mirror of
https://github.com/minio/minio.git
synced 2024-12-25 14:45:54 -05:00
8689ec258b
Copying an encrypted SSEC object when this latter is uploaded using multipart mechanism was failing because ETag in case of encrypted multipart upload is not encrypted. This PR fixes the behavior.
270 lines
9.7 KiB
Go
270 lines
9.7 KiB
Go
/*
|
|
* Minio Cloud Storage, (C) 2016, 2017, 2018 Minio, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/minio/minio/cmd/crypto"
|
|
"github.com/minio/minio/pkg/event"
|
|
"github.com/minio/minio/pkg/handlers"
|
|
)
|
|
|
|
// Validates the preconditions for CopyObjectPart, returns true if CopyObjectPart
|
|
// operation should not proceed. Preconditions supported are:
|
|
// x-amz-copy-source-if-modified-since
|
|
// x-amz-copy-source-if-unmodified-since
|
|
// x-amz-copy-source-if-match
|
|
// x-amz-copy-source-if-none-match
|
|
func checkCopyObjectPartPreconditions(ctx context.Context, w http.ResponseWriter, r *http.Request, objInfo ObjectInfo, encETag string) bool {
|
|
return checkCopyObjectPreconditions(ctx, w, r, objInfo, encETag)
|
|
}
|
|
|
|
// Validates the preconditions for CopyObject, returns true if CopyObject operation should not proceed.
|
|
// Preconditions supported are:
|
|
// x-amz-copy-source-if-modified-since
|
|
// x-amz-copy-source-if-unmodified-since
|
|
// x-amz-copy-source-if-match
|
|
// x-amz-copy-source-if-none-match
|
|
func checkCopyObjectPreconditions(ctx context.Context, w http.ResponseWriter, r *http.Request, objInfo ObjectInfo, encETag string) bool {
|
|
// Return false for methods other than GET and HEAD.
|
|
if r.Method != "PUT" {
|
|
return false
|
|
}
|
|
if encETag == "" {
|
|
encETag = objInfo.ETag
|
|
}
|
|
// If the object doesn't have a modtime (IsZero), or the modtime
|
|
// is obviously garbage (Unix time == 0), then ignore modtimes
|
|
// and don't process the If-Modified-Since header.
|
|
if objInfo.ModTime.IsZero() || objInfo.ModTime.Equal(time.Unix(0, 0)) {
|
|
return false
|
|
}
|
|
|
|
// Headers to be set of object content is not going to be written to the client.
|
|
writeHeaders := func() {
|
|
// set common headers
|
|
setCommonHeaders(w)
|
|
|
|
// set object-related metadata headers
|
|
w.Header().Set("Last-Modified", objInfo.ModTime.UTC().Format(http.TimeFormat))
|
|
|
|
if objInfo.ETag != "" {
|
|
w.Header().Set("ETag", "\""+objInfo.ETag+"\"")
|
|
}
|
|
}
|
|
// x-amz-copy-source-if-modified-since: Return the object only if it has been modified
|
|
// since the specified time otherwise return 412 (precondition failed).
|
|
ifModifiedSinceHeader := r.Header.Get("x-amz-copy-source-if-modified-since")
|
|
if ifModifiedSinceHeader != "" {
|
|
if givenTime, err := time.Parse(http.TimeFormat, ifModifiedSinceHeader); err == nil {
|
|
if !ifModifiedSince(objInfo.ModTime, givenTime) {
|
|
// If the object is not modified since the specified time.
|
|
writeHeaders()
|
|
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrPreconditionFailed), r.URL, guessIsBrowserReq(r))
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
|
|
// x-amz-copy-source-if-unmodified-since : Return the object only if it has not been
|
|
// modified since the specified time, otherwise return a 412 (precondition failed).
|
|
ifUnmodifiedSinceHeader := r.Header.Get("x-amz-copy-source-if-unmodified-since")
|
|
if ifUnmodifiedSinceHeader != "" {
|
|
if givenTime, err := time.Parse(http.TimeFormat, ifUnmodifiedSinceHeader); err == nil {
|
|
if ifModifiedSince(objInfo.ModTime, givenTime) {
|
|
// If the object is modified since the specified time.
