8 @@ EXAMPLES:
|
|||||||
// cloudServerConfig - http server config
|
// cloudServerConfig - http server config
|
||||||
type cloudServerConfig struct {
|
type cloudServerConfig struct {
|
||||||
/// HTTP server options
|
/// HTTP server options
|
||||||
Address string // Address:Port listening
|
Address string // Address:Port listening
|
||||||
WebAddress string // WebAddress:Port listening
|
AccessLog bool // Enable access log handler
|
||||||
AccessLog bool // Enable access log handler
|
|
||||||
Anonymous bool // No signature turn off
|
|
||||||
|
|
||||||
// Credentials.
|
// Credentials.
|
||||||
AccessKeyID string // Access key id.
|
AccessKeyID string // Access key id.
|
||||||
@ -87,15 +85,25 @@ type cloudServerConfig struct {
|
|||||||
TLS bool // TLS on when certs are specified
|
TLS bool // TLS on when certs are specified
|
||||||
CertFile string // Domain certificate
|
CertFile string // Domain certificate
|
||||||
KeyFile string // Domain key
|
KeyFile string // Domain key
|
||||||
|
|
||||||
/// Advanced HTTP server options
|
|
||||||
RateLimit int // Ratelimited server of incoming connections
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureWebServer(conf cloudServerConfig) (*http.Server, *probe.Error) {
|
func configureWebServer(conf cloudServerConfig) (*http.Server, *probe.Error) {
|
||||||
|
// Split the api address into host and port.
|
||||||
|
host, port, e := net.SplitHostPort(conf.Address)
|
||||||
|
if e != nil {
|
||||||
|
return nil, probe.NewError(e)
|
||||||
|
}
|
||||||
|
webPort, e := strconv.Atoi(port)
|
||||||
|
if e != nil {
|
||||||
|
return nil, probe.NewError(e)
|
||||||
|
}
|
||||||
|
// Always choose the next port, based on the API address port.
|
||||||
|
webPort = webPort + 1
|
||||||
|
webAddress := net.JoinHostPort(host, strconv.Itoa(webPort))
|
||||||
|
|
||||||
// Minio server config
|
// Minio server config
|
||||||
webServer := &http.Server{
|
webServer := &http.Server{
|
||||||
Addr: conf.WebAddress,
|
Addr: webAddress,
|
||||||
Handler: getWebAPIHandler(getNewWebAPI(conf)),
|
Handler: getWebAPIHandler(getNewWebAPI(conf)),
|
||||||
MaxHeaderBytes: 1 << 20,
|
MaxHeaderBytes: 1 << 20,
|
||||||
}
|
}
|
||||||
@ -133,8 +141,8 @@ func configureAPIServer(conf cloudServerConfig) (*http.Server, *probe.Error) {
|
|||||||
return apiServer, nil
|
return apiServer, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func printServerMsg(conf cloudServerConfig) {
|
func printServerMsg(serverConf *http.Server) {
|
||||||
host, port, e := net.SplitHostPort(conf.Address)
|
host, port, e := net.SplitHostPort(serverConf.Addr)
|
||||||
fatalIf(probe.NewError(e), "Unable to split host port.", nil)
|
fatalIf(probe.NewError(e), "Unable to split host port.", nil)
|
||||||
|
|
||||||
var hosts []string
|
var hosts []string
|
||||||
@ -155,7 +163,7 @@ func printServerMsg(conf cloudServerConfig) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
for _, host := range hosts {
|
for _, host := range hosts {
|
||||||
if conf.TLS {
|
if serverConf.TLSConfig != nil {
|
||||||
Printf(" https://%s:%s\n", host, port)
|
Printf(" https://%s:%s\n", host, port)
|
||||||
} else {
|
} else {
|
||||||
Printf(" http://%s:%s\n", host, port)
|
Printf(" http://%s:%s\n", host, port)
|
||||||
@ -328,9 +336,7 @@ func serverMain(c *cli.Context) {
|
|||||||
tls := (certFile != "" && keyFile != "")
|
tls := (certFile != "" && keyFile != "")
|
||||||
serverConfig := cloudServerConfig{
|
serverConfig := cloudServerConfig{
|
||||||
Address: c.GlobalString("address"),
|
Address: c.GlobalString("address"),
|
||||||
WebAddress: c.GlobalString("web-address"),
|
|
||||||
AccessLog: c.GlobalBool("enable-accesslog"),
|
AccessLog: c.GlobalBool("enable-accesslog"),
|
||||||
Anonymous: c.GlobalBool("anonymous"),
|
|
||||||
AccessKeyID: conf.Credentials.AccessKeyID,
|
AccessKeyID: conf.Credentials.AccessKeyID,
|
||||||
SecretAccessKey: conf.Credentials.SecretAccessKey,
|
SecretAccessKey: conf.Credentials.SecretAccessKey,
|
||||||
Path: path,
|
Path: path,
|
||||||
@ -339,23 +345,22 @@ func serverMain(c *cli.Context) {
|
|||||||
TLS: tls,
|
TLS: tls,
|
||||||
CertFile: certFile,
|
CertFile: certFile,
|
||||||
KeyFile: keyFile,
|
KeyFile: keyFile,
|
||||||
RateLimit: c.GlobalInt("ratelimit"),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Println("\nMinio Object Storage:")
|
|
||||||
printServerMsg(serverConfig)
|
|
||||||
|
|
||||||
// configure API server.
