[#162] Stop using obsolete .github directory

This commit is a part of multi-repo cleanup effort:
TrueCloudLab/frostfs-infra#136

Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>

.github/CODEOWNERS

@@ -1 +0,0 @@
-*       @alexvanin @dkirillov

CHANGELOG.md

@@ -3,7 +3,11 @@
 This document outlines major changes between releases.
 
 ## [Unreleased]
+
+### Added
 - Support percent-encoding for GET queries (#134)
+- Add `trace_id` to logs (#148)
+- Add `cors` config params (#158)
 
 ### Changed
 - Update go version to 1.22 (#132)

CODEOWNERS

@@ -0,0 +1 @@
+.*       @alexvanin @dkirillov

README.md

@@ -1,5 +1,5 @@
 <p align="center">
-<img src="./.github/logo.svg" width="500px" alt="FrostFS logo">
+<img src="./.forgejo/logo.svg" width="500px" alt="FrostFS logo">
 </p>
 <p align="center">
   <a href="https://frostfs.info">FrostFS</a> is a decentralized distributed object storage integrated with the <a href="https://neo.org">NEO Blockchain</a>.

cmd/http-gw/app.go

@@ -18,11 +18,12 @@ import (
 
 	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/frostfs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/frostfs/services"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	internalnet "git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/net"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/service/frostfs"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/templates"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/metrics"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
@@ -41,6 +42,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
 	"github.com/valyala/fasthttp"
+	"go.opentelemetry.io/otel/trace"
 	"go.uber.org/zap"
 	"golang.org/x/exp/slices"
 )
@@ -86,14 +88,32 @@ type (
 	// appSettings stores reloading parameters, so it has to provide getters and setters which use RWMutex.
 	appSettings struct {
 		reconnectInterval time.Duration
+		dialerSource      *internalnet.DialerSource
 
 		mu                   sync.RWMutex
 		defaultTimestamp     bool
 		zipCompression       bool
 		clientCut            bool
+		returnIndexPage      bool
+		indexPageTemplate    string
 		bufferMaxSizeForPut  uint64
 		namespaceHeader      string
 		defaultNamespaces    []string
+		corsAllowOrigin      string
+		corsAllowMethods     []string
+		corsAllowHeaders     []string
+		corsExposeHeaders    []string
+		corsAllowCredentials bool
+		corsMaxAge           int
+	}
+
+	CORS struct {
+		AllowOrigin      string
+		AllowMethods     []string
+		AllowHeaders     []string
+		ExposeHeaders    []string
+		AllowCredentials bool
+		MaxAge           int
 	}
 )
 
@@ -130,6 +150,8 @@ func newApp(ctx context.Context, opt ...Option) App {
 		opt[i](a)
 	}
 
+	a.initAppSettings()
+
 	// -- setup FastHTTP server --
 	a.webServer.Name = "frost-http-gw"
 	a.webServer.ReadBufferSize = a.cfg.GetInt(cfgWebReadBufferSize)
@@ -143,7 +165,7 @@ func newApp(ctx context.Context, opt ...Option) App {
 	a.webServer.DisablePreParseMultipartForm = true
 	a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
 	// -- -- -- -- -- -- -- -- -- -- -- -- -- --
-	a.pool, a.treePool, a.key = getPools(ctx, a.log, a.cfg)
+	a.pool, a.treePool, a.key = getPools(ctx, a.log, a.cfg, a.settings.dialerSource)
 
 	var owner user.ID
 	user.IDFromKey(&owner, a.key.PrivateKey.PublicKey)
@@ -151,7 +173,6 @@ func newApp(ctx context.Context, opt ...Option) App {
 
 	a.setRuntimeParameters()
 
-	a.initAppSettings()
 	a.initResolver()
 	a.initMetrics()
 	a.initTracing(ctx)
@@ -159,28 +180,98 @@ func newApp(ctx context.Context, opt ...Option) App {
 	return a
 }
 
+func (a *app) initAppSettings() {
+	a.settings = &appSettings{
+		reconnectInterval: fetchReconnectInterval(a.cfg),
+		dialerSource:      getDialerSource(a.log, a.cfg),
+	}
+	a.settings.update(a.cfg, a.log)
+}
+
+func (s *appSettings) update(v *viper.Viper, l *zap.Logger) {
+	defaultTimestamp := v.GetBool(cfgUploaderHeaderEnableDefaultTimestamp)
+	zipCompression := v.GetBool(cfgZipCompression)
+	returnIndexPage := v.GetBool(cfgIndexPageEnabled)
+	clientCut := v.GetBool(cfgClientCut)
+	bufferMaxSizeForPut := v.GetUint64(cfgBufferMaxSizeForPut)
+	namespaceHeader := v.GetString(cfgResolveNamespaceHeader)
+	defaultNamespaces := fetchDefaultNamespaces(v)
+	indexPage, indexEnabled := fetchIndexPageTemplate(v, l)
+	corsAllowOrigin := v.GetString(cfgCORSAllowOrigin)
+	corsAllowMethods := v.GetStringSlice(cfgCORSAllowMethods)
+	corsAllowHeaders := v.GetStringSlice(cfgCORSAllowHeaders)
+	corsExposeHeaders := v.GetStringSlice(cfgCORSExposeHeaders)
+	corsAllowCredentials := v.GetBool(cfgCORSAllowCredentials)
+	corsMaxAge := fetchCORSMaxAge(v)
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	s.defaultTimestamp = defaultTimestamp
+	s.zipCompression = zipCompression
+	s.returnIndexPage = returnIndexPage
+	s.clientCut = clientCut
+	s.bufferMaxSizeForPut = bufferMaxSizeForPut
+	s.namespaceHeader = namespaceHeader
+	s.defaultNamespaces = defaultNamespaces
+	s.returnIndexPage = indexEnabled
+	s.indexPageTemplate = indexPage
+	s.corsAllowOrigin = corsAllowOrigin
+	s.corsAllowMethods = corsAllowMethods
+	s.corsAllowHeaders = corsAllowHeaders
+	s.corsExposeHeaders = corsExposeHeaders
+	s.corsAllowCredentials = corsAllowCredentials
+	s.corsMaxAge = corsMaxAge
+}
+
 func (s *appSettings) DefaultTimestamp() bool {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	return s.defaultTimestamp
 }
 
-func (s *appSettings) setDefaultTimestamp(val bool) {
-	s.mu.Lock()
-	s.defaultTimestamp = val
-	s.mu.Unlock()
-}
-
 func (s *appSettings) ZipCompression() bool {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	return s.zipCompression
 }
 
-func (s *appSettings) setZipCompression(val bool) {
-	s.mu.Lock()
-	s.zipCompression = val
-	s.mu.Unlock()
+func (s *appSettings) IndexPageEnabled() bool {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.returnIndexPage
+}
+
+func (s *appSettings) IndexPageTemplate() string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	if s.indexPageTemplate == "" {
+		return templates.DefaultIndexTemplate
+	}
+	return s.indexPageTemplate
+}
+
+func (s *appSettings) CORS() CORS {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	allowMethods := make([]string, len(s.corsAllowMethods))
+	copy(allowMethods, s.corsAllowMethods)
+
+	allowHeaders := make([]string, len(s.corsAllowHeaders))
+	copy(allowHeaders, s.corsAllowHeaders)
+
+	exposeHeaders := make([]string, len(s.corsExposeHeaders))
+	copy(exposeHeaders, s.corsExposeHeaders)
+
+	return CORS{
+		AllowOrigin:      s.corsAllowOrigin,
+		AllowMethods:     allowMethods,
+		AllowHeaders:     allowHeaders,
+		ExposeHeaders:    exposeHeaders,
+		AllowCredentials: s.corsAllowCredentials,
+		MaxAge:           s.corsMaxAge,
+	}
 }
 
 func (s *appSettings) ClientCut() bool {
@@ -189,29 +280,27 @@ func (s *appSettings) ClientCut() bool {
 	return s.clientCut
 }
 
-func (s *appSettings) setClientCut(val bool) {
-	s.mu.Lock()
-	s.clientCut = val
-	s.mu.Unlock()
-}
-
 func (s *appSettings) BufferMaxSizeForPut() uint64 {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	return s.bufferMaxSizeForPut
 }
 
-func (s *appSettings) setBufferMaxSizeForPut(val uint64) {
-	s.mu.Lock()
-	s.bufferMaxSizeForPut = val
-	s.mu.Unlock()
+func (s *appSettings) NamespaceHeader() string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.namespaceHeader
 }
 
-func (a *app) initAppSettings() {
-	a.settings = &appSettings{
-		reconnectInterval: fetchReconnectInterval(a.cfg),
+func (s *appSettings) FormContainerZone(ns string) (zone string, isDefault bool) {
+	s.mu.RLock()
+	namespaces := s.defaultNamespaces
+	s.mu.RUnlock()
+	if slices.Contains(namespaces, ns) {
+		return v2container.SysAttributeZoneDefault, true
 	}
-	a.updateSettings()
+
+	return ns + ".ns", false
 }
 
 func (a *app) initResolver() {
@@ -401,7 +490,7 @@ func (a *app) setHealthStatus() {
 }
 
 func (a *app) Serve() {
-	handler := handler.New(a.AppParams(), a.settings, tree.NewTree(services.NewPoolWrapper(a.treePool)))
+	handler := handler.New(a.AppParams(), a.settings, tree.NewTree(frostfs.NewPoolWrapper(a.treePool)))
 
 	// Configure router.
 	a.configureRouter(handler)
@@ -474,6 +563,10 @@ func (a *app) configReload(ctx context.Context) {
 		a.logLevel.SetLevel(lvl)
 	}
 
+	if err := a.settings.dialerSource.Update(fetchMultinetConfig(a.cfg, a.log)); err != nil {
+		a.log.Warn(logs.MultinetConfigWontBeUpdated, zap.Error(err))
+	}
+
 	if err := a.resolver.UpdateResolvers(a.getResolverConfig()); err != nil {
 		a.log.Warn(logs.FailedToUpdateResolvers, zap.Error(err))
 	}
@@ -487,7 +580,7 @@ func (a *app) configReload(ctx context.Context) {
 	a.stopServices()
 	a.startServices()
 
-	a.updateSettings()
+	a.settings.update(a.cfg, a.log)
 
 	a.metrics.SetEnabled(a.cfg.GetBool(cfgPrometheusEnabled))
 	a.initTracing(ctx)
@@ -496,15 +589,6 @@ func (a *app) configReload(ctx context.Context) {
 	a.log.Info(logs.SIGHUPConfigReloadCompleted)
 }
 
-func (a *app) updateSettings() {
-	a.settings.setDefaultTimestamp(a.cfg.GetBool(cfgUploaderHeaderEnableDefaultTimestamp))
-	a.settings.setZipCompression(a.cfg.GetBool(cfgZipCompression))
-	a.settings.setClientCut(a.cfg.GetBool(cfgClientCut))
-	a.settings.setBufferMaxSizeForPut(a.cfg.GetUint64(cfgBufferMaxSizeForPut))
-	a.settings.setNamespaceHeader(a.cfg.GetString(cfgResolveNamespaceHeader))
-	a.settings.setDefaultNamespaces(a.cfg.GetStringSlice(cfgResolveDefaultNamespaces))
-}
-
 func (a *app) startServices() {
 	pprofConfig := metrics.Config{Enabled: a.cfg.GetBool(cfgPprofEnabled), Address: a.cfg.GetString(cfgPprofAddress)}
 	pprofService := metrics.NewPprofService(a.log, pprofConfig)
@@ -525,7 +609,6 @@ func (a *app) stopServices() {
 		svc.ShutDown(ctx)
 	}
 }
-
 func (a *app) configureRouter(handler *handler.Handler) {
 	r := router.New()
 	r.RedirectTrailingSlash = true
@@ -536,27 +619,116 @@ func (a *app) configureRouter(handler *handler.Handler) {
 		response.Error(r, "Method Not Allowed", fasthttp.StatusMethodNotAllowed)
 	}
 
-	r.POST("/upload/{cid}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.Upload))))))
+	r.POST("/upload/{cid}", a.addMiddlewares(handler.Upload))
+	r.OPTIONS("/upload/{cid}", a.addPreflight())
 	a.log.Info(logs.AddedPathUploadCid)
-	r.GET("/get/{cid}/{oid:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.DownloadByAddressOrBucketName))))))
-	r.HEAD("/get/{cid}/{oid:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.HeadByAddressOrBucketName))))))
+	r.GET("/get/{cid}/{oid:*}", a.addMiddlewares(handler.DownloadByAddressOrBucketName))
+	r.HEAD("/get/{cid}/{oid:*}", a.addMiddlewares(handler.HeadByAddressOrBucketName))
+	r.OPTIONS("/get/{cid}/{oid:*}", a.addPreflight())
 	a.log.Info(logs.AddedPathGetCidOid)
-	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.DownloadByAttribute))))))
-	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.HeadByAttribute))))))
+	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(handler.DownloadByAttribute))
+	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(handler.HeadByAttribute))
+	r.OPTIONS("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addPreflight())
 	a.log.Info(logs.AddedPathGetByAttributeCidAttrKeyAttrVal)
-	r.GET("/zip/{cid}/{prefix:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.DownloadZipped))))))
+	r.GET("/zip/{cid}/{prefix:*}", a.addMiddlewares(handler.DownloadZipped))
+	r.OPTIONS("/zip/{cid}/{prefix:*}", a.addPreflight())
 	a.log.Info(logs.AddedPathZipCidPrefix)
 
