storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/bucket-policy-handlers.go (about) 1 /* 2 * MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package cmd 18 19 import ( 20 "encoding/json" 21 "io" 22 "net/http" 23 24 humanize "github.com/dustin/go-humanize" 25 "github.com/gorilla/mux" 26 27 "storj.io/minio/cmd/logger" 28 "storj.io/minio/pkg/bucket/policy" 29 ) 30 31 const ( 32 // As per AWS S3 specification, 20KiB policy JSON data is allowed. 33 maxBucketPolicySize = 20 * humanize.KiByte 34 35 // Policy configuration file. 36 bucketPolicyConfig = "policy.json" 37 ) 38 39 // PutBucketPolicyHandler - This HTTP handler stores given bucket policy configuration as per 40 // https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html 41 func (api ObjectAPIHandlers) PutBucketPolicyHandler(w http.ResponseWriter, r *http.Request) { 42 ctx := NewContext(r, w, "PutBucketPolicy") 43 44 defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) 45 46 objAPI := api.ObjectAPI() 47 if objAPI == nil { 48 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL, guessIsBrowserReq(r)) 49 return 50 } 51 52 vars := mux.Vars(r) 53 bucket := vars["bucket"] 54 55 if s3Error := checkRequestAuthType(ctx, r, policy.PutBucketPolicyAction, bucket, ""); s3Error != ErrNone { 56 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL, guessIsBrowserReq(r)) 57 return 58 } 59 60 // Check if bucket exists. 61 if _, err := objAPI.GetBucketInfo(ctx, bucket); err != nil { 62 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 63 return 64 } 65 66 // Error out if Content-Length is missing. 67 // PutBucketPolicy always needs Content-Length. 68 if r.ContentLength <= 0 { 69 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrMissingContentLength), r.URL, guessIsBrowserReq(r)) 70 return 71 } 72 73 // Error out if Content-Length is beyond allowed size. 74 if r.ContentLength > maxBucketPolicySize { 75 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrPolicyTooLarge), r.URL, guessIsBrowserReq(r)) 76 return 77 } 78 79 bucketPolicy, err := policy.ParseConfig(io.LimitReader(r.Body, r.ContentLength), bucket) 80 if err != nil { 81 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 82 return 83 } 84 85 // Version in policy must not be empty 86 if bucketPolicy.Version == "" { 87 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrMalformedPolicy), r.URL, guessIsBrowserReq(r)) 88 return 89 } 90 91 configData, err := json.Marshal(bucketPolicy) 92 if err != nil { 93 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 94 return 95 } 96 97 if err = globalBucketMetadataSys.Update(bucket, bucketPolicyConfig, configData); err != nil { 98 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 99 return 100 } 101 102 // Success. 103 writeSuccessNoContent(w) 104 } 105 106 // DeleteBucketPolicyHandler - This HTTP handler removes bucket policy configuration. 107 func (api ObjectAPIHandlers) DeleteBucketPolicyHandler(w http.ResponseWriter, r *http.Request) { 108 ctx := NewContext(r, w, "DeleteBucketPolicy") 109 110 defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) 111 112 objAPI := api.ObjectAPI() 113 if objAPI == nil { 114 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL, guessIsBrowserReq(r)) 115 return 116 } 117 118 vars := mux.Vars(r) 119 bucket := vars["bucket"] 120 121 if s3Error := checkRequestAuthType(ctx, r, policy.DeleteBucketPolicyAction, bucket, ""); s3Error != ErrNone { 122 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL, guessIsBrowserReq(r)) 123 return 124 } 125 126 // Check if bucket exists. 127 if _, err := objAPI.GetBucketInfo(ctx, bucket); err != nil { 128 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 129 return 130 } 131 132 if err := globalBucketMetadataSys.Update(bucket, bucketPolicyConfig, nil); err != nil { 133 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 134 return 135 } 136 137 // Success. 138 writeSuccessNoContent(w) 139 } 140 141 // GetBucketPolicyHandler - This HTTP handler returns bucket policy configuration. 142 func (api ObjectAPIHandlers) GetBucketPolicyHandler(w http.ResponseWriter, r *http.Request) { 143 ctx := NewContext(r, w, "GetBucketPolicy") 144 145 defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r)) 146 147 objAPI := api.ObjectAPI() 148 if objAPI == nil { 149 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL, guessIsBrowserReq(r)) 150 return 151 } 152 153 vars := mux.Vars(r) 154 bucket := vars["bucket"] 155 156 if s3Error := checkRequestAuthType(ctx, r, policy.GetBucketPolicyAction, bucket, ""); s3Error != ErrNone { 157 WriteErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL, guessIsBrowserReq(r)) 158 return 159 } 160 161 // Check if bucket exists. 162 if _, err := objAPI.GetBucketInfo(ctx, bucket); err != nil { 163 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 164 return 165 } 166 167 // Read bucket access policy. 168 config, err := globalPolicySys.Get(bucket) 169 if err != nil { 170 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 171 return 172 } 173 174 configData, err := json.Marshal(config) 175 if err != nil { 176 WriteErrorResponse(ctx, w, ToAPIError(ctx, err), r.URL, guessIsBrowserReq(r)) 177 return 178 } 179 180 // Write to client. 181 writeSuccessResponseJSON(w, configData) 182 }