mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use Console as proxy for share object logic (#3284)

Browse Source
This commit is contained in:
Cesar N
2024-04-10 10:16:17 -07:00
committed by GitHub
parent 144904f0f6
commit ceee83f03a
13 changed files with 839 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/configure_console.go
View File

@@ -170,6 +170,8 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {
registerReleasesHandlers(api)
registerPublicObjectsHandlers(api)
api.PreServerShutdown = func() {}
api.ServerShutdown = func() {}

70
api/embedded_spec.go
View File

@@ -2743,6 +2743,41 @@ func init() {
}
}
},
"/download-shared-object/{url}": {
"get": {
"security": [],
"produces": [
"application/octet-stream"
],
"tags": [
"Public"
],
"summary": "Downloads an object from a presigned url",
"operationId": "DownloadSharedObject",
"parameters": [
{
"type": "string",
"name": "url",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "file"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
}
},
"/group/{name}": {
"get": {
"tags": [
@@ -11928,6 +11963,41 @@ func init() {
}
}
},
"/download-shared-object/{url}": {
"get": {
"security": [],
"produces": [
"application/octet-stream"
],
"tags": [
"Public"
],
"summary": "Downloads an object from a presigned url",
"operationId": "DownloadSharedObject",
"parameters": [
{
"type": "string",
"name": "url",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "file"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
}
},
"/group/{name}": {
"get": {
"tags": [

13
api/operations/console_api.go
View File

@@ -49,6 +49,7 @@ import (
"github.com/minio/console/api/operations/object"
"github.com/minio/console/api/operations/policy"
"github.com/minio/console/api/operations/profile"
"github.com/minio/console/api/operations/public"
"github.com/minio/console/api/operations/release"
"github.com/minio/console/api/operations/service"
"github.com/minio/console/api/operations/service_account"
@@ -211,6 +212,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
ObjectDownloadMultipleObjectsHandler: object.DownloadMultipleObjectsHandlerFunc(func(params object.DownloadMultipleObjectsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation object.DownloadMultipleObjects has not yet been implemented")
}),
PublicDownloadSharedObjectHandler: public.DownloadSharedObjectHandlerFunc(func(params public.DownloadSharedObjectParams) middleware.Responder {
return middleware.NotImplemented("operation public.DownloadSharedObject has not yet been implemented")
}),
TieringEditTierCredentialsHandler: tiering.EditTierCredentialsHandlerFunc(func(params tiering.EditTierCredentialsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation tiering.EditTierCredentials has not yet been implemented")
}),
@@ -704,6 +708,8 @@ type ConsoleAPI struct {
ObjectDownloadObjectHandler object.DownloadObjectHandler
// ObjectDownloadMultipleObjectsHandler sets the operation handler for the download multiple objects operation
ObjectDownloadMultipleObjectsHandler object.DownloadMultipleObjectsHandler
// PublicDownloadSharedObjectHandler sets the operation handler for the download shared object operation
PublicDownloadSharedObjectHandler public.DownloadSharedObjectHandler
// TieringEditTierCredentialsHandler sets the operation handler for the edit tier credentials operation
TieringEditTierCredentialsHandler tiering.EditTierCredentialsHandler
// BucketEnableBucketEncryptionHandler sets the operation handler for the enable bucket encryption operation
@@ -1150,6 +1156,9 @@ func (o *ConsoleAPI) Validate() error {
if o.ObjectDownloadMultipleObjectsHandler == nil {
unregistered = append(unregistered, "object.DownloadMultipleObjectsHandler")
}
if o.PublicDownloadSharedObjectHandler == nil {
unregistered = append(unregistered, "public.DownloadSharedObjectHandler")
}
if o.TieringEditTierCredentialsHandler == nil {
unregistered = append(unregistered, "tiering.EditTierCredentialsHandler")
}
@@ -1769,6 +1778,10 @@ func (o *ConsoleAPI) initHandlerCache() {
o.handlers["POST"] = make(map[string]http.Handler)
}
o.handlers["POST"]["/buckets/{bucket_name}/objects/download-multiple"] = object.NewDownloadMultipleObjects(o.context, o.ObjectDownloadMultipleObjectsHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/download-shared-object/{url}"] = public.NewDownloadSharedObject(o.context, o.PublicDownloadSharedObjectHandler)
if o.handlers["PUT"] == nil {
o.handlers["PUT"] = make(map[string]http.Handler)
}

