2022-05-10 11:16:57 +00:00
|
|
|
use std::sync::Arc;
|
|
|
|
|
|
|
|
use async_trait::async_trait;
|
|
|
|
|
|
|
|
use hyper::header;
|
2024-02-05 17:49:54 +00:00
|
|
|
use hyper::{body::Incoming as IncomingBody, Request, Response};
|
2024-02-08 22:43:59 +00:00
|
|
|
use tokio::sync::watch;
|
2022-05-10 11:16:57 +00:00
|
|
|
|
|
|
|
use opentelemetry::{trace::SpanRef, KeyValue};
|
|
|
|
|
|
|
|
use garage_util::error::Error as GarageError;
|
2023-09-29 16:41:00 +00:00
|
|
|
use garage_util::socket_address::UnixOrTCPSocketAddress;
|
2022-05-10 11:16:57 +00:00
|
|
|
|
|
|
|
use garage_model::garage::Garage;
|
|
|
|
use garage_model::key_table::Key;
|
|
|
|
|
|
|
|
use crate::generic_server::*;
|
2022-05-24 10:16:39 +00:00
|
|
|
use crate::s3::error::*;
|
2022-05-10 11:16:57 +00:00
|
|
|
|
2024-02-28 09:51:08 +00:00
|
|
|
use crate::signature::verify_request;
|
2022-05-10 11:16:57 +00:00
|
|
|
|
|
|
|
use crate::helpers::*;
|
|
|
|
use crate::s3::bucket::*;
|
|
|
|
use crate::s3::copy::*;
|
|
|
|
use crate::s3::cors::*;
|
|
|
|
use crate::s3::delete::*;
|
|
|
|
use crate::s3::get::*;
|
2023-08-29 15:44:17 +00:00
|
|
|
use crate::s3::lifecycle::*;
|
2022-05-10 11:16:57 +00:00
|
|
|
use crate::s3::list::*;
|
2023-05-03 10:02:59 +00:00
|
|
|
use crate::s3::multipart::*;
|
2022-05-10 11:16:57 +00:00
|
|
|
use crate::s3::post_object::handle_post_object;
|
|
|
|
use crate::s3::put::*;
|
|
|
|
use crate::s3::router::Endpoint;
|
|
|
|
use crate::s3::website::*;
|
|
|
|
|
2024-02-05 17:49:54 +00:00
|
|
|
pub use crate::signature::streaming::ReqBody;
|
|
|
|
pub type ResBody = BoxBody<Error>;
|
|
|
|
|
2022-05-10 11:16:57 +00:00
|
|
|
pub struct S3ApiServer {
|
|
|
|
garage: Arc<Garage>,
|
|
|
|
}
|
|
|
|
|
|
|
|
pub(crate) struct S3ApiEndpoint {
|
|
|
|
bucket_name: Option<String>,
|
|
|
|
endpoint: Endpoint,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl S3ApiServer {
|
|
|
|
pub async fn run(
|
|
|
|
garage: Arc<Garage>,
|
2023-09-29 16:41:00 +00:00
|
|
|
addr: UnixOrTCPSocketAddress,
|
2022-09-07 15:54:16 +00:00
|
|
|
s3_region: String,
|
2024-02-08 22:43:59 +00:00
|
|
|
must_exit: watch::Receiver<bool>,
|
2022-05-10 11:16:57 +00:00
|
|
|
) -> Result<(), GarageError> {
|
2022-09-07 15:54:16 +00:00
|
|
|
ApiServer::new(s3_region, S3ApiServer { garage })
|
2024-02-08 22:43:59 +00:00
|
|
|
.run_server(addr, None, must_exit)
|
2022-09-07 15:54:16 +00:00
|
|
|
.await
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
async fn handle_request_without_bucket(
|
|
|
|
&self,
|
2024-02-05 17:49:54 +00:00
|
|
|
_req: Request<ReqBody>,
|
2022-05-10 11:16:57 +00:00
|
|
|
api_key: Key,
|
|
|
|
endpoint: Endpoint,
|
2024-02-05 17:49:54 +00:00
|
|
|
) -> Result<Response<ResBody>, Error> {
|
2022-05-10 11:16:57 +00:00
|
|
|
match endpoint {
|
|
|
|
Endpoint::ListBuckets => handle_list_buckets(&self.garage, &api_key).await,
|
|
|
|
endpoint => Err(Error::NotImplemented(endpoint.name().to_owned())),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[async_trait]
|
|
|
|
impl ApiHandler for S3ApiServer {
|
|
|
|
const API_NAME: &'static str = "s3";
|
|
|
|
const API_NAME_DISPLAY: &'static str = "S3";
|
|
|
|
|
|
|
|
type Endpoint = S3ApiEndpoint;
|
2022-05-24 10:16:39 +00:00
|
|
|
type Error = Error;
|
2022-05-10 11:16:57 +00:00
|
|
|
|
2024-02-05 17:49:54 +00:00
|
|
|
fn parse_endpoint(&self, req: &Request<IncomingBody>) -> Result<S3ApiEndpoint, Error> {
|
2022-05-10 11:16:57 +00:00
|
|
|
let authority = req
|
|
|
|
.headers()
|
|
|
|
.get(header::HOST)
|
|
|
|
.ok_or_bad_request("Host header required")?
