2020-04-19 17:59:59 +00:00
|
|
|
use std::net::SocketAddr;
|
2020-04-10 20:01:48 +00:00
|
|
|
use std::sync::Arc;
|
2020-04-06 17:55:39 +00:00
|
|
|
|
2020-04-10 20:01:48 +00:00
|
|
|
use futures::future::Future;
|
2021-11-11 10:26:02 +00:00
|
|
|
use hyper::header;
|
2020-04-07 22:39:07 +00:00
|
|
|
use hyper::server::conn::AddrStream;
|
2020-04-10 20:01:48 +00:00
|
|
|
use hyper::service::{make_service_fn, service_fn};
|
2021-12-06 14:17:47 +00:00
|
|
|
use hyper::{Body, Request, Response, Server};
|
2020-04-05 21:33:42 +00:00
|
|
|
|
2020-11-08 14:04:30 +00:00
|
|
|
use garage_util::error::Error as GarageError;
|
2020-04-23 17:05:46 +00:00
|
|
|
|
2020-07-07 11:59:22 +00:00
|
|
|
use garage_model::garage::Garage;
|
2020-04-23 17:05:46 +00:00
|
|
|
|
2020-11-08 14:04:30 +00:00
|
|
|
use crate::error::*;
|
2020-04-24 17:46:52 +00:00
|
|
|
use crate::signature::check_signature;
|
2020-04-05 21:33:42 +00:00
|
|
|
|
2021-11-11 10:26:02 +00:00
|
|
|
use crate::helpers::*;
|
2021-04-27 23:05:40 +00:00
|
|
|
use crate::s3_bucket::*;
|
2020-04-28 10:18:14 +00:00
|
|
|
use crate::s3_copy::*;
|
|
|
|
use crate::s3_delete::*;
|
2020-04-26 20:39:32 +00:00
|
|
|
use crate::s3_get::*;
|
|
|
|
use crate::s3_list::*;
|
|
|
|
use crate::s3_put::*;
|
2021-12-06 14:17:47 +00:00
|
|
|
use crate::s3_router::{Authorization, Endpoint};
|
2020-04-10 20:01:48 +00:00
|
|
|
|
2021-03-26 21:32:09 +00:00
|
|
|
/// Run the S3 API server
|
2020-04-10 20:01:48 +00:00
|
|
|
pub async fn run_api_server(
|
|
|
|
garage: Arc<Garage>,
|
|
|
|
shutdown_signal: impl Future<Output = ()>,
|
2020-11-08 14:04:30 +00:00
|
|
|
) -> Result<(), GarageError> {
|
2020-04-24 17:46:52 +00:00
|
|
|
let addr = &garage.config.s3_api.api_bind_addr;
|
2020-04-05 21:33:42 +00:00
|
|
|
|
2020-04-10 20:01:48 +00:00
|
|
|
let service = make_service_fn(|conn: &AddrStream| {
|
2020-04-08 20:00:41 +00:00
|
|
|
let garage = garage.clone();
|
2020-04-07 22:39:07 +00:00
|
|
|
let client_addr = conn.remote_addr();
|
2020-04-06 17:55:39 +00:00
|
|
|
async move {
|
2020-11-08 14:04:30 +00:00
|
|
|
Ok::<_, GarageError>(service_fn(move |req: Request<Body>| {
|
2020-04-08 20:00:41 +00:00
|
|
|
let garage = garage.clone();
|
|
|
|
handler(garage, req, client_addr)
|
2020-04-06 17:55:39 +00:00
|
|
|
}))
|
|
|
|
}
|
|
|
|
});
|
2020-04-05 21:33:42 +00:00
|
|
|
|
2021-10-26 08:20:05 +00:00
|
|
|
let server = Server::bind(addr).serve(service);
|
2020-04-05 21:33:42 +00:00
|
|
|
|
|
|
|
let graceful = server.with_graceful_shutdown(shutdown_signal);
|
2020-04-21 12:54:55 +00:00
|
|
|
info!("API server listening on http://{}", addr);
|
2020-04-05 21:33:42 +00:00
|
|
|
|
2020-04-11 16:51:11 +00:00
|
|
|
graceful.await?;
|
|
|
|
Ok(())
|
2020-04-05 21:33:42 +00:00
|
|
|
}
|
2020-04-07 22:39:07 +00:00
|
|
|
|
2020-04-10 20:01:48 +00:00
|
|
|
async fn handler(
|
|
|
|
garage: Arc<Garage>,
|
|
|
|
req: Request<Body>,
|
|
|
|
addr: SocketAddr,
|
2020-11-08 14:04:30 +00:00
|
|
|
) -> Result<Response<Body>, GarageError> {
|
2021-04-27 23:05:40 +00:00
|
|
|
let uri = req.uri().clone();
|
|
|
|
info!("{} {} {}", addr, req.method(), uri);
|
2020-04-24 17:46:52 +00:00
|
|
|
debug!("{:?}", req);
|
2021-04-27 23:05:40 +00:00
|
|
|
match handler_inner(garage.clone(), req).await {
