package handler import ( "encoding/xml" "fmt" "net/http" "strconv" "strings" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware" apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain" ) // limitation of AWS https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjects.html const maxObjectsToDelete = 1000 // DeleteObjectsRequest -- xml carrying the object key names which should be deleted. type DeleteObjectsRequest struct { XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ Delete" json:"-"` // Element to enable quiet mode for the request Quiet bool `xml:"Quiet,omitempty"` // List of objects to be deleted Objects []ObjectIdentifier `xml:"Object"` } // ObjectIdentifier carries the key name for the object to delete. type ObjectIdentifier struct { ObjectName string `xml:"Key"` VersionID string `xml:"VersionId,omitempty"` } // DeletedObject carries the key name for the object to delete. type DeletedObject struct { ObjectIdentifier DeleteMarker bool `xml:"DeleteMarker,omitempty"` DeleteMarkerVersionID string `xml:"DeleteMarkerVersionId,omitempty"` } // DeleteError structure. type DeleteError struct { Code string `xml:"Code,omitempty"` Message string `xml:"Message,omitempty"` Key string `xml:"Key,omitempty"` VersionID string `xml:"VersionId,omitempty"` } // DeleteObjectsResponse container for multiple object deletes. type DeleteObjectsResponse struct { XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ DeleteResult" json:"-"` // Collection of all deleted objects DeletedObjects []DeletedObject `xml:"Deleted,omitempty"` // Collection of errors deleting certain objects. Errors []DeleteError `xml:"Error,omitempty"` } func (h *handler) DeleteObjectHandler(w http.ResponseWriter, r *http.Request) { ctx := r.Context() reqInfo := middleware.GetReqInfo(ctx) versionID := reqInfo.URL.Query().Get(api.QueryVersionID) versionedObject := []*layer.VersionedObject{{ Name: reqInfo.ObjectName, VersionID: versionID, }} bktInfo, err := h.getBucketAndCheckOwner(r, reqInfo.BucketName) if err != nil { h.logAndSendError(ctx, w, "could not get bucket info", reqInfo, err) return } bktSettings, err := h.obj.GetBucketSettings(ctx, bktInfo) if err != nil { h.logAndSendError(ctx, w, "could not get bucket settings", reqInfo, err) return } networkInfo, err := h.obj.GetNetworkInfo(ctx) if err != nil { h.logAndSendError(ctx, w, "could not get network info", reqInfo, err) return } p := &layer.DeleteObjectParams{ BktInfo: bktInfo, Objects: versionedObject, Settings: bktSettings, NetworkInfo: networkInfo, } deletedObjects := h.obj.DeleteObjects(ctx, p) deletedObject := deletedObjects[0] if deletedObject.Error != nil { if isErrObjectLocked(deletedObject.Error) { h.logAndSendError(ctx, w, "object is locked", reqInfo, errors.GetAPIError(errors.ErrAccessDenied)) } else { h.logAndSendError(ctx, w, "could not delete object", reqInfo, deletedObject.Error) } return } if deletedObject.VersionID != "" { w.Header().Set(api.AmzVersionID, deletedObject.VersionID) } if deletedObject.DeleteMarkVersion != "" { w.Header().Set(api.AmzDeleteMarker, strconv.FormatBool(true)) if deletedObject.VersionID == "" { w.Header().Set(api.AmzVersionID, deletedObject.DeleteMarkVersion) } } w.WriteHeader(http.StatusNoContent) } func isErrObjectLocked(err error) bool { switch err.(type) { default: return strings.Contains(err.Error(), "object is locked") case *apistatus.ObjectLocked: return true } } // DeleteMultipleObjectsHandler handles multiple delete requests. func (h *handler) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *http.Request) { ctx := r.Context() reqInfo := middleware.GetReqInfo(ctx) // Content-Md5 is required and should be set // http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html if _, ok := r.Header[api.ContentMD5]; !ok { h.logAndSendError(ctx, w, "missing Content-MD5", reqInfo, errors.GetAPIError(errors.ErrMissingContentMD5)) return } // Content-Length is required and should be non-zero // http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html