73
api/operations/public/download_shared_object.go Normal file
View File

@@ -0,0 +1,73 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package public
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
)
// DownloadSharedObjectHandlerFunc turns a function with the right signature into a download shared object handler
type DownloadSharedObjectHandlerFunc func(DownloadSharedObjectParams) middleware.Responder
// Handle executing the request and returning a response
func (fn DownloadSharedObjectHandlerFunc) Handle(params DownloadSharedObjectParams) middleware.Responder {
return fn(params)
}
// DownloadSharedObjectHandler interface for that can handle valid download shared object params
type DownloadSharedObjectHandler interface {
Handle(DownloadSharedObjectParams) middleware.Responder
}
// NewDownloadSharedObject creates a new http.Handler for the download shared object operation
func NewDownloadSharedObject(ctx *middleware.Context, handler DownloadSharedObjectHandler) *DownloadSharedObject {
return &DownloadSharedObject{Context: ctx, Handler: handler}
}
/*
DownloadSharedObject swagger:route GET /download-shared-object/{url} Public downloadSharedObject
Downloads an object from a presigned url
*/
type DownloadSharedObject struct {
Context *middleware.Context
Handler DownloadSharedObjectHandler
}
func (o *DownloadSharedObject) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewDownloadSharedObjectParams()
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

88
api/operations/public/download_shared_object_parameters.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package public
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
)
// NewDownloadSharedObjectParams creates a new DownloadSharedObjectParams object
//
// There are no default values defined in the spec.
func NewDownloadSharedObjectParams() DownloadSharedObjectParams {
return DownloadSharedObjectParams{}
}
// DownloadSharedObjectParams contains all the bound params for the download shared object operation
// typically these are obtained from a http.Request
//
// swagger:parameters DownloadSharedObject
type DownloadSharedObjectParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
URL string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewDownloadSharedObjectParams() beforehand.
func (o *DownloadSharedObjectParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
rURL, rhkURL, _ := route.Params.GetOK("url")
if err := o.bindURL(rURL, rhkURL, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindURL binds and validates parameter URL from path.
func (o *DownloadSharedObjectParams) bindURL(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.URL = raw
return nil
}

134
api/operations/public/download_shared_object_responses.go Normal file
View File

@@ -0,0 +1,134 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package public
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"io"
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// DownloadSharedObjectOKCode is the HTTP code returned for type DownloadSharedObjectOK
const DownloadSharedObjectOKCode int = 200
/*
DownloadSharedObjectOK A successful response.
swagger:response downloadSharedObjectOK
*/
type DownloadSharedObjectOK struct {
/*
In: Body
*/
Payload io.ReadCloser `json:"body,omitempty"`
}
// NewDownloadSharedObjectOK creates DownloadSharedObjectOK with default headers values
func NewDownloadSharedObjectOK() *DownloadSharedObjectOK {
return &DownloadSharedObjectOK{}
}
// WithPayload adds the payload to the download shared object o k response
func (o *DownloadSharedObjectOK) WithPayload(payload io.ReadCloser) *DownloadSharedObjectOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the download shared object o k response
func (o *DownloadSharedObjectOK) SetPayload(payload io.ReadCloser) {
o.Payload = payload
}
// WriteResponse to the client
func (o *DownloadSharedObjectOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
/*
DownloadSharedObjectDefault Generic error response.
swagger:response downloadSharedObjectDefault
*/
type DownloadSharedObjectDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.APIError `json:"body,omitempty"`
}
// NewDownloadSharedObjectDefault creates DownloadSharedObjectDefault with default headers values
func NewDownloadSharedObjectDefault(code int) *DownloadSharedObjectDefault {
if code <= 0 {
code = 500
}
return &DownloadSharedObjectDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the download shared object default response
func (o *DownloadSharedObjectDefault) WithStatusCode(code int) *DownloadSharedObjectDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the download shared object default response
func (o *DownloadSharedObjectDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the download shared object default response
func (o *DownloadSharedObjectDefault) WithPayload(payload *models.APIError) *DownloadSharedObjectDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the download shared object default response
func (o *DownloadSharedObjectDefault) SetPayload(payload *models.APIError) {
o.Payload = payload
}
// WriteResponse to the client
func (o *DownloadSharedObjectDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