 	a.webServer.Handler = r.Handler
 }
 
+func (a *app) addMiddlewares(h fasthttp.RequestHandler) fasthttp.RequestHandler {
+	list := []func(fasthttp.RequestHandler) fasthttp.RequestHandler{
+		a.tracer,
+		a.logger,
+		a.canonicalizer,
+		a.tokenizer,
+		a.reqNamespace,
+		a.cors,
+	}
+
+	for i := len(list) - 1; i >= 0; i-- {
+		h = list[i](h)
+	}
+
+	return h
+}
+
+func (a *app) addPreflight() fasthttp.RequestHandler {
+	list := []func(fasthttp.RequestHandler) fasthttp.RequestHandler{
+		a.tracer,
+		a.logger,
+		a.reqNamespace,
+	}
+
+	h := a.preflightHandler
+	for i := len(list) - 1; i >= 0; i-- {
+		h = list[i](h)
+	}
+
+	return h
+}
+
+func (a *app) preflightHandler(c *fasthttp.RequestCtx) {
+	cors := a.settings.CORS()
+	setCORSHeaders(c, cors)
+}
+
+func (a *app) cors(h fasthttp.RequestHandler) fasthttp.RequestHandler {
+	return func(c *fasthttp.RequestCtx) {
+		h(c)
+		code := c.Response.StatusCode()
+		if code >= fasthttp.StatusOK && code < fasthttp.StatusMultipleChoices {
+			cors := a.settings.CORS()
+			setCORSHeaders(c, cors)
+		}
+	}
+}
+
+func setCORSHeaders(c *fasthttp.RequestCtx, cors CORS) {
+	c.Response.Header.Set(fasthttp.HeaderAccessControlMaxAge, strconv.Itoa(cors.MaxAge))
+
+	if len(cors.AllowOrigin) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowOrigin, cors.AllowOrigin)
+	}
+
+	if len(cors.AllowMethods) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowMethods, strings.Join(cors.AllowMethods, ","))
+	}
+
+	if len(cors.AllowHeaders) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowHeaders, strings.Join(cors.AllowHeaders, ","))
+	}
+
+	if len(cors.ExposeHeaders) != 0 {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlExposeHeaders, strings.Join(cors.ExposeHeaders, ","))
+	}
+
+	if cors.AllowCredentials {
+		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowCredentials, "true")
+	}
+}
+
 func (a *app) logger(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(req *fasthttp.RequestCtx) {
-		a.log.Info(logs.Request, zap.String("remote", req.RemoteAddr().String()),
+		requiredFields := []zap.Field{zap.Uint64("id", req.ID())}
+		reqCtx := utils.GetContextFromRequest(req)
+		if traceID := trace.SpanFromContext(reqCtx).SpanContext().TraceID(); traceID.IsValid() {
+			requiredFields = append(requiredFields, zap.String("trace_id", traceID.String()))
+		}
+		log := a.log.With(requiredFields...)
+
+		reqCtx = utils.SetReqLog(reqCtx, log)
+		utils.SetContextToRequest(reqCtx, req)
+
+		fields := []zap.Field{
+			zap.String("remote", req.RemoteAddr().String()),
 			zap.ByteString("method", req.Method()),
 			zap.ByteString("path", req.Path()),
 			zap.ByteString("query", req.QueryArgs().QueryString()),
-			zap.Uint64("id", req.ID()))
+		}
+
+		log.Info(logs.Request, fields...)
 		h(req)
 	}
 }
@@ -595,9 +767,12 @@ func (a *app) canonicalizer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 
 func (a *app) tokenizer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(req *fasthttp.RequestCtx) {
-		appCtx, err := tokens.StoreBearerTokenAppCtx(a.ctx, req)
+		reqCtx := utils.GetContextFromRequest(req)
+		appCtx, err := tokens.StoreBearerTokenAppCtx(reqCtx, req)
 		if err != nil {
-			a.log.Error(logs.CouldNotFetchAndStoreBearerToken, zap.Uint64("id", req.ID()), zap.Error(err))
+			log := utils.GetReqLogOrDefault(reqCtx, a.log)
+
+			log.Error(logs.CouldNotFetchAndStoreBearerToken, zap.Error(err))
 			response.Error(req, "could not fetch and store bearer token: "+err.Error(), fasthttp.StatusBadRequest)
 			return
 		}
@@ -608,9 +783,7 @@ func (a *app) tokenizer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 
 func (a *app) tracer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(req *fasthttp.RequestCtx) {
-		appCtx := utils.GetContextFromRequest(req)
-
-		appCtx, span := utils.StartHTTPServerSpan(appCtx, req, "REQUEST")
+		appCtx, span := utils.StartHTTPServerSpan(a.ctx, req, "REQUEST")
 		defer func() {
 			utils.SetHTTPTraceInfo(appCtx, span, req)
 			span.End()
@@ -779,39 +952,6 @@ func (a *app) setRuntimeParameters() {
 	}
 }
 
-func (s *appSettings) NamespaceHeader() string {
-	s.mu.RLock()
-	defer s.mu.RUnlock()
-	return s.namespaceHeader
-}
-
-func (s *appSettings) setNamespaceHeader(nsHeader string) {
-	s.mu.Lock()
-	s.namespaceHeader = nsHeader
-	s.mu.Unlock()
-}
-
-func (s *appSettings) FormContainerZone(ns string) (zone string, isDefault bool) {
-	s.mu.RLock()
-	namespaces := s.defaultNamespaces
-	s.mu.RUnlock()
-	if slices.Contains(namespaces, ns) {
-		return v2container.SysAttributeZoneDefault, true
-	}
-
-	return ns + ".ns", false
-}
-
-func (s *appSettings) setDefaultNamespaces(namespaces []string) {
-	for i := range namespaces { // to be set namespaces in env variable as `HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"`
-		namespaces[i] = strings.Trim(namespaces[i], "\"")
-	}
-
-	s.mu.Lock()
-	s.defaultNamespaces = namespaces
-	s.mu.Unlock()
-}
-
 func (a *app) scheduleReconnect(ctx context.Context, srv *fasthttp.Server) {
 	go func() {
 		t := time.NewTicker(a.settings.reconnectInterval)

cmd/http-gw/integration_test.go

@@ -102,7 +102,7 @@ func runServer(pathToWallet string) (App, context.CancelFunc) {
 	v.Set(cfgWalletPath, pathToWallet)
 	v.Set(cfgWalletPassphrase, "")
 
-	l, lvl := newStdoutLogger(zapcore.DebugLevel)
+	l, lvl := newStdoutLogger(v, zapcore.DebugLevel)
 	application := newApp(cancelCtx, WithConfig(v), WithLogger(l, lvl))
 	go application.Serve()
 
@@ -525,7 +525,7 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
 	id, err := clientPool.PutObject(ctx, prm)
 	require.NoError(t, err)
 
-	return id
+	return id.ObjectID
 }
 
 func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {

cmd/http-gw/settings.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/hex"
 	"fmt"
+	"io"
 	"math"
 	"os"
 	"path"
@@ -15,6 +16,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	internalnet "git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/net"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	grpctracing "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing/grpc"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
@@ -41,6 +43,8 @@ const (
 	defaultConnectTimeout = 10 * time.Second
 	defaultStreamTimeout  = 10 * time.Second
 
+	defaultLoggerSamplerInterval = 1 * time.Second
+
 	defaultShutdownTimeout = 15 * time.Second
 
 	defaultPoolErrorThreshold uint32 = 100
@@ -53,6 +57,10 @@ const (
 
 	defaultReconnectInterval = time.Minute
 
+	defaultCORSMaxAge = 600 // seconds
+
+	defaultMultinetFallbackDelay = 300 * time.Millisecond
+
 	cfgServer      = "server"
 	cfgTLSEnabled  = "tls.enabled"
 	cfgTLSCertFile = "tls.cert_file"
@@ -60,6 +68,9 @@ const (
 
 	cfgReconnectInterval = "reconnect_interval"
 
+	cfgIndexPageEnabled      = "index_page.enabled"
+	cfgIndexPageTemplatePath = "index_page.template_path"
+
 	// Web.
 	cfgWebReadBufferSize     = "web.read_buffer_size"
 	cfgWebWriteBufferSize    = "web.write_buffer_size"
@@ -91,6 +102,11 @@ const (
 	cfgLoggerLevel       = "logger.level"
 	cfgLoggerDestination = "logger.destination"
 
+	cfgLoggerSamplingEnabled    = "logger.sampling.enabled"
+	cfgLoggerSamplingInitial    = "logger.sampling.initial"
+	cfgLoggerSamplingThereafter = "logger.sampling.thereafter"
+	cfgLoggerSamplingInterval   = "logger.sampling.interval"
+
 	// Wallet.
 	cfgWalletPassphrase = "wallet.passphrase"
 	cfgWalletPath       = "wallet.path"
@@ -130,6 +146,21 @@ const (
 	cfgResolveNamespaceHeader   = "resolve_bucket.namespace_header"
 	cfgResolveDefaultNamespaces = "resolve_bucket.default_namespaces"
 
+	// CORS.
+	cfgCORSAllowOrigin      = "cors.allow_origin"
+	cfgCORSAllowMethods     = "cors.allow_methods"
+	cfgCORSAllowHeaders     = "cors.allow_headers"
+	cfgCORSExposeHeaders    = "cors.expose_headers"
+	cfgCORSAllowCredentials = "cors.allow_credentials"
+	cfgCORSMaxAge           = "cors.max_age"
+
+	// Multinet.
+	cfgMultinetEnabled       = "multinet.enabled"
+	cfgMultinetBalancer      = "multinet.balancer"
+	cfgMultinetRestrict      = "multinet.restrict"
+	cfgMultinetFallbackDelay = "multinet.fallback_delay"
+	cfgMultinetSubnets       = "multinet.subnets"
+
 	// Command line args.
 	cmdHelp          = "help"
 	cmdVersion       = "version"
@@ -188,10 +219,17 @@ func settings() *viper.Viper {
 	// logger:
 	v.SetDefault(cfgLoggerLevel, "debug")
 	v.SetDefault(cfgLoggerDestination, "stdout")
+	v.SetDefault(cfgLoggerSamplingEnabled, false)
+	v.SetDefault(cfgLoggerSamplingThereafter, 100)
+	v.SetDefault(cfgLoggerSamplingInitial, 100)
+	v.SetDefault(cfgLoggerSamplingInterval, defaultLoggerSamplerInterval)
 
 	// pool:
 	v.SetDefault(cfgPoolErrorThreshold, defaultPoolErrorThreshold)
 
+	v.SetDefault(cfgIndexPageEnabled, false)
+	v.SetDefault(cfgIndexPageTemplatePath, "")
+
 	// frostfs:
 	v.SetDefault(cfgBufferMaxSizeForPut, defaultBufferMaxSizeForPut)
 
@@ -217,6 +255,9 @@ func settings() *viper.Viper {
 	v.SetDefault(cfgResolveNamespaceHeader, defaultNamespaceHeader)
 	v.SetDefault(cfgResolveDefaultNamespaces, []string{"", "root"})
 
+	// multinet
+	v.SetDefault(cfgMultinetFallbackDelay, defaultMultinetFallbackDelay)
+
 	// Binding flags
 	if err := v.BindPFlag(cfgPprofEnabled, flags.Lookup(cmdPprof)); err != nil {
 		panic(err)
@@ -386,9 +427,9 @@ func pickLogger(v *viper.Viper) (*zap.Logger, zap.AtomicLevel) {
 
 	switch dest {
 	case destinationStdout:
-		return newStdoutLogger(lvl)
+		return newStdoutLogger(v, lvl)
 	case destinationJournald:
-		return newJournaldLogger(lvl)
+		return newJournaldLogger(v, lvl)
 	default:
 		panic(fmt.Sprintf("wrong destination for logger: %s", dest))
 	}
@@ -405,39 +446,59 @@ func pickLogger(v *viper.Viper) (*zap.Logger, zap.AtomicLevel) {
 // Logger records a stack trace for all messages at or above fatal level.
 //
 // See also zapcore.Level, zap.NewProductionConfig, zap.AddStacktrace.
-func newStdoutLogger(lvl zapcore.Level) (*zap.Logger, zap.AtomicLevel) {
-	c := zap.NewProductionConfig()
-	c.Level = zap.NewAtomicLevelAt(lvl)
-	c.Encoding = "console"
-	c.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
+func newStdoutLogger(v *viper.Viper, lvl zapcore.Level) (*zap.Logger, zap.AtomicLevel) {
+	stdout := zapcore.AddSync(os.Stderr)
+	level := zap.NewAtomicLevelAt(lvl)
 
-	l, err := c.Build(
-		zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel)),
-	)
-	if err != nil {
-		panic(fmt.Sprintf("build zap logger instance: %v", err))
-	}
+	consoleOutCore := zapcore.NewCore(newLogEncoder(), stdout, level)
+	consoleOutCore = samplingEnabling(v, consoleOutCore)
 
-	return l, c.Level
+	l := zap.New(consoleOutCore, zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel)))
+	return l, level
 }
 
-func newJournaldLogger(lvl zapcore.Level) (*zap.Logger, zap.AtomicLevel) {
-	c := zap.NewProductionConfig()
-	c.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
-	c.Level = zap.NewAtomicLevelAt(lvl)
+func newJournaldLogger(v *viper.Viper, lvl zapcore.Level) (*zap.Logger, zap.AtomicLevel) {
+	level := zap.NewAtomicLevelAt(lvl)
 
-	encoder := zapjournald.NewPartialEncoder(zapcore.NewConsoleEncoder(c.EncoderConfig), zapjournald.SyslogFields)
+	encoder := zapjournald.NewPartialEncoder(newLogEncoder(), zapjournald.SyslogFields)
 
-	core := zapjournald.NewCore(c.Level, encoder, &journald.Journal{}, zapjournald.SyslogFields)
+	core := zapjournald.NewCore(level, encoder, &journald.Journal{}, zapjournald.SyslogFields)
 	coreWithContext := core.With([]zapcore.Field{
 		zapjournald.SyslogFacility(zapjournald.LogDaemon),
 		zapjournald.SyslogIdentifier(),
 		zapjournald.SyslogPid(),
 	})
 
+	coreWithContext = samplingEnabling(v, coreWithContext)
+
 	l := zap.New(coreWithContext, zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel)))
 
-	return l, c.Level
+	return l, level
+}
+
+func newLogEncoder() zapcore.Encoder {
+	c := zap.NewProductionEncoderConfig()
+	c.EncodeTime = zapcore.ISO8601TimeEncoder
+
+	return zapcore.NewConsoleEncoder(c)
+}
+
+func samplingEnabling(v *viper.Viper, core zapcore.Core) zapcore.Core {
+	// Zap samples by logging the first cgfLoggerSamplingInitial entries with a given level
+	// and message within the specified time interval.
+	// In the above config, only the first cgfLoggerSamplingInitial log entries with the same level and message
+	// are recorded in cfgLoggerSamplingInterval interval. Every other log entry will be dropped within the interval since
+	// cfgLoggerSamplingThereafter is specified here.
+	if v.GetBool(cfgLoggerSamplingEnabled) {
+		core = zapcore.NewSamplerWithOptions(
+			core,
+			v.GetDuration(cfgLoggerSamplingInterval),
+			v.GetInt(cfgLoggerSamplingInitial),
+			v.GetInt(cfgLoggerSamplingThereafter),
+		)
+	}
+
+	return core
 }
 
 func getLogLevel(v *viper.Viper) (zapcore.Level, error) {
@@ -468,6 +529,46 @@ func fetchReconnectInterval(cfg *viper.Viper) time.Duration {
 	return reconnect
 }
 
+func fetchIndexPageTemplate(v *viper.Viper, l *zap.Logger) (string, bool) {
+	if !v.GetBool(cfgIndexPageEnabled) {
+		return "", false
+	}
+
+	reader, err := os.Open(v.GetString(cfgIndexPageTemplatePath))
+	if err != nil {
+		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
+		return "", true
+	}
+
+	tmpl, err := io.ReadAll(reader)
+	if err != nil {
+		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
+		return "", true
+	}
+
+	l.Info(logs.SetCustomIndexPageTemplate)
+	return string(tmpl), true
+}
+
+func fetchDefaultNamespaces(v *viper.Viper) []string {
+	namespaces := v.GetStringSlice(cfgResolveDefaultNamespaces)
+
+	for i := range namespaces { // to be set namespaces in env variable as `HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"`
+		namespaces[i] = strings.Trim(namespaces[i], "\"")
+	}
+
+	return namespaces
+}
+
+func fetchCORSMaxAge(v *viper.Viper) int {
+	maxAge := v.GetInt(cfgCORSMaxAge)
+	if maxAge <= 0 {
+		maxAge = defaultCORSMaxAge
+	}
+
+	return maxAge
+}
+
 func fetchServers(v *viper.Viper, log *zap.Logger) []ServerInfo {
 	var servers []ServerInfo
 	seen := make(map[string]struct{})
@@ -496,7 +597,7 @@ func fetchServers(v *viper.Viper, log *zap.Logger) []ServerInfo {
 	return servers
 }
 
-func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.Pool, *treepool.Pool, *keys.PrivateKey) {
+func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper, dialSource *internalnet.DialerSource) (*pool.Pool, *treepool.Pool, *keys.PrivateKey) {
 	key, err := getFrostFSKey(cfg, logger)
 	if err != nil {
 		logger.Fatal(logs.CouldNotLoadFrostFSPrivateKey, zap.Error(err))
@@ -552,18 +653,13 @@ func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.
 
 	prmTree.SetMaxRequestAttempts(cfg.GetInt(cfgTreePoolMaxAttempts))
 