|
|
writeHeaders()
|
|
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrPreconditionFailed), r.URL, guessIsBrowserReq(r))
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
|
|
shouldDecryptEtag := crypto.SSECopy.IsRequested(r.Header) && !crypto.IsMultiPart(objInfo.UserDefined)
|
|
|
|
// x-amz-copy-source-if-match : Return the object only if its entity tag (ETag) is the
|
|
// same as the one specified; otherwise return a 412 (precondition failed).
|
|
ifMatchETagHeader := r.Header.Get("x-amz-copy-source-if-match")
|
|
if ifMatchETagHeader != "" {
|
|
etag := objInfo.ETag
|
|
if shouldDecryptEtag {
|
|
etag = encETag[len(encETag)-32:]
|
|
}
|
|
if objInfo.ETag != "" && !isETagEqual(etag, ifMatchETagHeader) {
|
|
// If the object ETag does not match with the specified ETag.
|
|
writeHeaders()
|
|
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrPreconditionFailed), r.URL, guessIsBrowserReq(r))
|
|
return true
|
|
}
|
|
}
|
|
|
|
// If-None-Match : Return the object only if its entity tag (ETag) is different from the
|
|
// one specified otherwise, return a 304 (not modified).
|
|
ifNoneMatchETagHeader := r.Header.Get("x-amz-copy-source-if-none-match")
|
|
if ifNoneMatchETagHeader != "" {
|
|
etag := objInfo.ETag
|
|
if shouldDecryptEtag {
|
|
etag = encETag[len(encETag)-32:]
|
|
}
|
|
if objInfo.ETag != "" && isETagEqual(etag, ifNoneMatchETagHeader) {
|
|
// If the object ETag matches with the specified ETag.
|
|
writeHeaders()
|
|
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrPreconditionFailed), r.URL, guessIsBrowserReq(r))
|
|
return true
|
|
}
|
|
}
|
|
// Object content should be written to http.ResponseWriter
|
|
return false
|
|
}
|
|
|
|
// Validates the preconditions. Returns true if GET/HEAD operation should not proceed.
|
|
// Preconditions supported are:
|
|
// If-Modified-Since
|
|
// If-Unmodified-Since
|
|
// If-Match
|
|
// If-None-Match
|
|
func checkPreconditions(ctx context.Context, w http.ResponseWriter, r *http.Request, objInfo ObjectInfo) bool {
|
|
// Return false for methods other than GET and HEAD.
|
|
if r.Method != "GET" && r.Method != "HEAD" {
|
|
return false
|
|
}
|
|
// If the object doesn't have a modtime (IsZero), or the modtime
|
|
// is obviously garbage (Unix time == 0), then ignore modtimes
|
|
// and don't process the If-Modified-Since header.
|
|
if objInfo.ModTime.IsZero() || objInfo.ModTime.Equal(time.Unix(0, 0)) {
|
|
return false
|
|
}
|
|
|
|
// Headers to be set of object content is not going to be written to the client.
|
|
writeHeaders := func() {
|
|
// set common headers
|
|
setCommonHeaders(w)
|
|
|
|
// set object-related metadata headers
|
|
w.Header().Set("Last-Modified", objInfo.ModTime.UTC().Format(http.TimeFormat))
|
|
|
|
if objInfo.ETag != "" {
|
|
w.Header().Set("ETag", "\""+objInfo.ETag+"\"")
|
|
}
|
|
}
|
|
// If-Modified-Since : Return the object only if it has been modified since the specified time,
|
|
// otherwise return a 304 (not modified).
|
|
ifModifiedSinceHeader := r.Header.Get("If-Modified-Since")
|
|
if ifModifiedSinceHeader != "" {
|
|
if givenTime, err := time.Parse(http.TimeFormat, ifModifiedSinceHeader); err == nil {
|
|
if !ifModifiedSince(objInfo.ModTime, givenTime) {
|
|
// If the object is not modified since the specified time.