116
api/operations/public/download_shared_object_urlbuilder.go Normal file
View File

@@ -0,0 +1,116 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package public
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// DownloadSharedObjectURL generates an URL for the download shared object operation
type DownloadSharedObjectURL struct {
URL string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *DownloadSharedObjectURL) WithBasePath(bp string) *DownloadSharedObjectURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *DownloadSharedObjectURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *DownloadSharedObjectURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/download-shared-object/{url}"
url := o.URL
if url != "" {
_path = strings.Replace(_path, "{url}", url, -1)
} else {
return nil, errors.New("url is required on DownloadSharedObjectURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *DownloadSharedObjectURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *DownloadSharedObjectURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *DownloadSharedObjectURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on DownloadSharedObjectURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on DownloadSharedObjectURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *DownloadSharedObjectURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

125
api/public_objects.go Normal file
View File

@@ -0,0 +1,125 @@
// This file is part of MinIO Console Server
// Copyright (c) 2024 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package api
import (
b64 "encoding/base64"
"fmt"
"io"
"net/http"
"net/url"
"strings"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/api/operations"
"github.com/minio/console/api/operations/public"
xnet "github.com/minio/pkg/v2/net"
)
func registerPublicObjectsHandlers(api *operations.ConsoleAPI) {
api.PublicDownloadSharedObjectHandler = public.DownloadSharedObjectHandlerFunc(func(params public.DownloadSharedObjectParams) middleware.Responder {
resp, err := getDownloadPublicObjectResponse(params)
if err != nil {
return public.NewDownloadSharedObjectDefault(err.Code).WithPayload(err.APIError)
}
return resp
})
}
func getDownloadPublicObjectResponse(params public.DownloadSharedObjectParams) (middleware.Responder, *CodedAPIError) {
ctx := params.HTTPRequest.Context()
inputURLDecoded, err := b64toMinIOStringURL(params.URL)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
if inputURLDecoded == nil {
return nil, ErrorWithContext(ctx, ErrDefault, fmt.Errorf("decoded url is null"))
}
req, err := http.NewRequest(http.MethodGet, *inputURLDecoded, nil)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
resp, err := http.DefaultClient.Do(req)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
return middleware.ResponderFunc(func(rw http.ResponseWriter, _ runtime.Producer) {
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
http.Error(rw, resp.Status, resp.StatusCode)
return
}
urlObj, err := url.Parse(*inputURLDecoded)
if err != nil {
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
return
}
// Add the filename
_, objectName := url2BucketAndObject(urlObj)
escapedName := url.PathEscape(objectName)
rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", escapedName))
_, err = io.Copy(rw, resp.Body)
if err != nil {
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
return
}
}), nil
}
// b64toMinIOStringURL decodes url and validates is a MinIO url endpoint
func b64toMinIOStringURL(inputEncodedURL string) (*string, error) {
inputURLDecoded, err := b64.StdEncoding.DecodeString(inputEncodedURL)
if err != nil {
return nil, err
}
// Validate input URL
inputURL, err := xnet.ParseHTTPURL(string(inputURLDecoded))
if err != nil {
return nil, err
}
// Ensure incoming url points to MinIO Server
minIOHost := getMinIOEndpoint()
if inputURL.Host != minIOHost {
return nil, ErrForbidden
}
return swag.String(string(inputURLDecoded)), nil
}
func url2BucketAndObject(u *url.URL) (bucketName, objectName string) {
tokens := splitStr(u.Path, "/", 3)
return tokens[1], tokens[2]
}
// splitStr splits a string into n parts, empty strings are added
// if we are not able to reach n elements
func splitStr(path, sep string, n int) []string {
splits := strings.SplitN(path, sep, n)
// Add empty strings if we found elements less than nr
for i := n - len(splits); i > 0; i-- {
splits = append(splits, "")
}
return splits
}