|
2020-04-24 17:46:52 +00:00
|
|
|
Ok(x) => {
|
|
|
|
debug!("{} {:?}", x.status(), x.headers());
|
|
|
|
Ok(x)
|
|
|
|
}
|
2020-04-07 22:39:07 +00:00
|
|
|
Err(e) => {
|
2021-04-27 23:05:40 +00:00
|
|
|
let body: Body = Body::from(e.aws_xml(&garage.config.s3_api.s3_region, uri.path()));
|
2021-11-29 10:52:42 +00:00
|
|
|
let mut http_error_builder = Response::builder()
|
2021-04-27 23:05:40 +00:00
|
|
|
.status(e.http_status_code())
|
2021-11-29 10:52:42 +00:00
|
|
|
.header("Content-Type", "application/xml");
|
|
|
|
|
|
|
|
if let Some(header_map) = http_error_builder.headers_mut() {
|
|
|
|
e.add_headers(header_map)
|
|
|
|
}
|
|
|
|
|
|
|
|
let http_error = http_error_builder.body(body)?;
|
2021-04-27 23:05:40 +00:00
|
|
|
|
2021-02-19 23:30:39 +00:00
|
|
|
if e.http_status_code().is_server_error() {
|
|
|
|
warn!("Response: error {}, {}", e.http_status_code(), e);
|
|
|
|
} else {
|
|
|
|
info!("Response: error {}, {}", e.http_status_code(), e);
|
|
|
|
}
|
2020-04-09 15:32:28 +00:00
|
|
|
Ok(http_error)
|
2020-04-07 22:39:07 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-08 11:33:02 +00:00
|
|
|
async fn handler_inner(garage: Arc<Garage>, req: Request<Body>) -> Result<Response<Body>, Error> {
|
2021-05-02 20:30:56 +00:00
|
|
|
let (api_key, content_sha256) = check_signature(&garage, &req).await?;
|
2020-05-01 14:30:50 +00:00
|
|
|
|
2021-11-11 10:26:02 +00:00
|
|
|
let authority = req
|
|
|
|
.headers()
|
|
|
|
.get(header::HOST)
|
|
|
|
.ok_or_else(|| Error::BadRequest("HOST header required".to_owned()))?
|
|
|
|
.to_str()?;
|
|
|
|
|
|
|
|
let host = authority_to_host(authority)?;
|
|
|
|
|
2021-11-11 13:12:22 +00:00
|
|
|
let bucket = garage
|
|
|
|
.config
|
|
|
|
.s3_api
|
|
|
|
.root_domain
|
|
|
|
.as_ref()
|
2021-11-11 14:37:48 +00:00
|
|
|
.and_then(|root_domain| host_to_bucket(&host, root_domain));
|
2021-11-11 13:12:22 +00:00
|
|
|
|
2021-12-06 14:17:47 +00:00
|
|
|
let endpoint = Endpoint::from_request(&req, bucket.map(ToOwned::to_owned))?;
|
|
|
|
let allowed = match endpoint.authorization_type() {
|
|
|
|
Authorization::None => true,
|
|
|
|
Authorization::Read(bucket) => api_key.allow_read(bucket),
|
|
|
|
Authorization::Write(bucket) => api_key.allow_write(bucket),
|
2020-04-24 17:46:52 +00:00
|
|
|
};
|
2021-12-06 14:17:47 +00:00
|
|
|
|
2020-04-24 17:46:52 +00:00
|
|
|
if !allowed {
|
2021-04-23 20:18:00 +00:00
|
|
|
return Err(Error::Forbidden(
|
|
|
|
"Operation is not allowed for this key.".to_string(),
|
|
|
|
));
|
2020-04-24 17:46:52 +00:00
|
|
|
}
|
|
|
|
|
2021-12-06 14:17:47 +00:00
|
|
|
match endpoint {
|
|
|
|
Endpoint::ListBuckets => handle_list_buckets(&api_key),
|
|
|
|
Endpoint::HeadObject { bucket, key, .. } => handle_head(garage, &req, &bucket, &key).await,
|
|
|
|
Endpoint::GetObject { bucket, key, .. } => handle_get(garage, &req, &bucket, &key).await,
|
|
|
|
Endpoint::UploadPart {
|
|
|
|
bucket,
|
|
|
|
key,
|
|
|
|
part_number,
|
|
|
|
upload_id,
|
|
|
|
} => {
|
|
|
|
handle_put_part(
|
|
|
|
garage,
|
|
|
|
req,
|
|
|
|
&bucket,
|
|
|
|
&key,
|
|
|
|
part_number,
|
|
|
|
&upload_id,
|
|
|
|
content_sha256,
|
|
|
|
)
|
|
|
|
.await
|
2020-04-26 20:39:32 +00:00
|
|
|
}
|
2021-12-06 14:17:47 +00:00
|
|
|
