-
Notifications
You must be signed in to change notification settings - Fork 5
/
bucket_policy_handlers.go
126 lines (114 loc) · 4.11 KB
/
bucket_policy_handlers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package s3api
import (
"bytes"
"encoding/json"
"github.com/dustin/go-humanize"
"github.com/filedag-project/filedag-storage/objectservice/apierrors"
"github.com/filedag-project/filedag-storage/objectservice/pkg/policy"
"github.com/filedag-project/filedag-storage/objectservice/pkg/s3action"
"github.com/filedag-project/filedag-storage/objectservice/response"
"github.com/filedag-project/filedag-storage/objectservice/store"
"io"
"io/ioutil"
"net/http"
)
const maxBucketPolicySize = 20 * humanize.KiByte
//PutBucketPolicyHandler Put BucketPolicy
//https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html
func (s3a *s3ApiServer) PutBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
bucket, _, _ := getBucketAndObject(r)
log.Infof("PutBucketPolicyHandler %s", bucket)
cred, _, s3err := s3a.authSys.CheckRequestAuthTypeCredential(r.Context(), r, s3action.PutBucketPolicyAction, bucket, "")
if s3err != apierrors.ErrNone {
response.WriteErrorResponse(w, r, s3err)
return
}
if r.ContentLength <= 0 {
response.WriteErrorResponse(w, r, apierrors.ErrMissingContentLength)
return
}
// Error out if Content-Length is beyond allowed size.
if r.ContentLength > maxBucketPolicySize {
response.WriteErrorResponse(w, r, apierrors.ErrIncompleteBody)
return
}
bucketPolicyBytes, err := ioutil.ReadAll(io.LimitReader(r.Body, r.ContentLength))
if err != nil {
response.WriteErrorResponse(w, r, apierrors.ErrInvalidPolicyDocument)
return
}
bucketPolicy, err := policy.ParseConfig(bytes.NewReader(bucketPolicyBytes), bucket)
if err != nil {
response.WriteErrorResponse(w, r, apierrors.ErrMalformedPolicy)
return
}
correct := false
for _, st := range bucketPolicy.Statements {
selfPolicy, err := store.GetSelfPolicy(cred.AccessKey, bucket)
if err != nil {
response.WriteErrorResponse(w, r, apierrors.ErrInternalError)
return
}
if st.Equals(selfPolicy) {
correct = true
}
}
if !correct {
response.WriteErrorResponse(w, r, apierrors.ErrMalformedPolicy)
return
}
//// Version in policy must not be empty
//if bucketPolicy.Version == "" {
// response.WriteErrorResponse(w, r, apierrors.ErrMalformedPolicy)
// return
//}
if err = s3a.bmSys.UpdateBucketPolicy(r.Context(), bucket, bucketPolicy); err != nil {
log.Errorf("PutBucketPolicyHandler UpdateBucketPolicy err:%v", err)
response.WriteErrorResponse(w, r, apierrors.ToApiError(r.Context(), err))
return
}
response.WriteSuccessNoContent(w)
}
//DeleteBucketPolicyHandler Delete BucketPolicy
//https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html
func (s3a *s3ApiServer) DeleteBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
bucket, _, _ := getBucketAndObject(r)
ctx := r.Context()
log.Infof("DeleteBucketPolicyHandler %s", bucket)
_, _, s3err := s3a.authSys.CheckRequestAuthTypeCredential(ctx, r, s3action.DeleteBucketPolicyAction, bucket, "")
if s3err != apierrors.ErrNone {
response.WriteErrorResponse(w, r, s3err)
return
}
if err := s3a.bmSys.DeleteBucketPolicy(ctx, bucket); err != nil {
log.Errorf("DeleteBucketPolicyHandler DeleteBucketPolicy err:%v", err)
response.WriteErrorResponse(w, r, apierrors.ToApiError(ctx, err))
return
}
// Success.
response.WriteSuccessResponseHeadersOnly(w, r)
}
//GetBucketPolicyHandler Get BucketPolicy
//https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html
func (s3a *s3ApiServer) GetBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
bucket, _, _ := getBucketAndObject(r)
ctx := r.Context()
log.Infof("GetBucketPolicyHandler %s", bucket)
_, _, s3err := s3a.authSys.CheckRequestAuthTypeCredential(ctx, r, s3action.GetBucketPolicyAction, bucket, "")
if s3err != apierrors.ErrNone {
response.WriteErrorResponse(w, r, s3err)
return
}
// Read bucket access policy.
config, err := s3a.bmSys.GetPolicyConfig(ctx, bucket)
if err != nil {
response.WriteErrorResponse(w, r, apierrors.ToApiError(ctx, err))
return
}
configData, err := json.Marshal(config)
if err != nil {
response.WriteErrorResponse(w, r, apierrors.ErrMalformedJSON)
return
}
response.WriteSuccessResponseJSONOnlyData(w, r, configData)
}