You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

345 lines
10 KiB

7 years ago
7 years ago
7 years ago
3 years ago
6 years ago
3 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
3 years ago
4 years ago
3 years ago
3 years ago
6 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
7 years ago
7 years ago
3 years ago
4 years ago
4 years ago
7 years ago
7 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
  1. package s3api
  2. import (
  3. "context"
  4. "encoding/xml"
  5. "errors"
  6. "fmt"
  7. "math"
  8. "net/http"
  9. "time"
  10. "github.com/chrislusf/seaweedfs/weed/filer"
  11. "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
  12. "github.com/chrislusf/seaweedfs/weed/storage/needle"
  13. "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
  14. "github.com/aws/aws-sdk-go/aws"
  15. "github.com/aws/aws-sdk-go/service/s3"
  16. "github.com/chrislusf/seaweedfs/weed/glog"
  17. "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
  18. )
  19. type ListAllMyBucketsResult struct {
  20. XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListAllMyBucketsResult"`
  21. Owner *s3.Owner
  22. Buckets []*s3.Bucket `xml:"Buckets>Bucket"`
  23. }
  24. func (s3a *S3ApiServer) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
  25. glog.V(3).Infof("ListBucketsHandler")
  26. var identity *Identity
  27. var s3Err s3err.ErrorCode
  28. if s3a.iam.isEnabled() {
  29. identity, s3Err = s3a.iam.authUser(r)
  30. if s3Err != s3err.ErrNone {
  31. s3err.WriteErrorResponse(w, r, s3Err)
  32. return
  33. }
  34. }
  35. var response ListAllMyBucketsResult
  36. entries, _, err := s3a.list(s3a.option.BucketsPath, "", "", false, math.MaxInt32)
  37. if err != nil {
  38. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  39. return
  40. }
  41. identityId := r.Header.Get(s3_constants.AmzIdentityId)
  42. var buckets []*s3.Bucket
  43. for _, entry := range entries {
  44. if entry.IsDirectory {
  45. if identity != nil && !identity.canDo(s3_constants.ACTION_LIST, entry.Name, "") {
  46. continue
  47. }
  48. buckets = append(buckets, &s3.Bucket{
  49. Name: aws.String(entry.Name),
  50. CreationDate: aws.Time(time.Unix(entry.Attributes.Crtime, 0).UTC()),
  51. })
  52. }
  53. }
  54. response = ListAllMyBucketsResult{
  55. Owner: &s3.Owner{
  56. ID: aws.String(identityId),
  57. DisplayName: aws.String(identityId),
  58. },
  59. Buckets: buckets,
  60. }
  61. writeSuccessResponseXML(w, r, response)
  62. }
  63. func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request) {
  64. bucket, _ := s3_constants.GetBucketAndObject(r)
  65. glog.V(3).Infof("PutBucketHandler %s", bucket)
  66. // avoid duplicated buckets
  67. errCode := s3err.ErrNone
  68. if err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  69. if resp, err := client.CollectionList(context.Background(), &filer_pb.CollectionListRequest{
  70. IncludeEcVolumes: true,
  71. IncludeNormalVolumes: true,
  72. }); err != nil {
  73. glog.Errorf("list collection: %v", err)
  74. return fmt.Errorf("list collections: %v", err)
  75. } else {
  76. for _, c := range resp.Collections {
  77. if bucket == c.Name {
  78. errCode = s3err.ErrBucketAlreadyExists
  79. break
  80. }
  81. }
  82. }
  83. return nil
  84. }); err != nil {
  85. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  86. return
  87. }
  88. if exist, err := s3a.exists(s3a.option.BucketsPath, bucket, true); err == nil && exist {
  89. errCode = s3err.ErrBucketAlreadyExists
  90. }
  91. if errCode != s3err.ErrNone {
  92. s3err.WriteErrorResponse(w, r, errCode)
  93. return
  94. }
  95. if s3a.iam.isEnabled() {
  96. if _, errCode = s3a.iam.authRequest(r, s3_constants.ACTION_ADMIN); errCode != s3err.ErrNone {
  97. s3err.WriteErrorResponse(w, r, errCode)
  98. return
  99. }
  100. }
  101. fn := func(entry *filer_pb.Entry) {
  102. if identityId := r.Header.Get(s3_constants.AmzIdentityId); identityId != "" {
