Update README.md screenshots (#3543 )

Signed-off-by: Benjamin Perez <benjamin@bexsoft.net> Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
Release v2.0.1 (#3542 )
2025-05-19 13:00:33 -07:00 · 2025-05-16 15:23:19 -06:00 · 2025-05-16 12:40:29 -07:00 · 2025-05-16 12:04:38 -06:00 · 2025-05-14 19:24:04 -07:00 · 2025-05-14 15:41:50 -07:00
1888 changed files with 174691 additions and 336165 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,7 +0,0 @@
-node_modules/
-dist/
-target/
-console
-!console/
-portal-ui/node_modules/
-.git/
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -8,7 +8,8 @@ assignees: ''
 ---

 ## NOTE
-If this case is urgent, please subscribe to [Subnet](https://min.io/pricing) so that our 24/7 support team may help you faster.
+
+Please subscribe to our [paid subscription plans](https://min.io/pricing) for 24x7 support from our Engineering team.

 <!--- Provide a general summary of the issue in the title above -->

--- a/.github/workflows/cross-compile.yaml
+++ b/.github/workflows/cross-compile.yaml
@@ -1,166 +0,0 @@
-# @format
-
-name: Cross Compile
-
-on:
-  pull_request:
-    branches:
-      - master
-    paths:
-      - go.sum
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-jobs:
-  cross-compile-1:
-    name: Cross compile
-    needs:
-      - lint-job
-      - ui-assets
-      - reuse-golang-dependencies
-      - semgrep-static-code-analysis
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [ 1.21.x ]
-        os: [ ubuntu-latest ]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
-      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ matrix.go-version }}
-          cache: true
-        id: go
-
-      - name: Build on ${{ matrix.os }}
-        env:
-          GO111MODULE: on
-          GOOS: linux
-        run: |
-          make crosscompile arg1="'linux/ppc64le linux/mips64'"
-
-  cross-compile-2:
-    name: Cross compile 2
-    needs:
-      - lint-job
-      - ui-assets
-      - reuse-golang-dependencies
-      - semgrep-static-code-analysis
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [ 1.21.x ]
-        os: [ ubuntu-latest ]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ matrix.go-version }}
-          cache: true
-        id: go
-
-      - name: Build on ${{ matrix.os }}
-        env:
-          GO111MODULE: on
-          GOOS: linux
-        run: |
-          make crosscompile arg1="'linux/arm64 linux/s390x'"
-
-  cross-compile-3:
-    name: Cross compile 3
-    needs:
-      - lint-job
-      - ui-assets
-      - reuse-golang-dependencies
-      - semgrep-static-code-analysis
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [ 1.21.x ]
-        os: [ ubuntu-latest ]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
-      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ matrix.go-version }}
-          cache: true
-        id: go
-
-      - name: Build on ${{ matrix.os }}
-        env:
-          GO111MODULE: on
-          GOOS: linux
-        run: |
-          make crosscompile arg1="'darwin/amd64 freebsd/amd64'"
-
-  cross-compile-4:
-    name: Cross compile 4
-    needs:
-      - lint-job
-      - ui-assets
-      - reuse-golang-dependencies
-      - semgrep-static-code-analysis
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [ 1.21.x ]
-        os: [ ubuntu-latest ]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
-      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ matrix.go-version }}
-          cache: true
-        id: go
-
-      - name: Build on ${{ matrix.os }}
-        env:
-          GO111MODULE: on
-          GOOS: linux
-        run: |
-          make crosscompile arg1="'windows/amd64 linux/arm'"
-
-  cross-compile-5:
-    name: Cross compile 5
-    needs:
-      - lint-job
-      - ui-assets
-      - reuse-golang-dependencies
-      - semgrep-static-code-analysis
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [ 1.21.x ]
-        os: [ ubuntu-latest ]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
-      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
-        uses: actions/setup-go@v3
-        with:
-          go-version: ${{ matrix.go-version }}
-          cache: true
-        id: go
-
-      - name: Build on ${{ matrix.os }}
-        env:
-          GO111MODULE: on
-          GOOS: linux
-        run: |
-          make crosscompile arg1="'linux/386 netbsd/amd64'"
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
--- a/.github/workflows/vulncheck.yaml
+++ b/.github/workflows/vulncheck.yaml
@@ -5,9 +5,6 @@ on:
  pull_request:
    branches:
      - master
-  push:
-    branches:
-      - master

 permissions:
  contents: read # to fetch code (actions/checkout)
@@ -18,11 +15,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
        with:
-          go-version: 1.21.5
+          go-version: 1.23.8
          check-latest: true
      - name: Get official govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest
@@ -36,18 +33,21 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go-version: [ 1.21.5 ]
+        go-version: [ 1.23.x ]
        os: [ ubuntu-latest ]
    steps:
      - name: Check out code
-        uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+        uses: actions/checkout@v4
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
+      - uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NVMRC }}
-          cache: "yarn"
-          cache-dependency-path: portal-ui/yarn.lock
      - name: Checks for known security issues with the installed packages
-        working-directory: ./portal-ui
+        working-directory: ./web-app
        continue-on-error: false
        run: |
-          yarn audit --groups dependencies
+          yarn npm audit --recursive --environment production --no-deprecations
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,12 @@
 # Playwright Data
-portal-ui/storage/
-portal-ui/playwright/.auth/admin.json
+web-app/storage/
+web-app/playwright/.auth/admin.json