|
|
|
|
.to_str()?;
|
|
|
|
|
|
|
|
let host = authority_to_host(authority)?;
|
|
|
|
|
|
|
|
let bucket_name = self
|
|
|
|
.garage
|
|
|
|
.config
|
|
|
|
.s3_api
|
|
|
|
.root_domain
|
|
|
|
.as_ref()
|
|
|
|
.and_then(|root_domain| host_to_bucket(&host, root_domain));
|
|
|
|
|
|
|
|
let (endpoint, bucket_name) =
|
|
|
|
Endpoint::from_request(req, bucket_name.map(ToOwned::to_owned))?;
|
|
|
|
|
|
|
|
Ok(S3ApiEndpoint {
|
|
|
|
bucket_name,
|
|
|
|
endpoint,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
async fn handle(
|
|
|
|
&self,
|
2024-02-28 09:51:08 +00:00
|
|
|
req: Request<IncomingBody>,
|
2022-05-10 11:16:57 +00:00
|
|
|
endpoint: S3ApiEndpoint,
|
2024-02-05 17:49:54 +00:00
|
|
|
) -> Result<Response<ResBody>, Error> {
|
2022-05-10 11:16:57 +00:00
|
|
|
let S3ApiEndpoint {
|
|
|
|
bucket_name,
|
|
|
|
endpoint,
|
|
|
|
} = endpoint;
|
|
|
|
let garage = self.garage.clone();
|
|
|
|
|
|
|
|
// Some endpoints are processed early, before we even check for an API key
|
|
|
|
if let Endpoint::PostObject = endpoint {
|
|
|
|
return handle_post_object(garage, req, bucket_name.unwrap()).await;
|
|
|
|
}
|
|
|
|
if let Endpoint::Options = endpoint {
|
2024-02-05 18:27:12 +00:00
|
|
|
let options_res = handle_options_api(garage, &req, bucket_name).await?;
|
|
|
|
return Ok(options_res.map(|_empty_body: EmptyBody| empty_body()));
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
|
2024-02-28 09:51:08 +00:00
|
|
|
let (req, api_key, content_sha256) = verify_request(&garage, req, "s3").await?;
|
2022-05-10 11:16:57 +00:00
|
|
|
|
|
|
|
let bucket_name = match bucket_name {
|
|
|
|
None => {
|
|
|
|
return self
|
|
|
|
.handle_request_without_bucket(req, api_key, endpoint)
|
|
|
|
.await
|
|
|
|
}
|
|
|
|
Some(bucket) => bucket.to_string(),
|
|
|
|
};
|
|
|
|
|
|
|
|
// Special code path for CreateBucket API endpoint
|
|
|
|
if let Endpoint::CreateBucket {} = endpoint {
|
2024-02-22 11:28:21 +00:00
|
|
|
return handle_create_bucket(
|
|
|
|
&garage,
|
|
|
|
req,
|
|
|
|
content_sha256,
|
|
|
|
&api_key.key_id,
|
|
|
|
bucket_name,
|
|
|
|
)
|
|
|
|
.await;
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
|
2022-05-24 10:16:39 +00:00
|
|
|
let bucket_id = garage
|
|
|
|
.bucket_helper()
|
|
|
|
.resolve_bucket(&bucket_name, &api_key)
|
|
|
|
.await?;
|
2022-05-10 11:16:57 +00:00
|
|
|
let bucket = garage
|
2022-05-24 10:16:39 +00:00
|
|
|
.bucket_helper()
|
|
|
|
.get_existing_bucket(bucket_id)
|
|
|
|
.await?;
|
2024-03-03 13:56:52 +00:00
|
|
|
let bucket_params = bucket.state.into_option().unwrap();
|
2022-05-10 11:16:57 +00:00
|
|
|
|
|
|
|
let allowed = match endpoint.authorization_type() {
|
|
|
|
Authorization::Read => api_key.allow_read(&bucket_id),
|
|
|
|
Authorization::Write => api_key.allow_write(&bucket_id),
|
|
|
|
Authorization::Owner => api_key.allow_owner(&bucket_id),
