2020-08-19 23:36:17 +00:00
|
|
|
package handler
|
|
|
|
|
|
|
|
|
|
import (
|
2021-07-16 12:35:07 +00:00
|
|
|
"encoding/xml"
|
2021-08-06 13:05:57 +00:00
|
|
|
"net"
|
2020-08-19 23:36:17 +00:00
|
|
|
"net/http"
|
2021-06-23 20:21:15 +00:00
|
|
|
"strings"
|
2020-08-19 23:36:17 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
2021-05-18 11:10:08 +00:00
|
|
|
"github.com/nspcc-dev/neofs-s3-gw/api"
|
2021-07-21 11:59:46 +00:00
|
|
|
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
2021-05-18 11:10:08 +00:00
|
|
|
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
2020-08-19 23:36:17 +00:00
|
|
|
"go.uber.org/zap"
|
|
|
|
|
)
|
|
|
|
|
|
2021-06-23 20:21:15 +00:00
|
|
|
// keywords of predefined basic ACL values.
|
|
|
|
|
const (
|
2021-07-21 11:59:46 +00:00
|
|
|
basicACLPrivate = "private"
|
|
|
|
|
basicACLReadOnly = "public-read"
|
|
|
|
|
basicACLPublic = "public-read-write"
|
|
|
|
|
cannedACLAuthRead = "authenticated-read"
|
2021-07-07 14:58:53 +00:00
|
|
|
|
|
|
|
|
publicBasicRule = 0x0FFFFFFF
|
2021-06-23 20:21:15 +00:00
|
|
|
)
|
|
|
|
|
|
2021-07-16 12:35:07 +00:00
|
|
|
type createBucketParams struct {
|
|
|
|
|
XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ CreateBucketConfiguration" json:"-"`
|
|
|
|
|
LocationConstraint string
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-19 23:36:17 +00:00
|
|
|
func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
|
2021-08-19 14:14:19 +00:00
|
|
|
var newEaclTable *eacl.Table
|
|
|
|
|
reqInfo := api.GetReqInfo(r.Context())
|
2020-08-19 23:36:17 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
if containsACLHeaders(r) {
|
|
|
|
|
objectACL, err := parseACLHeaders(r)
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logAndSendError(w, "could not parse object acl", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
objectACL.Resource = reqInfo.BucketName + "/" + reqInfo.ObjectName
|
2021-07-21 11:59:46 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
bktPolicy, err := aclToPolicy(objectACL)
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logAndSendError(w, "could not translate object acl to bucket policy", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-07-21 11:59:46 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
astChild, err := policyToAst(bktPolicy)
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logAndSendError(w, "could not translate policy to ast", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-07-21 11:59:46 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
bacl, err := h.obj.GetBucketACL(r.Context(), reqInfo.BucketName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logAndSendError(w, "could not get bucket eacl", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-07-21 11:59:46 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
parentAst := tableToAst(bacl.EACL, reqInfo.BucketName)
|
|
|
|
|
for _, resource := range parentAst.Resources {
|
|
|
|
|
if resource.Name == bacl.Info.CID.String() {
|
|
|
|
|
resource.Name = reqInfo.BucketName
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-21 11:59:46 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
if resAst, updated := mergeAst(parentAst, astChild); updated {
|
|
|
|
|
if newEaclTable, err = astToTable(resAst, reqInfo.BucketName); err != nil {
|
|
|
|
|
h.logAndSendError(w, "could not translate ast to table", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-07-21 11:59:46 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName)
|
2021-07-21 11:59:46 +00:00
|
|
|
if err != nil {
|
2021-08-19 14:14:19 +00:00
|
|
|
h.logAndSendError(w, "could not get bucket eacl", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err = checkOwner(bktInfo, r.Header.Get(api.AmzExpectedBucketOwner)); err != nil {
|
|
|
|
|
h.logAndSendError(w, "expected owner doesn't match", reqInfo, err)