 # Report from Playwright
-portal-ui/playwright-report/
+web-app/playwright-report/

 # Coverage from Playwright
-portal-ui/.nyc_output/
+web-app/.nyc_output/

 # Binaries for programs and plugins
 *.exe
@@ -37,7 +37,7 @@ dist/

 # Ignore node_modules

-portal-ui/node_modules/
+web-app/node_modules/

 # Ignore tls cert and key
 private.key
@@ -48,3 +48,6 @@ public.crt
 *.code-workspace
 *~
 .eslintcache
+
+# Ignore Bin files
+bin/
--- a/.golangci.bck.yml
+++ b/.golangci.bck.yml
@@ -0,0 +1,55 @@
+linters-settings:
+  misspell:
+    locale: US
+  testifylint:
+    disable:
+      - go-require
+  staticcheck:
+    checks:
+      [
+        "all",
+        "-ST1005",
+        "-ST1000",
+        "-SA4000",
+        "-SA9004",
+        "-SA1019",
+        "-SA1008",
+        "-U1000",
+        "-ST1016",
+      ]
+  goheader:
+    values:
+      regexp:
+        copyright-holder: Copyright \(c\) (20\d\d\-20\d\d)|2021|({{year}})
+    template-path: .license.tmpl
+
+linters:
+  disable-all: true
+  enable:
+    - goimports
+    - misspell
+    - govet
+    - revive
+    - ineffassign
+    - gosimple
+    - gomodguard
+    - gofmt
+    - unused
+    - staticcheck
+    - unconvert
+    - gocritic
+    - gofumpt
+    - durationcheck
+
+issues:
+  exclude-use-default: false
+  exclude:
+    - should have a package comment
+    # TODO(y4m4): Remove once all exported ident. have comments!
+    - comment on exported function
+    - comment on exported type
+    - should have comment
+    - use leading k in Go names
+    - comment on exported const
+  exclude-dirs:
+    - api/operations
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,49 +1,73 @@
-linters-settings:
-  golint:
-    min-confidence: 0
-
-  misspell:
-    locale: US
-
-  goheader:
-    values:
-      regexp:
-        copyright-holder: Copyright \(c\) (20\d\d\-20\d\d)|2021|({{year}})
-    template-path: .license.tmpl
-
+version: "2"
 linters:
-  disable-all: true
+  default: none
  enable:
-    - goimports
-    - misspell
-    - govet
-    - revive
-    - ineffassign
-    - gosimple
+    - durationcheck
+    - gocritic
    - gomodguard
-    - gofmt
-    - unused
+    - govet
+    - ineffassign
+    - misspell
+    - revive
    - staticcheck
    - unconvert
-    - gocritic
+    - unused
+  settings:
+    goheader:
+      values:
+        regexp:
+          copyright-holder: Copyright \(c\) (20\d\d\-20\d\d)|2021|({{year}})
+      template-path: .license.tmpl
+    misspell:
+      locale: US
+    staticcheck:
+      checks:
+        - all
+        - -QF1001
+        - -QF1008
+        - -QF1010
+        - -QF1012
+        - -SA1008
+        - -SA1019
+        - -SA4000
+        - -SA9004
+        - -ST1000
+        - -ST1005
+        - -ST1016
+        - -ST1019
+        - -U1000
+    testifylint:
+      disable:
+        - go-require
+  exclusions:
+    generated: lax
+    rules:
+      - path: (.+)\.go$
+        text: should have a package comment
+      - path: (.+)\.go$
+        text: comment on exported function
+      - path: (.+)\.go$
+        text: comment on exported type
+      - path: (.+)\.go$
+        text: should have comment
+      - path: (.+)\.go$
+        text: use leading k in Go names
+      - path: (.+)\.go$
+        text: comment on exported const
+    paths:
+      - api/operations
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
    - gofumpt
-    - durationcheck
-
-service:
-  golangci-lint-version: 1.43.0 # use the fixed version to not introduce new linters unexpectedly
-
-issues:
-  exclude-use-default: false
-  exclude:
-    - should have a package comment
-    # TODO(y4m4): Remove once all exported ident. have comments!
-    - comment on exported function
-    - comment on exported type
-    - should have comment
-    - use leading k in Go names
-    - comment on exported const
-run:
-  skip-dirs:
-    - pkg/clientgen
-    - pkg/apis/networking.gke.io
-    - restapi/operations
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - api/operations
+      - third_party$
+      - builtin$
+      - examples$
--- a/portal-ui/.prettierrc.json
+++ b/portal-ui/.prettierrc.json
--- a/.semgrepignore
+++ b/.semgrepignore
@@ -5,7 +5,7 @@

 # Common large paths
 node_modules/
-portal-ui/node_modules/
+web-app/node_modules/
 build/
 dist/
 .idea/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,268 @@
-<!-- @format -->
-
 # Changelog