  103. if entry.Extended == nil {
  104. entry.Extended = make(map[string][]byte)
  105. }
  106. entry.Extended[s3_constants.AmzIdentityId] = []byte(identityId)
  107. }
  108. }
  109. // create the folder for bucket, but lazily create actual collection
  110. if err := s3a.mkdir(s3a.option.BucketsPath, bucket, fn); err != nil {
  111. glog.Errorf("PutBucketHandler mkdir: %v", err)
  112. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  113. return
  114. }
  115. w.Header().Set("Location", "/"+bucket)
  116. writeSuccessResponseEmpty(w, r)
  117. }
  118. func (s3a *S3ApiServer) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) {
  119. bucket, _ := s3_constants.GetBucketAndObject(r)
  120. glog.V(3).Infof("DeleteBucketHandler %s", bucket)
  121. if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
  122. s3err.WriteErrorResponse(w, r, err)
  123. return
  124. }
  125. err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  126. if !s3a.option.AllowDeleteBucketNotEmpty {
  127. entries, _, err := s3a.list(s3a.option.BucketsPath+"/"+bucket, "", "", false, 2)
  128. if err != nil {
  129. return fmt.Errorf("failed to list bucket %s: %v", bucket, err)
  130. }
  131. for _, entry := range entries {
  132. if entry.Name != s3_constants.MultipartUploadsFolder {
  133. return errors.New(s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code)
  134. }
  135. }
  136. }
  137. // delete collection
  138. deleteCollectionRequest := &filer_pb.DeleteCollectionRequest{
  139. Collection: bucket,
  140. }
  141. glog.V(1).Infof("delete collection: %v", deleteCollectionRequest)
  142. if _, err := client.DeleteCollection(context.Background(), deleteCollectionRequest); err != nil {
  143. return fmt.Errorf("delete collection %s: %v", bucket, err)
  144. }
  145. return nil
  146. })
  147. if err != nil {
  148. s3ErrorCode := s3err.ErrInternalError
  149. if err.Error() == s3err.GetAPIError(s3err.ErrBucketNotEmpty).Code {
  150. s3ErrorCode = s3err.ErrBucketNotEmpty
  151. }
  152. s3err.WriteErrorResponse(w, r, s3ErrorCode)
  153. return
  154. }
  155. err = s3a.rm(s3a.option.BucketsPath, bucket, false, true)
  156. if err != nil {
  157. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  158. return
  159. }
  160. s3err.WriteEmptyResponse(w, r, http.StatusNoContent)
  161. }
  162. func (s3a *S3ApiServer) HeadBucketHandler(w http.ResponseWriter, r *http.Request) {
  163. bucket, _ := s3_constants.GetBucketAndObject(r)
  164. glog.V(3).Infof("HeadBucketHandler %s", bucket)
  165. if entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket); entry == nil || err == filer_pb.ErrNotFound {
  166. s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchBucket)
  167. return
  168. }
  169. writeSuccessResponseEmpty(w, r)
  170. }
  171. func (s3a *S3ApiServer) checkBucket(r *http.Request, bucket string) s3err.ErrorCode {
  172. entry, err := s3a.getEntry(s3a.option.BucketsPath, bucket)
  173. if entry == nil || err == filer_pb.ErrNotFound {
  174. return s3err.ErrNoSuchBucket
  175. }
  176. if !s3a.hasAccess(r, entry) {
  177. return s3err.ErrAccessDenied
  178. }
  179. return s3err.ErrNone
  180. }
  181. func (s3a *S3ApiServer) hasAccess(r *http.Request, entry *filer_pb.Entry) bool {
  182. isAdmin := r.Header.Get(s3_constants.AmzIsAdmin) != ""
  183. if isAdmin {
  184. return true
  185. }
  186. if entry.Extended == nil {
  187. return true
  188. }
  189. identityId := r.Header.Get(s3_constants.AmzIdentityId)
  190. if id, ok := entry.Extended[s3_constants.AmzIdentityId]; ok {
  191. if identityId != string(id) {
  192. return false
  193. }
  194. }
  195. return true
  196. }
  197. // GetBucketAclHandler Get Bucket ACL
  198. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
  199. func (s3a *S3ApiServer) GetBucketAclHandler(w http.ResponseWriter, r *http.Request) {
  200. // collect parameters