-	var apiGRPCDialOpts []grpc.DialOption
-	var treeGRPCDialOpts []grpc.DialOption
-	if cfg.GetBool(cfgTracingEnabled) {
 	interceptors := []grpc.DialOption{
 		grpc.WithUnaryInterceptor(grpctracing.NewUnaryClientInteceptor()),
 		grpc.WithStreamInterceptor(grpctracing.NewStreamClientInterceptor()),
+		grpc.WithContextDialer(dialSource.GrpcContextDialer()),
 	}
-		treeGRPCDialOpts = append(treeGRPCDialOpts, interceptors...)
-		apiGRPCDialOpts = append(apiGRPCDialOpts, interceptors...)
-	}
-	prm.SetGRPCDialOptions(apiGRPCDialOpts...)
-	prmTree.SetGRPCDialOptions(treeGRPCDialOpts...)
+	prm.SetGRPCDialOptions(interceptors...)
+	prmTree.SetGRPCDialOptions(interceptors...)
 
 	p, err := pool.NewPool(prm)
 	if err != nil {
@@ -663,3 +759,34 @@ func fetchCacheSize(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultValue
 
 	return defaultValue
 }
+
+func getDialerSource(logger *zap.Logger, cfg *viper.Viper) *internalnet.DialerSource {
+	source, err := internalnet.NewDialerSource(fetchMultinetConfig(cfg, logger))
+	if err != nil {
+		logger.Fatal(logs.FailedToLoadMultinetConfig, zap.Error(err))
+	}
+	return source
+}
+
+func fetchMultinetConfig(v *viper.Viper, l *zap.Logger) (cfg internalnet.Config) {
+	cfg.Enabled = v.GetBool(cfgMultinetEnabled)
+	cfg.Balancer = v.GetString(cfgMultinetBalancer)
+	cfg.Restrict = v.GetBool(cfgMultinetRestrict)
+	cfg.FallbackDelay = v.GetDuration(cfgMultinetFallbackDelay)
+	cfg.Subnets = make([]internalnet.Subnet, 0, 5)
+	cfg.EventHandler = internalnet.NewLogEventHandler(l)
+
+	for i := 0; ; i++ {
+		key := cfgMultinetSubnets + "." + strconv.Itoa(i) + "."
+		subnet := internalnet.Subnet{}
+
+		subnet.Prefix = v.GetString(key + "mask")
+		if subnet.Prefix == "" {
+			break
+		}
+		subnet.SourceIPs = v.GetStringSlice(key + "source_ips")
+		cfg.Subnets = append(cfg.Subnets, subnet)
+	}
+
+	return
+}

config/config.env

@@ -14,8 +14,12 @@ HTTP_GW_PPROF_ADDRESS=localhost:8083
 HTTP_GW_PROMETHEUS_ENABLED=true
 HTTP_GW_PROMETHEUS_ADDRESS=localhost:8084
 
-# Log level.
+# Logger.
 HTTP_GW_LOGGER_LEVEL=debug
+HTTP_GW_LOGGER_SAMPLING_ENABLED=false
+HTTP_GW_LOGGER_SAMPLING_INITIAL=100
+HTTP_GW_LOGGER_SAMPLING_THEREAFTER=100
+HTTP_GW_LOGGER_SAMPLING_INTERVAL=1s
 
 HTTP_GW_SERVER_0_ADDRESS=0.0.0.0:443
 HTTP_GW_SERVER_0_TLS_ENABLED=false
@@ -122,3 +126,23 @@ HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"
 # Max attempt to make successful tree request.
 # default value is 0 that means the number of attempts equals to number of nodes in pool.
 HTTP_GW_FROSTFS_TREE_POOL_MAX_ATTEMPTS=0
+
+HTTP_GW_CORS_ALLOW_ORIGIN="*"
+HTTP_GW_CORS_ALLOW_METHODS="GET" "POST"
+HTTP_GW_CORS_ALLOW_HEADERS="*"
+HTTP_GW_CORS_EXPOSE_HEADERS="*"
+HTTP_GW_CORS_ALLOW_CREDENTIALS=false
+HTTP_GW_CORS_MAX_AGE=600
+
+# Multinet properties
+# Enable multinet support
+HTTP_GW_MULTINET_ENABLED=false
+# Strategy to pick source IP address
+HTTP_GW_MULTINET_BALANCER=roundrobin
+# Restrict requests with unknown destination subnet
+HTTP_GW_MULTINET_RESTRICT=false
+# Delay between ipv6 to ipv4 fallback switch
+HTTP_GW_MULTINET_FALLBACK_DELAY=300ms
+# List of subnets and IP addresses to use as source for those subnets
+HTTP_GW_MULTINET_SUBNETS_1_MASK=1.2.3.4/24
+HTTP_GW_MULTINET_SUBNETS_1_SOURCE_IPS=1.2.3.4 1.2.3.5

config/config.yaml

@@ -18,6 +18,11 @@ tracing:
 logger:
   level: debug # Log level.
   destination: stdout
+  sampling:
+    enabled: false
+    initial: 100
+    thereafter: 100
+    interval: 1s
 
 server:
   - address: 0.0.0.0:8080
@@ -102,6 +107,11 @@ request_timeout: 5s # Timeout to check node health during rebalance.
 rebalance_timer: 30s # Interval to check nodes health.
 pool_error_threshold: 100 # The number of errors on connection after which node is considered as unhealthy.
 
+# Enable index page to see objects list for specified container and prefix
+index_page:
+  enabled: false
+  template_path: internal/handler/templates/index.gotmpl
+
 zip:
   compression: false # Enable zip compression to download files by common prefix.
 
@@ -128,3 +138,28 @@ cache:
 resolve_bucket:
   namespace_header: X-Frostfs-Namespace
   default_namespaces: [ "", "root" ]
+
+cors:
+  allow_origin: ""
+  allow_methods: []
+  allow_headers: []
+  expose_headers: []
+  allow_credentials: false
+  max_age: 600
+
+# Multinet properties
+multinet:
+  # Enable multinet support
+  enabled: false
+  # Strategy to pick source IP address
+  balancer: roundrobin
+  # Restrict requests with unknown destination subnet
+  restrict: false
+  # Delay between ipv6 to ipv4 fallback switch
+  fallback_delay: 300ms
+  # List of subnets and IP addresses to use as source for those subnets
+  subnets:
+    - mask: 1.2.3.4/24
+      source_ips:
+        - 1.2.3.4
+        - 1.2.3.5

docs/api.md

@@ -95,12 +95,12 @@ The `filename` field from the multipart form will be set as `FileName` attribute
 
 ## Get object
 
-Route: `/get/{cid}/{oid}?[download=true]`
+Route: `/get/{cid}/{oid}?[download=false]`
 
 | Route parameter | Type   | Description                                                                                                                                                |
 |-----------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `cid`           | Single | Base58 encoded container ID or container name from NNS.                                                                                                    |
-| `oid`           | Single | Base58 encoded object ID.                                                                                                                                  |
+| `cid`           | Single | Base58 encoded `container ID` or `container name` from NNS or `bucket name`.                                                                               |
+| `oid`           | Single | Base58 encoded `object ID`. Also could be `S3 object name` if `cid` is specified as bucket name.                                                           |
 | `download`      | Query  | Set the `Content-Disposition` header as `attachment` in response.<br/> This make the browser to download object as file instead of showing it on the page. |
 
 ### Methods
@@ -141,6 +141,13 @@ Get an object (payload and attributes) by an address.
 | 400    | Some error occurred during object downloading. |
 | 404    | Container or object not found.                 |
 
+###### Body
+
+Returns object data. If request performed from browser, either displays raw data or downloads it as
+attachment if `download` query parameter is set to `true`.
+If `index_page.enabled` is set to `true`, returns HTML with index-page if no object with specified
+S3-name was found.
+
 #### HEAD
 
 Get an object attributes by an address.

docs/gate-configuration.md

@@ -57,6 +57,8 @@ $ cat http.log
 | `frostfs`        | [Frostfs configuration](#frostfs-section)                      |
 | `cache`          | [Cache configuration](#cache-section)                          |
 | `resolve_bucket` | [Bucket name resolving configuration](#resolve_bucket-section) |
+| `index_page`     | [Index page configuration](#index_page-section)                |
+| `multinet`       | [Multinet configuration](#multinet-section)                    |
 
 
 # General section
@@ -76,7 +78,7 @@ reconnect_interval: 1m
 ```
 
 | Parameter              | Type       | SIGHUP reload | Default value | Description                                                                                     |
-|------------------------|------------|---------------|----------------|------------------------------------------------------------------------------------|
+|------------------------|------------|---------------|---------------|-------------------------------------------------------------------------------------------------|
 | `rpc_endpoint`         | `string`   | yes           |               | The address of the RPC host to which the gateway connects to resolve bucket names.              |
 | `resolve_order`        | `[]string` | yes           | `[nns, dns]`  | Order of bucket name resolvers to use.                                                          |
 | `connect_timeout`      | `duration` |               | `10s`         | Timeout to connect to a node.                                                                   |
@@ -164,12 +166,21 @@ server:
 logger:
   level: debug
   destination: stdout
+  sampling:
+    enabled: false
+    initial: 100
+    thereafter: 100
+    interval: 1s
 ```
 
 | Parameter             | Type       | SIGHUP reload | Default value | Description                                                                                        |
-|---------------|----------|---------------|---------------|----------------------------------------------------------------------------------------------------|
+|-----------------------|------------|---------------|---------------|----------------------------------------------------------------------------------------------------|
 | `level`               | `string`   | yes           | `debug`       | Logging level.<br/>Possible values:  `debug`, `info`, `warn`, `error`, `dpanic`, `panic`, `fatal`. |
 | `destination`         | `string`   | no            | `stdout`      | Destination for logger: `stdout` or `journald`                                                     |
+| `sampling.enabled`    | `bool`     | no            | false         | Sampling enabling flag.                                                                            |
+| `sampling.initial`    | `int`      | no            | '100'         | Sampling count of first log entries.                                                               |
+| `sampling.thereafter` | `int`      | no            | '100'         | Sampling count of entries after an `interval`.                                                     |
+| `sampling.interval`   | `duration` | no            | '1s'          | Sampling interval of messaging similar entries.                                                    |
 
 # `web` section
 
@@ -261,7 +272,7 @@ tracing:
 
 | Parameter    | Type     | SIGHUP reload | Default value | Description                                                                                                                     |
 |--------------|----------|---------------|---------------|---------------------------------------------------------------------------------------------------------------------------------|
-| `enabled`    | `bool`   | no            | `false`       | Flag to enable the tracing.                                                                                                     |
+| `enabled`    | `bool`   | yes           | `false`       | Flag to enable the tracing.                                                                                                     |
 | `exporter`   | `string` | yes           |               | Trace collector type (`stdout` or `otlp_grpc` are supported).                                                                   |
 | `endpoint`   | `string` | yes           |               | Address of collector endpoint for OTLP exporters.                                                                               |
 | `trusted_ca` | `string` | yes           |               | Path to certificate of a certification authority in pem format, that issued the TLS certificate of the telemetry remote server. |
@@ -338,3 +349,81 @@ resolve_bucket:
 |----------------------|------------|---------------|-----------------------|--------------------------------------------------------------------------------------------------------------------------|
 | `namespace_header`   | `string`   | yes           | `X-Frostfs-Namespace` | Header to determine zone to resolve bucket name.                                                                         |
 | `default_namespaces` | `[]string` | yes           | ["","root"]           | Namespaces that should be handled as default.                                                                            |
+
+# `index_page` section
+
+Parameters for index HTML-page output with S3-bucket or S3-subdir content for `Get object` request
+
+```yaml
+index_page:
+  enabled: false
+  template_path: ""
+```
+
+| Parameter       | Type     | SIGHUP reload | Default value | Description                                                                     |
+|-----------------|----------|---------------|---------------|---------------------------------------------------------------------------------|
+| `enabled`       | `bool`   | yes           | `false`       | Flag to enable index_page return if no object with specified S3-name was found. |
+| `template_path` | `string` | yes           | `""`          | Path to .gotmpl file with html template for index_page.                         |
+
+# `cors` section
+
+Parameters for CORS (used in OPTIONS requests and responses in all handlers).
+If values are not set, headers will not be included to response.
+
+```yaml
+cors:
+  allow_origin: "*"
+  allow_methods: ["GET", "HEAD"]
+  allow_headers: ["Authorization"]
+  expose_headers: ["*"]
+  allow_credentials: false
+  max_age: 600
+```
+
+| Parameter           | Type       | SIGHUP reload | Default value | Description                                            |
+|---------------------|------------|---------------|---------------|--------------------------------------------------------|
+| `allow_origin`      | `string`   | yes           |               | Values for `Access-Control-Allow-Origin` headers.      |
+| `allow_methods`     | `[]string` | yes           |               | Values for `Access-Control-Allow-Methods` headers.     |
+| `allow_headers`     | `[]string` | yes           |               | Values for `Access-Control-Allow-Headers` headers.     |
+| `expose_headers`    | `[]string` | yes           |               | Values for `Access-Control-Expose-Headers` headers.    |
+| `allow_credentials` | `bool`     | yes           | `false`       | Values for `Access-Control-Allow-Credentials` headers. |
+| `max_age`           | `int`      | yes           | `600`         | Values for `Access-Control-Max-Age ` headers.          |
+
+# `multinet` section
+
+Configuration of multinet support.
+
+```yaml
+multinet:
+   enabled: false
+   balancer: roundrobin
+   restrict: false
+   fallback_delay: 300ms
+   subnets:
+      - mask: 1.2.3.4/24
+        source_ips:
+           - 1.2.3.4
+           - 1.2.3.5
+```
+
+| Parameter        | Type                           | SIGHUP reload | Default value | Description                                                                                |
+|------------------|--------------------------------|---------------|---------------|--------------------------------------------------------------------------------------------|
+| `enabled`        | `bool`                         | yes           | `false`       | Enables multinet setting to manage source ip of outcoming requests.                        |
+| `balancer`       | `string`                       | yes           | `""`          | Strategy to pick source IP. By default picks first address. Supports `roundrobin` setting. |
+| `restrict`       | `bool`                         | yes           | `false`       | Restricts requests to an undefined subnets.                                                |
+| `fallback_delay` | `duration`                     | yes           | `300ms`       | Delay between IPv6 and IPv4 fallback stack switch.                                         |
+| `subnets`        | [[]Subnet](#subnet-subsection) | yes           |               | Set of subnets to apply multinet dial settings.                                            |
+
+#### `subnet` subsection
+
+```yaml
+- mask: 1.2.3.4/24
+  source_ips:
+    - 1.2.3.4
+    - 1.2.3.5
+```
+
+| Parameter    | Type       | SIGHUP reload | Default value | Description                                                          |
+|--------------|------------|---------------|---------------|----------------------------------------------------------------------|
+| `mask`       | `string`   | yes           |               | Destination subnet.                                                  |
+| `source_ips` | `[]string` | yes           |               | Array of source IP addresses to use when dialing destination subnet. |

go.mod

@@ -3,11 +3,13 @@ module git.frostfs.info/TrueCloudLab/frostfs-http-gw
 go 1.22
 
 require (
-	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240916093537-13fa0da3741e
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20241011114054-f0fc40e116d1
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240918095938-e580ee991d98
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241022124111-5361f0ecebd3
+	git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972
 	git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02
 	github.com/bluele/gcache v0.0.2
+	github.com/docker/go-units v0.4.0
 	github.com/fasthttp/router v1.4.1
 	github.com/nspcc-dev/neo-go v0.106.2
 	github.com/prometheus/client_golang v1.19.0
@@ -22,8 +24,9 @@ require (
 	go.opentelemetry.io/otel v1.28.0
 	go.opentelemetry.io/otel/trace v1.28.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
 	golang.org/x/net v0.26.0
+	golang.org/x/sys v0.22.0
 	google.golang.org/grpc v1.66.2
 )
 