|
2021-07-21 11:59:46 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-07 14:52:36 +00:00
|
|
|
metadata := parseMetadata(r)
|
2021-08-06 15:08:09 +00:00
|
|
|
if contentType := r.Header.Get(api.ContentType); len(contentType) > 0 {
|
|
|
|
|
metadata[api.ContentType] = contentType
|
|
|
|
|
}
|
2021-07-07 14:52:36 +00:00
|
|
|
|
2020-08-19 23:36:17 +00:00
|
|
|
params := &layer.PutObjectParams{
|
2021-08-05 09:18:52 +00:00
|
|
|
Bucket: reqInfo.BucketName,
|
|
|
|
|
Object: reqInfo.ObjectName,
|
2020-08-19 23:36:17 +00:00
|
|
|
Reader: r.Body,
|
|
|
|
|
Size: r.ContentLength,
|
2021-07-07 14:52:36 +00:00
|
|
|
Header: metadata,
|
2020-08-19 23:36:17 +00:00
|
|
|
}
|
|
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
info, err := h.obj.PutObject(r.Context(), params)
|
|
|
|
|
if err != nil {
|
2021-08-05 09:18:52 +00:00
|
|
|
h.logAndSendError(w, "could not upload object", reqInfo, err)
|
2020-08-19 23:36:17 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
if newEaclTable != nil {
|
2021-07-21 11:59:46 +00:00
|
|
|
p := &layer.PutBucketACLParams{
|
|
|
|
|
Name: reqInfo.BucketName,
|
2021-08-19 14:14:19 +00:00
|
|
|
EACL: newEaclTable,
|
2021-07-21 11:59:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err = h.obj.PutBucketACL(r.Context(), p); err != nil {
|
|
|
|
|
h.logAndSendError(w, "could not put bucket acl", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-19 06:55:22 +00:00
|
|
|
if versioning, err := h.obj.GetBucketVersioning(r.Context(), reqInfo.BucketName); err != nil {
|
|
|
|
|
h.log.Warn("couldn't get bucket versioning", zap.String("bucket name", reqInfo.BucketName), zap.Error(err))
|
|
|
|
|
} else if versioning.VersioningEnabled {
|
|
|
|
|
w.Header().Set(api.AmzVersionID, info.Version())
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-29 13:40:26 +00:00
|
|
|
w.Header().Set(api.ETag, info.HashSum)
|
2020-08-19 23:36:17 +00:00
|
|
|
api.WriteSuccessResponseHeadersOnly(w)
|
|
|
|
|
}
|
2021-06-23 20:21:15 +00:00
|
|
|
|
2021-08-19 14:14:19 +00:00
|
|
|
func containsACLHeaders(r *http.Request) bool {
|
|
|
|
|
return r.Header.Get(api.AmzACL) != "" || r.Header.Get(api.AmzGrantRead) != "" ||
|
|
|
|
|
r.Header.Get(api.AmzGrantFullControl) != "" || r.Header.Get(api.AmzGrantWrite) != ""
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-07 14:52:36 +00:00
|
|
|
func parseMetadata(r *http.Request) map[string]string {
|
|
|
|
|
res := make(map[string]string)
|
|
|
|
|
for k, v := range r.Header {
|
|
|
|
|
if strings.HasPrefix(k, api.MetadataPrefix) {
|
2021-08-06 11:46:19 +00:00
|
|
|
key := strings.ToLower(strings.TrimPrefix(k, api.MetadataPrefix))
|
2021-07-07 14:52:36 +00:00
|
|
|
res[key] = v[0]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return res
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 20:21:15 +00:00
|
|
|
func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
var (
|
2021-08-05 09:18:52 +00:00
|
|
|
reqInfo = api.GetReqInfo(r.Context())
|
2021-07-21 11:59:46 +00:00
|
|
|
p = layer.CreateBucketParams{Name: reqInfo.BucketName, ACL: publicBasicRule}
|
2021-06-23 20:21:15 +00:00
|
|
|
)
|
2021-08-05 09:18:52 +00:00
|
|
|
|
2021-07-21 11:59:46 +00:00
|
|
|
if err := checkBucketName(reqInfo.BucketName); err != nil {
|
2021-08-06 13:05:57 +00:00
|
|
|
h.logAndSendError(w, "invalid bucket name", reqInfo, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-21 11:59:46 +00:00
|
|
|
bktACL, err := parseACLHeaders(r)
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
|
|
|
|
|
return
|
2021-06-23 20:21:15 +00:00
|
|
|
}
|
2021-07-21 11:59:46 +00:00
|
|
|
bktACL.IsBucket = true
|
2021-06-23 20:21:15 +00:00
|
|
|
|
2021-07-21 11:59:46 +00:00
|
|
|
p.EACL, err = bucketACLToTable(bktACL)
|
2021-06-23 20:21:15 +00:00
|
|
|
if err != nil {
|
2021-07-21 11:59:46 +00:00
|
|
|