+## Release v2.0.1
+
+Bug Fix:
+
+- Updated project dependencies for vulnerabilities
+
+Changes:
+
+- Updated Object Browser console logos
+- Updated License page information
+
+
+
+## Release v2.0.0
+
+Community version is going back to be an object browser only.
+
+Bug Fix:
+
+- Fixed Dependencies vulnerabilities
+
+Deprecations:
+
+- Deprecated support of accounts & policies management, this can be managed by using mc admin commands. Please refer to the [MinIO Console User Management page](https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#id1) for more information.
+- Deprecated support of bucket management, this can be managed by using mc commands. Please refer to the [MinIO Client](https://min.io/docs/minio/linux/reference/minio-mc.html) for more information.
+- Deprecated support of configuration management, this can be managed by using mc admin config commands. Please refer to the [MinIO Client](https://min.io/docs/minio/linux/reference/minio-mc.html) for more information.
+
+
+## Release v1.7.6
+
+Bug Fix:
+
+- Fix null pointer exception in Admin Info
+- Ignore leading or trailing spaces in login request
+- Fix file path on drag and drop
+- Fix typo in User DN Search Filter example
+
+## Release v1.7.5
+
+Bug Fix:
+
+- Fixed leaks during ZIP multiobject downloads
+- Allow spaces in Policy names
+
+## Release v1.7.4
+
+Deprecations:
+
+- Deprecated support tools User Interface in favor of mc admin commands. Please refer to the [MinIO SUBNET Registration page](https://min.io/docs/minio/linux/administration/console/subnet-registration.html#subnet) for more information.
+- Deprecated Site replication User Interface in favor of mc admin commands. Please refer to the [MinIO Site Replication page](https://min.io/docs/minio/linux/operations/install-deploy-manage/multi-site-replication.html) for more information.
+- Deprecated Lifecycle & Tiers User Interface in favor of mc admin commands. Please refer to the [MinIO Tiers page](https://min.io/docs/minio/linux/reference/minio-mc/mc-ilm-tier.html) for more information.
+
+Bug Fix:
+
+- Avoid loading unpkg.com call when login animation is off
+
+## Release v1.7.3
+
+Bug Fix:
+
+- Use a fixed public license verification key
+- Show non-expiring access keys as `no-expiry` instead of Jan 1, 1970
+- Use "join Slack" button for non-commercial edition instead of "Signup"
+- Fix setting policies on groups that have spaces
+
+## Release v1.7.2
+
+Bug Fix:
+
+- Fixed issue in Server Health Info
+- Fixed Security vulnerability in dependencies
+- Fixed client string in trace message
+
+Additional Changes:
+
+- Remove live logs in Call Home Page
+- Update License page
+
+## Release v1.7.1
+
+Bug Fix:
+
+- Fixed issue that could cause a failure when attempting to view deleted files in the object browser
+- Return network error when logging in and the network connection fails
+
+Additional Changes:
+
+- Added debug logging for console HTTP request (see [PR #3440](https://github.com/minio/console/pull/3440) for more detailed information)
+
+## Release v1.7.0
+
+Bug Fix:
+
+- Fixed directory listing
+- Fix MinIO videos link
+
+Additional Changes:
+
+- Removed deprecated KES functionality
+
+## Release v1.6.3
+
+Additional Changes:
+
+- Updated go.mod version
+
+## Release v1.6.2
+
+Bug Fix:
+
+- Fixed minor user session issues
+- Updated project dependencies
+
+Additional Changes:
+
+- Improved Drives List visualization
+- Improved WS request logic
+- Updated License page with current MinIO plans.
+
+## Release v1.6.1
+
+Bug Fix:
+
+- Fixed objectManager issues under certain conditions
+- Fixed Security vulnerability in dependencies
+
+Additional Changes:
+
+- Improved Share Link behavior
+
+## Release v1.6.0
+
+Bug Fix:
+
+- Fixed share link encoding
+- Fixed Edit Lifecycle Storage Class
+- Added Tiers Improvements for Bucket Lifecycle management
+
+Additional Changes:
+
+- Vulnerability updates
+- Update Logo logic
+
+## Release v1.5.0
+
+Features:
+
+- Added remove Tier functionality
+
+Bug Fix:
+
+- Fixed ILM rule tags not being shown
+- Fixed race condition Object Browser websocket
+- Fixed Encryption page crashing on empty response
+- Fixed Replication Delete Marker comparisons
+
+Additional Changes:
+
+- Use automatic URI encoding for APIs
+- Vulnerability updates
+
+## Release v1.4.0
+
+Features:
+
+- Added VersionID support to metadata details
+- Improved Websockets handlers
+
+Bug Fix:
+
+- Fixed vulnerabilities and updated dependencies
+- Fixed an issue with Download URL decoding
+- Fixed leak in Object Browser Websocket
+- Minor UX fixes
+
+## Release v1.3.0
+
+Features:
+
+- Adds ExpireDeleteMarker status to BucketLifecycleRule UI
+
+Bug Fix:
+
+- Fixed vulnerability
+- Used URL-safe base64 enconding for Share API
+- Made Prefix field optional when Adding Tier
+- Added Console user agent in MinIO Admin Client
+
+## Release v1.2.0
+
+Features:
+
+- Updated file share logic to work as Proxy
+
+Bug Fix:
+
+- Updated project dependencies
+- Fixed Key Permissions UX
+- Added permissions validation to rewind button
+- Fixed Health report upload to SUBNET
+- Misc Cosmetic fixes
+
+## Release v1.1.1
+
+Bug Fix:
+
+- Fixed folder download issue
+
+## Release v1.1.0
+
+Features:
+
+- Added Set Expired object all versions selector
+
+Bug Fix:
+
+- Updated Go Dependencies
+
+## Release v1.0.0
+
+Features:
+
+- Updated Preview message alert
+
+Bug Fix:
+
+- Updated Websocket API
+- Fixed issues with download manager
+- Fixed policies issues
+
+## Release v0.46.0
+
+Features:
+
+- Added latest help content to forms
+
+Bug Fix:
+
+- Disabled Create User button in certain policy cases
+- Fixed an issue with Logout request
+- Upgraded project dependencies
+
+## Release v0.45.0
+
+Deprecated:
+
+- Deprecated Heal / Drives page
+
+Features:
+
+- Updated tines on menus & pages
+
+Bug Fix:
+
+- Upgraded project dependencies
+
+## Release v0.44.0
+
+Bug Fix:
+
+- Upgraded project dependencies
+- Fixed events icons not loading in subpaths
+
 ## Release v0.43.1

 Bug Fix:
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,56 +4,80 @@ This is a REST portal server created using [go-swagger](https://github.com/go-sw

 The API handlers are created using a YAML definition located in `swagger.YAML`.

-To add new api, the YAML file needs to be updated with all the desired apis using the [Swagger Basic Structure](https://swagger.io/docs/specification/2-0/basic-structure/), this includes paths, parameters, definitions, tags, etc.
+To add new api, the YAML file needs to be updated with all the desired apis using
+the [Swagger Basic Structure](https://swagger.io/docs/specification/2-0/basic-structure/), this includes paths,
+parameters, definitions, tags, etc.

 ## Generate server from YAML
+
 Once the YAML file is ready we can autogenerate the code needed for the new api by just running:

 Validate it:
+
 ```
 swagger validate ./swagger.yml
 ```
+
 Update server code:
+
 ```
 make swagger-gen
 ```

 This will update all the necessary code.

-`./restapi/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
+`./api/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place
+where we need to update our code to support the new apis. This file is not affected when running the swagger generator
+and it is safe to edit.

 ## Unit Tests
-`./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
+
+`./api/handlers_test.go` needs to be updated with the proper tests for the new api.

 To run tests:
+
 ```
-go test ./restapi
+go test ./api
 ```

 ## Commit changes
-After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to write useful commit messages
+
+After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to
+write useful commit messages

 ```
 $ git commit -am 'Add some feature'
 ```

 ### Push to the branch
+
 Push your locally committed changes to the remote origin (your fork)
+
 ```
 $ git push origin my-new-feature
 ```

 ### Create a Pull Request
-Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.
+
+Pull requests can be created via GitHub. Refer
+to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull
+request. After a Pull Request gets peer reviewed and approved, it will be merged.

 ## FAQs
+
 ### How does ``console`` manages dependencies?
+
 ``MinIO`` uses `go mod` to manage its dependencies.
+
 - Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.

 To remove a dependency
+
 - Edit your code and remove the import reference.
 - Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.

 ### What are the coding guidelines for console?
-``console`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
+
+``console`` is fully conformant with Golang style.
+Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe
+offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
--- a/4641
+++ b/4641
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -1,15 +1,20 @@
 # Developing MinIO Console

-The MinIO Console requires the [MinIO Server](https://github.com/minio/minio). For development purposes, you also need to run both the MinIO Console web app and the MinIO Console server.
+The MinIO Console requires the [MinIO Server](https://github.com/minio/minio). For development purposes, you also need
+to run both the MinIO Console web app and the MinIO Console server.

 ## Running MinIO Console server

 Build the server in the main folder by running:
+
 ```
 make
 ```
-> Note: If it's the first time running the server, you might need to run `go mod tidy` to ensure you have all modules required.
-To start the server run:
+
+> Note: If it's the first time running the server, you might need to run `go mod tidy` to ensure you have all modules
+> required.
+> To start the server run:
+
 ```
 CONSOLE_ACCESS_KEY=<your-access-key>
 CONSOLE_SECRET_KEY=<your-secret-key>
@@ -19,8 +24,8 @@ CONSOLE_DEV_MODE=on
 ```

 ## Running MinIO Console web app
-Refer to `/portal-ui` [instructions](/portal-ui/README.md) to run the web app locally.

+Refer to `/web-app` [instructions](/web-app/README.md) to run the web app locally.