@@ -38,7 +41,7 @@ require (
 	github.com/Microsoft/hcsshim v0.9.2 // indirect
 	github.com/VictoriaMetrics/easyproto v0.1.4 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
-	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -50,7 +53,6 @@ require (
 	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/docker/docker v20.10.14+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -106,7 +108,6 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.3.0 // indirect

go.sum

@@ -37,18 +37,20 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240916093537-13fa0da3741e h1:740ABnOBYx4o6jxULHdSSnVW2fYIO35ohg+Uz59sxd0=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240916093537-13fa0da3741e/go.mod h1:F5GS7hRb62PUy5sTYDC4ajVdeffoAfjHSSHTKUJEaYU=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20241011114054-f0fc40e116d1 h1:ivcdxQeQDnx4srF2ezoaeVlF0FAycSAztwfIUJnUI4s=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20241011114054-f0fc40e116d1/go.mod h1:F5GS7hRb62PUy5sTYDC4ajVdeffoAfjHSSHTKUJEaYU=
 git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e h1:kcBqZBiFIUBATUqEuvVigtkJJWQ2Gug/eYXn967o3M4=
 git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0/go.mod h1:RUIKZATQLJ+TaYQa60X2fTDwfuhMfm8Ar60bQ5fr+vU=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573 h1:6qCcm1oqFbmf9C5AauXzrL5OPGnTbI9HoB/jAtD9274=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573/go.mod h1:kbwB4v2o6RyOfCo9kEFeUDZIX3LKhmS0yXPrtvzkQ1g=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240918095938-e580ee991d98 h1:ijUci3thz0EwWkuRJDocW5D1RkVAJlt9xNG4CYepC90=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240918095938-e580ee991d98/go.mod h1:GeNpo12HcEW4J412sH5yf8xFYapxlrt5fcYzRwg0Ino=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241022124111-5361f0ecebd3 h1:f7jan6eBDN88DKnKj8GKyWpfjBbSzjDALcDejYKRgCs=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241022124111-5361f0ecebd3/go.mod h1:3txOjFJ8M/JFs01h7xOrnQHVn6hZgDNA16ivyUlu1iU=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
+git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972 h1:/960fWeyn2AFHwQUwDsWB3sbP6lTEnFnMzLMM6tx6N8=
+git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972/go.mod h1:2hM42MBrlhvN6XToaW6OWNk5ZLcu1FhaukGgxtfpDDI=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 h1:M2KR3iBj7WpY3hP10IevfIB9MURr4O9mwVfJ+SjT3HA=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0/go.mod h1:okpbKfVYf/BpejtfFTfhZqFP+sZ8rsHrP8Rr/jYPNRc=
 git.frostfs.info/TrueCloudLab/tzhash v1.8.0 h1:UFMnUIk0Zh17m8rjGHJMqku2hCgaXDqjqZzS4gsb4UA=
@@ -112,8 +114,8 @@ github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
-github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
+github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
+github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
@@ -926,8 +928,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

internal/api/tree.go

@@ -8,6 +8,7 @@ import (
 type NodeVersion struct {
 	BaseNodeVersion
 	DeleteMarker bool
+	IsPrefixNode bool
 }
 
 // BaseNodeVersion is minimal node info from tree service.

internal/frostfs/services/pool_wrapper.go

@@ -1,91 +0,0 @@
-package services
-
-import (
-	"context"
-	"errors"
-	"fmt"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
-	treepool "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree"
-	grpcService "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree/service"
-)
-
-type GetNodeByPathResponseInfoWrapper struct {
-	response *grpcService.GetNodeByPathResponse_Info
-}
-
-func (n GetNodeByPathResponseInfoWrapper) GetNodeID() uint64 {
-	return n.response.GetNodeId()
-}
-
-func (n GetNodeByPathResponseInfoWrapper) GetParentID() uint64 {
-	return n.response.GetParentId()
-}
-
-func (n GetNodeByPathResponseInfoWrapper) GetTimestamp() uint64 {
-	return n.response.GetTimestamp()
-}
-
-func (n GetNodeByPathResponseInfoWrapper) GetMeta() []tree.Meta {
-	res := make([]tree.Meta, len(n.response.Meta))
-	for i, value := range n.response.Meta {
-		res[i] = value
-	}
-	return res
-}
-
-type PoolWrapper struct {
-	p *treepool.Pool
-}
-
-func NewPoolWrapper(p *treepool.Pool) *PoolWrapper {
-	return &PoolWrapper{p: p}
-}
-
-func (w *PoolWrapper) GetNodes(ctx context.Context, prm *tree.GetNodesParams) ([]tree.NodeResponse, error) {
-	poolPrm := treepool.GetNodesParams{
-		CID:           prm.CnrID,
-		TreeID:        prm.TreeID,
-		Path:          prm.Path,
-		Meta:          prm.Meta,
-		PathAttribute: tree.FileNameKey,
-		LatestOnly:    prm.LatestOnly,
-		AllAttrs:      prm.AllAttrs,
-		BearerToken:   getBearer(ctx),
-	}
-
-	nodes, err := w.p.GetNodes(ctx, poolPrm)
-	if err != nil {
-		return nil, handleError(err)
-	}
-
-	res := make([]tree.NodeResponse, len(nodes))
-	for i, info := range nodes {
-		res[i] = GetNodeByPathResponseInfoWrapper{info}
-	}
-
-	return res, nil
-}
-
-func getBearer(ctx context.Context) []byte {
-	token, err := tokens.LoadBearerToken(ctx)
-	if err != nil {
-		return nil
-	}
-	return token.Marshal()
-}
-
-func handleError(err error) error {
-	if err == nil {
-		return nil
-	}
-	if errors.Is(err, treepool.ErrNodeNotFound) {
-		return fmt.Errorf("%w: %s", tree.ErrNodeNotFound, err.Error())
-	}
-	if errors.Is(err, treepool.ErrNodeAccessDenied) {
-		return fmt.Errorf("%w: %s", tree.ErrNodeAccessDenied, err.Error())
-	}
-
-	return err
-}

internal/handler/browse.go

@@ -0,0 +1,159 @@
+package handler
+
+import (
+	"html/template"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"github.com/docker/go-units"
+	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
+)
+
+const (
+	dateFormat   = "02-01-2006 15:04"
+	attrOID      = "OID"
+	attrCreated  = "Created"
+	attrFileName = "FileName"
+	attrSize     = "Size"
+)
+
+type (
+	BrowsePageData struct {
+		BucketName,
+		Prefix string
+		Objects []ResponseObject
+	}
+	ResponseObject struct {
+		OID      string
+		Created  string
+		FileName string
+		Size     string
+		IsDir    bool
+	}
+)
+
+func parseTimestamp(tstamp string) (time.Time, error) {
+	millis, err := strconv.ParseInt(tstamp, 10, 64)
+	if err != nil {
+		return time.Time{}, err
+	}
+
+	return time.UnixMilli(millis), nil
+}
+
+func NewResponseObject(nodes map[string]string) ResponseObject {
+	return ResponseObject{
+		OID:      nodes[attrOID],
+		Created:  nodes[attrCreated],
+		FileName: nodes[attrFileName],
+		Size:     nodes[attrSize],
+		IsDir:    nodes[attrOID] == "",
+	}
+}
+
+func formatTimestamp(strdate string) string {
+	date, err := parseTimestamp(strdate)
+	if err != nil || date.IsZero() {
+		return ""
+	}
+
+	return date.Format(dateFormat)
+}
+
+func formatSize(strsize string) string {
+	size, err := strconv.ParseFloat(strsize, 64)
+	if err != nil {
+		return "0B"
+	}
+	return units.HumanSize(size)
+}
+
+func parentDir(prefix string) string {
+	index := strings.LastIndex(prefix, "/")
+	if index == -1 {
+		return prefix
+	}
+	return prefix[index:]
+}
+
+func trimPrefix(encPrefix string) string {
+	prefix, err := url.PathUnescape(encPrefix)
+	if err != nil {
+		return ""
+	}
+	slashIndex := strings.LastIndex(prefix, "/")
+	if slashIndex == -1 {
+		return ""
+	}
+	return prefix[:slashIndex]
+}
+
+func urlencode(prefix, filename string) string {
+	var res strings.Builder
+	path := filename
+	if prefix != "" {
+		path = strings.Join([]string{prefix, filename}, "/")
+	}
+	prefixParts := strings.Split(path, "/")
+	for _, prefixPart := range prefixParts {
+		prefixPart = "/" + url.PathEscape(prefixPart)
+		if prefixPart == "/." || prefixPart == "/.." {
+			prefixPart = url.PathEscape(prefixPart)
+		}
+		res.WriteString(prefixPart)
+	}
+
+	return res.String()
+}
+
+func (h *Handler) browseObjects(c *fasthttp.RequestCtx, bucketInfo *data.BucketInfo, prefix string) {
+	ctx := utils.GetContextFromRequest(c)
+	reqLog := utils.GetReqLogOrDefault(ctx, h.log)
+	log := reqLog.With(zap.String("bucket", bucketInfo.Name))
+
+	nodes, err := h.listObjects(ctx, bucketInfo, prefix)
+	if err != nil {
+		logAndSendBucketError(c, log, err)
+		return
+	}
+
+	respObjects := make([]ResponseObject, len(nodes))
+
+	for i, node := range nodes {
+		respObjects[i] = NewResponseObject(node)
+	}
+
+	sort.Slice(respObjects, func(i, j int) bool {
+		if respObjects[i].IsDir == respObjects[j].IsDir {
+			return respObjects[i].FileName < respObjects[j].FileName
+		}
+		return respObjects[i].IsDir
+	})
+	indexTemplate := h.config.IndexPageTemplate()
+
+	tmpl, err := template.New("index").Funcs(template.FuncMap{
+		"formatTimestamp": formatTimestamp,
+		"formatSize":      formatSize,
+		"trimPrefix":      trimPrefix,
+		"urlencode":       urlencode,
+		"parentDir":       parentDir,
+	}).Parse(indexTemplate)
+	if err != nil {
+		logAndSendBucketError(c, log, err)
+		return
+	}
+	if err = tmpl.Execute(c, &BrowsePageData{
+		BucketName: bucketInfo.Name,
+		Prefix:     prefix,
+		Objects:    respObjects,
+	}); err != nil {
+		logAndSendBucketError(c, log, err)
+		return
+	}
+}

internal/handler/download.go

@@ -84,16 +84,17 @@ func (h *Handler) DownloadZipped(c *fasthttp.RequestCtx) {
 	scid, _ := c.UserValue("cid").(string)
 	prefix, _ := c.UserValue("prefix").(string)
 
+	ctx := utils.GetContextFromRequest(c)
+	log := utils.GetReqLogOrDefault(ctx, h.log)
+
 	prefix, err := url.QueryUnescape(prefix)
 	if err != nil {
-		h.log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("prefix", prefix), zap.Uint64("id", c.ID()), zap.Error(err))
+		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("prefix", prefix), zap.Error(err))
 		response.Error(c, "could not unescape prefix: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
-	log := h.log.With(zap.String("cid", scid), zap.String("prefix", prefix), zap.Uint64("id", c.ID()))
-
-	ctx := utils.GetContextFromRequest(c)
+	log = log.With(zap.String("cid", scid), zap.String("prefix", prefix))
 
 	bktInfo, err := h.getBucketInfo(ctx, scid, log)
 	if err != nil {

internal/handler/frostfs_mock.go

@@ -229,6 +229,10 @@ func (t *TestFrostFS) SearchObjects(_ context.Context, prm PrmObjectSearch) (Res
 	return &resObjectSearchMock{res: res}, nil
 }
 
+func (t *TestFrostFS) InitMultiObjectReader(context.Context, PrmInitMultiObjectReader) (io.Reader, error) {
+	return nil, nil
+}
+
 func isMatched(attributes []object.Attribute, filter object.SearchFilter) bool {
 	for _, attr := range attributes {
 		if attr.Key() == filter.Header() {
@@ -269,10 +273,3 @@ func (t *TestFrostFS) isAllowed(cnrID cid.ID, userID user.ID, op acl.Op, objID o
 	}
 	return false
 }
-
-func newAddress(cnr cid.ID, obj oid.ID) oid.Address {
-	var addr oid.Address
-	addr.SetContainer(cnr)
-	addr.SetObject(obj)
-	return addr
-}

internal/handler/handler.go

@@ -30,6 +30,8 @@ type Config interface {
 	DefaultTimestamp() bool
 	ZipCompression() bool
 	ClientCut() bool
+	IndexPageEnabled() bool
+	IndexPageTemplate() string
 	BufferMaxSizeForPut() uint64
 	NamespaceHeader() string
 }
@@ -117,6 +119,14 @@ type PrmObjectSearch struct {
 	Filters object.SearchFilters
 }
 
+type PrmInitMultiObjectReader struct {
+	// payload range
+	Off, Ln uint64
+
+	Addr   oid.Address
+	Bearer *bearer.Token
+}
+
 type ResObjectSearch interface {
 	Read(buf []oid.ID) (int, error)
 	Iterate(f func(oid.ID) bool) error
@@ -138,6 +148,8 @@ type FrostFS interface {
 	RangeObject(context.Context, PrmObjectRange) (io.ReadCloser, error)
 	CreateObject(context.Context, PrmObjectCreate) (oid.ID, error)
 	SearchObjects(context.Context, PrmObjectSearch) (ResObjectSearch, error)
+	InitMultiObjectReader(ctx context.Context, p PrmInitMultiObjectReader) (io.Reader, error)
+
 	utils.EpochInfoFetcher
 }
 
@@ -178,13 +190,12 @@ func New(params *AppParams, config Config, tree *tree.Tree) *Handler {
 // byAddress is a wrapper for function (e.g. request.headObject, request.receiveFile) that
 // prepares request and object address to it.
 func (h *Handler) byAddress(c *fasthttp.RequestCtx, f func(context.Context, request, oid.Address)) {
-	var (
-		idCnr, _ = c.UserValue("cid").(string)
-		idObj, _ = c.UserValue("oid").(string)
-		log      = h.log.With(zap.String("cid", idCnr), zap.String("oid", idObj))
-	)
+	idCnr, _ := c.UserValue("cid").(string)
+	idObj, _ := c.UserValue("oid").(string)
 
 	ctx := utils.GetContextFromRequest(c)
+	reqLog := utils.GetReqLogOrDefault(ctx, h.log)
+	log := reqLog.With(zap.String("cid", idCnr), zap.String("oid", idObj))
 
 	bktInfo, err := h.getBucketInfo(ctx, idCnr, log)
 	if err != nil {
@@ -199,58 +210,61 @@ func (h *Handler) byAddress(c *fasthttp.RequestCtx, f func(context.Context, requ
 		return
 	}
 
-	var addr oid.Address
-	addr.SetContainer(bktInfo.CID)
-	addr.SetObject(*objID)
+	addr := newAddress(bktInfo.CID, *objID)
 
 	f(ctx, *h.newRequest(c, log), addr)
 }
 
 // byObjectName is a wrapper for function (e.g. request.headObject, request.receiveFile) that
 // prepares request and object address to it.
-func (h *Handler) byObjectName(req *fasthttp.RequestCtx, f func(context.Context, request, oid.Address)) {
-	var (
-		bucketname = req.UserValue("cid").(string)
-		key        = req.UserValue("oid").(string)
-		log        = h.log.With(zap.String("bucketname", bucketname), zap.String("key", key))
-	)
+func (h *Handler) byObjectName(c *fasthttp.RequestCtx, f func(context.Context, request, oid.Address)) {
+	bucketname := c.UserValue("cid").(string)
+	key := c.UserValue("oid").(string)
+	download := c.QueryArgs().GetBool("download")
+
+	ctx := utils.GetContextFromRequest(c)
+	reqLog := utils.GetReqLogOrDefault(ctx, h.log)
+	log := reqLog.With(zap.String("bucketname", bucketname), zap.String("key", key))
 
 	unescapedKey, err := url.QueryUnescape(key)
 	if err != nil {
-		logAndSendBucketError(req, log, err)
+		logAndSendBucketError(c, log, err)
 		return
 	}
 