103
api/public_objects_test.go Normal file
View File

@@ -0,0 +1,103 @@
// This file is part of MinIO Console Server
// Copyright (c) 2024 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package api
import (
"testing"
"github.com/go-openapi/swag"
"github.com/stretchr/testify/assert"
)
func Test_b64toMinIOStringURL(t *testing.T) {
tAssert := assert.New(t)
type args struct {
encodedURL string
}
tests := []struct {
test string
args args
wantError *string
expected *string
}{
{
test: "valid encoded minIO URL returns decoded URL string", // http://localhost:9000/...
args: args{
encodedURL: "aHR0cDovL2xvY2FsaG9zdDo5MDAwL2J1Y2tldDEyMy9BdWRpbyUyMGljb24lMjgxJTI5LnN2Zz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPVVCTzFMMUM3VTg3UDFCUDI1MVRTJTJGMjAyNDA0MDUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNDA1VDIxMDEzM1omWC1BbXotRXhwaXJlcz00MzIwMCZYLUFtei1TZWN1cml0eS1Ub2tlbj1leUpoYkdjaU9pSklVelV4TWlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKaFkyTmxjM05MWlhraU9pSlZRazh4VERGRE4xVTROMUF4UWxBeU5URlVVeUlzSW1WNGNDSTZNVGN4TWpNNU5EQTRPU3dpY0dGeVpXNTBJam9pYldsdWFXOWhaRzFwYmlKOS5WLUtEZ3JMTVVCbG5KSEtYNlZ4SGw5LUFfLVBGRVdvazJkcFRxLTQ2YmxMbUxzdWVUeHNoVmFZNERad0dmb200VFQ1azhwaFVmZ2pjUWFuc25icmtlQSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmdmVyc2lvbklkPW51bGwmWC1BbXotU2lnbmF0dXJlPTA3Y2FkM2ViMmE2NzIyYjViYWVkMDljNmYxZmU0YTcwMWJmMTJmNDhlMTYyOGI5ZDQ1YzAxMWQ1OTU1Njc4NDU=",
},
wantError: nil,
expected: swag.String("http://localhost:9000/bucket123/Audio%20icon%281%29.svg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UBO1L1C7U87P1BP251TS%2F20240405%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240405T210133Z&X-Amz-Expires=43200&X-Amz-Security-Token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJVQk8xTDFDN1U4N1AxQlAyNTFUUyIsImV4cCI6MTcxMjM5NDA4OSwicGFyZW50IjoibWluaW9hZG1pbiJ9.V-KDgrLMUBlnJHKX6VxHl9-A_-PFEWok2dpTq-46blLmLsueTxshVaY4DZwGfom4TT5k8phUfgjcQansnbrkeA&X-Amz-SignedHeaders=host&versionId=null&X-Amz-Signature=07cad3eb2a6722b5baed09c6f1fe4a701bf12f48e1628b9d45c011d595567845"),
},
{
test: "valid encoded url but not coming from MinIO server returns forbidden error", // http://non-minio-host:9000/...
args: args{
