Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10925 Commits
33 Branches
301 Tags
192 MiB
Tree: 1dfd87dfe8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1dfd87dfe8'
${ noResults }
seaweedfs/weed/s3api/s3api_server.go

303 lines
14 KiB
Raw Normal View History

add list all my buckets
7 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
s3: use bucket in the domain fix https://github.com/chrislusf/seaweedfs/issues/1405
5 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
support acl
5 years ago
multiplate DomainNames through comma
4 years ago
s3: subscribe to s3.configure changes
4 years ago
support acl
5 years ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
add list all my buckets
7 years ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
Added tls for http clients (#5766) * Added global http client * Added Do func for global http client * Changed the code to use the global http client * Fix http client in volume uploader * Fixed pkg name * Fixed http util funcs * Fixed http client for bench_filer_upload * Fixed http client for stress_filer_upload * Fixed http client for filer_server_handlers_proxy * Fixed http client for command_fs_merge_volumes * Fixed http client for command_fs_merge_volumes and command_volume_fsck * Fixed http client for s3api_server * Added init global client for main funcs * Rename global_client to client * Changed: - fixed NewHttpClient; - added CheckIsHttpsClientEnabled func - updated security.toml in scaffold * Reduce the visibility of some functions in the util/http/client pkg * Added the loadSecurityConfig function * Use util.LoadSecurityConfiguration() in NewHttpClient func
8 months ago
also use `/healthz` for most consistent health check
7 months ago
add list all my buckets
7 years ago
bring to the rules of naming general purpose containers
7 months ago
fix test
7 months ago
bring to the rules of naming general purpose containers
7 months ago
add list all my buckets
7 years ago
allowDeleteBucketNotEmpty
3 years ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
allowDeleteBucketNotEmpty
3 years ago
avoid DATA RACE on S3Options.localFilerSocket (#3571) * avoid DATA RACE on S3Options.localFilerSocket https://github.com/seaweedfs/seaweedfs/issues/3552 * copy localSocket
3 years ago
filer prefer volume server in same data center (#3405) * initial prefer same data center https://github.com/seaweedfs/seaweedfs/issues/3404 * GetDataCenter * prefer same data center for ReplicationSource * GetDataCenterId * remove glog
3 years ago
Use filerGroup for s3 buckets collection prefix (#4465) * Use filerGroup for s3 buckets collection prefix * Fix templates * Remove flags * Remove s3CollectionPrefix
2 years ago
add list all my buckets
7 years ago
s3: add grpc server to accept configuration changes
3 years ago
add client id for all metadata listening clients
3 years ago
add s3 circuit breaker support for 'simultaneous request count' and 'simultaneous request bytes' limitations configure s3 circuit breaker by 'command_s3_circuitbreaker.go': usage eg: # Configure the number of simultaneous global (current s3api node) requests s3.circuit.breaker -global -type count -actions Write -values 1000 -apply # Configure the number of simultaneous requests for bucket x read and write s3.circuit.breaker -buckets -type count -actions Read,Write -values 1000 -apply # Configure the total bytes of simultaneous requests for bucket write s3.circuit.breaker -buckets -type bytes -actions Write -values 100MiB -apply # Disable circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -enable false -apply # Delete circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -delete -apply
3 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
Added tls for http clients (#5766) * Added global http client * Added Do func for global http client * Changed the code to use the global http client * Fix http client in volume uploader * Fixed pkg name * Fixed http util funcs * Fixed http client for bench_filer_upload * Fixed http client for stress_filer_upload * Fixed http client for filer_server_handlers_proxy * Fixed http client for command_fs_merge_volumes * Fixed http client for command_fs_merge_volumes and command_volume_fsck * Fixed http client for s3api_server * Added init global client for main funcs * Rename global_client to client * Changed: - fixed NewHttpClient; - added CheckIsHttpsClientEnabled func - updated security.toml in scaffold * Reduce the visibility of some functions in the util/http/client pkg * Added the loadSecurityConfig function * Use util.LoadSecurityConfiguration() in NewHttpClient func
