From dfd99b6d8f7ce1d08e618fed3433e72d4246973a Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Mon, 4 Jan 2021 09:01:06 +0100 Subject: [PATCH] handlers: Little bit more optimizations (#11211) --- cmd/generic-handlers.go | 57 +++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/cmd/generic-handlers.go b/cmd/generic-handlers.go index 774208b09..d43806beb 100644 --- a/cmd/generic-handlers.go +++ b/cmd/generic-handlers.go @@ -172,6 +172,9 @@ type browserRedirectHandler struct { } func setBrowserRedirectHandler(h http.Handler) http.Handler { + if !globalBrowserEnabled { + return h + } return browserRedirectHandler{handler: h} } @@ -183,19 +186,17 @@ func shouldProxy() bool { } func (h redirectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if guessIsRPCReq(r) || guessIsBrowserReq(r) || + if !shouldProxy() || guessIsRPCReq(r) || guessIsBrowserReq(r) || guessIsHealthCheckReq(r) || guessIsMetricsReq(r) || isAdminReq(r) { h.handler.ServeHTTP(w, r) return } - if shouldProxy() { - // if this server is still initializing, proxy the request - // to any other online servers to avoid 503 for any incoming - // API calls. - if idx := getOnlineProxyEndpointIdx(); idx >= 0 { - proxyRequest(context.TODO(), w, r, globalProxyEndpoints[idx]) - return - } + // if this server is still initializing, proxy the request + // to any other online servers to avoid 503 for any incoming + // API calls. + if idx := getOnlineProxyEndpointIdx(); idx >= 0 { + proxyRequest(context.TODO(), w, r, globalProxyEndpoints[idx]) + return } h.handler.ServeHTTP(w, r) } @@ -290,6 +291,9 @@ type cacheControlHandler struct { } func setBrowserCacheControlHandler(h http.Handler) http.Handler { + if !globalBrowserEnabled { + return h + } return cacheControlHandler{h} } @@ -337,15 +341,11 @@ func setReservedBucketHandler(h http.Handler) http.Handler { } func (h minioReservedBucketHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - switch { - case guessIsRPCReq(r), guessIsBrowserReq(r), guessIsHealthCheckReq(r), guessIsMetricsReq(r), isAdminReq(r): - // Allow access to reserved buckets - default: - // For all other requests reject access to reserved buckets - bucketName, _ := request2BucketObjectName(r) - if isMinioReservedBucket(bucketName) || isMinioMetaBucket(bucketName) { - browser := guessIsBrowserReq(r) - writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrAllAccessDisabled), r.URL, browser) + // For all other requests reject access to reserved buckets + bucketName, _ := request2BucketObjectName(r) + if isMinioReservedBucket(bucketName) || isMinioMetaBucket(bucketName) { + if !guessIsRPCReq(r) && !guessIsBrowserReq(r) && !guessIsHealthCheckReq(r) && !guessIsMetricsReq(r) && !isAdminReq(r) { + writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrAllAccessDisabled), r.URL, guessIsBrowserReq(r)) return } } @@ -624,17 +624,15 @@ type bucketForwardingHandler struct { } func (f bucketForwardingHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if globalDNSConfig == nil || len(globalDomainNames) == 0 || - guessIsHealthCheckReq(r) || guessIsMetricsReq(r) || - guessIsRPCReq(r) || guessIsLoginSTSReq(r) || isAdminReq(r) || - !globalBucketFederation { + if guessIsHealthCheckReq(r) || guessIsMetricsReq(r) || + guessIsRPCReq(r) || guessIsLoginSTSReq(r) || isAdminReq(r) { f.handler.ServeHTTP(w, r) return } // For browser requests, when federation is setup we need to // specifically handle download and upload for browser requests. - if globalDNSConfig != nil && len(globalDomainNames) > 0 && guessIsBrowserReq(r) { + if guessIsBrowserReq(r) { var bucket, _ string switch r.Method { case http.MethodPut: @@ -729,6 +727,10 @@ func (f bucketForwardingHandler) ServeHTTP(w http.ResponseWriter, r *http.Reques // on a bucket to the right bucket location, bucket to IP configuration // is obtained from centralized etcd configuration service. func setBucketForwardingHandler(h http.Handler) http.Handler { + if globalDNSConfig == nil || len(globalDomainNames) == 0 || !globalBucketFederation { + return h + } + fwd := handlers.NewForwarder(&handlers.Forwarder{ PassHost: true, RoundTripper: newGatewayHTTPTransport(1 * time.Hour), @@ -791,14 +793,19 @@ func (h criticalErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) h.handler.ServeHTTP(w, r) } -func setSSETLSHandler(h http.Handler) http.Handler { return sseTLSHandler{h} } +func setSSETLSHandler(h http.Handler) http.Handler { + if globalIsTLS { + return h + } + return sseTLSHandler{h} +} // sseTLSHandler enforces certain rules for SSE requests which are made / must be made over TLS. type sseTLSHandler struct{ handler http.Handler } func (h sseTLSHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Deny SSE-C requests if not made over TLS - if !globalIsTLS && (crypto.SSEC.IsRequested(r.Header) || crypto.SSECopy.IsRequested(r.Header)) { + if crypto.SSEC.IsRequested(r.Header) || crypto.SSECopy.IsRequested(r.Header) { if r.Method == http.MethodHead { writeErrorResponseHeadersOnly(w, errorCodes.ToAPIErr(ErrInsecureSSECustomerRequest)) } else {