 # Building with MinIO

@@ -72,25 +77,6 @@ Still in the MinIO folder, run
 make build
 ```

-# Testing on Kubernetes
-
-If you want to test console on kubernetes, you can perform all the steps from `Building with MinIO`, but change `Step 3`
-to the following:
-
-```shell
-TAG=miniodev/console:dev make docker
-```
-
-This will build a docker container image that can be used to test with your local kubernetes environment.
-
-For example, if you are using kind:
-
-```shell
-kind load docker-image miniodev/console:dev
-```
-
-and then deploy any `Tenant` that uses this image
-
 # LDAP authentication with Console

 ## Setup
--- a/43
+++ b/43
@@ -1,43 +0,0 @@
-ARG NODE_VERSION
-FROM node:$NODE_VERSION as uilayer
-
-WORKDIR /app
-
-COPY ./portal-ui/package.json ./
-COPY ./portal-ui/yarn.lock ./
-RUN yarn install
-
-COPY ./portal-ui .
-
-RUN make build-static
-
-USER node
-
-FROM golang:1.19 as golayer
-
-RUN apt-get update -y && apt-get install -y ca-certificates
-
-ADD go.mod /go/src/github.com/minio/console/go.mod
-ADD go.sum /go/src/github.com/minio/console/go.sum
-WORKDIR /go/src/github.com/minio/console/
-
-# Get dependencies - will also be cached if we won't change mod/sum
-RUN go mod download
-
-ADD . /go/src/github.com/minio/console/
-WORKDIR /go/src/github.com/minio/console/
-
-ENV CGO_ENABLED=0
-
-COPY --from=uilayer /app/build /go/src/github.com/minio/console/portal-ui/build
-RUN go build --tags=kqueue,operator -ldflags "-w -s" -a -o console ./cmd/console
-
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7
-MAINTAINER MinIO Development "dev@min.io"
-EXPOSE 9090
-
-
-COPY --from=golayer /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=golayer /go/src/github.com/minio/console/console .
-
-ENTRYPOINT ["/console"]
--- a/Dockerfile.assets
+++ b/Dockerfile.assets
@@ -1,14 +0,0 @@
-ARG NODE_VERSION
-FROM node:$NODE_VERSION as uilayer
-
-WORKDIR /app
-
-COPY ./portal-ui/package.json ./
-COPY ./portal-ui/yarn.lock ./
-RUN yarn install
-
-COPY ./portal-ui .
-
-RUN yarn install && make build-static
-
-USER node
--- a/Dockerfile.release
+++ b/Dockerfile.release
@@ -1,27 +0,0 @@
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2 as build
-
-RUN microdnf update --nodocs && microdnf install ca-certificates --nodocs
-
-FROM registry.access.redhat.com/ubi9/ubi-micro:9.2
-
-ARG TAG
-
-LABEL name="MinIO" \
-      vendor="MinIO Inc <dev@min.io>" \
-      maintainer="MinIO Inc <dev@min.io>" \
-      version="${TAG}" \
-      release="${TAG}" \
-      summary="A graphical user interface for MinIO" \
-      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
-
-# On RHEL the certificate bundle is located at:
-# - /etc/pki/tls/certs/ca-bundle.crt (RHEL 6)
-# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (RHEL 7)
-COPY --from=build /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/
-COPY LICENSE /LICENSE
-COPY CREDITS /CREDITS
-COPY console /console
-
-EXPOSE 9090
-
-ENTRYPOINT ["/console"]
--- a/114
+++ b/114
@@ -33,6 +33,10 @@ lint:
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml

+lint-fix: getdeps ## runs golangci-lint suite of linters with automatic fixes
+	@echo "Running $@ check"
+	@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml --fix
+
 install: console
 	@echo "Installing console binary to '$(GOPATH)/bin/console'"
 	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/console $(GOPATH)/bin/console
@@ -48,19 +52,23 @@ apply-gofmt:
 clean-swagger:
 	@echo "cleaning"
 	@rm -rf models
-	@rm -rf restapi/operations
+	@rm -rf api/operations

 swagger-console:
 	@echo "Generating swagger server code from yaml"
-	@swagger generate server -A console --main-package=management --server-package=restapi --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@swagger generate server -A console --main-package=management --server-package=api --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@echo "Ensure basic install"
+	@(cd web-app; yarn; cd ..)
 	@echo "Generating typescript api"
-	@npx swagger-typescript-api -p ./swagger.yml -o ./portal-ui/src/api -n consoleApi.ts
-	@git restore restapi/server.go
+	@make swagger-typescript-api path="../swagger.yml" output="./src/api" name="consoleApi.ts"
+	@git restore api/server.go

+swagger-typescript-api:
+	@(cd web-app; yarn swagger-typescript-api -p $(path) -o $(output) -n $(name) --custom-config ../generator.config.js; cd ..)

 assets:
 	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
-	  cd portal-ui; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --log-level warn; cd ..)

 test-integration:
 	@(docker stop pgsqlcontainer || true)
@@ -78,7 +86,7 @@ test-integration:
 	@echo "Postgres"
 	@(docker run --net=mynet123 --ip=173.18.0.4 --name pgsqlcontainer --rm -p 5432:5432 -e POSTGRES_PASSWORD=password -d postgres && sleep 5)
 	@echo "execute test and get coverage for test-integration:"
-	@(cd integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage &&  ./integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/system.out)
+	@(cd integration && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage &&  ./integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/system.out)
 	@(docker stop pgsqlcontainer)
 	@(docker stop minio)
 	@(docker stop minio2)
@@ -126,99 +134,39 @@ test-replication:
 	  $(MINIO_VERSION) server /data{1...4} \
 	  --address :9002 \
 	  --console-address :6002)
-	@(cd replication && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./replication.test -test.v -test.run "^Test*" -test.coverprofile=coverage/replication.out)
+	@(cd replication && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage && ./replication.test -test.v -test.run "^Test*" -test.coverprofile=coverage/replication.out)
 	@(docker stop minio || true)
 	@(docker stop minio1 || true)
 	@(docker stop minio2 || true)
 	@(docker network rm mynet123 || true)

-test-sso-integration:
-	@echo "create the network in bridge mode to communicate all containers"
-	@(docker network create my-net)
-	@echo "run openldap container using MinIO Image: quay.io/minio/openldap:latest"
-	@(docker run \
-		-e LDAP_ORGANIZATION="MinIO Inc" \