8 months ago
s3: sync bucket info from filer (#3759)
3 years ago
add list all my buckets
7 years ago
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client - one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
3 years ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
add list all my buckets
7 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
add s3 circuit breaker support for 'simultaneous request count' and 'simultaneous request bytes' limitations configure s3 circuit breaker by 'command_s3_circuitbreaker.go': usage eg: # Configure the number of simultaneous global (current s3api node) requests s3.circuit.breaker -global -type count -actions Write -values 1000 -apply # Configure the number of simultaneous requests for bucket x read and write s3.circuit.breaker -buckets -type count -actions Read,Write -values 1000 -apply # Configure the total bytes of simultaneous requests for bucket write s3.circuit.breaker -buckets -type bytes -actions Write -values 100MiB -apply # Disable circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -enable false -apply # Delete circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -delete -apply
3 years ago
add list all my buckets
7 years ago
[s3] do reload s3 static config (#4923) * do reload s3 config * print error on reload s3 config * print success msg * Update weed/s3api/s3api_server.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com>
1 year ago
fix
1 year ago
[s3] do reload s3 static config (#4923) * do reload s3 config * print error on reload s3 config * print success msg * Update weed/s3api/s3api_server.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com>
1 year ago
s3: sync bucket info from filer (#3759)
3 years ago
avoid DATA RACE on S3Options.localFilerSocket (#3571) * avoid DATA RACE on S3Options.localFilerSocket https://github.com/seaweedfs/seaweedfs/issues/3552 * copy localSocket
3 years ago
Added tls for http clients (#5766) * Added global http client * Added Do func for global http client * Changed the code to use the global http client * Fix http client in volume uploader * Fixed pkg name * Fixed http util funcs * Fixed http client for bench_filer_upload * Fixed http client for stress_filer_upload * Fixed http client for filer_server_handlers_proxy * Fixed http client for command_fs_merge_volumes * Fixed http client for command_fs_merge_volumes and command_volume_fsck * Fixed http client for s3api_server * Added init global client for main funcs * Rename global_client to client * Changed: - fixed NewHttpClient; - added CheckIsHttpsClientEnabled func - updated security.toml in scaffold * Reduce the visibility of some functions in the util/http/client pkg * Added the loadSecurityConfig function * Use util.LoadSecurityConfiguration() in NewHttpClient func
8 months ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
avoid DATA RACE on S3Options.localFilerSocket (#3571) * avoid DATA RACE on S3Options.localFilerSocket https://github.com/seaweedfs/seaweedfs/issues/3552 * copy localSocket
3 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
add list all my buckets
7 years ago
s3: sync bucket info from filer (#3759)
3 years ago
add list all my buckets
7 years ago
Add liveness\readiness probe for s3 api handler on /status path
4 years ago
refactor all methods strings to const (#5726)
9 months ago
also use `/healthz` for most consistent health check
7 months ago
Add liveness\readiness probe for s3 api handler on /status path
4 years ago
refactor all methods strings to const (#5726)
9 months ago
fix:Handle preflight cors requests (#3496)
3 years ago
Set allowed origins in config (#5109) * Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
1 year ago
fix:Handle preflight cors requests (#3496)
3 years ago
Handle preflight cors requests (#3481)
3 years ago
add list all my buckets
7 years ago
multiplate DomainNames through comma
4 years ago
add list all my buckets
7 years ago
add s3 upload, and removing mono and multi part upload analyzer removing mono and multi part upload analyzer, which were used just to determine the file name
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV2Handler
