Add domain and subdomain support for MinioAPI

This change brings in domain and subdomain support - ./minio --domain "yourminiodomain.com" This change brings in a much needed feature by keeping bucketnames as part of your 'DNS' name. All your existing applications can be migrated off from s3 to Minio without little to no modifications. NOTE: Setting up DNS for your `buckets` is out of scope of this feature
2025-11-07 04:42:56 -05:00 · 2015-02-23 02:11:27 -08:00
parent 2d3b00b831
commit 51e80eaa6d
13 changed files with 236 additions and 148 deletions
--- a/pkg/utils/crypto/signers/signers.go
+++ b/pkg/utils/crypto/signers/signers.go
@@ -67,9 +67,9 @@ func ValidateRequest(user config.User, req *http.Request) (bool, error) {
 	encoder.Close()

 	// DEBUG
-	//fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
-	//fmt.Println("Header calculated: ", authHeader.String())
-	//fmt.Printf("%q : %x", ss, ss)
+	// fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
+	// fmt.Println("Header calculated: ", authHeader.String())
+	// fmt.Printf("%q : %x", ss, ss)
 	if req.Header.Get("Authorization") != authHeader.String() {
 		return false, fmt.Errorf("Authorization header mismatch")
 	}
@@ -155,6 +155,11 @@ var subResList = []string{"acl", "lifecycle", "location", "logging", "notificati
 // 	  <HTTP-Request-URI, from the protocol name up to the query string> +
 // 	  [ sub-resource, if present. For example "?acl", "?location", "?logging", or "?torrent"];
 func writeCanonicalizedResource(buf *bytes.Buffer, req *http.Request) {
+	bucket := bucketFromHostname(req)
+	if bucket != "" {
+		buf.WriteByte('/')
+		buf.WriteString(bucket)
+	}
 	buf.WriteString(req.URL.Path)
 	if req.URL.RawQuery != "" {
 		n := 0
@@ -176,3 +181,17 @@ func writeCanonicalizedResource(buf *bytes.Buffer, req *http.Request) {
 		}
 	}
 }
+
+func bucketFromHostname(req *http.Request) string {
+	host := req.Host
+	if host == "" {
+		host = req.URL.Host
+	}
+
+	host = strings.TrimSpace(host)
+	hostParts := strings.Split(host, ".")
+	if len(hostParts) > 1 {
+		return hostParts[0]
+	}
+	return ""
+}
--- a/pkg/utils/policy/policy.go
+++ b/pkg/utils/policy/policy.go
@@ -31,8 +31,8 @@ const (

 // TODO support canonical user
 const (
-	AwsPrincipal   = "arn:aws:iam::Account-ID:user/"
-	MinioPrincipal = "minio::Account-ID:user/"
+	AwsPrincipal   = "arn:aws:iam::"
+	MinioPrincipal = "minio::"
 )

 var SupportedActionMap = map[string]bool{
@@ -55,10 +55,13 @@ var SupportedEffectMap = map[string]bool{
 func isValidAction(action []string) bool {
 	var ok bool = false
 	for _, a := range action {
-		if SupportedActionMap[a] {
-			ok = true
+		if !SupportedActionMap[a] {
+			goto error
 		}
 	}
+	ok = true
+
+error:
 	return ok
 }

@@ -104,6 +107,7 @@ func isValidPrincipal(principal string) bool {
 		if len(username) == 0 {
 			ok = false
 		}
+
 	case strings.HasPrefix(principal, MinioPrincipal):
 		username := strings.SplitAfter(principal, MinioPrincipal)[1]
 		ok = true
@@ -160,6 +164,7 @@ func Parsepolicy(data io.Reader) (BucketPolicy, bool) {
 		if len(statement.Resource) == 0 {
 			goto error
 		}
+
 		if !isValidResource(statement.Resource) {
 			goto error
 		}