Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7109 Commits
37 Branches
296 Tags
161 MiB
Tree: 101e6d80b0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '101e6d80b0'
${ noResults }
seaweedfs/weed/s3api/s3api_server.go

209 lines
9.6 KiB
Raw Normal View History

add list all my buckets
7 years ago
s3: use bucket in the domain fix https://github.com/chrislusf/seaweedfs/issues/1405
4 years ago
support acl
5 years ago
multiplate DomainNames through comma
4 years ago
s3: subscribe to s3.configure changes
4 years ago
support acl
5 years ago
Add liveness\readiness probe for s3 api handler on /status path
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
Add liveness\readiness probe for s3 api handler on /status path
3 years ago
merge master, resolve conflicts
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add list all my buckets
7 years ago
adding grpc mutual tls
6 years ago
add list all my buckets
7 years ago
change server address from string to a type
3 years ago
s3: use bucket in the domain fix https://github.com/chrislusf/seaweedfs/issues/1405
4 years ago
support acl
5 years ago
add list all my buckets
7 years ago
add bucket creation and deletion 1. option for "weed s3 -filer.dir.buckets" to choose a folder for buckets 2. create a bucket 3. delete a bucket, recursively delete all metadata on filer
7 years ago
adding grpc mutual tls
6 years ago
s3: add option for "alllowEmptyFolder"
4 years ago
add list all my buckets
7 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
add list all my buckets
7 years ago
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client - one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
3 years ago
add list all my buckets
7 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
add list all my buckets
7 years ago
s3: subscribe to s3.configure changes
4 years ago
add list all my buckets
7 years ago
Add liveness\readiness probe for s3 api handler on /status path
3 years ago
add list all my buckets
7 years ago
multiplate DomainNames through comma
4 years ago
add list all my buckets
7 years ago
add s3 upload, and removing mono and multi part upload analyzer removing mono and multi part upload analyzer, which were used just to determine the file name
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV2Handler
7 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
use backticks instead of double quotes to avoid escaped additionally in regex
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
refactoring
4 years ago
add place holders for multiplarts upload
6 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
add place holders for multiplarts upload
6 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
add place holders for multiplarts upload
6 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: Added support for "List" action in weed s3 -config=... in the config file. fix https://github.com/chrislusf/seaweedfs/issues/1511
4 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
refactoring
4 years ago
working S3 multipart uploads
6 years ago
refactoring
4 years ago
s3 add HEAD DELETE
7 years ago
refactoring
4 years ago
add list all my buckets
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV1
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add support for PostPolicy fix https://github.com/chrislusf/seaweedfs/issues/1426
4 years ago
preparing to support S3 multipart uploads
6 years ago
refactoring
4 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
fix DeleteBucketLifecycleConfiguration
3 years ago
s3: skip permission checking for creating bucket if the bucket already exists fix https://github.com/chrislusf/seaweedfs/issues/2417 Rclone was trying to create the bucket even though the bucket already exists.
