/* * MinIO Cloud Storage, (C) 2016-2020 MinIO, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package cmd import ( "net" "net/http" "github.com/gorilla/mux" xhttp "github.com/minio/minio/cmd/http" "github.com/minio/minio/pkg/wildcard" "github.com/rs/cors" ) func newHTTPServerFn() *xhttp.Server { globalObjLayerMutex.RLock() defer globalObjLayerMutex.RUnlock() return globalHTTPServer } func setHTTPServer(h *xhttp.Server) { globalObjLayerMutex.Lock() globalHTTPServer = h globalObjLayerMutex.Unlock() } func newObjectLayerFn() ObjectLayer { globalObjLayerMutex.RLock() defer globalObjLayerMutex.RUnlock() return globalObjectAPI } func newCachedObjectLayerFn() CacheObjectLayer { globalObjLayerMutex.RLock() defer globalObjLayerMutex.RUnlock() return globalCacheObjectAPI } func setCacheObjectLayer(c CacheObjectLayer) { globalObjLayerMutex.Lock() globalCacheObjectAPI = c globalObjLayerMutex.Unlock() } func setObjectLayer(o ObjectLayer) { globalObjLayerMutex.Lock() globalObjectAPI = o globalObjLayerMutex.Unlock() } // objectAPIHandler implements and provides http handlers for S3 API. type objectAPIHandlers struct { ObjectAPI func() ObjectLayer CacheAPI func() CacheObjectLayer } // getHost tries its best to return the request host. // According to section 14.23 of RFC 2616 the Host header // can include the port number if the default value of 80 is not used. func getHost(r *http.Request) string { if r.URL.IsAbs() { return r.URL.Host } return r.Host } // registerAPIRouter - registers S3 compatible APIs. func registerAPIRouter(router *mux.Router) { // Initialize API. api := objectAPIHandlers{ ObjectAPI: newObjectLayerFn, CacheAPI: newCachedObjectLayerFn, } // API Router apiRouter := router.PathPrefix(SlashSeparator).Subrouter() var routers []*mux.Router for _, domainName := range globalDomainNames { if IsKubernetes() { routers = append(routers, apiRouter.MatcherFunc(func(r *http.Request, match *mux.RouteMatch) bool { host, _, err := net.SplitHostPort(getHost(r)) if err != nil { host = r.Host } // Make sure to skip matching minio.` this is // specifically meant for operator/k8s deployment // The reason we need to skip this is for a special // usecase where we need to make sure that // minio..svc. is ignored // by the bucketDNS style to ensure that path style // is available and honored at this domain. // // All other `..svc.` // makes sure that buckets are routed through this matcher // to match for `` return host != minioReservedBucket+"."+domainName }).Host("{bucket:.+}."+domainName).Subrouter()) } else { routers = append(routers, apiRouter.Host("{bucket:.+}."+domainName).Subrouter()) } } routers = append(routers, apiRouter.PathPrefix("/{bucket}").Subrouter()) for _, bucket := range routers { // Object operations // HeadObject bucket.Methods(http.MethodHead).Path("/{object:.+}").HandlerFunc( collectAPIStats("headobject", maxClients(httpTraceAll(api.HeadObjectHandler)))) // CopyObjectPart bucket.Methods(http.MethodPut).Path("/{object:.+}"). HeadersRegexp(xhttp.AmzCopySource, ".*?(\\/|%2F).*?"). HandlerFunc(collectAPIStats("copyobjectpart", maxClients(httpTraceAll(api.CopyObjectPartHandler)))). Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}") // PutObjectPart bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc( collectAPIStats("putobjectpart", maxClients(httpTraceHdrs(api.PutObjectPartHandler)))).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}") // ListObjectParts bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc( collectAPIStats("listobjectparts", maxClients(httpTraceAll(api.ListObjectPartsHandler)))).Queries("uploadId", "{uploadId:.*}") // CompleteMultipartUpload bucket.Methods(http.MethodPost).Path("/{object:.+}").HandlerFunc( collectAPIStats("completemutipartupload", maxClients(httpTraceAll(api.CompleteMultipartUploadHandler)))).Queries("uploadId", "{uploadId:.*}") // NewMultipartUpload bucket.Methods(http.MethodPost).Path("/{object:.+}").HandlerFunc( collectAPIStats("newmultipartupload", maxClients(httpTraceAll(api.NewMultipartUploadHandler)))).Queries("uploads", "") // AbortMultipartUpload bucket.Methods(http.MethodDelete).Path("/{object:.+}").HandlerFunc( collectAPIStats("abortmultipartupload", maxClients(httpTraceAll(api.AbortMultipartUploadHandler)))).Queries("uploadId", "{uploadId:.