Browse Source

replace `s3a.iam.Auth` with `s3a.Auth` to maintain a consistent view of `s3a.AuthWithAcl`

pull/5936/head
LHHDZ 4 months ago
parent
commit
2637fc0a13
  1. 4
      weed/s3api/auth_credentials.go
  2. 54
      weed/s3api/s3api_server.go

4
weed/s3api/auth_credentials.go

@ -319,8 +319,8 @@ func (s3a *S3ApiServer) AuthWithAcl(f http.HandlerFunc, action Action) http.Hand
return Auth(s3a.iam, s3a.bucketRegistry, f, action, true) return Auth(s3a.iam, s3a.bucketRegistry, f, action, true)
} }
func (s3a *S3ApiServer) Auth(f http.HandlerFunc, action Action, supportAcl bool) http.HandlerFunc {
return Auth(s3a.iam, s3a.bucketRegistry, f, action, supportAcl)
func (s3a *S3ApiServer) Auth(f http.HandlerFunc, action Action) http.HandlerFunc {
return Auth(s3a.iam, s3a.bucketRegistry, f, action, false)
} }
func Auth(iam *IdentityAccessManagement, br *BucketRegistry, f http.HandlerFunc, action Action, supportAcl bool) http.HandlerFunc { func Auth(iam *IdentityAccessManagement, br *BucketRegistry, f http.HandlerFunc, action Action, supportAcl bool) http.HandlerFunc {