3 years ago
fix DeleteBucketLifecycleConfiguration
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add list all my buckets
7 years ago
s3: support config action Admin:bucket
4 years ago
add list all my buckets
7 years ago
refactor
4 years ago
add list all my buckets
7 years ago
  1. package s3api
  3. import (
  4. "fmt"
  5. "net/http"
  6. "strings"
  7. "time"
  9. "github.com/chrislusf/seaweedfs/weed/filer"
  10. "github.com/chrislusf/seaweedfs/weed/pb"
  11. . "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
  12. "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
  13. "github.com/chrislusf/seaweedfs/weed/security"
  14. "github.com/chrislusf/seaweedfs/weed/util"
  15. "github.com/gorilla/mux"
  16. "google.golang.org/grpc"
  17. )
  19. type S3ApiServerOption struct {
  20. Filer pb.ServerAddress
  21. Port int
  22. Config string
  23. DomainName string
  24. BucketsPath string
  25. GrpcDialOption grpc.DialOption
  26. AllowEmptyFolder bool
  27. }
  29. type S3ApiServer struct {
  30. option *S3ApiServerOption
  31. iam *IdentityAccessManagement
  32. randomClientId int32
  33. filerGuard *security.Guard
  34. }
  36. func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) {
  37. v := util.GetViper()
  38. signingKey := v.GetString("jwt.filer_signing.key")
  39. v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
  40. expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
  42. readSigningKey := v.GetString("jwt.filer_signing.read.key")
  43. v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
  44. readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
  46. s3ApiServer = &S3ApiServer{
  47. option: option,
  48. iam: NewIdentityAccessManagement(option),
  49. randomClientId: util.RandomInt32(),
  50. filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
  51. }
  53. s3ApiServer.registerRouter(router)
  55. go s3ApiServer.subscribeMetaEvents("s3", filer.IamConfigDirecotry+"/"+filer.IamIdentityFile, time.Now().UnixNano())
  56. return s3ApiServer, nil
  57. }
  59. func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
  60. // API Router
  61. apiRouter := router.PathPrefix("/").Subrouter()
  63. // Readiness Probe
  64. apiRouter.Methods("GET").Path("/status").HandlerFunc(s3a.StatusHandler)
  66. var routers []*mux.Router
  67. if s3a.option.DomainName != "" {
  68. domainNames := strings.Split(s3a.option.DomainName, ",")
  69. for _, domainName := range domainNames {
  70. routers = append(routers, apiRouter.Host(
  71. fmt.Sprintf("%s.%s:%d", "{bucket:.+}", domainName, s3a.option.Port)).Subrouter())
  72. routers = append(routers, apiRouter.Host(
  73. fmt.Sprintf("%s.%s", "{bucket:.+}", domainName)).Subrouter())
  74. }
  75. }
  76. routers = append(routers, apiRouter.PathPrefix("/{bucket}").Subrouter())
  78. for _, bucket := range routers {
  80. // each case should follow the next rule:
  81. // - requesting object with query must precede any other methods
  82. // - requesting object must precede any methods with buckets
  83. // - requesting bucket with query must precede raw methods with buckets
  84. // - requesting bucket must be processed in the end
  86. // objects with query
  88. // CopyObjectPart
  89. bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.iam.Auth(s3a.CopyObjectPartHandler, ACTION_WRITE), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  90. // PutObjectPart
  91. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectPartHandler, ACTION_WRITE), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  92. // CompleteMultipartUpload
  93. bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.CompleteMultipartUploadHandler, ACTION_WRITE), "POST")).Queries("uploadId", "{uploadId:.*}")
  94. // NewMultipartUpload
  95. bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.NewMultipartUploadHandler, ACTION_WRITE), "POST")).Queries("uploads", "")
  96. // AbortMultipartUpload
  97. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.AbortMultipartUploadHandler, ACTION_WRITE), "DELETE")).Queries("uploadId", "{uploadId:.*}")
  98. // ListObjectParts
  99. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.ListObjectPartsHandler, ACTION_READ), "GET")).Queries("uploadId", "{uploadId:.*}")
  100. // ListMultipartUploads
  101. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.ListMultipartUploadsHandler, ACTION_READ), "GET")).Queries("uploads", "")
  103. // GetObjectTagging
  104. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.GetObjectTaggingHandler, ACTION_READ), "GET")).Queries("tagging", "")
  105. // PutObjectTagging
  106. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectTaggingHandler, ACTION_TAGGING), "PUT")).Queries("tagging", "")
  107. // DeleteObjectTagging
