Avoid checking date header of web requests by properly applying generic handlers (#2914)

cmd/api-router.go

@@ -16,7 +16,10 @@
 
 package cmd
 
-import router "github.com/gorilla/mux"
+import (
+	router "github.com/gorilla/mux"
+	"github.com/urfave/negroni"
+)
 
 // objectAPIHandler implements and provides http handlers for S3 API.
 type objectAPIHandlers struct {
@@ -31,7 +34,7 @@ func registerAPIRouter(mux *router.Router) {
 	}
 
 	// API Router
-	apiRouter := mux.NewRoute().PathPrefix("/").Subrouter()
+	apiRouter := router.NewRouter().PathPrefix("/").Subrouter()
 
 	// Bucket router
 	bucket := apiRouter.PathPrefix("/{bucket}").Subrouter()
@@ -96,4 +99,12 @@ func registerAPIRouter(mux *router.Router) {
 
 	// ListBuckets
 	apiRouter.Methods("GET").HandlerFunc(api.ListBucketsHandler)
+
+	mux.PathPrefix("/").Handler(negroni.New(
+		// Validates all incoming requests to have a valid date header.
+		negroni.Wrap(timeValidityHandler{}),
+		// Route requests
+		negroni.Wrap(apiRouter),
+	))
+
 }

cmd/generic-handlers.go

@@ -182,16 +182,10 @@ func parseAmzDateHeader(req *http.Request) (time.Time, APIErrorCode) {
 	return time.Time{}, ErrMissingDateHeader
 }
 
-type timeHandler struct {
-	handler http.Handler
+type timeValidityHandler struct {
 }
 
-// setTimeValidityHandler to validate parsable time over http header
-func setTimeValidityHandler(h http.Handler) http.Handler {
-	return timeHandler{h}
-}
-
-func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+func (h timeValidityHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Verify if date headers are set, if not reject the request
 	if _, ok := r.Header["Authorization"]; ok {
 		amzDate, apiErr := parseAmzDateHeader(r)
@@ -210,7 +204,6 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	h.handler.ServeHTTP(w, r)
 }
 
 type resourceHandler struct {

cmd/routers.go

@@ -109,8 +109,6 @@ func configureServerHandler(srvCmdConfig serverCmdConfig) http.Handler {
 		setPrivateBucketHandler,
 		// Adds cache control for all browser requests.
 		setBrowserCacheControlHandler,
-		// Validates all incoming requests to have a valid date header.
-		setTimeValidityHandler,
 		// CORS setting for all browser API requests.
 		setCorsHandler,
 		// Validates all incoming URL resources, for invalid/unsupported