Endpoint::CopyObject { bucket, key } => {
|
|
|
|
let copy_source = req.headers().get("x-amz-copy-source").unwrap().to_str()?;
|
|
|
|
let copy_source = percent_encoding::percent_decode_str(copy_source).decode_utf8()?;
|
|
|
|
let (source_bucket, source_key) = parse_bucket_key(©_source, None)?;
|
|
|
|
if !api_key.allow_read(source_bucket) {
|
|
|
|
return Err(Error::Forbidden(format!(
|
|
|
|
"Reading from bucket {} not allowed for this key",
|
|
|
|
source_bucket
|
|
|
|
)));
|
2020-04-26 20:39:32 +00:00
|
|
|
}
|
2021-12-06 14:17:47 +00:00
|
|
|
let source_key = source_key.ok_or_bad_request("No source key specified")?;
|
|
|
|
handle_copy(garage, &req, &bucket, &key, source_bucket, source_key).await
|
|
|
|
}
|
|
|
|
Endpoint::PutObject { bucket, key } => {
|
|
|
|
handle_put(garage, req, &bucket, &key, content_sha256).await
|
|
|
|
}
|
|
|
|
Endpoint::AbortMultipartUpload {
|
|
|
|
bucket,
|
|
|
|
key,
|
|
|
|
upload_id,
|
|
|
|
} => handle_abort_multipart_upload(garage, &bucket, &key, &upload_id).await,
|
|
|
|
Endpoint::DeleteObject { bucket, key, .. } => handle_delete(garage, &bucket, &key).await,
|
|
|
|
Endpoint::CreateMultipartUpload { bucket, key } => {
|
|
|
|
handle_create_multipart_upload(garage, &req, &bucket, &key).await
|
|
|
|
}
|
|
|
|
Endpoint::CompleteMultipartUpload {
|
|
|
|
bucket,
|
|
|
|
key,
|
|
|
|
upload_id,
|
|
|
|
} => {
|
|
|
|
handle_complete_multipart_upload(garage, req, &bucket, &key, &upload_id, content_sha256)
|
|
|
|
.await
|
|
|
|
}
|
|
|
|
Endpoint::CreateBucket { bucket } => {
|
|
|
|
debug!(
|
|
|
|
"Body: {}",
|
|
|
|
std::str::from_utf8(&hyper::body::to_bytes(req.into_body()).await?)
|
|
|
|
.unwrap_or("<invalid utf8>")
|
|
|
|
);
|
|
|
|
let empty_body: Body = Body::from(vec![]);
|
|
|
|
let response = Response::builder()
|
|
|
|
.header("Location", format!("/{}", bucket))
|
|
|
|
.body(empty_body)
|
|
|
|
.unwrap();
|
|
|
|
Ok(response)
|
|
|
|
}
|
|
|
|
Endpoint::HeadBucket { .. } => {
|
|
|
|
let empty_body: Body = Body::from(vec![]);
|
|
|
|
let response = Response::builder().body(empty_body).unwrap();
|
|
|
|
Ok(response)
|
|
|
|
}
|
|
|
|
Endpoint::DeleteBucket { .. } => Err(Error::Forbidden(
|
|
|
|
"Cannot delete buckets using S3 api, please talk to Garage directly".into(),
|
|
|
|
)),
|
|
|
|
Endpoint::GetBucketLocation { .. } => handle_get_bucket_location(garage),
|
|
|
|
Endpoint::GetBucketVersioning { .. } => handle_get_bucket_versioning(),
|
|
|
|
Endpoint::ListObjects {
|
|
|
|
bucket,
|
|
|
|
delimiter,
|
|
|
|
encoding_type,
|
|
|
|
marker,
|
|
|
|
max_keys,
|
|
|
|
prefix,
|
|
|
|
} => {
|
|
|
|
handle_list(
|
|
|
|
garage,
|
|
|
|
&ListObjectsQuery {
|
|
|
|
is_v2: false,
|
|
|
|
bucket,
|
|
|
|
delimiter: delimiter.map(|d| d.to_string()),
|
|
|
|
max_keys: max_keys.unwrap_or(1000),
|
|
|
|
prefix: prefix.unwrap_or_default(),
|
|
|
|
marker,
|
|
|
|
continuation_token: None,
|
|
|
|
start_after: None,
|
|
|
|
urlencode_resp: encoding_type.map(|e| e == "url").unwrap_or(false),
|
|
|
|
},
|
|
|
|
)
|
|
|
|
.await
|
|
|
|
}
|
|
|
|
Endpoint::ListObjectsV2 {
|
|
|
|
bucket,
|
|
|
|
delimiter,
|
|
|
|
encoding_type,
|
|
|
|
max_keys,
|
|
|
|
prefix,
|
|
|
|
continuation_token,
|
|
|
|
start_after,
|
|
|
|
list_type,
|
|
|
|
..
