MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-02-04 10:26:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix bugs in post policy and presigned signature handling

Browse Source
This commit is contained in:
Harshavardhana 2015-10-14 15:45:34 -07:00
parent f1c099af5f
commit 2d0cc80646
3 changed files with 16 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
server-api-bucket-handlers.go
View File

@ -25,38 +25,6 @@ import (
signv4 "github.com/minio/minio/pkg/signature" signv4 "github.com/minio/minio/pkg/signature"
) )
func (api API) isValidOp(w http.ResponseWriter, req *http.Request) bool {
vars := mux.Vars(req)
bucket := vars["bucket"]
bucketMetadata, err := api.Donut.GetBucketMetadata(bucket)
if err != nil {
errorIf(err.Trace(), "GetBucketMetadata failed.", nil)
switch err.ToGoError().(type) {
case donut.BucketNotFound:
writeErrorResponse(w, req, NoSuchBucket, req.URL.Path)
return false
case donut.BucketNameInvalid:
writeErrorResponse(w, req, InvalidBucketName, req.URL.Path)
return false
default:
writeErrorResponse(w, req, InternalError, req.URL.Path)
return false
}
}
if _, err = stripAccessKeyID(req.Header.Get("Authorization")); err != nil {
if bucketMetadata.ACL.IsPrivate() {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return false
}
if bucketMetadata.ACL.IsPublicRead() && req.Method == "PUT" {
writeErrorResponse(w, req, AccessDenied, req.URL.Path)
return false
}
}
return true
}
// ListMultipartUploadsHandler - GET Bucket (List Multipart uploads) // ListMultipartUploadsHandler - GET Bucket (List Multipart uploads)
// ------------------------- // -------------------------
// This operation lists in-progress multipart uploads. An in-progress // This operation lists in-progress multipart uploads. An in-progress
@ -74,10 +42,6 @@ func (api API) ListMultipartUploadsHandler(w http.ResponseWriter, req *http.Requ
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
resources := getBucketMultipartResources(req.URL.Query()) resources := getBucketMultipartResources(req.URL.Query())
if resources.MaxUploads < 0 { if resources.MaxUploads < 0 {
writeErrorResponse(w, req, InvalidMaxUploads, req.URL.Path) writeErrorResponse(w, req, InvalidMaxUploads, req.URL.Path)
@ -126,10 +90,6 @@ func (api API) ListObjectsHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
if isRequestUploads(req.URL.Query()) { if isRequestUploads(req.URL.Query()) {
api.ListMultipartUploadsHandler(w, req) api.ListMultipartUploadsHandler(w, req)
return return

32
server-api-object-handlers.go
View File

@ -44,10 +44,6 @@ func (api API) GetObjectHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
var object, bucket string var object, bucket string
vars := mux.Vars(req) vars := mux.Vars(req)
bucket = vars["bucket"] bucket = vars["bucket"]
@ -96,10 +92,6 @@ func (api API) HeadObjectHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
var object, bucket string var object, bucket string
vars := mux.Vars(req) vars := mux.Vars(req)
bucket = vars["bucket"] bucket = vars["bucket"]
@ -139,10 +131,6 @@ func (api API) PutObjectHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
var object, bucket string var object, bucket string
vars := mux.Vars(req) vars := mux.Vars(req)
bucket = vars["bucket"] bucket = vars["bucket"]
@ -243,10 +231,6 @@ func (api API) NewMultipartUploadHandler(w http.ResponseWriter, req *http.Reques
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
if !isRequestUploads(req.URL.Query()) { if !isRequestUploads(req.URL.Query()) {
writeErrorResponse(w, req, MethodNotAllowed, req.URL.Path) writeErrorResponse(w, req, MethodNotAllowed, req.URL.Path)
return return
@ -288,10 +272,6 @@ func (api API) PutObjectPartHandler(w http.ResponseWriter, req *http.Request) {
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
// get Content-MD5 sent by client and verify if valid // get Content-MD5 sent by client and verify if valid
md5 := req.Header.Get("Content-MD5") md5 := req.Header.Get("Content-MD5")
if !isValidMD5(md5) { if !isValidMD5(md5) {
@ -391,10 +371,6 @@ func (api API) AbortMultipartUploadHandler(w http.ResponseWriter, req *http.Requ
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
vars := mux.Vars(req) vars := mux.Vars(req)
bucket := vars["bucket"] bucket := vars["bucket"]
object := vars["object"] object := vars["object"]
@ -427,10 +403,6 @@ func (api API) ListObjectPartsHandler(w http.ResponseWriter, req *http.Request)
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
objectResourcesMetadata := getObjectResources(req.URL.Query()) objectResourcesMetadata := getObjectResources(req.URL.Query())
if objectResourcesMetadata.PartNumberMarker < 0 { if objectResourcesMetadata.PartNumberMarker < 0 {
writeErrorResponse(w, req, InvalidPartNumberMarker, req.URL.Path) writeErrorResponse(w, req, InvalidPartNumberMarker, req.URL.Path)
@ -478,10 +450,6 @@ func (api API) CompleteMultipartUploadHandler(w http.ResponseWriter, req *http.R
<-op.ProceedCh <-op.ProceedCh
} }
if !api.isValidOp(w, req) {
return
}
vars := mux.Vars(req) vars := mux.Vars(req)
bucket := vars["bucket"] bucket := vars["bucket"]
object := vars["object"] object := vars["object"]

16
server-api-signature-handler.go
View File

@ -19,6 +19,7 @@ package main
import ( import (
"encoding/hex" "encoding/hex"
"net/http" "net/http"
"strings"
"github.com/minio/minio/pkg/crypto/sha256" "github.com/minio/minio/pkg/crypto/sha256"
"github.com/minio/minio/pkg/probe" "github.com/minio/minio/pkg/probe"
@ -48,7 +49,21 @@ func isRequestPresignedSignatureV4(req *http.Request) bool {
return false return false
} }
func isRequestPostPolicySignatureV4(req *http.Request) bool {
if _, ok := req.Header["Content-Type"]; ok {
if strings.Contains(req.Header.Get("Content-Type"), "multipart/form-data") {
return true
}
}
return false
}
func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if isRequestPostPolicySignatureV4(r) && r.Method == "POST" {
s.handler.ServeHTTP(w, r)
return
}
var signature *signv4.Signature var signature *signv4.Signature
if isRequestSignatureV4(r) { if isRequestSignatureV4(r) {
// For PUT and POST requests with payload, send the call upwards for verification. // For PUT and POST requests with payload, send the call upwards for verification.
@ -113,6 +128,7 @@ func (s signatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
s.handler.ServeHTTP(w, r) s.handler.ServeHTTP(w, r)
return
} }
writeErrorResponse(w, r, AccessDenied, r.URL.Path) writeErrorResponse(w, r, AccessDenied, r.URL.Path)
} }