encodedURL: "aHR0cDovL25vbi1taW5pby1ob3N0OjkwMDAvYnVja2V0MTIzL0F1ZGlvJTIwaWNvbiUyODElMjkuc3ZnP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9VUJPMUwxQzdVODdQMUJQMjUxVFMlMkYyMDI0MDQwNSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA0MDVUMjEwMTMzWiZYLUFtei1FeHBpcmVzPTQzMjAwJlgtQW16LVNlY3VyaXR5LVRva2VuPWV5SmhiR2NpT2lKSVV6VXhNaUlzSW5SNWNDSTZJa3BYVkNKOS5leUpoWTJObGMzTkxaWGtpT2lKVlFrOHhUREZETjFVNE4xQXhRbEF5TlRGVVV5SXNJbVY0Y0NJNk1UY3hNak01TkRBNE9Td2ljR0Z5Wlc1MElqb2liV2x1YVc5aFpHMXBiaUo5LlYtS0RnckxNVUJsbkpIS1g2VnhIbDktQV8tUEZFV29rMmRwVHEtNDZibExtTHN1ZVR4c2hWYVk0RFp3R2ZvbTRUVDVrOHBoVWZnamNRYW5zbmJya2VBJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZ2ZXJzaW9uSWQ9bnVsbCZYLUFtei1TaWduYXR1cmU9MDdjYWQzZWIyYTY3MjJiNWJhZWQwOWM2ZjFmZTRhNzAxYmYxMmY0OGUxNjI4YjlkNDVjMDExZDU5NTU2Nzg0NQ==",
},
wantError: swag.String("403 Forbidden"),
expected: nil,
},
{
test: "valid encoded url but not coming from MinIO server port returns forbidden error", // other port http://localhost:8902/...
args: args{
encodedURL: "aHR0cDovL2xvY2FsaG9zdDo4OTAyL2J1Y2tldDEyMy9BdWRpbyUyMGljb24lMjgxJTI5LnN2Zz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPVVCTzFMMUM3VTg3UDFCUDI1MVRTJTJGMjAyNDA0MDUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNDA1VDIxMDEzM1omWC1BbXotRXhwaXJlcz00MzIwMCZYLUFtei1TZWN1cml0eS1Ub2tlbj1leUpoYkdjaU9pSklVelV4TWlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKaFkyTmxjM05MWlhraU9pSlZRazh4VERGRE4xVTROMUF4UWxBeU5URlVVeUlzSW1WNGNDSTZNVGN4TWpNNU5EQTRPU3dpY0dGeVpXNTBJam9pYldsdWFXOWhaRzFwYmlKOS5WLUtEZ3JMTVVCbG5KSEtYNlZ4SGw5LUFfLVBGRVdvazJkcFRxLTQ2YmxMbUxzdWVUeHNoVmFZNERad0dmb200VFQ1azhwaFVmZ2pjUWFuc25icmtlQSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmdmVyc2lvbklkPW51bGwmWC1BbXotU2lnbmF0dXJlPTA3Y2FkM2ViMmE2NzIyYjViYWVkMDljNmYxZmU0YTcwMWJmMTJmNDhlMTYyOGI5ZDQ1YzAxMWQ1OTU1Njc4NDU=",
},
wantError: swag.String("403 Forbidden"),
expected: nil,
},
{
test: "valid url but with invalid schema returns error",
args: args{
encodedURL: "cG9zdGdyZXM6Ly9wb3N0Z3JlczoxMjM0NTZAMTI3LjAuMC4xOjU0MzIvZHVtbXk=", // postgres://postgres:123456@127.0.0.1:5432/dummy
},
wantError: swag.String("unexpected scheme found postgres"),
expected: nil,
},
{
test: "invalid url returns error",
args: args{
encodedURL: "YXNkc2Fkc2Rh", // asdsadsda
},
wantError: swag.String("unexpected scheme found "),
expected: nil,
},
}
for _, tt := range tests {
t.Run(tt.test, func(_ *testing.T) {
url, err := b64toMinIOStringURL(tt.args.encodedURL)
if tt.wantError != nil {
if err != nil {
if err.Error() != *tt.wantError {
t.Errorf("b64toMinIOStringURL() error: `%v`, wantErr: `%s`", err, *tt.wantError)
return
}
} else {
t.Errorf("b64toMinIOStringURL() error: `%v`, wantErr: `%s`", err, *tt.wantError)
return
}
} else {
if err != nil {
t.Errorf("b64toMinIOStringURL() error: `%s`, wantErr: `%v`", err, tt.wantError)
return
}
tAssert.Equal(*tt.expected, *url)
}
})
}
}