7 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
bring to the rules of naming general purpose containers
7 months ago
add place holders for multiplarts upload
7 years ago
bring to the rules of naming general purpose containers
7 months ago
add place holders for multiplarts upload
7 years ago
bring to the rules of naming general purpose containers
7 months ago
add place holders for multiplarts upload
7 years ago
bring to the rules of naming general purpose containers
7 months ago
add place holders for multiplarts upload
7 years ago
bring to the rules of naming general purpose containers
7 months ago
add place holders for multiplarts upload
7 years ago
bring to the rules of naming general purpose containers
7 months ago
add place holders for multiplarts upload
7 years ago
refactor all methods strings to const (#5726)
9 months ago
add place holders for multiplarts upload
7 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
5 years ago
bring to the rules of naming general purpose containers
7 months ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
5 years ago
bring to the rules of naming general purpose containers
7 months ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
5 years ago
bring to the rules of naming general purpose containers
7 months ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
5 years ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
4 years ago
bring to the rules of naming general purpose containers
7 months ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
4 years ago
bring to the rules of naming general purpose containers
7 months ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
4 years ago
bring to the rules of naming general purpose containers
7 months ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
4 years ago
bring to the rules of naming general purpose containers
7 months ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
4 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
bring to the rules of naming general purpose containers
7 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
bring to the rules of naming general purpose containers
7 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
bring to the rules of naming general purpose containers
7 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
bring to the rules of naming general purpose containers
7 months ago
working S3 multipart uploads
7 years ago
bring to the rules of naming general purpose containers
7 months ago
s3 add HEAD DELETE
7 years ago
bring to the rules of naming general purpose containers
7 months ago
add list all my buckets
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV1
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add support for PostPolicy fix https://github.com/chrislusf/seaweedfs/issues/1426
5 years ago
preparing to support S3 multipart uploads
7 years ago
refactor all methods strings to const (#5726)
9 months ago
AclHandlers
4 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
refactor all methods strings to const (#5726)
9 months ago
AclHandlers
4 years ago
s3 api add default response for GetBucketVersioning
1 year ago
refactor all methods strings to const (#5726)
9 months ago
s3 api add default response for GetBucketVersioning
1 year ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
AclHandlers
4 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add ownership rest apis (#3765)
3 years ago
refactor all methods strings to const (#5726)
9 months ago
add ownership rest apis (#3765)
3 years ago
refactor all methods strings to const (#5726)
9 months ago
add ownership rest apis (#3765)
3 years ago
refactor all methods strings to const (#5726)
9 months ago
AclHandlers
4 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
4 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
fix DeleteBucketLifecycleConfiguration
3 years ago
refactor all methods strings to const (#5726)
9 months ago
refactor: put the auth outside (#5313)
1 year ago
fix DeleteBucketLifecycleConfiguration
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
refactor all methods strings to const (#5726)
9 months ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add list all my buckets
7 years ago
refactor all methods strings to const (#5726)
9 months ago
add list all my buckets
7 years ago
refactor
4 years ago
add list all my buckets
7 years ago