  201. bucket, _ := s3_constants.GetBucketAndObject(r)
  202. glog.V(3).Infof("GetBucketAclHandler %s", bucket)
  203. if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
  204. s3err.WriteErrorResponse(w, r, err)
  205. return
  206. }
  207. response := AccessControlPolicy{}
  208. for _, ident := range s3a.iam.identities {
  209. if len(ident.Credentials) == 0 {
  210. continue
  211. }
  212. for _, action := range ident.Actions {
  213. if !action.overBucket(bucket) || action.getPermission() == "" {
  214. continue
  215. }
  216. id := ident.Credentials[0].AccessKey
  217. if response.Owner.DisplayName == "" && action.isOwner(bucket) && len(ident.Credentials) > 0 {
  218. response.Owner.DisplayName = ident.Name
  219. response.Owner.ID = id
  220. }
  221. response.AccessControlList.Grant = append(response.AccessControlList.Grant, Grant{
  222. Grantee: Grantee{
  223. ID: id,
  224. DisplayName: ident.Name,
  225. Type: "CanonicalUser",
  226. XMLXSI: "CanonicalUser",
  227. XMLNS: "http://www.w3.org/2001/XMLSchema-instance"},
  228. Permission: action.getPermission(),
  229. })
  230. }
  231. }
  232. writeSuccessResponseXML(w, r, response)
  233. }
  234. // GetBucketLifecycleConfigurationHandler Get Bucket Lifecycle configuration
  235. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html
  236. func (s3a *S3ApiServer) GetBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
  237. // collect parameters
  238. bucket, _ := s3_constants.GetBucketAndObject(r)
  239. glog.V(3).Infof("GetBucketLifecycleConfigurationHandler %s", bucket)
  240. if err := s3a.checkBucket(r, bucket); err != s3err.ErrNone {
  241. s3err.WriteErrorResponse(w, r, err)
  242. return
  243. }
  244. fc, err := filer.ReadFilerConf(s3a.option.Filer, s3a.option.GrpcDialOption, nil)
  245. if err != nil {
  246. glog.Errorf("GetBucketLifecycleConfigurationHandler: %s", err)
  247. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  248. return
  249. }
  250. ttls := fc.GetCollectionTtls(bucket)
  251. if len(ttls) == 0 {
  252. s3err.WriteErrorResponse(w, r, s3err.ErrNoSuchLifecycleConfiguration)
  253. return
  254. }
  255. response := Lifecycle{}
  256. for prefix, internalTtl := range ttls {
  257. ttl, _ := needle.ReadTTL(internalTtl)
  258. days := int(ttl.Minutes() / 60 / 24)
  259. if days == 0 {
  260. continue
  261. }
  262. response.Rules = append(response.Rules, Rule{
  263. Status: Enabled, Filter: Filter{
  264. Prefix: Prefix{string: prefix, set: true},
  265. set: true,
  266. },
  267. Expiration: Expiration{Days: days, set: true},
  268. })
  269. }
  270. writeSuccessResponseXML(w, r, response)
  271. }
  272. // PutBucketLifecycleConfigurationHandler Put Bucket Lifecycle configuration
  273. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
  274. func (s3a *S3ApiServer) PutBucketLifecycleConfigurationHandler(w http.ResponseWriter, r *http.Request) {
  275. s3err.WriteErrorResponse(w, r, s3err.ErrNotImplemented)
  276. }
  277. // DeleteBucketMetricsConfiguration Delete Bucket Lifecycle
  278. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html
  279. func (s3a *S3ApiServer) DeleteBucketLifecycleHandler(w http.ResponseWriter, r *http.Request) {
  280. s3err.WriteEmptyResponse(w, r, http.StatusNoContent)
  281. }
  282. // GetBucketLocationHandler Get bucket location
  283. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLocation.html
  284. func (s3a *S3ApiServer) GetBucketLocationHandler(w http.ResponseWriter, r *http.Request) {
  285. writeSuccessResponseXML(w, r, LocationConstraint{})
  286. }
  287. // GetBucketRequestPaymentHandler Get bucket location
  288. // https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html
  289. func (s3a *S3ApiServer) GetBucketRequestPaymentHandler(w http.ResponseWriter, r *http.Request) {
  290. writeSuccessResponseXML(w, r, RequestPaymentConfiguration{Payer: "BucketOwner"})
  291. }