*}") // GetObjectACL - this is a dummy call. bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc( collectAPIStats("getobjectacl", maxClients(httpTraceHdrs(api.GetObjectACLHandler)))).Queries("acl", "") // PutObjectACL - this is a dummy call. bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc( collectAPIStats("putobjectacl", maxClients(httpTraceHdrs(api.PutObjectACLHandler)))).Queries("acl", "") // GetObjectTagging bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc( collectAPIStats("getobjecttagging", maxClients(httpTraceHdrs(api.GetObjectTaggingHandler)))).Queries("tagging", "") // PutObjectTagging bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc( collectAPIStats("putobjecttagging", maxClients(httpTraceHdrs(api.PutObjectTaggingHandler)))).Queries("tagging", "") // DeleteObjectTagging bucket.Methods(http.MethodDelete).Path("/{object:.+}").HandlerFunc( collectAPIStats("deleteobjecttagging", maxClients(httpTraceHdrs(api.DeleteObjectTaggingHandler)))).Queries("tagging", "") // SelectObjectContent bucket.Methods(http.MethodPost).Path("/{object:.+}").HandlerFunc( collectAPIStats("selectobjectcontent", maxClients(httpTraceHdrs(api.SelectObjectContentHandler)))).Queries("select", "").Queries("select-type", "2") // GetObjectRetention bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc( collectAPIStats("getobjectretention", maxClients(httpTraceAll(api.GetObjectRetentionHandler)))).Queries("retention", "") // GetObjectLegalHold bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc( collectAPIStats("getobjectlegalhold", maxClients(httpTraceAll(api.GetObjectLegalHoldHandler)))).Queries("legal-hold", "") // GetObject bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc( collectAPIStats("getobject", maxClients(httpTraceHdrs(api.GetObjectHandler)))) // CopyObject bucket.Methods(http.MethodPut).Path("/{object:.+}").HeadersRegexp(xhttp.AmzCopySource, ".*?(\\/|%2F).*?").HandlerFunc( collectAPIStats("copyobject", maxClients(httpTraceAll(api.CopyObjectHandler)))) // PutObjectRetention bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc( collectAPIStats("putobjectretention", maxClients(httpTraceAll(api.PutObjectRetentionHandler)))).Queries("retention", "") // PutObjectLegalHold bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc( collectAPIStats("putobjectlegalhold", maxClients(httpTraceAll(api.PutObjectLegalHoldHandler)))).Queries("legal-hold", "") // PutObject bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc( collectAPIStats("putobject", maxClients(httpTraceHdrs(api.PutObjectHandler)))) // DeleteObject bucket.Methods(http.MethodDelete).Path("/{object:.+}").HandlerFunc( collectAPIStats("deleteobject", maxClients(httpTraceAll(api.DeleteObjectHandler)))) // PostRestoreObject bucket.Methods(http.MethodPost).Path("/{object:.+}").HandlerFunc( collectAPIStats("restoreobject", maxClients(httpTraceAll(api.PostRestoreObjectHandler)))).Queries("restore", "") /// Bucket operations // GetBucketLocation bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketlocation", maxClients(httpTraceAll(api.GetBucketLocationHandler)))).Queries("location", "") // GetBucketPolicy bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketpolicy", maxClients(httpTraceAll(api.GetBucketPolicyHandler)))).Queries("policy", "") // GetBucketLifecycle bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketlifecycle", maxClients(httpTraceAll(api.GetBucketLifecycleHandler)))).Queries("lifecycle", "") // GetBucketEncryption bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketencryption", maxClients(httpTraceAll(api.GetBucketEncryptionHandler)))).Queries("encryption", "") // GetBucketObjectLockConfig bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketobjectlockconfiguration", maxClients(httpTraceAll(api.GetBucketObjectLockConfigHandler)))).Queries("object-lock", "") // GetBucketReplicationConfig bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketreplicationconfiguration", maxClients(httpTraceAll(api.GetBucketReplicationConfigHandler)))).Queries("replication", "") // GetBucketVersioning bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketversioning", maxClients(httpTraceAll(api.GetBucketVersioningHandler)))).Queries("versioning", "") // GetBucketNotification bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketnotification", maxClients(httpTraceAll(api.GetBucketNotificationHandler)))).Queries("notification", "") // ListenNotification bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("listennotification", maxClients(httpTraceAll(api.ListenNotificationHandler)))).Queries("events", "{events:.