22
api/user_objects.go
View File

@@ -19,6 +19,7 @@ package api
import (
"context"
"encoding/base64"
b64 "encoding/base64"
"errors"
"fmt"
"io"
@@ -1077,30 +1078,43 @@ func getShareObjectResponse(session *models.Principal, params objectApi.ShareObj
if params.Expires != nil {
expireDuration = *params.Expires
}
url, err := getShareObjectURL(ctx, mcClient, params.VersionID, expireDuration)
url, err := getShareObjectURL(ctx, mcClient, params.HTTPRequest, params.VersionID, expireDuration)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
return url, nil
}
func getShareObjectURL(ctx context.Context, client MCClient, versionID string, duration string) (url *string, err error) {
func getShareObjectURL(ctx context.Context, client MCClient, r *http.Request, versionID string, duration string) (url *string, err error) {
// default duration 7d if not defined
if strings.TrimSpace(duration) == "" {
duration = "168h"
}
expiresDuration, err := time.ParseDuration(duration)
if err != nil {
return nil, err
}
objURL, pErr := client.shareDownload(ctx, versionID, expiresDuration)
minioURL, pErr := client.shareDownload(ctx, versionID, expiresDuration)
if pErr != nil {
return nil, pErr.Cause
}
encodedMinIOURL := b64.StdEncoding.EncodeToString([]byte(minioURL))
requestURL := getRequestURLWithScheme(r)
objURL := fmt.Sprintf("%s/api/v1/download-shared-object/%s", requestURL, encodedMinIOURL)
return &objURL, nil
}
func getRequestURLWithScheme(r *http.Request) string {
scheme := "http"
if r.TLS != nil {
scheme = "https"
}
return fmt.Sprintf("%s://%s", scheme, r.Host)
}
func getSetObjectLegalHoldResponse(session *models.Principal, params objectApi.PutObjectLegalHoldParams) *CodedAPIError {
ctx := params.HTTPRequest.Context()
mClient, err := newMinioClient(session, getClientIP(params.HTTPRequest))

42
api/user_objects_test.go
View File

@@ -18,6 +18,7 @@ package api
import (
"context"
"crypto/tls"
"encoding/json"
"errors"
"fmt"
@@ -914,6 +915,7 @@ func Test_shareObject(t *testing.T) {
defer cancel()
client := s3ClientMock{}
type args struct {
r *http.Request
versionID string
expires string
shareFunc func(ctx context.Context, versionID string, expires time.Duration) (string, *probe.Error)
@@ -927,18 +929,44 @@ func Test_shareObject(t *testing.T) {
{
test: "Get share object url",
args: args{
r: &http.Request{
TLS: nil,
Host: "localhost:9090",
},
versionID: "2121434",
expires: "30s",
shareFunc: func(_ context.Context, _ string, _ time.Duration) (string, *probe.Error) {
return "http://someurl", nil
},
},
wantError: nil,
expected: "http://someurl",
expected: "http://localhost:9090/api/v1/download-shared-object/aHR0cDovL3NvbWV1cmw=",
},
{
test: "URL with TLS uses https scheme",
args: args{
r: &http.Request{
TLS: &tls.ConnectionState{},
Host: "localhost:9090",
},
versionID: "2121434",
expires: "30s",
shareFunc: func(_ context.Context, _ string, _ time.Duration) (string, *probe.Error) {
return "http://someurl", nil
},
},
wantError: nil,
expected: "https://localhost:9090/api/v1/download-shared-object/aHR0cDovL3NvbWV1cmw=",
},
{
test: "handle invalid expire duration",
args: args{
r: &http.Request{
TLS: nil,
Host: "localhost:9090",
},
versionID: "2121434",
expires: "invalid",
shareFunc: func(_ context.Context, _ string, _ time.Duration) (string, *probe.Error) {
@@ -950,6 +978,10 @@ func Test_shareObject(t *testing.T) {
{
test: "handle empty expire duration",
args: args{
r: &http.Request{
TLS: nil,
Host: "localhost:9090",
},
versionID: "2121434",
expires: "",
shareFunc: func(_ context.Context, _ string, _ time.Duration) (string, *probe.Error) {
@@ -957,11 +989,15 @@ func Test_shareObject(t *testing.T) {
},
},
wantError: nil,
expected: "http://someurl",
expected: "http://localhost:9090/api/v1/download-shared-object/aHR0cDovL3NvbWV1cmw=",
},
{
test: "handle error on share func",
args: args{
r: &http.Request{
TLS: nil,
Host: "localhost:9090",
},
versionID: "2121434",
expires: "3h",
shareFunc: func(_ context.Context, _ string, _ time.Duration) (string, *probe.Error) {
@@ -975,7 +1011,7 @@ func Test_shareObject(t *testing.T) {
for _, tt := range tests {
t.Run(tt.test, func(_ *testing.T) {
mcShareDownloadMock = tt.args.shareFunc
url, err := getShareObjectURL(ctx, client, tt.args.versionID, tt.args.expires)
url, err := getShareObjectURL(ctx, client, tt.args.r, tt.args.versionID, tt.args.expires)
if tt.wantError != nil {
if !reflect.DeepEqual(err, tt.wantError) {
t.Errorf("getShareObjectURL() error: `%s`, wantErr: `%s`", err, tt.wantError)