  1. package s3api
  3. import (
  4. "context"
  5. "fmt"
  6. "net"
  7. "net/http"
  8. "strings"
  9. "time"
  11. "github.com/seaweedfs/seaweedfs/weed/filer"
  12. "github.com/seaweedfs/seaweedfs/weed/glog"
  13. "github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
  14. "github.com/seaweedfs/seaweedfs/weed/util/grace"
  16. "github.com/gorilla/mux"
  17. "github.com/seaweedfs/seaweedfs/weed/pb"
  18. . "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
  19. "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
  20. "github.com/seaweedfs/seaweedfs/weed/security"
  21. "github.com/seaweedfs/seaweedfs/weed/util"
  22. util_http "github.com/seaweedfs/seaweedfs/weed/util/http"
  23. util_http_client "github.com/seaweedfs/seaweedfs/weed/util/http/client"
  24. "google.golang.org/grpc"
  25. )
  27. const (
  28. BucketPathTpl = "/{object:[a-z0-9].+[a-z0-9]}"
  29. )
  31. type S3ApiServerOption struct {
  32. Filer pb.ServerAddress
  33. Port int
  34. Config string
  35. DomainName string
  36. AllowedOrigins []string
  37. BucketsPath string
  38. GrpcDialOption grpc.DialOption
  39. AllowEmptyFolder bool
  40. AllowDeleteBucketNotEmpty bool
  41. LocalFilerSocket string
  42. DataCenter string
  43. FilerGroup string
  44. }
  46. type S3ApiServer struct {
  47. s3_pb.UnimplementedSeaweedS3Server
  48. option *S3ApiServerOption
  49. iam *IdentityAccessManagement
  50. cb *CircuitBreaker
  51. randomClientId int32
  52. filerGuard *security.Guard
  53. client util_http_client.HTTPClientInterface
  54. bucketRegistry *BucketRegistry
  55. }
  57. func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) {
  58. v := util.GetViper()
  59. signingKey := v.GetString("jwt.filer_signing.key")
  60. v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
  61. expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
  63. readSigningKey := v.GetString("jwt.filer_signing.read.key")
  64. v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
  65. readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
  67. v.SetDefault("cors.allowed_origins.values", "*")
  69. if (option.AllowedOrigins == nil) || (len(option.AllowedOrigins) == 0) {
  70. allowedOrigins := v.GetString("cors.allowed_origins.values")
  71. domains := strings.Split(allowedOrigins, ",")
  72. option.AllowedOrigins = domains
  73. }
  75. s3ApiServer = &S3ApiServer{
  76. option: option,
  77. iam: NewIdentityAccessManagement(option),
  78. randomClientId: util.RandomInt32(),
  79. filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
  80. cb: NewCircuitBreaker(option),
  81. }
  82. if option.Config != "" {
  83. grace.OnReload(func() {
  84. if err := s3ApiServer.iam.loadS3ApiConfigurationFromFile(option.Config); err != nil {
  85. glog.Errorf("fail to load config file %s: %v", option.Config, err)
  86. } else {
  87. glog.V(0).Infof("Loaded %d identities from config file %s", len(s3ApiServer.iam.identities), option.Config)
  88. }
  89. })
  90. }
  91. s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer)
  92. if option.LocalFilerSocket == "" {
  93. if s3ApiServer.client, err = util_http.NewGlobalHttpClient(); err != nil {
  94. return nil, err
  95. }
  96. } else {
  97. s3ApiServer.client = &http.Client{
  98. Transport: &http.Transport{
  99. DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
  100. return net.Dial("unix", option.LocalFilerSocket)
  101. },
  102. },
  103. }
  104. }
  106. s3ApiServer.registerRouter(router)
  108. go s3ApiServer.subscribeMetaEvents("s3", time.Now().UnixNano(), filer.DirectoryEtcRoot, []string{option.BucketsPath})
  109. return s3ApiServer, nil
  110. }
  112. func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
  113. // API Router
  114. apiRouter := router.PathPrefix("/").Subrouter()
  116. // Readiness Probe
  117. apiRouter.Methods(http.MethodGet).Path("/status").HandlerFunc(s3a.StatusHandler)
  118. apiRouter.Methods(http.MethodGet).Path("/healthz").HandlerFunc(s3a.StatusHandler)
  120. apiRouter.Methods(http.MethodOptions).HandlerFunc(
  121. func(w http.ResponseWriter, r *http.Request) {
  122. origin := r.Header.Get("Origin")
  123. if origin != "" {
  124. if s3a.option.AllowedOrigins == nil || len(s3a.option.AllowedOrigins) == 0 || s3a.option.AllowedOrigins[0] == "*" {
  125. origin = "*"
  126. } else {
  127. originFound := false
