Add a new validateContentTypeHandler{}, verify Accept header earlier

This commit is contained in:
Harshavardhana 2015-05-13 12:19:41 -07:00
parent fdbfa5070b
commit 5498c90788
4 changed files with 35 additions and 92 deletions

View File

@ -69,10 +69,6 @@ func (server *minioAPI) isValidOp(w http.ResponseWriter, req *http.Request, acce
//
func (server *minioAPI) listObjectsHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if bucket allows this operation
if !server.isValidOp(w, req, acceptsContentType) {
return
@ -123,10 +119,6 @@ func (server *minioAPI) listObjectsHandler(w http.ResponseWriter, req *http.Requ
// owned by the authenticated sender of the request.
func (server *minioAPI) listBucketsHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// uncomment this when we have webcli
// without access key credentials one cannot list buckets
// if _, err := stripAuth(req); err != nil {
@ -161,10 +153,6 @@ func (server *minioAPI) listBucketsHandler(w http.ResponseWriter, req *http.Requ
// This implementation of the PUT operation creates a new bucket for authenticated request
func (server *minioAPI) putBucketHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// uncomment this when we have webcli
// without access key credentials one cannot create a bucket
// if _, err := stripAuth(req); err != nil {
@ -217,11 +205,6 @@ func (server *minioAPI) putBucketHandler(w http.ResponseWriter, req *http.Reques
// This implementation of the PUT operation modifies the bucketACL for authenticated request
func (server *minioAPI) putBucketACLHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// read from 'x-amz-acl'
aclType := getACLType(req)
if aclType == unsupportedACLType {
@ -261,11 +244,6 @@ func (server *minioAPI) putBucketACLHandler(w http.ResponseWriter, req *http.Req
// return responses such as 404 Not Found and 403 Forbidden.
func (server *minioAPI) headBucketHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if bucket allows this operation
if !server.isValidOp(w, req, acceptsContentType) {
return

View File

@ -25,12 +25,15 @@ import (
"github.com/minio/minio/pkg/api/config"
)
type contentTypeHandler struct {
handler http.Handler
}
type timeHandler struct {
handler http.Handler
}
type validateAuthHandler struct {
conf config.Config
handler http.Handler
}
@ -46,6 +49,10 @@ type auth struct {
accessKey string
}
const (
timeFormat = "20060102T150405Z"
)
// strip auth from authorization header
func stripAuth(r *http.Request) (*auth, error) {
authHeader := r.Header.Get("Authorization")
@ -74,10 +81,6 @@ func stripAuth(r *http.Request) (*auth, error) {
return a, nil
}
const (
timeFormat = "20060102T150405Z"
)
func getDate(req *http.Request) (time.Time, error) {
amzDate := req.Header.Get("X-Amz-Date")
switch {
@ -108,16 +111,25 @@ func getDate(req *http.Request) (time.Time, error) {
return time.Time{}, errors.New("invalid request")
}
func validContentTypeHandler(h http.Handler) http.Handler {
return contentTypeHandler{h}
}
func (h contentTypeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path)
return
}
h.handler.ServeHTTP(w, r)
}
func timeValidityHandler(h http.Handler) http.Handler {
return timeHandler{h}
}
func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path)
return
}
// Verify if date headers are set, if not reject the request
if r.Header.Get("Authorization") != "" {
if r.Header.Get("X-Amz-Date") == "" && r.Header.Get("Date") == "" {
@ -143,29 +155,27 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// validate auth header handler is wrapper handler used for API request validation with authorization header.
// Current authorization layer supports S3's standard HMAC based signature request.
func validateAuthHeaderHandler(conf config.Config, h http.Handler) http.Handler {
return validateAuthHandler{
conf: conf,
handler: h,
}
func validateAuthHeaderHandler(h http.Handler) http.Handler {
return validateAuthHandler{h}
}
// validate auth header handler ServeHTTP() wrapper
func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path)
return
}
_, err := stripAuth(r)
switch err.(type) {
case nil:
if err := h.conf.ReadConfig(); err != nil {
var conf = config.Config{}
if err := conf.SetupConfig(); err != nil {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
return
}
if err := conf.ReadConfig(); err != nil {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
return
}
// uncomment this when we have webcli
// _, ok := h.conf.Users[auth.accessKey]
// _, ok := conf.Users[auth.accessKey]
//if !ok {
// writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
// return
@ -189,10 +199,6 @@ func ignoreResourcesHandler(h http.Handler) http.Handler {
// Resource handler ServeHTTP() wrapper
func (h resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, r, NotAcceptable, acceptsContentType, r.URL.Path)
return
}
if ignoreNotImplementedObjectResources(r) || ignoreNotImplementedBucketResources(r) {
error := getErrorCode(NotImplemented)
errorResponse := getErrorResponse(error, "")