|
|
|
|
_ => unreachable!(),
|
|
|
|
};
|
|
|
|
|
|
|
|
if !allowed {
|
2022-05-24 10:16:39 +00:00
|
|
|
return Err(Error::forbidden("Operation is not allowed for this key."));
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
|
2024-03-03 13:56:52 +00:00
|
|
|
let matching_cors_rule = find_matching_cors_rule(&bucket_params, &req)?.cloned();
|
|
|
|
|
|
|
|
let ctx = ReqCtx {
|
|
|
|
garage,
|
|
|
|
bucket_id,
|
|
|
|
bucket_name,
|
|
|
|
bucket_params,
|
|
|
|
api_key,
|
|
|
|
};
|
2022-05-10 11:16:57 +00:00
|
|
|
|
|
|
|
let resp = match endpoint {
|
|
|
|
Endpoint::HeadObject {
|
|
|
|
key, part_number, ..
|
2024-03-03 13:56:52 +00:00
|
|
|
} => handle_head(ctx, &req, &key, part_number).await,
|
2022-05-10 11:16:57 +00:00
|
|
|
Endpoint::GetObject {
|
2024-02-09 14:34:42 +00:00
|
|
|
key,
|
|
|
|
part_number,
|
|
|
|
response_cache_control,
|
|
|
|
response_content_disposition,
|
|
|
|
response_content_encoding,
|
|
|
|
response_content_language,
|
|
|
|
response_content_type,
|
|
|
|
response_expires,
|
|
|
|
..
|
|
|
|
} => {
|
|
|
|
let overrides = GetObjectOverrides {
|
|
|
|
response_cache_control,
|
|
|
|
response_content_disposition,
|
|
|
|
response_content_encoding,
|
|
|
|
response_content_language,
|
|
|
|
response_content_type,
|
|
|
|
response_expires,
|
|
|
|
};
|
2024-03-03 13:56:52 +00:00
|
|
|
handle_get(ctx, &req, &key, part_number, overrides).await
|
2024-02-09 14:34:42 +00:00
|
|
|
}
|
2022-05-10 11:16:57 +00:00
|
|
|
Endpoint::UploadPart {
|
|
|
|
key,
|
|
|
|
part_number,
|
|
|
|
upload_id,
|
2024-03-03 13:56:52 +00:00
|
|
|
} => handle_put_part(ctx, req, &key, part_number, &upload_id, content_sha256).await,
|
|
|
|
Endpoint::CopyObject { key } => handle_copy(ctx, &req, &key).await,
|
2022-05-10 11:16:57 +00:00
|
|
|
Endpoint::UploadPartCopy {
|
|
|
|
key,
|
|
|
|
part_number,
|
|
|
|
upload_id,
|
2024-03-03 13:56:52 +00:00
|
|
|
} => handle_upload_part_copy(ctx, &req, &key, part_number, &upload_id).await,
|
|
|
|
Endpoint::PutObject { key } => handle_put(ctx, req, &key, content_sha256).await,
|
2022-05-10 11:16:57 +00:00
|
|
|
Endpoint::AbortMultipartUpload { key, upload_id } => {
|
2024-03-03 13:56:52 +00:00
|
|
|
handle_abort_multipart_upload(ctx, &key, &upload_id).await
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
2024-03-03 13:56:52 +00:00
|
|
|
Endpoint::DeleteObject { key, .. } => handle_delete(ctx, &key).await,
|
2022-05-10 11:16:57 +00:00
|
|
|
Endpoint::CreateMultipartUpload { key } => {
|
2024-03-03 13:56:52 +00:00
|
|
|
handle_create_multipart_upload(ctx, &req, &key).await
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
Endpoint::CompleteMultipartUpload { key, upload_id } => {
|
2024-03-03 13:56:52 +00:00
|
|
|
handle_complete_multipart_upload(ctx, req, &key, &upload_id, content_sha256).await