-		-e LDAP_DOMAIN="min.io" \
-		-e LDAP_ADMIN_PASSWORD="admin" \
-		--network my-net \
-		-p 389:389 \
-		-p 636:636 \
-		--name openldap \
-		--detach quay.io/minio/openldap:latest)
-	@echo "Run Dex container using MinIO Image: quay.io/minio/dex:latest"
-	@(docker run \
-		-e DEX_ISSUER=http://dex:5556/dex \
-		-e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
-		-e DEX_LDAP_SERVER=openldap:389 \
-		--network my-net \
-		-p 5556:5556 \
-		--name dex \
-		--detach quay.io/minio/dex:latest)
-	@echo "running minio server"
-	@(docker run \
-	-v /data1 -v /data2 -v /data3 -v /data4 \
-	--network my-net \
-	-d \
-	--name minio \
-	--rm \
-	-p 9000:9000 \
-	-p 9001:9001 \
-	-e MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app" \
-	-e MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret" \
-	-e MINIO_IDENTITY_OPENID_CLAIM_NAME=name \
-	-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://dex:5556/dex/.well-known/openid-configuration \
-	-e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
-	-e MINIO_ROOT_USER=minio \
-	-e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001)
-	@echo "run mc commands to set the policy"
-	@(docker run --name minio-client --network my-net -dit --entrypoint=/bin/sh minio/mc)
-	@(docker exec minio-client mc alias set myminio/ http://minio:9000 minio minio123)
-	@echo "adding policy to Dillon Harper to be able to login:"
-	@(cd sso-integration && docker cp allaccess.json minio-client:/ && docker exec minio-client mc admin policy create myminio "Dillon Harper" allaccess.json)
-	@echo "starting bash script"
-	@(env bash $(PWD)/sso-integration/set-sso.sh)
-	@echo "add python module"
-	@(pip3 install bs4)
-	@echo "Executing the test:"
-	@(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)
-
 test-permissions-1:
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
-	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-1/")
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-1/")
 	@(docker stop minio)

 test-permissions-2:
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
-	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-2/")
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-2/")
 	@(docker stop minio)

 test-permissions-3:
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
-	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-3/")
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-3/")
 	@(docker stop minio)

 test-permissions-4:
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
-	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-4/")
-	@(docker stop minio)
-
-test-permissions-5:
-	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
-	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-5/")
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-4/")
 	@(docker stop minio)

 test-permissions-6:
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
-	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-6/")
-	@(docker stop minio)
-
-test-permissions-7:
-	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
-	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-7/")
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-6/")
 	@(docker stop minio)

 test-apply-permissions:
-	@(env bash $(PWD)/portal-ui/tests/scripts/initialize-env.sh)
+	@(env bash $(PWD)/web-app/tests/scripts/initialize-env.sh)

 test-start-docker-minio:
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
@@ -227,7 +175,7 @@ initialize-permissions: test-start-docker-minio test-apply-permissions
 	@echo "Done initializing permissions test"

 cleanup-permissions:
-	@(env bash $(PWD)/portal-ui/tests/scripts/cleanup-env.sh)
+	@(env bash $(PWD)/web-app/tests/scripts/cleanup-env.sh)
 	@(docker stop minio)

 initialize-docker-network:
@@ -239,14 +187,14 @@ test-start-docker-minio-w-redirect-url: initialize-docker-network
    -e MINIO_SERVER_URL='http://localhost:9000' \
    -v /data1 -v /data2 -v /data3 -v /data4 \
    -d --network host --name minio --rm\
-    quay.io/minio/minio:latest server /data{1...4}) 
+    quay.io/minio/minio:latest server /data{1...4})

 test-start-docker-nginx-w-subpath:
 	@(docker run \
 	--network host \
 	-d --rm \
 	--add-host=host.docker.internal:host-gateway \
-	-v ./portal-ui/tests/subpath-nginx/nginx.conf:/etc/nginx/nginx.conf \
+	-v ./web-app/tests/subpath-nginx/nginx.conf:/etc/nginx/nginx.conf \
 	--name test-nginx nginx)

 test-initialize-minio-nginx: test-start-docker-minio-w-redirect-url test-start-docker-nginx-w-subpath
@@ -254,17 +202,23 @@ test-initialize-minio-nginx: test-start-docker-minio-w-redirect-url test-start-d
 cleanup-minio-nginx:
 	@(docker stop minio test-nginx & docker network rm test-network)

+# https://stackoverflow.com/questions/19200235/golang-tests-in-sub-directory
+# Note: go test ./... will run tests on the current folder and all subfolders.
+# This is needed because tests can be in the folder or sub-folder(s), let's include them all please!.
 test:
 	@echo "execute test and get coverage"
-	@(cd restapi && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage.out)
+	@(cd api && mkdir -p coverage && GO111MODULE=on go test ./... -test.v -coverprofile=coverage/coverage.out)


+# https://stackoverflow.com/questions/19200235/golang-tests-in-sub-directory
+# Note: go test ./... will run tests on the current folder and all subfolders.
+# This is since tests in pkg folder are in subfolders and were not executed.
 test-pkg:
 	@echo "execute test and get coverage"
-	@(cd pkg && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage-pkg.out)
+	@(cd pkg && mkdir -p coverage && GO111MODULE=on go test ./... -test.v -coverprofile=coverage/coverage-pkg.out)

 coverage:
-	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/restapi/... && go tool cover -html=coverage.out && open coverage.html)
+	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/api/... && go tool cover -html=coverage.out && open coverage.html)

 clean:
 	@echo "Cleaning up all the generated files"
@@ -279,4 +233,4 @@ release: swagger-gen
 	@echo "Generating Release: $(RELEASE)"
 	@make assets
 	@git add -u .
-	@git add portal-ui/build/