  108. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING), "DELETE")).Queries("tagging", "")
  110. // PutObjectACL
  111. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectAclHandler, ACTION_WRITE), "PUT")).Queries("acl", "")
  112. // PutObjectRetention
  113. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectRetentionHandler, ACTION_WRITE), "PUT")).Queries("retention", "")
  114. // PutObjectLegalHold
  115. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectLegalHoldHandler, ACTION_WRITE), "PUT")).Queries("legal-hold", "")
  116. // PutObjectLockConfiguration
  117. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE), "PUT")).Queries("object-lock", "")
  119. // GetObjectACL
  120. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.GetObjectAclHandler, ACTION_READ), "GET")).Queries("acl", "")
  122. // objects with query
  124. // raw objects
  126. // HeadObject
  127. bucket.Methods("HEAD").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.HeadObjectHandler, ACTION_READ), "GET"))
  129. // GetObject, but directory listing is not supported
  130. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.GetObjectHandler, ACTION_READ), "GET"))
  132. // CopyObject
  133. bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.iam.Auth(s3a.CopyObjectHandler, ACTION_WRITE), "COPY"))
  134. // PutObject
  135. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.PutObjectHandler, ACTION_WRITE), "PUT"))
  136. // DeleteObject
  137. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteObjectHandler, ACTION_WRITE), "DELETE"))
  139. // raw objects
  141. // buckets with query
  143. // DeleteMultipleObjects
  144. bucket.Methods("POST").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE), "DELETE")).Queries("delete", "")
  146. // GetBucketACL
  147. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketAclHandler, ACTION_READ), "GET")).Queries("acl", "")
  148. // PutBucketACL
  149. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketAclHandler, ACTION_WRITE), "PUT")).Queries("acl", "")
  151. // GetBucketPolicy
  152. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketPolicyHandler, ACTION_READ), "GET")).Queries("policy", "")
  153. // PutBucketPolicy
  154. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketPolicyHandler, ACTION_WRITE), "PUT")).Queries("policy", "")
  155. // DeleteBucketPolicy
  156. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketPolicyHandler, ACTION_WRITE), "DELETE")).Queries("policy", "")
  158. // GetBucketCors
  159. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketCorsHandler, ACTION_READ), "GET")).Queries("cors", "")
  160. // PutBucketCors
  161. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketCorsHandler, ACTION_WRITE), "PUT")).Queries("cors", "")
  162. // DeleteBucketCors
  163. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketCorsHandler, ACTION_WRITE), "DELETE")).Queries("cors", "")
  165. // GetBucketLifecycleConfiguration
  166. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ), "GET")).Queries("lifecycle", "")
  167. // PutBucketLifecycleConfiguration
  168. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE), "PUT")).Queries("lifecycle", "")
  169. // DeleteBucketLifecycleConfiguration
  170. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE), "DELETE")).Queries("lifecycle", "")
  172. // GetBucketLocation
  173. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketLocationHandler, ACTION_READ), "GET")).Queries("location", "")
  175. // GetBucketRequestPayment
  176. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketRequestPaymentHandler, ACTION_READ), "GET")).Queries("requestPayment", "")
  178. // ListObjectsV2
  179. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.ListObjectsV2Handler, ACTION_LIST), "LIST")).Queries("list-type", "2")
  181. // buckets with query
  183. // raw buckets
  185. // PostPolicy
  186. bucket.Methods("POST").HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.iam.Auth(s3a.PostPolicyBucketHandler, ACTION_WRITE), "POST"))
  188. // HeadBucket
  189. bucket.Methods("HEAD").HandlerFunc(track(s3a.iam.Auth(s3a.HeadBucketHandler, ACTION_READ), "GET"))
  191. // PutBucket
  192. bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT"))
  193. // DeleteBucket
  194. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketHandler, ACTION_WRITE), "DELETE"))
  196. // ListObjectsV1 (Legacy)
  197. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.ListObjectsV1Handler, ACTION_LIST), "LIST"))
  199. // raw buckets
  201. }
  203. // ListBuckets
  204. apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.ListBucketsHandler, "LIST"))
  206. // NotFound
  207. apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
  209. }