Implement bucket policy handler and with galore of cleanup

2025-11-07 04:42:56 -05:00 · 2015-02-15 17:03:27 -08:00
parent 7d8c34e055
commit eeae64935e
18 changed files with 827 additions and 407 deletions
--- a/pkg/utils/policy/date.go
+++ b/pkg/utils/policy/date.go
@@ -0,0 +1,60 @@
+package policy
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// For 0000-00-00 Date type
+type Date struct {
+	Year  int16
+	Month byte
+	Day   byte
+}
+
+func (d Date) String() string {
+	return fmt.Sprintf("%04d-%02d-%02d", d.Year, d.Month, d.Day)
+}
+
+// True if date is 0000-00-00
+func (d Date) IsZero() bool {
+	return d.Day == 0 && d.Month == 0 && d.Year == 0
+}
+
+// Convert string date in format YYYY-MM-DD to Date.
+// Leading and trailing spaces are ignored. If format is invalid returns zero.
+func ParseDate(str string) (d Date, err error) {
+	str = strings.TrimSpace(str)
+	if str == "0000-00-00" {
+		return
+	}
+	var (
+		y, m, n int
+	)
+	if len(str) != 10 || str[4] != '-' || str[7] != '-' {
+		err = fmt.Errorf("Invalid 0000-00-000 style DATE string: " + str)
+		return
+	}
+	if y, err = strconv.Atoi(str[0:4]); err != nil {
+		return
+	}
+	if m, err = strconv.Atoi(str[5:7]); err != nil {
+		return
+	}
+	if m < 1 || m > 12 {
+		err = fmt.Errorf("Invalid 0000-00-000 style DATE string: " + str)
+		return
+	}
+	if n, err = strconv.Atoi(str[8:10]); err != nil {
+		return
+	}
+	if n < 1 || n > 31 {
+		err = fmt.Errorf("Invalid 0000-00-000 style DATE string: " + str)
+		return
+	}
+	d.Year = int16(y)
+	d.Month = byte(m)
+	d.Day = byte(n)
+	return
+}
--- a/pkg/utils/policy/policy.go
+++ b/pkg/utils/policy/policy.go
@@ -0,0 +1,67 @@
+package policy
+
+import (
+	"encoding/json"
+	"io"
+)
+
+type UserCred struct {
+	AWS string
+}
+
+type Stmt struct {
+	Sid       string
+	Effect    string
+	Principal UserCred
+	Action    []string
+	Resource  []string
+}
+
+type BucketPolicy struct {
+	Version   string // date in 0000-00-00 format
+	Statement []Stmt
+}
+
+// TODO: Add more checks
+
+// validate request body is proper JSON
+func Parsepolicy(data io.Reader) (BucketPolicy, bool) {
+	var policy BucketPolicy
+	decoder := json.NewDecoder(data)
+	err := decoder.Decode(&policy)
+	if err != nil {
+		goto error
+	}
+	if len(policy.Version) == 0 {
+		goto error
+	}
+	_, err = ParseDate(policy.Version)
+	if err != nil {
+		goto error
+	}
+	if len(policy.Statement) == 0 {
+		goto error
+	}
+
+	for _, statement := range policy.Statement {
+		if len(statement.Sid) == 0 {
+			goto error
+		}
+		if len(statement.Effect) == 0 {
+			goto error
+		}
+		if len(statement.Principal.AWS) == 0 {
+			goto error
+		}
+		if len(statement.Action) == 0 {
+			goto error
+		}
+		if len(statement.Resource) == 0 {
+			goto error
+		}
+	}
+	return policy, true
+
+error:
+	return BucketPolicy{}, false
+}