+	@git add web-app/build/
--- a/README.md
+++ b/README.md
@@ -4,9 +4,10 @@

 A graphical user interface for [MinIO](https://github.com/minio/minio)

-| Object Browser                     | Dashboard                     | Creating a bucket             |
-|------------------------------------|-------------------------------|-------------------------------|
-| ![Object Browser](images/pic3.png) | ![Dashboard](images/pic1.png) | ![Dashboard](images/pic2.png) |
+| Object Browser                       | Creating a bucket                     | Object Details                  |
+|--------------------------------------|-------------------------------|---------------------------------|
+| ![Object Browser](images/pic1-a.png) | ![Dashboard](images/pic2-a.png) | ![Dashboard](images/pic3-a.png) |
+| ![Object Browser](images/pic1-b.png) | ![Dashboard](images/pic2-b.png) | ![Dashboard](images/pic3-b.png) |

 <!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc -->
 **Table of Contents**
@@ -25,21 +26,7 @@ A graphical user interface for [MinIO](https://github.com/minio/minio)

 <!-- markdown-toc end -->

-## Install
-
 MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.
-The standalone binary installation path has been removed.
-
-In case a Console standalone binary is needed, it can be generated by building this package from source as follows:
-
-### Build from source
-
-> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
-> Minimum version required is go1.19
-
-```
-go install github.com/minio/console/cmd/console@latest
-```

 ## Setup

@@ -205,6 +192,27 @@ export CONSOLE_MINIO_SERVER=https://localhost:9000

 You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`

+## Debug logging
+
+In some cases it may be convenient to log all HTTP requests. This can be enabled by setting
+the `CONSOLE_DEBUG_LOGLEVEL` environment variable to one of the following values:
+
+ - `0` (default) uses no logging.
+ - `1` log single line per request for server-side errors (status-code 5xx).
+ - `2` log single line per request for client-side and server-side errors (status-code 4xx/5xx).
+ - `3` log single line per request for all requests (status-code 4xx/5xx).
+ - `4` log details per request for server-side errors (status-code 5xx).
+ - `5` log details per request for client-side and server-side errors (status-code 4xx/5xx).
+ - `6` log details per request for all requests (status-code 4xx/5xx).
+
+ A single line logging has the following information:
+ - Remote endpoint (IP + port) of the request. Note that reverse proxies may hide the actual remote endpoint of the client's browser.
+ - HTTP method and URL
+ - Status code of the response (websocket connections are hijacked, so no response is shown)
+ - Duration of the request
+
+The detailed logging also includes all request and response headers (if any).
+ 
 # Contribute to console Project

 Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)
--- a/models/km_delete_key_request.go
+++ b/models/km_delete_key_request.go
@@ -1,5 +1,3 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
 // This file is part of MinIO Console Server
 // Copyright (c) 2023 MinIO, Inc.
 //
@@ -15,14 +13,23 @@
 //
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
-//

-package models
+package api

-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
+import (
+	"context"

-// KmDeleteKeyRequest km delete key request
-//
-// swagger:model kmDeleteKeyRequest
-type KmDeleteKeyRequest interface{}
+	"github.com/minio/madmin-go/v3"
+)
+
+type AdminClientMock struct {
+	minioAccountInfoMock func(ctx context.Context) (madmin.AccountInfo, error)
+}
+
+func (ac AdminClientMock) kmsStatus(_ context.Context) (madmin.KMSStatus, error) {
+	return madmin.KMSStatus{Name: "name", DefaultKeyID: "key", Endpoints: map[string]madmin.ItemState{"localhost": madmin.ItemState("online")}}, nil
+}
+
+func (ac AdminClientMock) AccountInfo(ctx context.Context) (madmin.AccountInfo, error) {
+	return ac.minioAccountInfoMock(ctx)
+}
--- a/restapi/admin_objects.go
+++ b/restapi/admin_objects.go
@@ -14,11 +14,10 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"context"
-	"encoding/base64"
 	"time"

 	"github.com/minio/mc/cmd"
@@ -60,20 +59,7 @@ type ObjectResponse struct {
 func getObjectsOptionsFromReq(request ObjectsRequest) (*objectsListOpts, error) {
 	pOptions := objectsListOpts{
 		BucketName: request.BucketName,
-		Prefix:     "",
-	}
-
-	prefix := request.Prefix
-
-	if prefix != "" {
-		encodedPrefix := SanitizeEncodedPrefix(prefix)
-		decodedPrefix, err := base64.StdEncoding.DecodeString(encodedPrefix)
-		if err != nil {
-			LogError("error decoding prefix: %v", err)
-			return nil, err
-		}
-
-		pOptions.Prefix = string(decodedPrefix)
+		Prefix:     request.Prefix,
 	}

 	if request.Mode == "rewind" {
--- a/restapi/admin_objects_test.go
+++ b/restapi/admin_objects_test.go
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"context"
@@ -97,11 +97,11 @@ func TestWSRewindObjects(t *testing.T) {
 	}

 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()

-			mcListMock = func(ctx context.Context, opts mc.ListOptions) <-chan *mc.ClientContent {
+			mcListMock = func(_ context.Context, _ mc.ListOptions) <-chan *mc.ClientContent {
 				ch := make(chan *mc.ClientContent)
 				go func() {
 					defer close(ch)
@@ -206,11 +206,11 @@ func TestWSListObjects(t *testing.T) {
 	}

 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()

-			minioListObjectsMock = func(ctx context.Context, bucket string, opts minio.ListObjectsOptions) <-chan minio.ObjectInfo {
+			minioListObjectsMock = func(_ context.Context, _ string, _ minio.ListObjectsOptions) <-chan minio.ObjectInfo {
 				ch := make(chan minio.ObjectInfo)
 				go func() {
 					defer close(ch)
--- a/api/client-admin.go
+++ b/api/client-admin.go
@@ -0,0 +1,190 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"net/url"
+	"regexp"
+	"strings"
+
+	"github.com/minio/console/pkg"
+
+	"github.com/minio/console/pkg/utils"
+
+	"github.com/minio/console/models"
+	"github.com/minio/madmin-go/v3"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+)
+