|
// configure API server.
|
||||||
apiServer, err := configureAPIServer(serverConfig)
|
apiServer, err := configureAPIServer(serverConfig)
|
||||||
errorIf(err.Trace(), "Failed to configure API server.", nil)
|
errorIf(err.Trace(), "Failed to configure API server.", nil)
|
||||||
|
|
||||||
Println("\nMinio Browser:")
|
Println("\nMinio Object Storage:")
|
||||||
printServerMsg(serverConfig)
|
printServerMsg(apiServer)
|
||||||
|
|
||||||
// configure Web server.
|
// configure Web server.
|
||||||
webServer, err := configureWebServer(serverConfig)
|
webServer, err := configureWebServer(serverConfig)
|
||||||
errorIf(err.Trace(), "Failed to configure Web server.", nil)
|
errorIf(err.Trace(), "Failed to configure Web server.", nil)
|
||||||
|
|
||||||
|
Println("\nMinio Browser:")
|
||||||
|
printServerMsg(webServer)
|
||||||
|
|
||||||
Println("\nTo configure Minio Client:")
|
Println("\nTo configure Minio Client:")
|
||||||
if runtime.GOOS == "windows" {
|
if runtime.GOOS == "windows" {
|
||||||
Println(" Download \"mc\" from https://dl.minio.io/client/mc/release/" + runtime.GOOS + "-" + runtime.GOARCH + "/mc.exe")
|
Println(" Download \"mc\" from https://dl.minio.io/client/mc/release/" + runtime.GOOS + "-" + runtime.GOARCH + "/mc.exe")
|
||||||
@ -367,7 +372,6 @@ func serverMain(c *cli.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Start server.
|
// Start server.
|
||||||
rateLimit := serverConfig.RateLimit
|
err = minhttp.ListenAndServe(apiServer, webServer)
|
||||||
err = minhttp.ListenAndServeLimited(rateLimit, apiServer, webServer)
|
|
||||||
errorIf(err.Trace(), "Failed to start the minio server.", nil)
|
errorIf(err.Trace(), "Failed to start the minio server.", nil)
|
||||||
}
|
}
|
||||||
|
@ -78,7 +78,6 @@ func (s *MyAPIFSCacheSuite) SetUpSuite(c *C) {
|
|||||||
cloudServer := cloudServerConfig{
|
cloudServer := cloudServerConfig{
|
||||||
Path: fsroot,
|
Path: fsroot,
|
||||||
MinFreeDisk: 0,
|
MinFreeDisk: 0,
|
||||||
Anonymous: false,
|
|
||||||
}
|
}
|
||||||
cloudStorageAPI := getNewCloudStorageAPI(cloudServer)
|
cloudStorageAPI := getNewCloudStorageAPI(cloudServer)
|
||||||
httpHandler := getCloudStorageAPIHandler(cloudStorageAPI)
|
httpHandler := getCloudStorageAPIHandler(cloudStorageAPI)
|
||||||
|
@ -60,13 +60,6 @@ func isRequestPostPolicySignatureV4(req *http.Request) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func isRequestRequiresACLCheck(req *http.Request) bool {
|
|
||||||
if isRequestSignatureV4(req) || isRequestPresignedSignatureV4(req) || isRequestPostPolicySignatureV4(req) {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
if isRequestPostPolicySignatureV4(r) && r.Method == "POST" {
|
if isRequestPostPolicySignatureV4(r) && r.Method == "POST" {
|
||||||
s.handler.ServeHTTP(w, r)
|
s.handler.ServeHTTP(w, r)
|
||||||
|
Loading…
Reference in New Issue
Block a user