54
weed/s3api/s3api_server.go

@ -163,7 +163,7 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
// objects with query // objects with query
// CopyObjectPart // CopyObjectPart
bucket.Methods(http.MethodPut).Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectPartHandler, ACTION_WRITE)), http.MethodPut)).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
bucket.Methods(http.MethodPut).Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.CopyObjectPartHandler, ACTION_WRITE)), http.MethodPut)).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
// PutObjectPart // PutObjectPart
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutObjectPartHandler, ACTION_WRITE)), http.MethodPut)).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}") bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutObjectPartHandler, ACTION_WRITE)), http.MethodPut)).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
// CompleteMultipartUpload // CompleteMultipartUpload
@ -178,20 +178,20 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.ListMultipartUploadsHandler, ACTION_READ)), http.MethodGet)).Queries("uploads", "") bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.ListMultipartUploadsHandler, ACTION_READ)), http.MethodGet)).Queries("uploads", "")
// GetObjectTagging // GetObjectTagging
bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectTaggingHandler, ACTION_READ)), http.MethodGet)).Queries("tagging", "")
bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.GetObjectTaggingHandler, ACTION_READ)), http.MethodGet)).Queries("tagging", "")
// PutObjectTagging // PutObjectTagging
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectTaggingHandler, ACTION_TAGGING)), http.MethodPut)).Queries("tagging", "")
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutObjectTaggingHandler, ACTION_TAGGING)), http.MethodPut)).Queries("tagging", "")
// DeleteObjectTagging // DeleteObjectTagging
bucket.Methods(http.MethodDelete).Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING)), http.MethodDelete)).Queries("tagging", "")
bucket.Methods(http.MethodDelete).Path("/{object:.+}").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING)), http.MethodDelete)).Queries("tagging", "")
// PutObjectACL // PutObjectACL
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutObjectAclHandler, ACTION_WRITE_ACP)), http.MethodPut)).Queries("acl", "") bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutObjectAclHandler, ACTION_WRITE_ACP)), http.MethodPut)).Queries("acl", "")
// PutObjectRetention // PutObjectRetention
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectRetentionHandler, ACTION_WRITE)), http.MethodPut)).Queries("retention", "")
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutObjectRetentionHandler, ACTION_WRITE)), http.MethodPut)).Queries("retention", "")
// PutObjectLegalHold // PutObjectLegalHold
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLegalHoldHandler, ACTION_WRITE)), http.MethodPut)).Queries("legal-hold", "")
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutObjectLegalHoldHandler, ACTION_WRITE)), http.MethodPut)).Queries("legal-hold", "")
// PutObjectLockConfiguration // PutObjectLockConfiguration
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE)), http.MethodPut)).Queries("object-lock", "")
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE)), http.MethodPut)).Queries("object-lock", "")
// GetObjectACL // GetObjectACL
bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.GetObjectAclHandler, ACTION_READ_ACP)), http.MethodGet)).Queries("acl", "") bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.GetObjectAclHandler, ACTION_READ_ACP)), http.MethodGet)).Queries("acl", "")
@ -207,18 +207,18 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.GetObjectHandler, ACTION_READ)), http.MethodGet)) bucket.Methods(http.MethodGet).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.GetObjectHandler, ACTION_READ)), http.MethodGet))
// CopyObject // CopyObject
bucket.Methods(http.MethodPut).Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectHandler, ACTION_WRITE)), "COPY"))
bucket.Methods(http.MethodPut).Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.CopyObjectHandler, ACTION_WRITE)), "COPY"))
// PutObject // PutObject
bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutObjectHandler, ACTION_WRITE)), http.MethodPut)) bucket.Methods(http.MethodPut).Path("/{object:.+}").HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutObjectHandler, ACTION_WRITE)), http.MethodPut))
// DeleteObject // DeleteObject
bucket.Methods(http.MethodDelete).Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectHandler, ACTION_WRITE)), http.MethodDelete))
bucket.Methods(http.MethodDelete).Path("/{object:.+}").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.DeleteObjectHandler, ACTION_WRITE)), http.MethodDelete))
// raw objects // raw objects
// buckets with query // buckets with query
// DeleteMultipleObjects // DeleteMultipleObjects
bucket.Methods(http.MethodPost).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE)), http.MethodDelete)).Queries(http.MethodDelete, "")
bucket.Methods(http.MethodPost).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE)), http.MethodDelete)).Queries(http.MethodDelete, "")
// GetBucketACL // GetBucketACL
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.GetBucketAclHandler, ACTION_READ_ACP)), http.MethodGet)).Queries("acl", "") bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.GetBucketAclHandler, ACTION_READ_ACP)), http.MethodGet)).Queries("acl", "")
@ -226,35 +226,35 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutBucketAclHandler, ACTION_WRITE_ACP)), http.MethodPut)).Queries("acl", "") bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.PutBucketAclHandler, ACTION_WRITE_ACP)), http.MethodPut)).Queries("acl", "")
// GetBucketPolicy // GetBucketPolicy
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketPolicyHandler, ACTION_READ)), http.MethodGet)).Queries("policy", "")
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.GetBucketPolicyHandler, ACTION_READ)), http.MethodGet)).Queries("policy", "")
// PutBucketPolicy // PutBucketPolicy
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketPolicyHandler, ACTION_WRITE)), http.MethodPut)).Queries("policy", "")
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutBucketPolicyHandler, ACTION_WRITE)), http.MethodPut)).Queries("policy", "")
// DeleteBucketPolicy // DeleteBucketPolicy
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketPolicyHandler, ACTION_WRITE)), http.MethodDelete)).Queries("policy", "")
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.DeleteBucketPolicyHandler, ACTION_WRITE)), http.MethodDelete)).Queries("policy", "")
// GetBucketCors // GetBucketCors
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketCorsHandler, ACTION_READ)), http.MethodGet)).Queries("cors", "")
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.GetBucketCorsHandler, ACTION_READ)), http.MethodGet)).Queries("cors", "")
// PutBucketCors // PutBucketCors
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketCorsHandler, ACTION_WRITE)), http.MethodPut)).Queries("cors", "")
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutBucketCorsHandler, ACTION_WRITE)), http.MethodPut)).Queries("cors", "")
// DeleteBucketCors // DeleteBucketCors
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketCorsHandler, ACTION_WRITE)), http.MethodDelete)).Queries("cors", "")
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.DeleteBucketCorsHandler, ACTION_WRITE)), http.MethodDelete)).Queries("cors", "")
// GetBucketLifecycleConfiguration // GetBucketLifecycleConfiguration
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ)), http.MethodGet)).Queries("lifecycle", "")
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ)), http.MethodGet)).Queries("lifecycle", "")
// PutBucketLifecycleConfiguration // PutBucketLifecycleConfiguration
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE)), http.MethodPut)).Queries("lifecycle", "")
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE)), http.MethodPut)).Queries("lifecycle", "")
// DeleteBucketLifecycleConfiguration // DeleteBucketLifecycleConfiguration
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE)), http.MethodDelete)).Queries("lifecycle", "")
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE)), http.MethodDelete)).Queries("lifecycle", "")
// GetBucketLocation // GetBucketLocation
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLocationHandler, ACTION_READ)), http.MethodGet)).Queries("location", "")
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.GetBucketLocationHandler, ACTION_READ)), http.MethodGet)).Queries("location", "")
// GetBucketRequestPayment // GetBucketRequestPayment
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketRequestPaymentHandler, ACTION_READ)), http.MethodGet)).Queries("requestPayment", "")
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.GetBucketRequestPaymentHandler, ACTION_READ)), http.MethodGet)).Queries("requestPayment", "")
// GetBucketVersioning // GetBucketVersioning
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketVersioningHandler, ACTION_READ)), http.MethodGet)).Queries("versioning", "")
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketVersioningHandler, ACTION_WRITE)), http.MethodPut)).Queries("versioning", "")
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.GetBucketVersioningHandler, ACTION_READ)), http.MethodGet)).Queries("versioning", "")
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutBucketVersioningHandler, ACTION_WRITE)), http.MethodPut)).Queries("versioning", "")
// ListObjectsV2 // ListObjectsV2
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.ListObjectsV2Handler, ACTION_LIST)), "LIST")).Queries("list-type", "2") bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.ListObjectsV2Handler, ACTION_LIST)), "LIST")).Queries("list-type", "2")
@ -272,16 +272,16 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
// raw buckets // raw buckets
// PostPolicy // PostPolicy
bucket.Methods(http.MethodPost).HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PostPolicyBucketHandler, ACTION_WRITE)), http.MethodPost))
bucket.Methods(http.MethodPost).HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PostPolicyBucketHandler, ACTION_WRITE)), http.MethodPost))
// HeadBucket // HeadBucket
bucket.Methods(http.MethodHead).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadBucketHandler, ACTION_READ)), http.MethodGet))
bucket.Methods(http.MethodHead).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.HeadBucketHandler, ACTION_READ)), http.MethodGet))
// PutBucket // PutBucket
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketHandler, ACTION_ADMIN)), http.MethodPut))
bucket.Methods(http.MethodPut).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.PutBucketHandler, ACTION_ADMIN)), http.MethodPut))
// DeleteBucket // DeleteBucket
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_DELETE_BUCKET)), http.MethodDelete))
bucket.Methods(http.MethodDelete).HandlerFunc(track(s3a.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_DELETE_BUCKET)), http.MethodDelete))
// ListObjectsV1 (Legacy) // ListObjectsV1 (Legacy)
bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST")) bucket.Methods(http.MethodGet).HandlerFunc(track(s3a.AuthWithAcl(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))

Loading…
Cancel
Save