+const globalAppName = "MinIO Console"
+
+// MinioAdmin interface with all functions to be implemented
+// by mock when testing, it should include all MinioAdmin respective api calls
+// that are used within this project.
+type MinioAdmin interface {
+	AccountInfo(ctx context.Context) (madmin.AccountInfo, error)
+	// KMS
+	kmsStatus(ctx context.Context) (madmin.KMSStatus, error)
+}
+
+// Interface implementation
+//
+// Define the structure of a minIO Client and define the functions that are actually used
+// from minIO api.
+type AdminClient struct {
+	Client *madmin.AdminClient
+}
+
+// AccountInfo implements madmin.AccountInfo()
+func (ac AdminClient) AccountInfo(ctx context.Context) (madmin.AccountInfo, error) {
+	return ac.Client.AccountInfo(ctx, madmin.AccountOpts{})
+}
+
+func (ac AdminClient) getBucketQuota(ctx context.Context, bucket string) (madmin.BucketQuota, error) {
+	return ac.Client.GetBucketQuota(ctx, bucket)
+}
+
+func (ac AdminClient) kmsStatus(ctx context.Context) (madmin.KMSStatus, error) {
+	return ac.Client.KMSStatus(ctx)
+}
+
+func NewMinioAdminClient(ctx context.Context, sessionClaims *models.Principal) (*madmin.AdminClient, error) {
+	clientIP := utils.ClientIPFromContext(ctx)
+	adminClient, err := newAdminFromClaims(sessionClaims, clientIP)
+	if err != nil {
+		return nil, err
+	}
+	adminClient.SetAppInfo(globalAppName, pkg.Version)
+	return adminClient, nil
+}
+
+// newAdminFromClaims creates a minio admin from Decrypted claims using Assume role credentials
+func newAdminFromClaims(claims *models.Principal, clientIP string) (*madmin.AdminClient, error) {
+	tlsEnabled := getMinIOEndpointIsSecure()
+	endpoint := getMinIOEndpoint()
+
+	adminClient, err := madmin.NewWithOptions(endpoint, &madmin.Options{
+		Creds:  credentials.NewStaticV4(claims.STSAccessKeyID, claims.STSSecretAccessKey, claims.STSSessionToken),
+		Secure: tlsEnabled,
+	})
+	if err != nil {
+		return nil, err
+	}
+	adminClient.SetAppInfo(globalAppName, pkg.Version)
+	adminClient.SetCustomTransport(PrepareSTSClientTransport(clientIP))
+	return adminClient, nil
+}
+
+// isLocalAddress returns true if the url contains an IPv4/IPv6 hostname
+// that points to the local machine - FQDN are not supported
+func isLocalIPEndpoint(endpoint string) bool {
+	u, err := url.Parse(endpoint)
+	if err != nil {
+		return false
+	}
+	return isLocalIPAddress(u.Hostname())
+}
+
+// isLocalAddress returns true if the url contains an IPv4/IPv6 hostname
+// that points to the local machine - FQDN are not supported
+func isLocalIPAddress(ipAddr string) bool {
+	if ipAddr == "" {
+		return false
+	}
+	if ipAddr == "localhost" {
+		return true
+	}
+	ip := net.ParseIP(ipAddr)
+	return ip != nil && ip.IsLoopback()
+}
+
+// GetConsoleHTTPClient caches different http clients depending on the target endpoint while taking
+// in consideration CA certs stored in ${HOME}/.console/certs/CAs and ${HOME}/.minio/certs/CAs
+// If the target endpoint points to a loopback device, skip the TLS verification.
+func GetConsoleHTTPClient(clientIP string) *http.Client {
+	return PrepareConsoleHTTPClient(clientIP)
+}
+
+var (
+	// De-facto standard header keys.
+	xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For")
+	xRealIP       = http.CanonicalHeaderKey("X-Real-IP")
+)
+
+var (
+	// RFC7239 defines a new "Forwarded: " header designed to replace the
+	// existing use of X-Forwarded-* headers.
+	// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43
+	forwarded = http.CanonicalHeaderKey("Forwarded")
+	// Allows for a sub-match of the first value after 'for=' to the next
+	// comma, semi-colon or space. The match is case-insensitive.
+	forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)(.*)`)
+)
+
+// getSourceIPFromHeaders retrieves the IP from the X-Forwarded-For, X-Real-IP
+// and RFC7239 Forwarded headers (in that order)
+func getSourceIPFromHeaders(r *http.Request) string {
+	var addr string
+
+	if fwd := r.Header.Get(xForwardedFor); fwd != "" {
+		// Only grab the first (client) address. Note that '192.168.0.1,
+		// 10.1.1.1' is a valid key for X-Forwarded-For where addresses after
+		// the first may represent forwarding proxies earlier in the chain.
+		s := strings.Index(fwd, ", ")
+		if s == -1 {
+			s = len(fwd)
+		}
+		addr = fwd[:s]
+	} else if fwd := r.Header.Get(xRealIP); fwd != "" {
+		// X-Real-IP should only contain one IP address (the client making the
+		// request).
+		addr = fwd
+	} else if fwd := r.Header.Get(forwarded); fwd != "" {
+		// match should contain at least two elements if the protocol was
+		// specified in the Forwarded header. The first element will always be
+		// the 'for=' capture, which we ignore. In the case of multiple IP
+		// addresses (for=8.8.8.8, 8.8.4.4, 172.16.1.20 is valid) we only
+		// extract the first, which should be the client IP.
+		if match := forRegex.FindStringSubmatch(fwd); len(match) > 1 {
+			// IPv6 addresses in Forwarded headers are quoted-strings. We strip
+			// these quotes.
+			addr = strings.Trim(match[1], `"`)
+		}
+	}
+
+	return addr
+}
+
+// getClientIP retrieves the IP from the request headers
+// and falls back to r.RemoteAddr when necessary.
+// however returns without bracketing.
+func getClientIP(r *http.Request) string {
+	addr := getSourceIPFromHeaders(r)
+	if addr == "" {
+		addr = r.RemoteAddr
+	}
+
+	// Default to remote address if headers not set.
+	raddr, _, _ := net.SplitHostPort(addr)
+	if raddr == "" {
+		return addr
+	}
+	return raddr
+}
--- a/restapi/client.go
+++ b/restapi/client.go
@@ -14,31 +14,28 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"context"
 	"errors"
 	"fmt"
 	"io"
+	"net/http"
 	"path"
 	"strings"
 	"time"

-	"github.com/minio/minio-go/v7/pkg/replication"
 	"github.com/minio/minio-go/v7/pkg/sse"
-	xnet "github.com/minio/pkg/v2/net"
+	xnet "github.com/minio/pkg/v3/net"

 	"github.com/minio/console/models"
 	"github.com/minio/console/pkg"
-	"github.com/minio/console/pkg/auth"
-	"github.com/minio/console/pkg/auth/ldap"
 	xjwt "github.com/minio/console/pkg/auth/token"
 	mc "github.com/minio/mc/cmd"
 	"github.com/minio/mc/pkg/probe"