|
|
|
|
} => {
|
|
|
|
if list_type == "2" {
|
|
|
|
handle_list(
|
|
|
|
garage,
|
|
|
|
&ListObjectsQuery {
|
|
|
|
is_v2: true,
|
2021-10-26 08:20:05 +00:00
|
|
|
bucket,
|
2021-12-06 14:17:47 +00:00
|
|
|
delimiter: delimiter.map(|d| d.to_string()),
|
|
|
|
max_keys: max_keys.unwrap_or(1000),
|
|
|
|
prefix: prefix.unwrap_or_default(),
|
|
|
|
marker: None,
|
|
|
|
continuation_token,
|
|
|
|
start_after,
|
|
|
|
urlencode_resp: encoding_type.map(|e| e == "url").unwrap_or(false),
|
|
|
|
},
|
|
|
|
)
|
|
|
|
.await
|
|
|
|
} else {
|
|
|
|
Err(Error::BadRequest(format!(
|
|
|
|
"Invalid endpoint: list-type={}",
|
|
|
|
list_type
|
|
|
|
)))
|
2020-04-26 20:39:32 +00:00
|
|
|
}
|
2020-04-11 16:51:11 +00:00
|
|
|
}
|
2021-12-06 14:17:47 +00:00
|
|
|
Endpoint::DeleteObjects { bucket } => {
|
|
|
|
handle_delete_objects(garage, &bucket, req, content_sha256).await
|
2020-04-09 21:45:07 +00:00
|
|
|
}
|
2021-12-06 14:17:47 +00:00
|
|
|
endpoint => Err(Error::NotImplemented(endpoint.name().to_owned())),
|
2020-04-09 21:45:07 +00:00
|
|
|
}
|
|
|
|
}
|
2020-04-28 10:18:14 +00:00
|
|
|
|
2021-11-15 16:39:36 +00:00
|
|
|
/// Extract the bucket name and the key name from an HTTP path and possibly a bucket provided in
|
|
|
|
/// the host header of the request
|
2020-11-07 12:53:32 +00:00
|
|
|
///
|
|
|
|
/// S3 internally manages only buckets and keys. This function splits
|
|
|
|
/// an HTTP path to get the corresponding bucket name and key.