  128. for _, allowedOrigin := range s3a.option.AllowedOrigins {
  129. if origin == allowedOrigin {
  130. originFound = true
  131. }
  132. }
  133. if !originFound {
  134. writeFailureResponse(w, r, http.StatusForbidden)
  135. return
  136. }
  137. }
  138. }
  140. w.Header().Set("Access-Control-Allow-Origin", origin)
  141. w.Header().Set("Access-Control-Expose-Headers", "*")
  142. w.Header().Set("Access-Control-Allow-Methods", "*")
  143. w.Header().Set("Access-Control-Allow-Headers", "*")
  144. writeSuccessResponseEmpty(w, r)
  145. })
  147. var routers []*mux.Router
  148. if s3a.option.DomainName != "" {
  149. domainNames := strings.Split(s3a.option.DomainName, ",")
  150. for _, domainName := range domainNames {
  151. routers = append(routers, apiRouter.Host(
  152. fmt.Sprintf("%s.%s:%d", "{bucket:.+}", domainName, s3a.option.Port)).Subrouter())
  153. routers = append(routers, apiRouter.Host(
  154. fmt.Sprintf("%s.%s", "{bucket:.+}", domainName)).Subrouter())
  155. }
  156. }
  157. routers = append(routers, apiRouter.PathPrefix("/{bucket}").Subrouter())
  159. for _, bucket := range routers {
  161. // each case should follow the next rule:
  162. // - requesting object with query must precede any other methods
  163. // - requesting object must precede any methods with buckets
  164. // - requesting bucket with query must precede raw methods with buckets
  165. // - requesting bucket must be processed in the end
  167. // objects with query
  169. // CopyObjectPart
  170. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  171. // PutObjectPart
  172. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  173. // CompleteMultipartUpload
  174. bucket.Methods(http.MethodPost).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CompleteMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploadId", "{uploadId:.*}")
  175. // NewMultipartUpload
  176. bucket.Methods(http.MethodPost).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.NewMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploads", "")
  177. // AbortMultipartUpload
  178. bucket.Methods(http.MethodDelete).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.AbortMultipartUploadHandler, ACTION_WRITE)), "DELETE")).Queries("uploadId", "{uploadId:.*}")
  179. // ListObjectParts
  180. bucket.Methods(http.MethodGet).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectPartsHandler, ACTION_READ)), "GET")).Queries("uploadId", "{uploadId:.*}")
  181. // ListMultipartUploads
  182. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListMultipartUploadsHandler, ACTION_READ)), "GET")).Queries("uploads", "")
  184. // GetObjectTagging
  185. bucket.Methods(http.MethodGet).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectTaggingHandler, ACTION_READ)), "GET")).Queries("tagging", "")
  186. // PutObjectTagging
  187. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectTaggingHandler, ACTION_TAGGING)), "PUT")).Queries("tagging", "")
  188. // DeleteObjectTagging
  189. bucket.Methods(http.MethodDelete).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING)), "DELETE")).Queries("tagging", "")
  191. // PutObjectACL
  192. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectAclHandler, ACTION_WRITE_ACP)), "PUT")).Queries("acl", "")
  193. // PutObjectRetention
  194. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectRetentionHandler, ACTION_WRITE)), "PUT")).Queries("retention", "")
  195. // PutObjectLegalHold
  196. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLegalHoldHandler, ACTION_WRITE)), "PUT")).Queries("legal-hold", "")
  197. // PutObjectLockConfiguration
  198. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("object-lock", "")
  200. // GetObjectACL
  201. bucket.Methods(http.MethodGet).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectAclHandler, ACTION_READ_ACP)), "GET")).Queries("acl", "")
  203. // objects with query
  205. // raw objects
  207. // HeadObject
  208. bucket.Methods(http.MethodHead).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadObjectHandler, ACTION_READ)), "GET"))
  210. // GetObject, but directory listing is not supported
  211. bucket.Methods(http.MethodGet).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectHandler, ACTION_READ)), "GET"))
  213. // CopyObject
  214. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectHandler, ACTION_WRITE)), "COPY"))