-	ctx := utils.GetContextFromRequest(req)
-
 	bktInfo, err := h.getBucketInfo(ctx, bucketname, log)
 	if err != nil {
-		logAndSendBucketError(req, log, err)
+		logAndSendBucketError(c, log, err)
 		return
 	}
 
 	foundOid, err := h.tree.GetLatestVersion(ctx, &bktInfo.CID, unescapedKey)
-	if err != nil {
-		if errors.Is(err, tree.ErrNodeAccessDenied) {
-			response.Error(req, "Access Denied", fasthttp.StatusForbidden)
+	if h.config.IndexPageEnabled() && !download && string(c.Method()) != fasthttp.MethodHead {
+		if isDir(unescapedKey) || isContainerRoot(unescapedKey) {
+			if code := checkErrorType(err); code == fasthttp.StatusNotFound || code == fasthttp.StatusOK {
+				c.SetStatusCode(code)
+				h.browseObjects(c, bktInfo, unescapedKey)
 				return
 			}
+		}
+	}
+	if err != nil {
+		if errors.Is(err, tree.ErrNodeAccessDenied) {
+			response.Error(c, "Access Denied", fasthttp.StatusForbidden)
+		} else {
+			response.Error(c, "object wasn't found", fasthttp.StatusNotFound)
 			log.Error(logs.GetLatestObjectVersion, zap.Error(err))
-
-		response.Error(req, "object wasn't found", fasthttp.StatusNotFound)
+		}
 		return
 	}
 	if foundOid.DeleteMarker {
 		log.Error(logs.ObjectWasDeleted)
-		response.Error(req, "object deleted", fasthttp.StatusNotFound)
+		response.Error(c, "object deleted", fasthttp.StatusNotFound)
 		return
 	}
+	addr := newAddress(bktInfo.CID, foundOid.OID)
 
-	var addr oid.Address
-	addr.SetContainer(bktInfo.CID)
-	addr.SetObject(foundOid.OID)
-
-	f(ctx, *h.newRequest(req, log), addr)
+	f(ctx, *h.newRequest(c, log), addr)
 }
 
 // byAttribute is a wrapper similar to byAddress.
@@ -259,23 +273,24 @@ func (h *Handler) byAttribute(c *fasthttp.RequestCtx, f func(context.Context, re
 	key, _ := c.UserValue("attr_key").(string)
 	val, _ := c.UserValue("attr_val").(string)
 
+	ctx := utils.GetContextFromRequest(c)
+	log := utils.GetReqLogOrDefault(ctx, h.log)
+
 	key, err := url.QueryUnescape(key)
 	if err != nil {
-		h.log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("attr_key", key), zap.Uint64("id", c.ID()), zap.Error(err))
+		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("attr_key", key), zap.Error(err))
 		response.Error(c, "could not unescape attr_key: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
 	val, err = url.QueryUnescape(val)
 	if err != nil {
-		h.log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("attr_val", val), zap.Uint64("id", c.ID()), zap.Error(err))
+		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("attr_val", val), zap.Error(err))
 		response.Error(c, "could not unescape attr_val: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
-	log := h.log.With(zap.String("cid", scid), zap.String("attr_key", key), zap.String("attr_val", val))
-
-	ctx := utils.GetContextFromRequest(c)
+	log = log.With(zap.String("cid", scid), zap.String("attr_key", key), zap.String("attr_val", val))
 
 	bktInfo, err := h.getBucketInfo(ctx, scid, log)
 	if err != nil {
@@ -379,3 +394,25 @@ func (h *Handler) readContainer(ctx context.Context, cnrID cid.ID) (*data.Bucket
 
 	return bktInfo, err
 }
+
+func (h *Handler) listObjects(ctx context.Context, bucketInfo *data.BucketInfo, prefix string) ([]map[string]string, error) {
+	nodes, _, err := h.tree.GetSubTreeByPrefix(ctx, bucketInfo, prefix, true)
+	if err != nil {
+		return nil, err
+	}
+
+	var objects = make([]map[string]string, 0, len(nodes))
+	for _, node := range nodes {
+		meta := node.GetMeta()
+		if meta == nil {
+			continue
+		}
+		var obj = make(map[string]string, len(meta))
+		for _, m := range meta {
+			obj[m.GetKey()] = string(m.GetValue())
+		}
+		objects = append(objects, obj)
+	}
+
+	return objects, nil
+}

internal/handler/handler_test.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
@@ -37,6 +38,10 @@ func (t *treeClientMock) GetNodes(context.Context, *tree.GetNodesParams) ([]tree
 	return nil, nil
 }
 
+func (t *treeClientMock) GetSubTree(context.Context, *data.BucketInfo, string, []uint64, uint32, bool) ([]tree.NodeResponse, error) {
+	return nil, nil
+}
+
 type configMock struct {
 }
 
@@ -48,6 +53,17 @@ func (c *configMock) ZipCompression() bool {
 	return false
 }
 
+func (c *configMock) IndexPageEnabled() bool {
+	return false
+}
+
+func (c *configMock) IndexPageTemplatePath() string {
+	return ""
+}
+func (c *configMock) IndexPageTemplate() string {
+	return ""
+}
+
 func (c *configMock) ClientCut() bool {
 	return false
 }

internal/handler/multipart.go

@@ -1,13 +1,17 @@
 package handler
 
 import (
+	"errors"
 	"io"
+	"strconv"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/multipart"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
 	"go.uber.org/zap"
 )
 
+const attributeMultipartObjectSize = "S3-Multipart-Object-Size"
+
 // MultipartFile provides standard ReadCloser interface and also allows one to
 // get file name, it's used for multipart uploads.
 type MultipartFile interface {
@@ -45,3 +49,30 @@ func fetchMultipartFile(l *zap.Logger, r io.Reader, boundary string) (MultipartF
 		return part, nil
 	}
 }
+
+// getPayload returns initial payload if object is not multipart else composes new reader with parts data.
+func (h *Handler) getPayload(p getMultiobjectBodyParams) (io.ReadCloser, uint64, error) {
+	cid, ok := p.obj.Header.ContainerID()
+	if !ok {
+		return nil, 0, errors.New("no container id set")
+	}
+	oid, ok := p.obj.Header.ID()
+	if !ok {
+		return nil, 0, errors.New("no object id set")
+	}
+	size, err := strconv.ParseUint(p.strSize, 10, 64)
+	if err != nil {
+		return nil, 0, err
+	}
+	ctx := p.req.RequestCtx
+	params := PrmInitMultiObjectReader{
+		Addr:   newAddress(cid, oid),
+		Bearer: bearerToken(ctx),
+	}
+	payload, err := h.frostfs.InitMultiObjectReader(ctx, params)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	return io.NopCloser(payload), size, nil
+}

internal/handler/reader.go

@@ -47,19 +47,26 @@ func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error)) (str
 	return http.DetectContentType(buf), buf, err // to not lose io.EOF
 }
 
-func (h *Handler) receiveFile(ctx context.Context, req request, objectAddress oid.Address) {
+type getMultiobjectBodyParams struct {
+	obj     *Object
+	req     request
+	strSize string
+}
+
+func (h *Handler) receiveFile(ctx context.Context, req request, objAddress oid.Address) {
 	var (
-		err      error
-		dis      = "inline"
+		shouldDownload = req.QueryArgs().GetBool("download")
 		start          = time.Now()
 		filename       string
+		filepath       string
+		contentType    string
 	)
 
 	prm := PrmObjectGet{
 		PrmAuth: PrmAuth{
 			BearerToken: bearerToken(ctx),
 		},
-		Address: objectAddress,
+		Address: objAddress,
 	}
 
 	rObj, err := h.frostfs.GetObject(ctx, prm)
@@ -69,15 +76,9 @@ func (h *Handler) receiveFile(ctx context.Context, req request, objectAddress oi
 	}
 
 	// we can't close reader in this function, so how to do it?
-
-	if req.Request.URI().QueryArgs().GetBool("download") {
-		dis = "attachment"
-	}
-
+	req.setIDs(rObj.Header)
+	payload := rObj.Payload
 	payloadSize := rObj.Header.PayloadSize()
-
-	req.Response.Header.Set(fasthttp.HeaderContentLength, strconv.FormatUint(payloadSize, 10))
-	var contentType string
 	for _, attr := range rObj.Header.Attributes() {
 		key := attr.Key()
 		val := attr.Value()
@@ -92,29 +93,41 @@ func (h *Handler) receiveFile(ctx context.Context, req request, objectAddress oi
 		case object.AttributeFileName:
 			filename = val
 		case object.AttributeTimestamp:
-			value, err := strconv.ParseInt(val, 10, 64)
-			if err != nil {
-				req.log.Info(logs.CouldntParseCreationDate,
-					zap.String("key", key),
+			if err = req.setTimestamp(val); err != nil {
+				req.log.Error(logs.CouldntParseCreationDate,
 					zap.String("val", val),
 					zap.Error(err))
-				continue
 			}
-			req.Response.Header.Set(fasthttp.HeaderLastModified,
-				time.Unix(value, 0).UTC().Format(http.TimeFormat))
 		case object.AttributeContentType:
 			contentType = val
+		case object.AttributeFilePath:
+			filepath = val
+		case attributeMultipartObjectSize:
+			payload, payloadSize, err = h.getPayload(getMultiobjectBodyParams{
+				obj:     rObj,
+				req:     req,
+				strSize: val,
+			})
+			if err != nil {
+				req.handleFrostFSErr(err, start)
+				return
 			}
 		}
+	}
+	if filename == "" {
+		filename = filepath
+	}
 
-	idsToResponse(&req.Response, &rObj.Header)
+	req.setDisposition(shouldDownload, filename)
+
+	req.Response.Header.Set(fasthttp.HeaderContentLength, strconv.FormatUint(payloadSize, 10))
 
 	if len(contentType) == 0 {
 		// determine the Content-Type from the payload head
 		var payloadHead []byte
 
 		contentType, payloadHead, err = readContentType(payloadSize, func(uint64) (io.Reader, error) {
-			return rObj.Payload, nil
+			return payload, nil
 		})
 		if err != nil && err != io.EOF {
 			req.log.Error(logs.CouldNotDetectContentTypeFromPayload, zap.Error(err))
@@ -126,16 +139,46 @@ func (h *Handler) receiveFile(ctx context.Context, req request, objectAddress oi
 		var headReader io.Reader = bytes.NewReader(payloadHead)
 
 		if err != io.EOF { // otherwise, we've already read full payload
-			headReader = io.MultiReader(headReader, rObj.Payload)
+			headReader = io.MultiReader(headReader, payload)
 		}
 
 		// note: we could do with io.Reader, but SetBodyStream below closes body stream
 		// if it implements io.Closer and that's useful for us.
-		rObj.Payload = readCloser{headReader, rObj.Payload}
+		payload = readCloser{headReader, payload}
 	}
 	req.SetContentType(contentType)
-
-	req.Response.Header.Set(fasthttp.HeaderContentDisposition, dis+"; filename="+path.Base(filename))
-
-	req.Response.SetBodyStream(rObj.Payload, int(payloadSize))
+	req.Response.SetBodyStream(payload, int(payloadSize))
+}
+
+func (r *request) setIDs(obj object.Object) {
+	objID, _ := obj.ID()
+	cnrID, _ := obj.ContainerID()
+	r.Response.Header.Set(hdrObjectID, objID.String())
+	r.Response.Header.Set(hdrOwnerID, obj.OwnerID().String())
+	r.Response.Header.Set(hdrContainerID, cnrID.String())
+}
+
+func (r *request) setDisposition(shouldDownload bool, filename string) {
+	const (
+		inlineDisposition     = "inline"
+		attachmentDisposition = "attachment"
+	)
+
+	dis := inlineDisposition
+	if shouldDownload {
+		dis = attachmentDisposition
+	}
+
+	r.Response.Header.Set(fasthttp.HeaderContentDisposition, dis+"; filename="+path.Base(filename))
+}
+
+func (r *request) setTimestamp(timestamp string) error {
+	value, err := strconv.ParseInt(timestamp, 10, 64)
+	if err != nil {
+		return err
+	}
+	r.Response.Header.Set(fasthttp.HeaderLastModified,
+		time.Unix(value, 0).UTC().Format(http.TimeFormat))
+
+	return nil
 }

internal/handler/upload.go

@@ -43,22 +43,24 @@ func (pr *putResponse) encode(w io.Writer) error {
 }
 
 // Upload handles multipart upload request.
-func (h *Handler) Upload(req *fasthttp.RequestCtx) {
+func (h *Handler) Upload(c *fasthttp.RequestCtx) {
 	var (
 		file  MultipartFile
 		idObj oid.ID
 		addr  oid.Address
-		scid, _    = req.UserValue("cid").(string)
-		log        = h.log.With(zap.String("cid", scid))
-		bodyStream = req.RequestBodyStream()
-		drainBuf   = make([]byte, drainBufSize)
 	)
 
-	ctx := utils.GetContextFromRequest(req)
+	scid, _ := c.UserValue("cid").(string)
+	bodyStream := c.RequestBodyStream()
+	drainBuf := make([]byte, drainBufSize)
+
+	ctx := utils.GetContextFromRequest(c)
+	reqLog := utils.GetReqLogOrDefault(ctx, h.log)
+	log := reqLog.With(zap.String("cid", scid))
 
 	bktInfo, err := h.getBucketInfo(ctx, scid, log)
 	if err != nil {
-		logAndSendBucketError(req, log, err)
+		logAndSendBucketError(c, log, err)
 		return
 	}
 
@@ -75,21 +77,23 @@ func (h *Handler) Upload(req *fasthttp.RequestCtx) {
 			zap.Error(err),
 		)
 	}()
-	boundary := string(req.Request.Header.MultipartFormBoundary())
-	if file, err = fetchMultipartFile(h.log, bodyStream, boundary); err != nil {
+
+	boundary := string(c.Request.Header.MultipartFormBoundary())
+	if file, err = fetchMultipartFile(log, bodyStream, boundary); err != nil {
 		log.Error(logs.CouldNotReceiveMultipartForm, zap.Error(err))
-		response.Error(req, "could not receive multipart/form: "+err.Error(), fasthttp.StatusBadRequest)
+		response.Error(c, "could not receive multipart/form: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
-	filtered, err := filterHeaders(h.log, &req.Request.Header)
+
+	filtered, err := filterHeaders(log, &c.Request.Header)
 	if err != nil {
 		log.Error(logs.CouldNotProcessHeaders, zap.Error(err))
-		response.Error(req, err.Error(), fasthttp.StatusBadRequest)
+		response.Error(c, err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
 	now := time.Now()
-	if rawHeader := req.Request.Header.Peek(fasthttp.HeaderDate); rawHeader != nil {
+	if rawHeader := c.Request.Header.Peek(fasthttp.HeaderDate); rawHeader != nil {
 		if parsed, err := time.Parse(http.TimeFormat, string(rawHeader)); err != nil {
 			log.Warn(logs.CouldNotParseClientTime, zap.String("Date header", string(rawHeader)), zap.Error(err))
 		} else {
@@ -97,9 +101,9 @@ func (h *Handler) Upload(req *fasthttp.RequestCtx) {
 		}
 	}
 
-	if err = utils.PrepareExpirationHeader(req, h.frostfs, filtered, now); err != nil {
+	if err = utils.PrepareExpirationHeader(c, h.frostfs, filtered, now); err != nil {
 		log.Error(logs.CouldNotPrepareExpirationHeader, zap.Error(err))
-		response.Error(req, "could not prepare expiration header: "+err.Error(), fasthttp.StatusBadRequest)
+		response.Error(c, "could not prepare expiration header: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
@@ -143,7 +147,7 @@ func (h *Handler) Upload(req *fasthttp.RequestCtx) {
 	}
 
 	if idObj, err = h.frostfs.CreateObject(ctx, prm); err != nil {
-		h.handlePutFrostFSErr(req, err)
+		h.handlePutFrostFSErr(c, err, log)
 		return
 	}
 
@@ -151,9 +155,9 @@ func (h *Handler) Upload(req *fasthttp.RequestCtx) {
 	addr.SetContainer(bktInfo.CID)
 
 	// Try to return the response, otherwise, if something went wrong, throw an error.
-	if err = newPutResponse(addr).encode(req); err != nil {
+	if err = newPutResponse(addr).encode(c); err != nil {
 		log.Error(logs.CouldNotEncodeResponse, zap.Error(err))
-		response.Error(req, "could not encode response", fasthttp.StatusBadRequest)
+		response.Error(c, "could not encode response", fasthttp.StatusBadRequest)
 
 		return
 	}
@@ -170,15 +174,15 @@ func (h *Handler) Upload(req *fasthttp.RequestCtx) {
 		}
 	}
 	// Report status code and content type.
-	req.Response.SetStatusCode(fasthttp.StatusOK)
-	req.Response.Header.SetContentType(jsonHeader)
+	c.Response.SetStatusCode(fasthttp.StatusOK)
+	c.Response.Header.SetContentType(jsonHeader)
 }
 
-func (h *Handler) handlePutFrostFSErr(r *fasthttp.RequestCtx, err error) {
+func (h *Handler) handlePutFrostFSErr(r *fasthttp.RequestCtx, err error, log *zap.Logger) {
 	statusCode, msg, additionalFields := response.FormErrorResponse("could not store file in frostfs", err)
 	logFields := append([]zap.Field{zap.Error(err)}, additionalFields...)
 