View File

@ -39,11 +39,6 @@ const (
// you must have READ access to the object.
func (server *minioAPI) getObjectHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if this operation is allowed
if !server.isValidOp(w, req, acceptsContentType) {
return
@ -101,11 +96,6 @@ func (server *minioAPI) getObjectHandler(w http.ResponseWriter, req *http.Reques
// The HEAD operation retrieves metadata from an object without returning the object itself.
func (server *minioAPI) headObjectHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if this operation is allowed
if !server.isValidOp(w, req, acceptsContentType) {
return
@ -144,11 +134,6 @@ func (server *minioAPI) headObjectHandler(w http.ResponseWriter, req *http.Reque
// This implementation of the PUT operation adds an object to a bucket.
func (server *minioAPI) putObjectHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// verify if this operation is allowed
if !server.isValidOp(w, req, acceptsContentType) {
return
@ -224,13 +209,7 @@ func (server *minioAPI) putObjectHandler(w http.ResponseWriter, req *http.Reques
}
func (server *minioAPI) newMultipartUploadHandler(w http.ResponseWriter, req *http.Request) {
// TODO ensure ?uploads is part of URL
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// handle ACL's here at bucket level
if !server.isValidOp(w, req, acceptsContentType) {
return
@ -262,11 +241,6 @@ func (server *minioAPI) newMultipartUploadHandler(w http.ResponseWriter, req *ht
func (server *minioAPI) putObjectPartHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
// handle ACL's here at bucket level
if !server.isValidOp(w, req, acceptsContentType) {
return
@ -356,10 +330,7 @@ func (server *minioAPI) putObjectPartHandler(w http.ResponseWriter, req *http.Re
func (server *minioAPI) abortMultipartUploadHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
vars := mux.Vars(req)
bucket := vars["bucket"]
object := vars["object"]
@ -381,10 +352,7 @@ func (server *minioAPI) abortMultipartUploadHandler(w http.ResponseWriter, req *
func (server *minioAPI) listObjectPartsHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
vars := mux.Vars(req)
bucket := vars["bucket"]
object := vars["object"]
@ -415,10 +383,6 @@ func (server *minioAPI) listObjectPartsHandler(w http.ResponseWriter, req *http.
func (server *minioAPI) completeMultipartUploadHandler(w http.ResponseWriter, req *http.Request) {
acceptsContentType := getContentType(req)
if acceptsContentType == unknownContentType {
writeErrorResponse(w, req, NotAcceptable, acceptsContentType, req.URL.Path)
return
}
decoder := xml.NewDecoder(req.Body)
parts := &CompleteMultipartUpload{}

View File

@ -21,11 +21,9 @@ import (
"net/http"
router "github.com/gorilla/mux"
"github.com/minio/minio/pkg/api/config"
"github.com/minio/minio/pkg/api/logging"
"github.com/minio/minio/pkg/api/quota"
"github.com/minio/minio/pkg/featureflags"
"github.com/minio/minio/pkg/iodine"
"github.com/minio/minio/pkg/storage/drivers"
)
@ -57,13 +55,10 @@ func HTTPHandler(driver drivers.Driver) http.Handler {
mux.HandleFunc("/{bucket}/{object:.*}", api.getObjectHandler).Methods("GET")
mux.HandleFunc("/{bucket}/{object:.*}", api.putObjectHandler).Methods("PUT")
var conf = config.Config{}
if err := conf.SetupConfig(); err != nil {
log.Fatal(iodine.New(err, nil))
}
h := timeValidityHandler(mux)
h := validContentTypeHandler(mux)
h = timeValidityHandler(h)
h = ignoreResourcesHandler(h)
h = validateAuthHeaderHandler(conf, h)
h = validateAuthHeaderHandler(h)
// h = quota.BandwidthCap(h, 25*1024*1024, time.Duration(30*time.Minute))
// h = quota.BandwidthCap(h, 100*1024*1024, time.Duration(24*time.Hour))
// h = quota.RequestLimit(h, 100, time.Duration(30*time.Minute))