h.logAndSendError(w, "could translate bucket acl to eacl", reqInfo, err)
|
2021-07-09 08:57:44 +00:00
|
|
|
return
|
2021-06-23 20:21:15 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-16 12:35:07 +00:00
|
|
|
createParams, err := parseLocationConstraint(r)
|
2021-06-23 20:21:15 +00:00
|
|
|
if err != nil {
|
2021-08-05 09:18:52 +00:00
|
|
|
h.logAndSendError(w, "could not parse body", reqInfo, err)
|
2021-07-09 08:57:44 +00:00
|
|
|
return
|
2021-06-23 20:21:15 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-28 13:27:06 +00:00
|
|
|
p.BoxData, err = layer.GetBoxData(r.Context())
|
2021-06-23 20:21:15 +00:00
|
|
|
if err != nil {
|
2021-08-05 09:18:52 +00:00
|
|
|
h.logAndSendError(w, "could not get boxData", reqInfo, err)
|
2021-07-16 12:35:07 +00:00
|
|
|
return
|
|
|
|
|
}
|
2021-06-23 20:21:15 +00:00
|
|
|
|
2021-07-16 12:35:07 +00:00
|
|
|
if createParams.LocationConstraint != "" {
|
2021-07-26 10:30:51 +00:00
|
|
|
for _, placementPolicy := range p.BoxData.Policies {
|
2021-07-16 12:35:07 +00:00
|
|
|
if placementPolicy.LocationConstraint == createParams.LocationConstraint {
|
|
|
|
|
p.Policy = placementPolicy.Policy
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if p.Policy == nil {
|
2021-08-23 18:39:15 +00:00
|
|
|
p.Policy = h.cfg.DefaultPolicy
|
2021-07-16 12:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-26 10:30:51 +00:00
|
|
|
cid, err := h.obj.CreateBucket(r.Context(), &p)
|
2021-07-16 12:35:07 +00:00
|
|
|
if err != nil {
|
2021-08-05 09:18:52 +00:00
|
|
|
h.logAndSendError(w, "could not create bucket", reqInfo, err)
|
2021-07-07 14:56:29 +00:00
|
|
|
return
|
2021-06-23 20:21:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
h.log.Info("bucket is created",
|
|
|
|
|
zap.String("container_id", cid.String()))
|
|
|
|
|
|
|
|
|
|
api.WriteSuccessResponseHeadersOnly(w)
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-06 13:05:57 +00:00
|
|
|
func checkBucketName(bucketName string) error {
|
|
|
|
|
if len(bucketName) < 3 || len(bucketName) > 63 {
|
2021-08-09 08:53:58 +00:00
|
|
|
return errors.GetAPIError(errors.ErrInvalidBucketName)
|
2021-08-06 13:05:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if strings.HasPrefix(bucketName, "xn--") || strings.HasSuffix(bucketName, "-s3alias") {
|
2021-08-09 08:53:58 +00:00
|
|
|
return errors.GetAPIError(errors.ErrInvalidBucketName)
|
2021-08-06 13:05:57 +00:00
|
|
|
}
|
|
|
|
|
if net.ParseIP(bucketName) != nil {
|
2021-08-09 08:53:58 +00:00
|
|
|
return errors.GetAPIError(errors.ErrInvalidBucketName)
|
2021-08-06 13:05:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
labels := strings.Split(bucketName, ".")
|
|
|
|
|
for _, label := range labels {
|
|
|
|
|
if len(label) == 0 {
|
2021-08-09 08:53:58 +00:00
|
|
|
return errors.GetAPIError(errors.ErrInvalidBucketName)
|
2021-08-06 13:05:57 +00:00
|
|
|
}
|
|
|
|
|
for i, r := range label {
|
|
|
|
|
if !isAlphaNum(r) && r != '-' {
|
2021-08-09 08:53:58 +00:00
|
|
|
return errors.GetAPIError(errors.ErrInvalidBucketName)
|
2021-08-06 13:05:57 +00:00
|
|
|
}
|
|
|
|
|
if (i == 0 || i == len(label)-1) && r == '-' {
|
2021-08-09 08:53:58 +00:00
|
|
|
return errors.GetAPIError(errors.ErrInvalidBucketName)
|
2021-08-06 13:05:57 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func isAlphaNum(char int32) bool {
|
|
|
|
|
return 'a' <= char && char <= 'z' || '0' <= char && char <= '9'
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-16 12:35:07 +00:00
|
|
|
func parseLocationConstraint(r *http.Request) (*createBucketParams, error) {
|
|
|
|
|
if r.ContentLength == 0 {
|
|
|
|
|
return new(createBucketParams), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
params := new(createBucketParams)
|
|
|
|
|
if err := xml.NewDecoder(r.Body).Decode(params); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return params, nil
|
|
|
|
|
}
|