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
Endpoint::CreateBucket {} => unreachable!(),
|
|
|
|
Endpoint::HeadBucket {} => {
|
2024-02-05 17:49:54 +00:00
|
|
|
let response = Response::builder().body(empty_body()).unwrap();
|
2022-05-10 11:16:57 +00:00
|
|
|
Ok(response)
|
|
|
|
}
|
2024-03-03 13:56:52 +00:00
|
|
|
Endpoint::DeleteBucket {} => handle_delete_bucket(ctx).await,
|
|
|
|
Endpoint::GetBucketLocation {} => handle_get_bucket_location(ctx),
|
2022-05-10 11:16:57 +00:00
|
|
|
Endpoint::GetBucketVersioning {} => handle_get_bucket_versioning(),
|
|
|
|
Endpoint::ListObjects {
|
|
|
|
delimiter,
|
|
|
|
encoding_type,
|
|
|
|
marker,
|
|
|
|
max_keys,
|
|
|
|
prefix,
|
|
|
|
} => {
|
2024-03-03 13:56:52 +00:00
|
|
|
let query = ListObjectsQuery {
|
|
|
|
common: ListQueryCommon {
|
|
|
|
bucket_name: ctx.bucket_name.clone(),
|
|
|
|
bucket_id,
|
|
|
|
delimiter,
|
|
|
|
page_size: max_keys.unwrap_or(1000).clamp(1, 1000),
|
|
|
|
prefix: prefix.unwrap_or_default(),
|
|
|
|
urlencode_resp: encoding_type.map(|e| e == "url").unwrap_or(false),
|
2022-05-10 11:16:57 +00:00
|
|
|
},
|
2024-03-03 13:56:52 +00:00
|
|
|
is_v2: false,
|
|
|
|
marker,
|
|
|
|
continuation_token: None,
|
|
|
|
start_after: None,
|
|
|
|
};
|
|
|
|
handle_list(ctx, &query).await
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
Endpoint::ListObjectsV2 {
|
|
|
|
delimiter,
|
|
|
|
encoding_type,
|
|
|
|
max_keys,
|
|
|
|
prefix,
|
|
|
|
continuation_token,
|
|
|
|
start_after,
|
|
|
|
list_type,
|
|
|
|
..
|
|
|
|
} => {
|
|
|
|
if list_type == "2" {
|
2024-03-03 13:56:52 +00:00
|
|
|
let query = ListObjectsQuery {
|
|
|
|
common: ListQueryCommon {
|
|
|
|
bucket_name: ctx.bucket_name.clone(),
|
|
|
|
bucket_id,
|
|
|
|
delimiter,
|
|
|
|
page_size: max_keys.unwrap_or(1000).clamp(1, 1000),
|
|
|
|
urlencode_resp: encoding_type.map(|e| e == "url").unwrap_or(false),
|
|
|
|
prefix: prefix.unwrap_or_default(),
|
2022-05-10 11:16:57 +00:00
|
|
|
},
|
2024-03-03 13:56:52 +00:00
|
|
|
is_v2: true,
|
|
|
|
marker: None,
|
|
|
|
continuation_token,
|
|
|
|
start_after,
|
|
|
|
};
|
|
|
|
handle_list(ctx, &query).await
|
2022-05-10 11:16:57 +00:00
|
|
|
} else {
|
2022-05-24 10:16:39 +00:00
|
|
|
Err(Error::bad_request(format!(
|
2022-05-10 11:16:57 +00:00
|
|
|
"Invalid endpoint: list-type={}",
|
|
|
|
list_type
|
|
|
|
)))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Endpoint::ListMultipartUploads {
|
|
|
|
delimiter,
|
|
|
|
encoding_type,
|
|
|
|
key_marker,
|
|
|
|
max_uploads,
|
|
|
|
prefix,
|
|
|
|
upload_id_marker,
|
|
|
|
} => {
|
2024-03-03 13:56:52 +00:00
|
|
|
let query = ListMultipartUploadsQuery {
|
|
|
|
common: ListQueryCommon {
|
|
|
|
bucket_name: ctx.bucket_name.clone(),
|
|
|
|
bucket_id,
|
|
|
|
delimiter,
|
|
|
|
page_size: max_uploads.unwrap_or(1000).clamp(1, 1000),
|
|
|
|