-	h.log.Error(logs.CouldNotStoreFileInFrostfs, logFields...)
+	log.Error(logs.CouldNotStoreFileInFrostfs, logFields...)
 	response.Error(r, msg, statusCode)
 }
 

internal/handler/utils.go

@@ -2,14 +2,18 @@ package handler
 
 import (
 	"context"
+	"errors"
 	"strings"
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/valyala/fasthttp"
 	"go.uber.org/zap"
 )
@@ -38,6 +42,25 @@ func bearerToken(ctx context.Context) *bearer.Token {
 	return nil
 }
 
+func isDir(name string) bool {
+	return strings.HasSuffix(name, "/")
+}
+
+func isContainerRoot(key string) bool {
+	return key == ""
+}
+
+func checkErrorType(err error) int {
+	switch {
+	case err == nil:
+		return fasthttp.StatusOK
+	case errors.Is(err, tree.ErrNodeAccessDenied):
+		return fasthttp.StatusForbidden
+	default:
+		return fasthttp.StatusNotFound
+	}
+}
+
 func isValidToken(s string) bool {
 	for _, c := range s {
 		if c <= ' ' || c > 127 {
@@ -69,3 +92,10 @@ func logAndSendBucketError(c *fasthttp.RequestCtx, log *zap.Logger, err error) {
 	}
 	response.Error(c, "could not get bucket: "+err.Error(), fasthttp.StatusBadRequest)
 }
+
+func newAddress(cnr cid.ID, obj oid.ID) oid.Address {
+	var addr oid.Address
+	addr.SetContainer(cnr)
+	addr.SetObject(obj)
+	return addr
+}

internal/logs/logs.go

@@ -31,6 +31,8 @@ const (
 	CouldNotStoreFileInFrostfs                                            = "could not store file in frostfs"                                                        // Error in ../../uploader/upload.go
 	AddAttributeToResultObject                                            = "add attribute to result object"                                                         // Debug in ../../uploader/filter.go
 	FailedToCreateResolver                                                = "failed to create resolver"                                                              // Fatal in ../../app.go
+	FailedToReadIndexPageTemplate                                         = "failed to read index page template, set default"                                        // Warn in ../../app.go
+	SetCustomIndexPageTemplate                                            = "set custom index page template"                                                         // Info in ../../app.go
 	ContainerResolverWillBeDisabledBecauseOfResolversResolverOrderIsEmpty = "container resolver will be disabled because of resolvers 'resolver_order' is empty"     // Info in ../../app.go
 	MetricsAreDisabled                                                    = "metrics are disabled"                                                                   // Warn in ../../app.go
 	NoWalletPathSpecifiedCreatingEphemeralKeyAutomaticallyForThisRun      = "no wallet path specified, creating ephemeral key automatically for this run"            // Info in ../../app.go
@@ -77,4 +79,8 @@ const (
 	ServerReconnectedSuccessfully                                         = "server reconnected successfully"
 	ServerReconnectFailed                                                 = "failed to reconnect server"
 	WarnDuplicateAddress                                                  = "duplicate address"
+	MultinetDialSuccess                                                   = "multinet dial successful"
+	MultinetDialFail                                                      = "multinet dial failed"
+	FailedToLoadMultinetConfig                                            = "failed to load multinet config"
+	MultinetConfigWontBeUpdated                                           = "multinet config won't be updated"
 )

internal/net/config.go

@@ -0,0 +1,68 @@
+package net
+
+import (
+	"errors"
+	"fmt"
+	"net/netip"
+	"slices"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/multinet"
+)
+
+var errEmptySourceIPList = errors.New("empty source IP list")
+
+type Subnet struct {
+	Prefix    string
+	SourceIPs []string
+}
+
+type Config struct {
+	Enabled       bool
+	Subnets       []Subnet
+	Balancer      string
+	Restrict      bool
+	FallbackDelay time.Duration
+	EventHandler  multinet.EventHandler
+}
+
+func (c Config) toMultinetConfig() (multinet.Config, error) {
+	var subnets []multinet.Subnet
+	for _, s := range c.Subnets {
+		var ms multinet.Subnet
+		p, err := netip.ParsePrefix(s.Prefix)
+		if err != nil {
+			return multinet.Config{}, fmt.Errorf("parse IP prefix '%s': %w", s.Prefix, err)
+		}
+		ms.Prefix = p
+		for _, ip := range s.SourceIPs {
+			addr, err := netip.ParseAddr(ip)
+			if err != nil {
+				return multinet.Config{}, fmt.Errorf("parse IP address '%s': %w", ip, err)
+			}
+			ms.SourceIPs = append(ms.SourceIPs, addr)
+		}
+		if len(ms.SourceIPs) == 0 {
+			return multinet.Config{}, errEmptySourceIPList
+		}
+		subnets = append(subnets, ms)
+	}
+	return multinet.Config{
+		Subnets:       subnets,
+		Balancer:      multinet.BalancerType(c.Balancer),
+		Restrict:      c.Restrict,
+		FallbackDelay: c.FallbackDelay,
+		Dialer:        newDefaultDialer(),
+		EventHandler:  c.EventHandler,
+	}, nil
+}
+
+func (c Config) equals(other Config) bool {
+	return c.Enabled == other.Enabled &&
+		slices.EqualFunc(c.Subnets, other.Subnets, func(lhs, rhs Subnet) bool {
+			return lhs.Prefix == rhs.Prefix && slices.Equal(lhs.SourceIPs, rhs.SourceIPs)
+		}) &&
+		c.Balancer == other.Balancer &&
+		c.Restrict == other.Restrict &&
+		c.FallbackDelay == other.FallbackDelay
+}

internal/net/dial_target.go

@@ -0,0 +1,54 @@
+// NOTE: code is taken from https://github.com/grpc/grpc-go/blob/v1.68.x/internal/transport/http_util.go
+
+/*
+ *
+ * Copyright 2014 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package net
+
+import (
+	"net/url"
+	"strings"
+)
+
+// parseDialTarget returns the network and address to pass to dialer.
+func parseDialTarget(target string) (string, string) {
+	net := "tcp"
+	m1 := strings.Index(target, ":")
+	m2 := strings.Index(target, ":/")
+	// handle unix:addr which will fail with url.Parse
+	if m1 >= 0 && m2 < 0 {
+		if n := target[0:m1]; n == "unix" {
+			return n, target[m1+1:]
+		}
+	}
+	if m2 >= 0 {
+		t, err := url.Parse(target)
+		if err != nil {
+			return net, target
+		}
+		scheme := t.Scheme
+		addr := t.Path
+		if scheme == "unix" {
+			if addr == "" {
+				addr = t.Host
+			}
+			return scheme, addr
+		}
+	}
+	return net, target
+}

internal/net/dialer.go

@@ -0,0 +1,36 @@
+package net
+
+import (
+	"net"
+	"syscall"
+	"time"
+
+	"golang.org/x/sys/unix"
+)
+
+func newDefaultDialer() net.Dialer {
+	// From `grpc.WithContextDialer` comment:
+	//
+	// Note: All supported releases of Go (as of December 2023) override the OS
+	// defaults for TCP keepalive time and interval to 15s. To enable TCP keepalive
+	// with OS defaults for keepalive time and interval, use a net.Dialer that sets
+	// the KeepAlive field to a negative value, and sets the SO_KEEPALIVE socket
+	// option to true from the Control field. For a concrete example of how to do
+	// this, see internal.NetDialerWithTCPKeepalive().
+	//
+	// https://github.com/grpc/grpc-go/blob/830135e6c5a351abf75f0c9cfdf978e5df8daeba/dialoptions.go#L432
+	//
+	// From `internal.NetDialerWithTCPKeepalive` comment:
+	//
+	// TODO: Once https://github.com/golang/go/issues/62254 lands, and the
+	// appropriate Go version becomes less than our least supported Go version, we
+	// should look into using the new API to make things more straightforward.
+	return net.Dialer{
+		KeepAlive: time.Duration(-1),
+		Control: func(_, _ string, c syscall.RawConn) error {
+			return c.Control(func(fd uintptr) {
+				_ = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_KEEPALIVE, 1)
+			})
+		},
+	}
+}

internal/net/dialer_source.go

@@ -0,0 +1,69 @@
+package net
+
+import (
+	"context"
+	"net"
+	"sync"
+
+	"git.frostfs.info/TrueCloudLab/multinet"
+)
+
+type DialerSource struct {
+	guard sync.RWMutex
+
+	c Config
+
+	md multinet.Dialer
+}
+
+func NewDialerSource(c Config) (*DialerSource, error) {
+	result := &DialerSource{}
+	if err := result.build(c); err != nil {
+		return nil, err
+	}
+	return result, nil
+}
+
+func (s *DialerSource) build(c Config) error {
+	if c.Enabled {
+		mc, err := c.toMultinetConfig()
+		if err != nil {
+			return err
+		}
+		md, err := multinet.NewDialer(mc)
+		if err != nil {
+			return err
+		}
+		s.md = md
+		s.c = c
+		return nil
+	}
+	s.md = nil
+	s.c = c
+	return nil
+}
+
+// GrpcContextDialer returns grpc.WithContextDialer func.
+// Returns nil if multinet disabled.
+func (s *DialerSource) GrpcContextDialer() func(context.Context, string) (net.Conn, error) {
+	s.guard.RLock()
+	defer s.guard.RUnlock()
+
+	if s.c.Enabled {
+		return func(ctx context.Context, address string) (net.Conn, error) {
+			network, address := parseDialTarget(address)
+			return s.md.DialContext(ctx, network, address)
+		}
+	}
+	return nil
+}
+
+func (s *DialerSource) Update(c Config) error {
+	s.guard.Lock()
+	defer s.guard.Unlock()
+
+	if s.c.equals(c) {
+		return nil
+	}
+	return s.build(c)
+}

internal/net/event_handler.go

@@ -0,0 +1,28 @@
+package net
+
+import (
+	"net"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"go.uber.org/zap"
+)
+
+type LogEventHandler struct {
+	logger *zap.Logger
+}
+
+func (l LogEventHandler) DialPerformed(sourceIP net.Addr, _, address string, err error) {
+	sourceIPString := "undefined"
+	if sourceIP != nil {
+		sourceIPString = sourceIP.Network() + "://" + sourceIP.String()
+	}
+	if err == nil {
+		l.logger.Debug(logs.MultinetDialSuccess, zap.String("source", sourceIPString), zap.String("destination", address))
+	} else {
+		l.logger.Debug(logs.MultinetDialFail, zap.String("source", sourceIPString), zap.String("destination", address), zap.Error(err))
+	}
+}
+
+func NewLogEventHandler(logger *zap.Logger) LogEventHandler {
+	return LogEventHandler{logger: logger}
+}

internal/service/frostfs/frostfs.go

@@ -33,9 +33,9 @@ func NewFrostFS(p *pool.Pool) *FrostFS {
 }
 
 // Container implements frostfs.FrostFS interface method.
-func (x *FrostFS) Container(ctx context.Context, layerPrm handler.PrmContainer) (*container.Container, error) {
+func (x *FrostFS) Container(ctx context.Context, containerPrm handler.PrmContainer) (*container.Container, error) {
 	prm := pool.PrmContainerGet{
-		ContainerID: layerPrm.ContainerID,
+		ContainerID: containerPrm.ContainerID,
 	}
 
 	res, err := x.pool.GetContainer(ctx, prm)