*}") // Dummy Bucket Calls // GetBucketACL -- this is a dummy call. bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketacl", maxClients(httpTraceAll(api.GetBucketACLHandler)))).Queries("acl", "") // PutBucketACL -- this is a dummy call. bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketacl", maxClients(httpTraceAll(api.PutBucketACLHandler)))).Queries("acl", "") // GetBucketCors - this is a dummy call. bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketcors", maxClients(httpTraceAll(api.GetBucketCorsHandler)))).Queries("cors", "") // GetBucketWebsiteHandler - this is a dummy call. bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketwebsite", maxClients(httpTraceAll(api.GetBucketWebsiteHandler)))).Queries("website", "") // GetBucketAccelerateHandler - this is a dummy call. bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketaccelerate", maxClients(httpTraceAll(api.GetBucketAccelerateHandler)))).Queries("accelerate", "") // GetBucketRequestPaymentHandler - this is a dummy call. bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketrequestpayment", maxClients(httpTraceAll(api.GetBucketRequestPaymentHandler)))).Queries("requestPayment", "") // GetBucketLoggingHandler - this is a dummy call. bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketlogging", maxClients(httpTraceAll(api.GetBucketLoggingHandler)))).Queries("logging", "") // GetBucketLifecycleHandler - this is a dummy call. bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbucketlifecycle", maxClients(httpTraceAll(api.GetBucketLifecycleHandler)))).Queries("lifecycle", "") // GetBucketTaggingHandler bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getbuckettagging", maxClients(httpTraceAll(api.GetBucketTaggingHandler)))).Queries("tagging", "") //DeleteBucketWebsiteHandler bucket.Methods(http.MethodDelete).HandlerFunc( collectAPIStats("deletebucketwebsite", maxClients(httpTraceAll(api.DeleteBucketWebsiteHandler)))).Queries("website", "") // DeleteBucketTaggingHandler bucket.Methods(http.MethodDelete).HandlerFunc( collectAPIStats("deletebuckettagging", maxClients(httpTraceAll(api.DeleteBucketTaggingHandler)))).Queries("tagging", "") // ListMultipartUploads bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("listmultipartuploads", maxClients(httpTraceAll(api.ListMultipartUploadsHandler)))).Queries("uploads", "") // ListObjectsV2M bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("listobjectsv2M", maxClients(httpTraceAll(api.ListObjectsV2MHandler)))).Queries("list-type", "2", "metadata", "true") // ListObjectsV2 bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("listobjectsv2", maxClients(httpTraceAll(api.ListObjectsV2Handler)))).Queries("list-type", "2") // ListObjectVersions bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("listobjectversions", maxClients(httpTraceAll(api.ListObjectVersionsHandler)))).Queries("versions", "") // GetBucketPolicyStatus bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("getpolicystatus", maxClients(httpTraceAll(api.GetBucketPolicyStatusHandler)))).Queries("policyStatus", "") // PutBucketLifecycle bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketlifecycle", maxClients(httpTraceAll(api.PutBucketLifecycleHandler)))).Queries("lifecycle", "") // PutBucketReplicationConfig bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketreplicationconfiguration", maxClients(httpTraceAll(api.PutBucketReplicationConfigHandler)))).Queries("replication", "") // GetObjectRetention // PutBucketEncryption bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketencryption", maxClients(httpTraceAll(api.PutBucketEncryptionHandler)))).Queries("encryption", "") // PutBucketPolicy bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketpolicy", maxClients(httpTraceAll(api.PutBucketPolicyHandler)))).Queries("policy", "") // PutBucketObjectLockConfig bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketobjectlockconfig", maxClients(httpTraceAll(api.PutBucketObjectLockConfigHandler)))).Queries("object-lock", "") // PutBucketTaggingHandler bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbuckettagging", maxClients(httpTraceAll(api.PutBucketTaggingHandler)))).Queries("tagging", "") // PutBucketVersioning bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketversioning", maxClients(httpTraceAll(api.PutBucketVersioningHandler)))).Queries("versioning", "") // PutBucketNotification bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucketnotification", maxClients(httpTraceAll(api.PutBucketNotificationHandler)))).Queries("notification", "") // PutBucket bucket.Methods(http.MethodPut).HandlerFunc( collectAPIStats("putbucket", maxClients(httpTraceAll(api.PutBucketHandler)))) // HeadBucket bucket.Methods(http.MethodHead).HandlerFunc( collectAPIStats("headbucket", maxClients(httpTraceAll(api.HeadBucketHandler)))) // PostPolicy bucket.Methods(http.MethodPost).HeadersRegexp(xhttp.ContentType, "multipart/form-data*").HandlerFunc( collectAPIStats("postpolicybucket", maxClients(httpTraceHdrs(api.PostPolicyBucketHandler)))) // DeleteMultipleObjects bucket.Methods(http.MethodPost).HandlerFunc( collectAPIStats("deletemultipleobjects", maxClients(httpTraceAll(api.DeleteMultipleObjectsHandler)))).Queries("delete", "") // DeleteBucketPolicy bucket.Methods(http.MethodDelete).HandlerFunc( collectAPIStats("deletebucketpolicy", maxClients(httpTraceAll(api.DeleteBucketPolicyHandler)))).Queries("policy", "") // DeleteBucketReplication bucket.Methods(http.MethodDelete).HandlerFunc( collectAPIStats("deletebucketreplicationconfiguration", maxClients(httpTraceAll(api.DeleteBucketReplicationConfigHandler)))).Queries("replication", "") // DeleteBucketLifecycle bucket.Methods(http.MethodDelete).HandlerFunc( collectAPIStats("deletebucketlifecycle", maxClients(httpTraceAll(api.DeleteBucketLifecycleHandler)))).Queries("lifecycle", "") // DeleteBucketEncryption bucket.Methods(http.MethodDelete).HandlerFunc( collectAPIStats("deletebucketencryption", maxClients(httpTraceAll(api.DeleteBucketEncryptionHandler)))).Queries("encryption", "") // DeleteBucket bucket.Methods(http.MethodDelete).HandlerFunc( collectAPIStats("deletebucket", maxClients(httpTraceAll(api.DeleteBucketHandler)))) // ListObjectsV1 (Legacy) bucket.Methods(http.MethodGet).HandlerFunc( collectAPIStats("listobjectsv1", maxClients(httpTraceAll(api.ListObjectsV1Handler)))) } /// Root operation // ListenNotification apiRouter.Methods(http.MethodGet).Path(SlashSeparator).HandlerFunc( collectAPIStats("listennotification", maxClients(httpTraceAll(api.ListenNotificationHandler)))).Queries("events", "{events:.*}") // ListBuckets apiRouter.Methods(http.MethodGet).Path(SlashSeparator).HandlerFunc( collectAPIStats("listbuckets", maxClients(httpTraceAll(api.ListBucketsHandler)))) // S3 browser with signature v4 adds '//' for ListBuckets request, so rather // than failing with UnknownAPIRequest we simply handle it for now. apiRouter.Methods(http.MethodGet).Path(SlashSeparator + SlashSeparator).HandlerFunc( collectAPIStats("listbuckets", maxClients(httpTraceAll(api.ListBucketsHandler)))) // If none of the routes match add default error handler routes apiRouter.NotFoundHandler = collectAPIStats("notfound", httpTraceAll(errorResponseHandler)) apiRouter.MethodNotAllowedHandler = collectAPIStats("methodnotallowed", httpTraceAll(methodNotAllowedHandler("S3"))) } // corsHandler handler for CORS (Cross Origin Resource Sharing) func corsHandler(handler http.Handler) http.Handler { commonS3Headers := []string{ xhttp.Date, xhttp.ETag, xhttp.ServerInfo, xhttp.Connection, xhttp.AcceptRanges, xhttp.ContentRange, xhttp.ContentEncoding, xhttp.ContentLength, xhttp.ContentType, xhttp.ContentDisposition, xhttp.LastModified, xhttp.ContentLanguage, xhttp.CacheControl, xhttp.RetryAfter, xhttp.AmzBucketRegion, xhttp.Expires, "X-Amz*", "x-amz*", "*", } return cors.New(cors.Options{ AllowOriginFunc: func(origin string) bool { for _, allowedOrigin := range globalAPIConfig.getCorsAllowOrigins() { if wildcard.MatchSimple(allowedOrigin, origin) { return true } } return false }, AllowedMethods: []string{ http.MethodGet, http.MethodPut, http.MethodHead, http.MethodPost, http.MethodDelete, http.MethodOptions, http.MethodPatch, }, AllowedHeaders: commonS3Headers, ExposedHeaders: commonS3Headers, AllowCredentials: true, }).Handler(handler) }