prefix: prefix.unwrap_or_default(),
|
|
|
|
urlencode_resp: encoding_type.map(|e| e == "url").unwrap_or(false),
|
2022-05-10 11:16:57 +00:00
|
|
|
},
|
2024-03-03 13:56:52 +00:00
|
|
|
key_marker,
|
|
|
|
upload_id_marker,
|
|
|
|
};
|
|
|
|
handle_list_multipart_upload(ctx, &query).await
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
|
|
|
Endpoint::ListParts {
|
|
|
|
key,
|
|
|
|
max_parts,
|
|
|
|
part_number_marker,
|
|
|
|
upload_id,
|
|
|
|
} => {
|
2024-03-03 13:56:52 +00:00
|
|
|
let query = ListPartsQuery {
|
|
|
|
bucket_name: ctx.bucket_name.clone(),
|
|
|
|
bucket_id,
|
|
|
|
key,
|
|
|
|
upload_id,
|
|
|
|
part_number_marker: part_number_marker.map(|p| p.min(10000)),
|
|
|
|
max_parts: max_parts.unwrap_or(1000).clamp(1, 1000),
|
|
|
|
};
|
|
|
|
handle_list_parts(ctx, &query).await
|
2022-05-10 11:16:57 +00:00
|
|
|
}
|
2024-03-03 13:56:52 +00:00
|
|
|
Endpoint::DeleteObjects {} => handle_delete_objects(ctx, req, content_sha256).await,
|
|
|
|
Endpoint::GetBucketWebsite {} => handle_get_website(ctx).await,
|
|
|
|
Endpoint::PutBucketWebsite {} => handle_put_website(ctx, req, content_sha256).await,
|
|
|
|
Endpoint::DeleteBucketWebsite {} => handle_delete_website(ctx).await,
|
|
|
|
Endpoint::GetBucketCors {} => handle_get_cors(ctx).await,
|
|
|
|
Endpoint::PutBucketCors {} => handle_put_cors(ctx, req, content_sha256).await,
|
|
|
|
Endpoint::DeleteBucketCors {} => handle_delete_cors(ctx).await,
|
|
|
|
Endpoint::GetBucketLifecycleConfiguration {} => handle_get_lifecycle(ctx).await,
|
2023-08-29 15:44:17 +00:00
|
|
|
Endpoint::PutBucketLifecycleConfiguration {} => {
|
2024-03-03 13:56:52 +00:00
|
|
|
handle_put_lifecycle(ctx, req, content_sha256).await
|
2023-08-29 15:44:17 +00:00
|
|
|
}
|
2024-03-03 13:56:52 +00:00
|
|
|
Endpoint::DeleteBucketLifecycle {} => handle_delete_lifecycle(ctx).await,
|
2022-05-10 11:16:57 +00:00
|
|
|
endpoint => Err(Error::NotImplemented(endpoint.name().to_owned())),
|
|
|
|
};
|
|
|
|
|
|
|
|
// If request was a success and we have a CORS rule that applies to it,
|
|
|
|
// add the corresponding CORS headers to the response
|
|
|
|
let mut resp_ok = resp?;
|
|
|
|
if let Some(rule) = matching_cors_rule {
|
2024-03-03 13:56:52 +00:00
|
|
|
add_cors_headers(&mut resp_ok, &rule)
|
2022-05-10 11:16:57 +00:00
|
|
|
.ok_or_internal_error("Invalid bucket CORS configuration")?;
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(resp_ok)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl ApiEndpoint for S3ApiEndpoint {
|
|
|
|
fn name(&self) -> &'static str {
|
|
|
|
self.endpoint.name()
|
|
|
|
}
|
|
|
|
|
|
|
|
fn add_span_attributes(&self, span: SpanRef<'_>) {
|
|
|
|
span.set_attribute(KeyValue::new(
|
|
|
|
"bucket",
|
|
|
|
self.bucket_name.clone().unwrap_or_default(),
|
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|