internal/service/frostfs/multi_object_reader.go

@@ -0,0 +1,241 @@
+package frostfs
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+)
+
+// PartInfo is upload information about part.
+type PartInfo struct {
+	Key      string    `json:"key"`
+	UploadID string    `json:"uploadId"`
+	Number   int       `json:"number"`
+	OID      oid.ID    `json:"oid"`
+	Size     uint64    `json:"size"`
+	ETag     string    `json:"etag"`
+	MD5      string    `json:"md5"`
+	Created  time.Time `json:"created"`
+}
+
+type GetFrostFSParams struct {
+	// payload range
+	Off, Ln uint64
+	Addr    oid.Address
+}
+
+type PartObj struct {
+	OID  oid.ID
+	Size uint64
+}
+
+type readerInitiator interface {
+	InitFrostFSObjectPayloadReader(ctx context.Context, p GetFrostFSParams) (io.ReadCloser, error)
+}
+
+// MultiObjectReader implements io.Reader of payloads of the object list stored in the FrostFS network.
+type MultiObjectReader struct {
+	ctx context.Context
+
+	layer readerInitiator
+
+	startPartOffset uint64
+	endPartLength   uint64
+
+	prm GetFrostFSParams
+
+	curIndex  int
+	curReader io.ReadCloser
+
+	parts []PartObj
+}
+
+type MultiObjectReaderConfig struct {
+	Initiator readerInitiator
+
+	// the offset of complete object and total size to read
+	Off, Ln uint64
+
+	Addr  oid.Address
+	Parts []PartObj
+}
+
+var (
+	errOffsetIsOutOfRange = errors.New("offset is out of payload range")
+	errLengthIsOutOfRange = errors.New("length is out of payload range")
+	errEmptyPartsList     = errors.New("empty parts list")
+	errorZeroRangeLength  = errors.New("zero range length")
+)
+
+func (x *FrostFS) InitMultiObjectReader(ctx context.Context, p handler.PrmInitMultiObjectReader) (io.Reader, error) {
+	combinedObj, err := x.GetObject(ctx, handler.PrmObjectGet{
+		PrmAuth: handler.PrmAuth{BearerToken: p.Bearer},
+		Address: p.Addr,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("get combined object '%s': %w", p.Addr.Object().EncodeToString(), err)
+	}
+
+	var parts []*PartInfo
+	if err = json.NewDecoder(combinedObj.Payload).Decode(&parts); err != nil {
+		return nil, fmt.Errorf("unmarshal combined object parts: %w", err)
+	}
+
+	objParts := make([]PartObj, len(parts))
+	for i, part := range parts {
+		objParts[i] = PartObj{
+			OID:  part.OID,
+			Size: part.Size,
+		}
+	}
+
+	return NewMultiObjectReader(ctx, MultiObjectReaderConfig{
+		Initiator: x,
+		Off:       p.Off,
+		Ln:        p.Ln,
+		Parts:     objParts,
+		Addr:      p.Addr,
+	})
+}
+
+func NewMultiObjectReader(ctx context.Context, cfg MultiObjectReaderConfig) (*MultiObjectReader, error) {
+	if len(cfg.Parts) == 0 {
+		return nil, errEmptyPartsList
+	}
+
+	r := &MultiObjectReader{
+		ctx:   ctx,
+		layer: cfg.Initiator,
+		prm: GetFrostFSParams{
+			Addr: cfg.Addr,
+		},
+		parts: cfg.Parts,
+	}
+
+	if cfg.Off+cfg.Ln == 0 {
+		return r, nil
+	}
+
+	if cfg.Off > 0 && cfg.Ln == 0 {
+		return nil, errorZeroRangeLength
+	}
+
+	startPartIndex, startPartOffset := findStartPart(cfg)
+	if startPartIndex == -1 {
+		return nil, errOffsetIsOutOfRange
+	}
+	r.startPartOffset = startPartOffset
+
+	endPartIndex, endPartLength := findEndPart(cfg)
+	if endPartIndex == -1 {
+		return nil, errLengthIsOutOfRange
+	}
+	r.endPartLength = endPartLength
+
+	r.parts = cfg.Parts[startPartIndex : endPartIndex+1]
+
+	return r, nil
+}
+
+func findStartPart(cfg MultiObjectReaderConfig) (index int, offset uint64) {
+	position := cfg.Off
+	for i, part := range cfg.Parts {
+		// Strict inequality when searching for start position to avoid reading zero length part.
+		if position < part.Size {
+			return i, position
+		}
+		position -= part.Size
+	}
+
+	return -1, 0
+}
+
+func findEndPart(cfg MultiObjectReaderConfig) (index int, length uint64) {
+	position := cfg.Off + cfg.Ln
+	for i, part := range cfg.Parts {
+		// Non-strict inequality when searching for end position to avoid out of payload range error.
+		if position <= part.Size {
+			return i, position
+		}
+		position -= part.Size
+	}
+
+	return -1, 0
+}
+
+func (x *MultiObjectReader) Read(p []byte) (n int, err error) {
+	if x.curReader != nil {
+		n, err = x.curReader.Read(p)
+		if err != nil {
+			if closeErr := x.curReader.Close(); closeErr != nil {
+				return n, fmt.Errorf("%w (close err: %v)", err, closeErr)
+			}
+		}
+		if !errors.Is(err, io.EOF) {
+			return n, err
+		}
+
+		x.curIndex++
+	}
+
+	if x.curIndex == len(x.parts) {
+		return n, io.EOF
+	}
+
+	x.prm.Addr.SetObject(x.parts[x.curIndex].OID)
+
+	if x.curIndex == 0 {
+		x.prm.Off = x.startPartOffset
+		x.prm.Ln = x.parts[x.curIndex].Size - x.startPartOffset
+	}
+
+	if x.curIndex == len(x.parts)-1 {
+		x.prm.Ln = x.endPartLength - x.prm.Off
+	}
+
+	x.curReader, err = x.layer.InitFrostFSObjectPayloadReader(x.ctx, x.prm)
+	if err != nil {
+		return n, fmt.Errorf("init payload reader for the next part: %w", err)
+	}
+
+	x.prm.Off = 0
+	x.prm.Ln = 0
+
+	next, err := x.Read(p[n:])
+
+	return n + next, err
+}
+
+// InitFrostFSObjectPayloadReader initializes payload reader of the FrostFS object.
+// Zero range corresponds to full payload (panics if only offset is set).
+func (x *FrostFS) InitFrostFSObjectPayloadReader(ctx context.Context, p GetFrostFSParams) (io.ReadCloser, error) {
+	var prmAuth handler.PrmAuth
+
+	if p.Off+p.Ln != 0 {
+		prm := handler.PrmObjectRange{
+			PrmAuth:      prmAuth,
+			PayloadRange: [2]uint64{p.Off, p.Ln},
+			Address:      p.Addr,
+		}
+
+		return x.RangeObject(ctx, prm)
+	}
+
+	prm := handler.PrmObjectGet{
+		PrmAuth: prmAuth,
+		Address: p.Addr,
+	}
+
+	res, err := x.GetObject(ctx, prm)
+	if err != nil {
+		return nil, err
+	}
+
+	return res.Payload, nil
+}

internal/service/frostfs/multi_object_reader_test.go

@@ -0,0 +1,137 @@
+package frostfs
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"testing"
+
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
+	"github.com/stretchr/testify/require"
+)
+
+type readerInitiatorMock struct {
+	parts map[oid.ID][]byte
+}
+
+func (r *readerInitiatorMock) InitFrostFSObjectPayloadReader(_ context.Context, p GetFrostFSParams) (io.ReadCloser, error) {
+	partPayload, ok := r.parts[p.Addr.Object()]
+	if !ok {
+		return nil, errors.New("part not found")
+	}
+
+	if p.Off+p.Ln == 0 {
+		return io.NopCloser(bytes.NewReader(partPayload)), nil
+	}
+
+	if p.Off > uint64(len(partPayload)-1) {
+		return nil, fmt.Errorf("invalid offset: %d/%d", p.Off, len(partPayload))
+	}
+
+	if p.Off+p.Ln > uint64(len(partPayload)) {
+		return nil, fmt.Errorf("invalid range: %d-%d/%d", p.Off, p.Off+p.Ln, len(partPayload))
+	}
+
+	return io.NopCloser(bytes.NewReader(partPayload[p.Off : p.Off+p.Ln])), nil
+}
+
+func prepareDataReader() ([]byte, []PartObj, *readerInitiatorMock) {
+	mockInitReader := &readerInitiatorMock{
+		parts: map[oid.ID][]byte{
+			oidtest.ID(): []byte("first part 1"),
+			oidtest.ID(): []byte("second part 2"),
+			oidtest.ID(): []byte("third part 3"),
+		},
+	}
+
+	var fullPayload []byte
+	parts := make([]PartObj, 0, len(mockInitReader.parts))
+	for id, payload := range mockInitReader.parts {
+		parts = append(parts, PartObj{OID: id, Size: uint64(len(payload))})
+		fullPayload = append(fullPayload, payload...)
+	}
+
+	return fullPayload, parts, mockInitReader
+}
+
+func TestMultiReader(t *testing.T) {
+	ctx := context.Background()
+
+	fullPayload, parts, mockInitReader := prepareDataReader()
+
+	for _, tc := range []struct {
+		name string
+		off  uint64
+		ln   uint64
+		err  error
+	}{
+		{
+			name: "simple read all",
+		},
+		{
+			name: "simple read with length",
+			ln:   uint64(len(fullPayload)),
+		},
+		{
+			name: "middle of parts",
+			off:  parts[0].Size + 2,
+			ln:   4,
+		},
+		{
+			name: "first and second",
+			off:  parts[0].Size - 4,
+			ln:   8,
+		},
+		{
+			name: "first and third",
+			off:  parts[0].Size - 4,
+			ln:   parts[1].Size + 8,
+		},
+		{
+			name: "second part",
+			off:  parts[0].Size,
+			ln:   parts[1].Size,
+		},
+		{
+			name: "second and third",
+			off:  parts[0].Size,
+			ln:   parts[1].Size + parts[2].Size,
+		},
+		{
+			name: "offset out of range",
+			off:  uint64(len(fullPayload) + 1),
+			ln:   1,
+			err:  errOffsetIsOutOfRange,
+		},
+		{
+			name: "zero length",
+			off:  parts[1].Size + 1,
+			ln:   0,
+			err:  errorZeroRangeLength,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			multiReader, err := NewMultiObjectReader(ctx, MultiObjectReaderConfig{
+				Initiator: mockInitReader,
+				Parts:     parts,
+				Off:       tc.off,
+				Ln:        tc.ln,
+			})
+			require.ErrorIs(t, err, tc.err)
+
+			if tc.err == nil {
+				off := tc.off
+				ln := tc.ln
+				if off+ln == 0 {
+					ln = uint64(len(fullPayload))
+				}
+				data, err := io.ReadAll(multiReader)
+				require.NoError(t, err)
+				require.Equal(t, fullPayload[off:off+ln], data)
+			}
+		})
+	}
+}

internal/service/frostfs/pool_wrapper.go

@@ -0,0 +1,163 @@
+package frostfs
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
+	treepool "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree"
+	grpcService "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree/service"
+)
+
+type GetNodeByPathResponseInfoWrapper struct {
+	response *grpcService.GetNodeByPathResponse_Info
+}
+
+func (n GetNodeByPathResponseInfoWrapper) GetNodeID() []uint64 {
+	return []uint64{n.response.GetNodeId()}
+}
+
+func (n GetNodeByPathResponseInfoWrapper) GetParentID() []uint64 {
+	return []uint64{n.response.GetParentId()}
+}
+
+func (n GetNodeByPathResponseInfoWrapper) GetTimestamp() []uint64 {
+	return []uint64{n.response.GetTimestamp()}
+}
+
+func (n GetNodeByPathResponseInfoWrapper) GetMeta() []tree.Meta {
+	res := make([]tree.Meta, len(n.response.Meta))
+	for i, value := range n.response.Meta {
+		res[i] = value
+	}
+	return res
+}
+
+type PoolWrapper struct {
+	p *treepool.Pool
+}
+
+func NewPoolWrapper(p *treepool.Pool) *PoolWrapper {
+	return &PoolWrapper{p: p}
+}
+
+func (w *PoolWrapper) GetNodes(ctx context.Context, prm *tree.GetNodesParams) ([]tree.NodeResponse, error) {
+	poolPrm := treepool.GetNodesParams{
+		CID:           prm.CnrID,
+		TreeID:        prm.TreeID,
+		Path:          prm.Path,
+		Meta:          prm.Meta,
+		PathAttribute: tree.FileNameKey,
+		LatestOnly:    prm.LatestOnly,
+		AllAttrs:      prm.AllAttrs,
+		BearerToken:   getBearer(ctx),
+	}
+
+	nodes, err := w.p.GetNodes(ctx, poolPrm)
+	if err != nil {
+		return nil, handleError(err)
+	}
+
+	res := make([]tree.NodeResponse, len(nodes))
+	for i, info := range nodes {
+		res[i] = GetNodeByPathResponseInfoWrapper{info}
+	}
+
+	return res, nil
+}
+
+func getBearer(ctx context.Context) []byte {
+	token, err := tokens.LoadBearerToken(ctx)
+	if err != nil {
+		return nil
+	}
+	return token.Marshal()
+}
+
+func handleError(err error) error {
+	if err == nil {
+		return nil
+	}
+	if errors.Is(err, treepool.ErrNodeNotFound) {
+		return fmt.Errorf("%w: %s", tree.ErrNodeNotFound, err.Error())
+	}
+	if errors.Is(err, treepool.ErrNodeAccessDenied) {
+		return fmt.Errorf("%w: %s", tree.ErrNodeAccessDenied, err.Error())
+	}
+
+	return err
+}
+
+func (w *PoolWrapper) GetSubTree(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32, sort bool) ([]tree.NodeResponse, error) {
+	order := treepool.NoneOrder
+	if sort {
+		order = treepool.AscendingOrder
+	}
+	poolPrm := treepool.GetSubTreeParams{
+		CID:         bktInfo.CID,
+		TreeID:      treeID,
+		RootID:      rootID,
+		Depth:       depth,
+		BearerToken: getBearer(ctx),
+		Order:       order,
+	}
+	if len(rootID) == 1 && rootID[0] == 0 {
+		// storage node interprets 'nil' value as []uint64{0}
+		// gate wants to send 'nil' value instead of []uint64{0}, because
+		// it provides compatibility with previous tree service api where
+		// single uint64(0) value is dropped from signature
+		poolPrm.RootID = nil
+	}
+
+	subTreeReader, err := w.p.GetSubTree(ctx, poolPrm)
+	if err != nil {
+		return nil, handleError(err)
+	}
+
+	var subtree []tree.NodeResponse
+
+	node, err := subTreeReader.Next()
+	for err == nil {
+		subtree = append(subtree, GetSubTreeResponseBodyWrapper{node})
+		node, err = subTreeReader.Next()
+	}
+	if err != io.EOF {
+		return nil, handleError(err)
+	}
+
+	return subtree, nil
+}
+
+type GetSubTreeResponseBodyWrapper struct {
+	response *grpcService.GetSubTreeResponse_Body
+}
+
+func (n GetSubTreeResponseBodyWrapper) GetNodeID() []uint64 {
+	return n.response.GetNodeId()
+}
+
+func (n GetSubTreeResponseBodyWrapper) GetParentID() []uint64 {
+	resp := n.response.GetParentId()
+	if resp == nil {
+		// storage sends nil that should be interpreted as []uint64{0}
+		// due to protobuf compatibility, see 'GetSubTree' function
+		return []uint64{0}
+	}
+	return resp
+}
+
+func (n GetSubTreeResponseBodyWrapper) GetTimestamp() []uint64 {
+	return n.response.GetTimestamp()
+}
+
+func (n GetSubTreeResponseBodyWrapper) GetMeta() []tree.Meta {
+	res := make([]tree.Meta, len(n.response.Meta))
+	for i, value := range n.response.Meta {
+		res[i] = value
+	}
+	return res
+}

internal/templates/index.gotmpl

@@ -0,0 +1,90 @@
+{{$bucketName := .BucketName}}
+{{ $prefix := trimPrefix .Prefix }}
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+    <title>Index of s3://{{$bucketName}}/{{if $prefix}}/{{$prefix}}/{{end}}</title>
+    <style>
+        table {
+            width: 80%;
+            border-collapse: collapse;
+        }
+        body {
+            background: #f2f2f2;
+        }
+        table, th, td {
+            border: 0 solid transparent;
+        }
+        th, td {
+            padding: 10px;
+            text-align: left;
+        }
+        th {
+            background-color: #c3bcbc;
+        }
+        tr:nth-child(even) {background-color: #ebe7e7;}
+    </style>
+</head>
+<body>
+<h1>Index of s3://{{$bucketName}}/{{if $prefix}}{{$prefix}}/{{end}}</h1>
+<table>
+    <thead>
+    <tr>
+        <th>Filename</th>
+        <th>Size</th>
+        <th>Created</th>
+        <th>Download</th>
+    </tr>
+    </thead>
+    <tbody>
+    {{ $trimmedPrefix := trimPrefix $prefix }}
+    {{if $trimmedPrefix }}
+        <tr>
+            <td>
+                ⮐<a href="/get/{{$bucketName}}{{ urlencode $trimmedPrefix "" }}">..</a>
+            </td>
+            <td></td>
+            <td></td>
+            <td></td>
+        </tr>
+    {{else}}
+        <tr>
+            <td>
+                ⮐<a href="/get/{{ $bucketName }}/">..</a>
+            </td>
+            <td></td>
+            <td></td>
+            <td></td>
+        </tr>
+    {{end}}
+    {{range .Objects}}
+        <tr>
+            <td>
+                {{if .IsDir}}
+                    🗀
+                    <a href="/get/{{ $bucketName }}{{ urlencode $prefix .FileName }}/">
+                        {{.FileName}}/
+                    </a>
+                {{else}}
+                    🗎
+                    <a href="/get/{{ $bucketName }}{{ urlencode $prefix .FileName }}">
+                        {{.FileName}}
+                    </a>
+                {{end}}
+            </td>
+            <td>{{if not .IsDir}}{{ formatSize .Size }}{{end}}</td>
+            <td>{{if not .IsDir}}{{ formatTimestamp .Created }}{{end}}</td>
+            <td>
+                {{ if not .IsDir }}
+                    <a href="/get/{{ $bucketName}}{{ urlencode $prefix .FileName }}?download=true">
+                        Link
+                    </a>
+                {{ end }}
+            </td>
+        </tr>
+    {{end}}
+    </tbody>
+</table>
+</body>
+</html>

internal/templates/template.go

@@ -0,0 +1,6 @@
+package templates
+
+import _ "embed"
+
+//go:embed index.gotmpl
+var DefaultIndexTemplate string

tokens/bearer-token.go

@@ -52,8 +52,8 @@ func BearerTokenFromCookie(h *fasthttp.RequestHeader) []byte {
 
 // StoreBearerTokenAppCtx extracts a bearer token from the header or cookie and stores
 // it in the application context.
-func StoreBearerTokenAppCtx(ctx context.Context, req *fasthttp.RequestCtx) (context.Context, error) {
-	tkn, err := fetchBearerToken(req)
+func StoreBearerTokenAppCtx(ctx context.Context, c *fasthttp.RequestCtx) (context.Context, error) {
+	tkn, err := fetchBearerToken(c)
 	if err != nil {
 		return nil, err
 	}

tree/tree.go

@@ -2,11 +2,13 @@ package tree
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
@@ -20,6 +22,7 @@ type (
 	// Each method must return ErrNodeNotFound or ErrNodeAccessDenied if relevant.
 	ServiceClient interface {
 		GetNodes(ctx context.Context, p *GetNodesParams) ([]NodeResponse, error)
+		GetSubTree(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32, sort bool) ([]NodeResponse, error)
 	}
 
 	treeNode struct {
@@ -29,6 +32,7 @@ type (
 
 	GetNodesParams struct {
 		CnrID      cid.ID
+		BktInfo    *data.BucketInfo
 		TreeID     string
 		Path       []string
 		Meta       []string
@@ -54,6 +58,7 @@ const (
 