|
|
writeHeaders()
|
|
w.WriteHeader(http.StatusNotModified)
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
|
|
// If-Unmodified-Since : Return the object only if it has not been modified since the specified
|
|
// time, otherwise return a 412 (precondition failed).
|
|
ifUnmodifiedSinceHeader := r.Header.Get("If-Unmodified-Since")
|
|
if ifUnmodifiedSinceHeader != "" {
|
|
if givenTime, err := time.Parse(http.TimeFormat, ifUnmodifiedSinceHeader); err == nil {
|
|
if ifModifiedSince(objInfo.ModTime, givenTime) {
|
|
// If the object is modified since the specified time.
|
|
writeHeaders()
|
|
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrPreconditionFailed), r.URL, guessIsBrowserReq(r))
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
|
|
// If-Match : Return the object only if its entity tag (ETag) is the same as the one specified;
|
|
// otherwise return a 412 (precondition failed).
|
|
ifMatchETagHeader := r.Header.Get("If-Match")
|
|
if ifMatchETagHeader != "" {
|
|
if !isETagEqual(objInfo.ETag, ifMatchETagHeader) {
|
|
// If the object ETag does not match with the specified ETag.
|
|
writeHeaders()
|
|
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrPreconditionFailed), r.URL, guessIsBrowserReq(r))
|
|
return true
|
|
}
|
|
}
|
|
|
|
// If-None-Match : Return the object only if its entity tag (ETag) is different from the
|
|
// one specified otherwise, return a 304 (not modified).
|
|
ifNoneMatchETagHeader := r.Header.Get("If-None-Match")
|
|
if ifNoneMatchETagHeader != "" {
|
|
if isETagEqual(objInfo.ETag, ifNoneMatchETagHeader) {
|
|
// If the object ETag matches with the specified ETag.
|
|
writeHeaders()
|
|
w.WriteHeader(http.StatusNotModified)
|
|
return true
|
|
}
|
|
}
|
|
// Object content should be written to http.ResponseWriter
|
|
return false
|
|
}
|
|
|
|
// returns true if object was modified after givenTime.
|
|
func ifModifiedSince(objTime time.Time, givenTime time.Time) bool {
|
|
// The Date-Modified header truncates sub-second precision, so
|
|
// use mtime < t+1s instead of mtime <= t to check for unmodified.
|
|
return objTime.After(givenTime.Add(1 * time.Second))
|
|
}
|
|
|
|
// canonicalizeETag returns ETag with leading and trailing double-quotes removed,
|
|
// if any present
|
|
func canonicalizeETag(etag string) string {
|
|
canonicalETag := strings.TrimPrefix(etag, "\"")
|
|
return strings.TrimSuffix(canonicalETag, "\"")
|
|
}
|
|
|
|
// isETagEqual return true if the canonical representations of two ETag strings
|
|
// are equal, false otherwise
|
|
func isETagEqual(left, right string) bool {
|
|
return canonicalizeETag(left) == canonicalizeETag(right)
|
|
}
|
|
|
|
// deleteObject is a convenient wrapper to delete an object, this
|
|
// is a common function to be called from object handlers and
|
|
// web handlers.
|
|
func deleteObject(ctx context.Context, obj ObjectLayer, cache CacheObjectLayer, bucket, object string, r *http.Request) (err error) {
|
|
deleteObject := obj.DeleteObject
|
|
if cache != nil {
|
|
deleteObject = cache.DeleteObject
|
|
}
|
|
// Proceed to delete the object.
|
|
if err = deleteObject(ctx, bucket, object); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Notify object deleted event.
|
|
sendEvent(eventArgs{
|
|
EventName: event.ObjectRemovedDelete,
|
|
BucketName: bucket,
|
|
Object: ObjectInfo{
|
|
Name: object,
|
|
},
|
|
ReqParams: extractReqParams(r),
|
|
UserAgent: r.UserAgent(),
|
|
Host: handlers.GetSourceIP(r),
|
|
})
|
|
|
|
return nil
|
|
}
|