|
2021-11-11 10:26:02 +00:00
|
|
|
fn parse_bucket_key<'a>(
|
|
|
|
path: &'a str,
|
2021-11-11 13:12:22 +00:00
|
|
|
host_bucket: Option<&'a str>,
|
2021-11-11 10:26:02 +00:00
|
|
|
) -> Result<(&'a str, Option<&'a str>), Error> {
|
2020-04-28 10:35:04 +00:00
|
|
|
let path = path.trim_start_matches('/');
|
2020-04-28 10:18:14 +00:00
|
|
|
|
2021-11-11 13:12:22 +00:00
|
|
|
if let Some(bucket) = host_bucket {
|
|
|
|
if !path.is_empty() {
|
|
|
|
return Ok((bucket, Some(path)));
|
|
|
|
} else {
|
|
|
|
return Ok((bucket, None));
|
2021-11-11 10:26:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-08 12:39:44 +00:00
|
|
|
let (bucket, key) = match path.find('/') {
|
2020-05-01 14:30:50 +00:00
|
|
|
Some(i) => {
|
|
|
|
let key = &path[i + 1..];
|
2021-04-23 20:18:00 +00:00
|
|
|
if !key.is_empty() {
|
2020-11-08 12:39:44 +00:00
|
|
|
(&path[..i], Some(key))
|
2020-05-01 14:30:50 +00:00
|
|
|
} else {
|
2020-11-08 12:39:44 +00:00
|
|
|
(&path[..i], None)
|
2020-05-01 14:30:50 +00:00
|
|
|
}
|
|
|
|
}
|
2020-11-08 12:39:44 +00:00
|
|
|
None => (path, None),
|
|
|
|
};
|
2021-04-23 20:18:00 +00:00
|
|
|
if bucket.is_empty() {
|
|
|
|
return Err(Error::BadRequest("No bucket specified".to_string()));
|
2020-04-28 10:18:14 +00:00
|
|
|
}
|
2020-11-08 12:39:44 +00:00
|
|
|
Ok((bucket, key))
|
2020-04-28 10:18:14 +00:00
|
|
|
}
|
2020-11-07 12:53:32 +00:00
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
|
|
|
use super::*;
|
|
|
|
|
|
|
|
#[test]
|
2020-11-07 14:34:53 +00:00
|
|
|
fn parse_bucket_containing_a_key() -> Result<(), Error> {
|
2021-11-11 13:12:22 +00:00
|
|
|
let (bucket, key) = parse_bucket_key("/my_bucket/a/super/file.jpg", None)?;
|
2020-11-07 12:53:32 +00:00
|
|
|
assert_eq!(bucket, "my_bucket");
|
2020-11-07 12:59:30 +00:00
|
|
|
assert_eq!(key.expect("key must be set"), "a/super/file.jpg");
|
2020-11-07 12:53:32 +00:00
|
|
|
Ok(())
|
2020-11-08 12:39:44 +00:00
|
|
|
}
|
2020-11-07 14:34:53 +00:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn parse_bucket_containing_no_key() -> Result<(), Error> {
|
2021-11-11 13:12:22 +00:00
|
|
|
let (bucket, key) = parse_bucket_key("/my_bucket/", None)?;
|
2020-11-07 14:34:53 +00:00
|
|
|
assert_eq!(bucket, "my_bucket");
|
|
|
|
assert!(key.is_none());
|
2021-11-11 13:12:22 +00:00
|
|
|
let (bucket, key) = parse_bucket_key("/my_bucket", None)?;
|
2020-11-07 14:34:53 +00:00
|
|
|
assert_eq!(bucket, "my_bucket");
|
|
|
|
assert!(key.is_none());
|
|
|
|
Ok(())
|
2020-11-07 12:53:32 +00:00
|
|
|
}
|
2020-11-08 12:39:44 +00:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn parse_bucket_containing_no_bucket() {
|
2021-11-11 13:12:22 +00:00
|
|
|
let parsed = parse_bucket_key("", None);
|
2020-11-08 12:39:44 +00:00
|
|
|
assert!(parsed.is_err());
|
2021-11-11 13:12:22 +00:00
|
|
|
let parsed = parse_bucket_key("/", None);
|
2020-11-08 12:39:44 +00:00
|
|
|
assert!(parsed.is_err());
|
2021-11-11 13:12:22 +00:00
|
|
|
let parsed = parse_bucket_key("////", None);
|
2020-11-08 12:39:44 +00:00
|
|
|
assert!(parsed.is_err());
|
|
|
|
}
|
2021-11-11 10:26:02 +00:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn parse_bucket_with_vhost_and_key() -> Result<(), Error> {
|
2021-11-11 13:12:22 +00:00
|
|
|
let (bucket, key) = parse_bucket_key("/a/super/file.jpg", Some("my-bucket"))?;
|
2021-11-11 10:26:02 +00:00
|
|
|
assert_eq!(bucket, "my-bucket");
|
|
|
|
assert_eq!(key.expect("key must be set"), "a/super/file.jpg");
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn parse_bucket_with_vhost_no_key() -> Result<(), Error> {
|
2021-11-11 13:12:22 +00:00
|
|
|
let (bucket, key) = parse_bucket_key("", Some("my-bucket"))?;
|
2021-11-11 10:26:02 +00:00
|
|
|
assert_eq!(bucket, "my-bucket");
|
|
|
|
assert!(key.is_none());
|
2021-11-11 13:12:22 +00:00
|
|
|
let (bucket, key) = parse_bucket_key("/", Some("my-bucket"))?;
|
2021-11-11 10:26:02 +00:00
|
|
|
assert_eq!(bucket, "my-bucket");
|
|
|
|
assert!(key.is_none());
|
|
|
|
Ok(())
|
|
|
|
}
|
2020-11-07 12:53:32 +00:00
|
|
|
}
|