 	// keys for delete marker nodes.
 	isDeleteMarkerKV = "IsDeleteMarker"
+	sizeKV           = "Size"
 
 	// versionTree -- ID of a tree with object versions.
 	versionTree = "version"
@@ -73,26 +78,28 @@ type Meta interface {
 
 type NodeResponse interface {
 	GetMeta() []Meta
-	GetTimestamp() uint64
+	GetTimestamp() []uint64
+	GetNodeID() []uint64
+	GetParentID() []uint64
 }
 
 func newTreeNode(nodeInfo NodeResponse) (*treeNode, error) {
-	treeNode := &treeNode{
+	tNode := &treeNode{
 		Meta: make(map[string]string, len(nodeInfo.GetMeta())),
 	}
 
 	for _, kv := range nodeInfo.GetMeta() {
 		switch kv.GetKey() {
 		case oidKV:
-			if err := treeNode.ObjID.DecodeString(string(kv.GetValue())); err != nil {
+			if err := tNode.ObjID.DecodeString(string(kv.GetValue())); err != nil {
 				return nil, err
 			}
 		default:
-			treeNode.Meta[kv.GetKey()] = string(kv.GetValue())
+			tNode.Meta[kv.GetKey()] = string(kv.GetValue())
 		}
 	}
 
-	return treeNode, nil
+	return tNode, nil
 }
 
 func (n *treeNode) Get(key string) (string, bool) {
@@ -106,29 +113,44 @@ func (n *treeNode) FileName() (string, bool) {
 }
 
 func newNodeVersion(node NodeResponse) (*api.NodeVersion, error) {
-	treeNode, err := newTreeNode(node)
+	tNode, err := newTreeNode(node)
 	if err != nil {
 		return nil, fmt.Errorf("invalid tree node: %w", err)
 	}
 
-	return newNodeVersionFromTreeNode(treeNode), nil
+	return newNodeVersionFromTreeNode(tNode), nil
 }
 
 func newNodeVersionFromTreeNode(treeNode *treeNode) *api.NodeVersion {
 	_, isDeleteMarker := treeNode.Get(isDeleteMarkerKV)
-
+	size, _ := treeNode.Get(sizeKV)
 	version := &api.NodeVersion{
 		BaseNodeVersion: api.BaseNodeVersion{
 			OID: treeNode.ObjID,
 		},
 		DeleteMarker: isDeleteMarker,
+		IsPrefixNode: size == "",
 	}
 
 	return version
 }
 
 func (c *Tree) GetLatestVersion(ctx context.Context, cnrID *cid.ID, objectName string) (*api.NodeVersion, error) {
-	meta := []string{oidKV, isDeleteMarkerKV}
+	nodes, err := c.GetVersions(ctx, cnrID, objectName)
+	if err != nil {
+		return nil, err
+	}
+
+	latestNode, err := getLatestVersionNode(nodes)
+	if err != nil {
+		return nil, err
+	}
+
+	return newNodeVersion(latestNode)
+}
+
+func (c *Tree) GetVersions(ctx context.Context, cnrID *cid.ID, objectName string) ([]NodeResponse, error) {
+	meta := []string{oidKV, isDeleteMarkerKV, sizeKV}
 	path := pathFromName(objectName)
 
 	p := &GetNodesParams{
@@ -139,30 +161,24 @@ func (c *Tree) GetLatestVersion(ctx context.Context, cnrID *cid.ID, objectName s
 		LatestOnly: false,
 		AllAttrs:   false,
 	}
-	nodes, err := c.service.GetNodes(ctx, p)
-	if err != nil {
-		return nil, err
-	}
 
-	latestNode, err := getLatestNode(nodes)
-	if err != nil {
-		return nil, err
-	}
-
-	return newNodeVersion(latestNode)
+	return c.service.GetNodes(ctx, p)
 }
 
-func getLatestNode(nodes []NodeResponse) (NodeResponse, error) {
+func getLatestVersionNode(nodes []NodeResponse) (NodeResponse, error) {
 	var (
 		maxCreationTime uint64
 		targetIndexNode = -1
 	)
 
 	for i, node := range nodes {
-		currentCreationTime := node.GetTimestamp()
-		if checkExistOID(node.GetMeta()) && currentCreationTime > maxCreationTime {
-			maxCreationTime = currentCreationTime
+		if !checkExistOID(node.GetMeta()) {
+			continue
+		}
+
+		if currentCreationTime := getMaxTimestamp(node); currentCreationTime > maxCreationTime {
 			targetIndexNode = i
+			maxCreationTime = currentCreationTime
 		}
 	}
 
@@ -187,3 +203,145 @@ func checkExistOID(meta []Meta) bool {
 func pathFromName(objectName string) []string {
 	return strings.Split(objectName, separator)
 }
+
+func (c *Tree) GetSubTreeByPrefix(ctx context.Context, bktInfo *data.BucketInfo, prefix string, latestOnly bool) ([]NodeResponse, string, error) {
+	rootID, tailPrefix, err := c.determinePrefixNode(ctx, bktInfo, versionTree, prefix)
+	if err != nil {
+		return nil, "", err
+	}
+	subTree, err := c.service.GetSubTree(ctx, bktInfo, versionTree, rootID, 2, false)
+	if err != nil {
+		if errors.Is(err, layer.ErrNodeNotFound) {
+			return nil, "", nil
+		}
+		return nil, "", err
+	}
+
+	nodesMap := make(map[string][]NodeResponse, len(subTree))
+	for _, node := range subTree {
+		if MultiID(rootID).Equal(node.GetNodeID()) {
+			continue
+		}
+
+		fileName := GetFilename(node)
+		if !strings.HasPrefix(fileName, tailPrefix) {
+			continue
+		}
+
+		nodes := nodesMap[fileName]
+
+		// Add all nodes if flag latestOnly is false.
+		// Add all intermediate nodes
+		// and only latest leaf (object) nodes. To do this store and replace last leaf (object) node in nodes[0]
+		if len(nodes) == 0 {
+			nodes = []NodeResponse{node}
+		} else if !latestOnly || isIntermediate(node) {
+			nodes = append(nodes, node)
+		} else if isIntermediate(nodes[0]) {
+			nodes = append([]NodeResponse{node}, nodes...)
+		} else if getMaxTimestamp(node) > getMaxTimestamp(nodes[0]) {
+			nodes[0] = node
+		}
+
+		nodesMap[fileName] = nodes
+	}
+
+	result := make([]NodeResponse, 0, len(subTree))
+	for _, nodes := range nodesMap {
+		result = append(result, nodes...)
+	}
+
+	return result, strings.TrimSuffix(prefix, tailPrefix), nil
+}
+
+func (c *Tree) determinePrefixNode(ctx context.Context, bktInfo *data.BucketInfo, treeID, prefix string) ([]uint64, string, error) {
+	rootID := []uint64{0}
+	path := strings.Split(prefix, separator)
+	tailPrefix := path[len(path)-1]
+
+	if len(path) > 1 {
+		var err error
+		rootID, err = c.getPrefixNodeID(ctx, bktInfo, treeID, path[:len(path)-1])
+		if err != nil {
+			return nil, "", err
+		}
+	}
+
+	return rootID, tailPrefix, nil
+}
+
+func (c *Tree) getPrefixNodeID(ctx context.Context, bktInfo *data.BucketInfo, treeID string, prefixPath []string) ([]uint64, error) {
+	p := &GetNodesParams{
+		CnrID:      bktInfo.CID,
+		BktInfo:    bktInfo,
+		TreeID:     treeID,
+		Path:       prefixPath,
+		LatestOnly: false,
+		AllAttrs:   true,
+	}
+	nodes, err := c.service.GetNodes(ctx, p)
+	if err != nil {
+		return nil, err
+	}
+
+	var intermediateNodes []uint64
+	for _, node := range nodes {
+		if isIntermediate(node) {
+			intermediateNodes = append(intermediateNodes, node.GetNodeID()...)
+		}
+	}
+
+	if len(intermediateNodes) == 0 {
+		return nil, layer.ErrNodeNotFound
+	}
+
+	return intermediateNodes, nil
+}
+
+func GetFilename(node NodeResponse) string {
+	for _, kv := range node.GetMeta() {
+		if kv.GetKey() == FileNameKey {
+			return string(kv.GetValue())
+		}
+	}
+
+	return ""
+}
+
+func isIntermediate(node NodeResponse) bool {
+	if len(node.GetMeta()) != 1 {
+		return false
+	}
+
+	return node.GetMeta()[0].GetKey() == FileNameKey
+}
+
+func getMaxTimestamp(node NodeResponse) uint64 {
+	var maxTimestamp uint64
+
+	for _, timestamp := range node.GetTimestamp() {
+		if timestamp > maxTimestamp {
+			maxTimestamp = timestamp
+		}
+	}
+
+	return maxTimestamp
+}
+
+type MultiID []uint64
+
+func (m MultiID) Equal(id MultiID) bool {
+	seen := make(map[uint64]struct{}, len(m))
+
+	for i := range m {
+		seen[m[i]] = struct{}{}
+	}
+
+	for i := range id {
+		if _, ok := seen[id[i]]; !ok {
+			return false
+		}
+	}
+
+	return true
+}

tree/tree_test.go

@@ -21,10 +21,10 @@ func (m nodeMeta) GetValue() []byte {
 
 type nodeResponse struct {
 	meta      []nodeMeta
-	timestamp uint64
+	timestamp []uint64
 }
 
-func (n nodeResponse) GetTimestamp() uint64 {
+func (n nodeResponse) GetTimestamp() []uint64 {
 	return n.timestamp
 }
 
@@ -36,6 +36,13 @@ func (n nodeResponse) GetMeta() []Meta {
 	return res
 }
 
+func (n nodeResponse) GetNodeID() []uint64 {
+	return nil
+}
+func (n nodeResponse) GetParentID() []uint64 {
+	return nil
+}
+
 func TestGetLatestNode(t *testing.T) {
 	for _, tc := range []struct {
 		name        string
@@ -52,7 +59,7 @@ func TestGetLatestNode(t *testing.T) {
 			name: "one node of the object version",
 			nodes: []NodeResponse{
 				nodeResponse{
-					timestamp: 1,
+					timestamp: []uint64{1},
 					meta: []nodeMeta{
 						{
 							key:   oidKV,
@@ -67,11 +74,11 @@ func TestGetLatestNode(t *testing.T) {
 			name: "one node of the object version and one node of the secondary object",
 			nodes: []NodeResponse{
 				nodeResponse{
-					timestamp: 3,
+					timestamp: []uint64{3},
 					meta:      []nodeMeta{},
 				},
 				nodeResponse{
-					timestamp: 1,
+					timestamp: []uint64{1},
 					meta: []nodeMeta{
 						{
 							key:   oidKV,
@@ -86,11 +93,11 @@ func TestGetLatestNode(t *testing.T) {
 			name: "all nodes represent a secondary object",
 			nodes: []NodeResponse{
 				nodeResponse{
-					timestamp: 3,
+					timestamp: []uint64{3},
 					meta:      []nodeMeta{},
 				},
 				nodeResponse{
-					timestamp: 5,
+					timestamp: []uint64{5},
 					meta:      []nodeMeta{},
 				},
 			},
@@ -100,7 +107,7 @@ func TestGetLatestNode(t *testing.T) {
 			name: "several nodes of different types and with different timestamp",
 			nodes: []NodeResponse{
 				nodeResponse{
-					timestamp: 1,
+					timestamp: []uint64{1},
 					meta: []nodeMeta{
 						{
 							key:   oidKV,
@@ -109,11 +116,11 @@ func TestGetLatestNode(t *testing.T) {
 					},
 				},
 				nodeResponse{
-					timestamp: 3,
+					timestamp: []uint64{3},
 					meta:      []nodeMeta{},
 				},
 				nodeResponse{
-					timestamp: 4,
+					timestamp: []uint64{4},
 					meta: []nodeMeta{
 						{
 							key:   oidKV,
@@ -122,7 +129,7 @@ func TestGetLatestNode(t *testing.T) {
 					},
 				},
 				nodeResponse{
-					timestamp: 6,
+					timestamp: []uint64{6},
 					meta:      []nodeMeta{},
 				},
 			},
@@ -130,7 +137,7 @@ func TestGetLatestNode(t *testing.T) {
 		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
-			actualNode, err := getLatestNode(tc.nodes)
+			actualNode, err := getLatestVersionNode(tc.nodes)
 			if tc.error {
 				require.Error(t, err)
 				return

utils/util.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
 )
 
 // SetContextToRequest adds new context to fasthttp request.
@@ -15,3 +16,34 @@ func SetContextToRequest(ctx context.Context, c *fasthttp.RequestCtx) {
 func GetContextFromRequest(c *fasthttp.RequestCtx) context.Context {
 	return c.UserValue("context").(context.Context)
 }
+
+type ctxReqLoggerKeyType struct{}
+
+// SetReqLog sets child zap.Logger in the context.
+func SetReqLog(ctx context.Context, log *zap.Logger) context.Context {
+	if ctx == nil {
+		return nil
+	}
+	return context.WithValue(ctx, ctxReqLoggerKeyType{}, log)
+}
+
+// GetReqLog returns log if set.
+// If zap.Logger isn't set returns nil.
+func GetReqLog(ctx context.Context) *zap.Logger {
+	if ctx == nil {
+		return nil
+	} else if r, ok := ctx.Value(ctxReqLoggerKeyType{}).(*zap.Logger); ok {
+		return r
+	}
+	return nil
+}
+
+// GetReqLogOrDefault returns log from context, if it exists.
+// If the log is missing from the context, the default logger is returned.
+func GetReqLogOrDefault(ctx context.Context, defaultLog *zap.Logger) *zap.Logger {
+	log := GetReqLog(ctx)
+	if log == nil {
+		log = defaultLog
+	}
+	return log
+}