  215. // PutObject
  216. bucket.Methods(http.MethodPut).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectHandler, ACTION_WRITE)), "PUT"))
  217. // DeleteObject
  218. bucket.Methods(http.MethodDelete).Path(BucketPathTpl).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectHandler, ACTION_WRITE)), "DELETE"))
  220. // raw objects
  222. // buckets with query
  224. // DeleteMultipleObjects
  225. bucket.Methods(http.MethodPost).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE)), "DELETE")).Queries("delete", "")
  227. // GetBucketACL
  228. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketAclHandler, ACTION_READ_ACP)), "GET")).Queries("acl", "")
  229. // PutBucketACL
  230. bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketAclHandler, ACTION_WRITE_ACP)), "PUT")).Queries("acl", "")
  232. // GetBucketPolicy
  233. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketPolicyHandler, ACTION_READ)), "GET")).Queries("policy", "")
  234. // PutBucketPolicy
  235. bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketPolicyHandler, ACTION_WRITE)), "PUT")).Queries("policy", "")
  236. // DeleteBucketPolicy
  237. bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketPolicyHandler, ACTION_WRITE)), "DELETE")).Queries("policy", "")
  239. // GetBucketCors
  240. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketCorsHandler, ACTION_READ)), "GET")).Queries("cors", "")
  241. // PutBucketCors
  242. bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketCorsHandler, ACTION_WRITE)), "PUT")).Queries("cors", "")
  243. // DeleteBucketCors
  244. bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketCorsHandler, ACTION_WRITE)), "DELETE")).Queries("cors", "")
  246. // GetBucketLifecycleConfiguration
  247. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ)), "GET")).Queries("lifecycle", "")
  248. // PutBucketLifecycleConfiguration
  249. bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("lifecycle", "")
  250. // DeleteBucketLifecycleConfiguration
  251. bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE)), "DELETE")).Queries("lifecycle", "")
  253. // GetBucketLocation
  254. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLocationHandler, ACTION_READ)), "GET")).Queries("location", "")
  256. // GetBucketRequestPayment
  257. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketRequestPaymentHandler, ACTION_READ)), "GET")).Queries("requestPayment", "")
  259. // GetBucketVersioning
  260. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketVersioningHandler, ACTION_READ)), "GET")).Queries("versioning", "")
  261. bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketVersioningHandler, ACTION_WRITE)), "PUT")).Queries("versioning", "")
  263. // ListObjectsV2
  264. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV2Handler, ACTION_LIST)), "LIST")).Queries("list-type", "2")
  266. // buckets with query
  267. // PutBucketOwnershipControls
  268. bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketOwnershipControls, ACTION_ADMIN), "PUT")).Queries("ownershipControls", "")
  270. //GetBucketOwnershipControls
  271. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketOwnershipControls, ACTION_READ), "GET")).Queries("ownershipControls", "")
  273. //DeleteBucketOwnershipControls
  274. bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketOwnershipControls, ACTION_ADMIN), "DELETE")).Queries("ownershipControls", "")
  276. // raw buckets
  278. // PostPolicy
  279. bucket.Methods(http.MethodPost).HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PostPolicyBucketHandler, ACTION_WRITE)), "POST"))
  281. // HeadBucket
  282. bucket.Methods(http.MethodHead).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadBucketHandler, ACTION_READ)), "GET"))
  284. // PutBucket
  285. bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketHandler, ACTION_ADMIN)), "PUT"))
  287. // DeleteBucket
  288. bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_DELETE_BUCKET)), "DELETE"))
  290. // ListObjectsV1 (Legacy)
  291. bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))
  293. // raw buckets
  295. }
  297. // ListBuckets
  298. apiRouter.Methods(http.MethodGet).Path("/").HandlerFunc(track(s3a.ListBucketsHandler, "LIST"))
  300. // NotFound
  301. apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
  303. }