if r.ContentLength <= 0 { h.logAndSendError(ctx, w, "missing Content-Length", reqInfo, errors.GetAPIError(errors.ErrMissingContentLength)) return } // Unmarshal list of keys to be deleted. requested := &DeleteObjectsRequest{} if err := h.cfg.NewXMLDecoder(r.Body, r.UserAgent()).Decode(requested); err != nil { h.logAndSendError(ctx, w, "couldn't decode body", reqInfo, fmt.Errorf("%w: %s", errors.GetAPIError(errors.ErrMalformedXML), err.Error())) return } if len(requested.Objects) == 0 || len(requested.Objects) > maxObjectsToDelete { h.logAndSendError(ctx, w, "number of objects to delete must be greater than 0 and less or equal to 1000", reqInfo, errors.GetAPIError(errors.ErrMalformedXML)) return } unique := make(map[string]struct{}) toRemove := make([]*layer.VersionedObject, 0, len(requested.Objects)) for _, obj := range requested.Objects { versionedObj := &layer.VersionedObject{ Name: obj.ObjectName, VersionID: obj.VersionID, } key := versionedObj.String() if _, ok := unique[key]; !ok { toRemove = append(toRemove, versionedObj) unique[key] = struct{}{} } } response := &DeleteObjectsResponse{ Errors: make([]DeleteError, 0, len(toRemove)), DeletedObjects: make([]DeletedObject, 0, len(toRemove)), } bktInfo, err := h.getBucketAndCheckOwner(r, reqInfo.BucketName) if err != nil { h.logAndSendError(ctx, w, "could not get bucket info", reqInfo, err) return } bktSettings, err := h.obj.GetBucketSettings(ctx, bktInfo) if err != nil { h.logAndSendError(ctx, w, "could not get bucket settings", reqInfo, err) return } networkInfo, err := h.obj.GetNetworkInfo(ctx) if err != nil { h.logAndSendError(ctx, w, "could not get network info", reqInfo, err) return } p := &layer.DeleteObjectParams{ BktInfo: bktInfo, Objects: toRemove, Settings: bktSettings, NetworkInfo: networkInfo, IsMultiple: true, } deletedObjects := h.obj.DeleteObjects(ctx, p) for _, obj := range deletedObjects { if obj.Error != nil { code := "BadRequest" if s3err, ok := obj.Error.(errors.Error); ok { code = s3err.Code } response.Errors = append(response.Errors, DeleteError{ Code: code, Message: obj.Error.Error(), Key: obj.Name, VersionID: obj.VersionID, }) } else if !requested.Quiet { deletedObj := DeletedObject{ ObjectIdentifier: ObjectIdentifier{ ObjectName: obj.Name, VersionID: obj.VersionID, }, DeleteMarkerVersionID: obj.DeleteMarkVersion, } if deletedObj.DeleteMarkerVersionID != "" { deletedObj.DeleteMarker = true } response.DeletedObjects = append(response.DeletedObjects, deletedObj) } } if err = middleware.EncodeToResponse(w, response); err != nil { h.logAndSendError(ctx, w, "could not write response", reqInfo, err) return } } func (h *handler) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) { ctx := r.Context() reqInfo := middleware.GetReqInfo(ctx) bktInfo, err := h.getBucketAndCheckOwner(r, reqInfo.BucketName) if err != nil { h.logAndSendError(ctx, w, "could not get bucket info", reqInfo, err) return } if err = checkOwner(bktInfo, reqInfo.User); err != nil { h.logAndSendError(ctx, w, "request owner id does not match bucket owner id", reqInfo, err) return } var sessionToken *session.Container boxData, err := middleware.GetBoxData(ctx) if err == nil { sessionToken = boxData.Gate.SessionTokenForDelete() } skipObjCheck := false if value, ok := r.Header[api.AmzForceBucketDelete]; ok { s := value[0] if s == "true" { skipObjCheck = true } } if err = h.obj.DeleteBucket(ctx, &layer.DeleteBucketParams{ BktInfo: bktInfo, SessionToken: sessionToken, SkipCheck: skipObjCheck, }); err != nil { h.logAndSendError(ctx, w, "couldn't delete bucket", reqInfo, err) return } chainIDs := []chain.ID{ getBucketChainID(chain.S3, bktInfo), getBucketChainID(chain.Ingress, bktInfo), getBucketCannedChainID(chain.S3, bktInfo.CID), getBucketCannedChainID(chain.Ingress, bktInfo.CID), } if err = h.ape.DeleteBucketPolicy(reqInfo.Namespace, bktInfo.CID, chainIDs); err != nil { h.logAndSendError(ctx, w, "failed to delete policy from storage", reqInfo, err) return } w.WriteHeader(http.StatusNoContent) }