61
swagger.yml
View File

@@ -25,7 +25,7 @@ securityDefinitions:
type: apiKey
# Apply the key security definition to all APIs
security:
- key: [ ]
- key: []
parameters:
limit:
name: limit
@@ -54,7 +54,7 @@ paths:
schema:
$ref: "#/definitions/ApiError"
# Exclude this API from the authentication requirement
security: [ ]
security: []
tags:
- Auth
post:
@@ -74,7 +74,7 @@ paths:
schema:
$ref: "#/definitions/ApiError"
# Exclude this API from the authentication requirement
security: [ ]
security: []
tags:
- Auth
/login/oauth2/auth:
@@ -94,7 +94,7 @@ paths:
description: Generic error response.
schema:
$ref: "#/definitions/ApiError"
security: [ ]
security: []
tags:
- Auth
@@ -295,8 +295,8 @@ paths:
get:
summary: List Objects
security:
- key: [ ]
- anonymous: [ ]
- key: []
- anonymous: []
operationId: ListObjects
parameters:
- name: bucket_name
@@ -411,8 +411,8 @@ paths:
post:
summary: Uploads an Object.
security:
- key: [ ]
- anonymous: [ ]
- key: []
- anonymous: []
consumes:
- multipart/form-data
parameters:
@@ -438,8 +438,8 @@ paths:
summary: Download Multiple Objects
operationId: DownloadMultipleObjects
security:
- key: [ ]
- anonymous: [ ]
- key: []
- anonymous: []
produces:
- application/octet-stream
parameters:
@@ -471,8 +471,8 @@ paths:
summary: Download Object
operationId: Download Object
security:
- key: [ ]
- anonymous: [ ]
- key: []
- anonymous: []
produces:
- application/octet-stream
parameters:
@@ -542,7 +542,6 @@ paths:
$ref: "#/definitions/ApiError"
tags:
- Object
/buckets/{bucket_name}/objects/legalhold:
put:
summary: Put Object's legalhold status
@@ -2885,7 +2884,7 @@ paths:
- name: order
in: query
type: string
enum: [ timeDesc, timeAsc ]
enum: [timeDesc, timeAsc]
default: timeDesc
- name: timeStart
in: query
@@ -3518,6 +3517,30 @@ paths:
tags:
- Support
/download-shared-object/{url}:
get:
summary: Downloads an object from a presigned url
operationId: DownloadSharedObject
security: []
produces:
- application/octet-stream
parameters:
- name: url
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
type: file
default:
description: Generic error response.
schema:
$ref: "#/definitions/ApiError"
tags:
- Public
definitions:
accountChangePasswordRequest:
type: object
@@ -4329,7 +4352,7 @@ definitions:
properties:
loginStrategy:
type: string
enum: [ form, redirect, service-account, redirect-service-account ]
enum: [form, redirect, service-account, redirect-service-account]
redirectRules:
type: array
items:
@@ -4428,7 +4451,7 @@ definitions:
type: string
status:
type: string
enum: [ ok ]
enum: [ok]
operator:
type: boolean
distributedMode:
@@ -4459,7 +4482,7 @@ definitions:
type: string
values:
type: array
items: { }
items: {}
resultTarget:
type: object
properties:
@@ -4915,7 +4938,7 @@ definitions:
type: string
service:
type: string
enum: [ replication ]
enum: [replication]
syncMode:
type: string
bandwidth:
@@ -6209,7 +6232,7 @@ definitions:
format: int64
required:
- exp
selectedSAs:
type: array
items:

16
web-app/src/api/consoleApi.ts
View File

@@ -5277,4 +5277,20 @@ export class Api<
...params,
}),
};
downloadSharedObject = {
/**
* No description
*
* @tags Public
* @name DownloadSharedObject
* @summary Downloads an object from a presigned url
* @request GET:/download-shared-object/{url}
*/
downloadSharedObject: (url: string, params: RequestParams = {}) =>
this.request<File, ApiError>({
path: `/download-shared-object/${url}`,
method: "GET",
...params,
}),
};
}