From 68d9245129be0bcc5e80c488a23084006a95983c Mon Sep 17 00:00:00 2001 From: chrislu Date: Mon, 14 Jul 2025 23:40:25 -0700 Subject: [PATCH] refactor --- weed/s3api/cors/middleware.go | 92 ++++++++++++++--------------------- 1 file changed, 36 insertions(+), 56 deletions(-) diff --git a/weed/s3api/cors/middleware.go b/weed/s3api/cors/middleware.go index a0e5a362c..14ff32355 100644 --- a/weed/s3api/cors/middleware.go +++ b/weed/s3api/cors/middleware.go @@ -35,97 +35,77 @@ func NewMiddleware(storage *Storage, bucketChecker BucketChecker, corsConfigGett } // evaluateCORSRequest performs the common CORS request evaluation logic -func (m *Middleware) evaluateCORSRequest(w http.ResponseWriter, r *http.Request) (*CORSResponse, bool) { +// Returns: (corsResponse, responseWritten, shouldContinue) +// - corsResponse: the CORS response if evaluation succeeded +// - responseWritten: true if an error response was already written +// - shouldContinue: true if the request should continue to the next handler +func (m *Middleware) evaluateCORSRequest(w http.ResponseWriter, r *http.Request) (*CORSResponse, bool, bool) { // Parse CORS request corsReq := ParseRequest(r) if corsReq.Origin == "" { // Not a CORS request - return nil, false + return nil, false, true } // Extract bucket from request bucket, _ := s3_constants.GetBucketAndObject(r) if bucket == "" { - return nil, false + return nil, false, true } // Check if bucket exists if err := m.bucketChecker.CheckBucket(r, bucket); err != s3err.ErrNone { - s3err.WriteErrorResponse(w, r, err) - return nil, true // Return true to indicate response was written + // For non-existent buckets, let the normal handler deal with it + return nil, false, true } // Load CORS configuration from cache config, errCode := m.corsConfigGetter.GetCORSConfiguration(bucket) if errCode != s3err.ErrNone || config == nil { - s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied) - return nil, true // Return true to indicate response was written + // No CORS configuration, handle based on request type + if corsReq.IsPreflightRequest { + // Preflight request without CORS config should fail + s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied) + return nil, true, false // Response written, don't continue + } + // Non-preflight request, continue normally + return nil, false, true } // Evaluate CORS request corsResp, err := EvaluateRequest(config, corsReq) if err != nil { glog.V(3).Infof("CORS evaluation failed for bucket %s: %v", bucket, err) - s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied) - return nil, true // Return true to indicate response was written + if corsReq.IsPreflightRequest { + // Preflight request that doesn't match CORS rules should fail + s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied) + return nil, true, false // Response written, don't continue + } + // Non-preflight request, continue normally but without CORS headers + return nil, false, true } - return corsResp, false + return corsResp, false, false } // Handler returns the CORS middleware handler func (m *Middleware) Handler(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // Check if this is a CORS request - corsReq := ParseRequest(r) - if corsReq.Origin == "" { - // Not a CORS request, continue normally - next.ServeHTTP(w, r) - return - } - - // Extract bucket from request - bucket, _ := s3_constants.GetBucketAndObject(r) - if bucket == "" { - // No bucket in request, continue normally - next.ServeHTTP(w, r) + // Use the common evaluation logic + corsResp, responseWritten, shouldContinue := m.evaluateCORSRequest(w, r) + if responseWritten { + // Response was already written (error case) return } - // Check if bucket exists - if err := m.bucketChecker.CheckBucket(r, bucket); err != s3err.ErrNone { - // Bucket doesn't exist, let the normal handler deal with it + if shouldContinue { + // Continue with normal request processing next.ServeHTTP(w, r) return } - // Load CORS configuration from cache - config, errCode := m.corsConfigGetter.GetCORSConfiguration(bucket) - if errCode != s3err.ErrNone || config == nil { - // No CORS configuration, handle based on request type - if corsReq.IsPreflightRequest { - // Preflight request without CORS config should fail - s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied) - return - } - // Non-preflight request, continue normally - next.ServeHTTP(w, r) - return - } - - // Evaluate CORS request - corsResp, err := EvaluateRequest(config, corsReq) - if err != nil { - glog.V(3).Infof("CORS evaluation failed for bucket %s: %v", bucket, err) - if corsReq.IsPreflightRequest { - // Preflight request that doesn't match CORS rules should fail - s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied) - return - } - // Non-preflight request, continue normally but without CORS headers - next.ServeHTTP(w, r) - return - } + // Parse request to check if it's a preflight request + corsReq := ParseRequest(r) // Apply CORS headers to response ApplyHeaders(w, corsResp) @@ -145,14 +125,14 @@ func (m *Middleware) Handler(next http.Handler) http.Handler { // HandleOptionsRequest handles OPTIONS requests for CORS preflight func (m *Middleware) HandleOptionsRequest(w http.ResponseWriter, r *http.Request) { // Use the common evaluation logic - corsResp, responseWritten := m.evaluateCORSRequest(w, r) + corsResp, responseWritten, shouldContinue := m.evaluateCORSRequest(w, r) if responseWritten { // Response was already written (error case) return } - if corsResp == nil { - // Not a CORS request + if shouldContinue || corsResp == nil { + // Not a CORS request or should continue normally w.WriteHeader(http.StatusOK) return }