 	"github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/credentials"
-	"github.com/minio/minio-go/v7/pkg/lifecycle"
 	"github.com/minio/minio-go/v7/pkg/notification"
 	"github.com/minio/minio-go/v7/pkg/tags"
 )
@@ -74,8 +71,6 @@ type MinioClient interface {
 	setObjectLockConfig(ctx context.Context, bucketName string, mode *minio.RetentionMode, validity *uint, unit *minio.ValidityUnit) error
 	getBucketObjectLockConfig(ctx context.Context, bucketName string) (mode *minio.RetentionMode, validity *uint, unit *minio.ValidityUnit, err error)
 	getObjectLockConfig(ctx context.Context, bucketName string) (lock string, mode *minio.RetentionMode, validity *uint, unit *minio.ValidityUnit, err error)
-	getLifecycleRules(ctx context.Context, bucketName string) (lifecycle *lifecycle.Configuration, err error)
-	setBucketLifecycle(ctx context.Context, bucketName string, config *lifecycle.Configuration) error
 	copyObject(ctx context.Context, dst minio.CopyDestOptions, src minio.CopySrcOptions) (minio.UploadInfo, error)
 	GetBucketTagging(ctx context.Context, bucketName string) (*tags.Tags, error)
 	SetBucketTagging(ctx context.Context, bucketName string, tags *tags.Tags) error
@@ -140,11 +135,6 @@ func (c minioClient) getBucketVersioning(ctx context.Context, bucketName string)
 	return c.client.GetBucketVersioning(ctx, bucketName)
 }

-// implements minio.getBucketVersioning(ctx, bucketName)
-func (c minioClient) getBucketReplication(ctx context.Context, bucketName string) (replication.Config, error) {
-	return c.client.GetBucketReplication(ctx, bucketName)
-}
-
 // implements minio.listObjects(ctx)
 func (c minioClient) listObjects(ctx context.Context, bucket string, opts minio.ListObjectsOptions) <-chan minio.ObjectInfo {
 	return c.client.ListObjects(ctx, bucket, opts)
@@ -209,14 +199,6 @@ func (c minioClient) getObjectLockConfig(ctx context.Context, bucketName string)
 	return c.client.GetObjectLockConfig(ctx, bucketName)
 }

-func (c minioClient) getLifecycleRules(ctx context.Context, bucketName string) (lifecycle *lifecycle.Configuration, err error) {
-	return c.client.GetBucketLifecycle(ctx, bucketName)
-}
-
-func (c minioClient) setBucketLifecycle(ctx context.Context, bucketName string, config *lifecycle.Configuration) error {
-	return c.client.SetBucketLifecycle(ctx, bucketName, config)
-}
-
 func (c minioClient) copyObject(ctx context.Context, dst minio.CopyDestOptions, src minio.CopySrcOptions) (minio.UploadInfo, error) {
 	return c.client.CopyObject(ctx, dst, src)
 }
@@ -257,14 +239,6 @@ func (c mcClient) watch(ctx context.Context, options mc.WatchOptions) (*mc.Watch
 	return c.client.Watch(ctx, options)
 }

-func (c mcClient) setReplication(ctx context.Context, cfg *replication.Config, opts replication.Options) *probe.Error {
-	return c.client.SetReplication(ctx, cfg, opts)
-}
-
-func (c mcClient) deleteAllReplicationRules(ctx context.Context) *probe.Error {
-	return c.client.RemoveReplication(ctx)
-}
-
 func (c mcClient) setVersioning(ctx context.Context, status string, excludePrefix []string, excludeFolders bool) *probe.Error {
 	return c.client.SetVersion(ctx, status, excludePrefix, excludeFolders)
 }
@@ -278,7 +252,8 @@ func (c mcClient) list(ctx context.Context, opts mc.ListOptions) <-chan *mc.Clie
 }

 func (c mcClient) get(ctx context.Context, opts mc.GetOptions) (io.ReadCloser, *probe.Error) {
-	return c.client.Get(ctx, opts)
+	rd, _, err := c.client.Get(ctx, opts)
+	return rd, err
 }

 func (c mcClient) shareDownload(ctx context.Context, versionID string, expires time.Duration) (string, *probe.Error) {
@@ -298,6 +273,7 @@ type ConsoleCredentialsI interface {
 type ConsoleCredentials struct {
 	ConsoleCredentials *credentials.Credentials
 	AccountAccessKey   string
+	CredContext        *credentials.CredContext
 }

 func (c ConsoleCredentials) GetAccountAccessKey() string {
@@ -306,7 +282,7 @@ func (c ConsoleCredentials) GetAccountAccessKey() string {

 // Get implements *Login.Get()
 func (c ConsoleCredentials) Get() (credentials.Value, error) {
-	return c.ConsoleCredentials.Get()
+	return c.ConsoleCredentials.GetWithContext(c.CredContext)
 }

 // Expire implements *Login.Expire()
@@ -321,6 +297,10 @@ type consoleSTSAssumeRole struct {
 	stsAssumeRole *credentials.STSAssumeRole
 }

+func (s consoleSTSAssumeRole) RetrieveWithCredContext(cc *credentials.CredContext) (credentials.Value, error) {
+	return s.stsAssumeRole.RetrieveWithCredContext(cc)
+}
+
 func (s consoleSTSAssumeRole) Retrieve() (credentials.Value, error) {
 	return s.stsAssumeRole.Retrieve()
 }
@@ -329,7 +309,7 @@ func (s consoleSTSAssumeRole) IsExpired() bool {
 	return s.stsAssumeRole.IsExpired()
 }

-func stsCredentials(minioURL, accessKey, secretKey, location, clientIP string) (*credentials.Credentials, error) {
+func stsCredentials(minioURL, accessKey, secretKey, location string, client *http.Client) (*credentials.Credentials, error) {
 	if accessKey == "" || secretKey == "" {
 		return nil, errors.New("credentials endpoint, access and secret key are mandatory for AssumeRoleSTS")
 	}
@@ -340,7 +320,7 @@ func stsCredentials(minioURL, accessKey, secretKey, location, clientIP string) (
 		DurationSeconds: int(xjwt.GetConsoleSTSDuration().Seconds()),
 	}
 	stsAssumeRole := &credentials.STSAssumeRole{
-		Client:      GetConsoleHTTPClient(minioURL, clientIP),
+		Client:      client,
 		STSEndpoint: minioURL,
 		Options:     opts,
 	}
@@ -348,51 +328,10 @@ func stsCredentials(minioURL, accessKey, secretKey, location, clientIP string) (
 	return credentials.New(consoleSTSWrapper), nil
 }

-func NewConsoleCredentials(accessKey, secretKey, location, clientIP string) (*credentials.Credentials, error) {
+func NewConsoleCredentials(accessKey, secretKey, location string, client *http.Client) (*credentials.Credentials, error) {
 	minioURL := getMinIOServer()

-	// Future authentication methods can be added under this switch statement
-	switch {
-	// LDAP authentication for Console
-	case ldap.GetLDAPEnabled():
-		{
-			creds, err := auth.GetCredentialsFromLDAP(GetConsoleHTTPClient(minioURL, clientIP), minioURL, accessKey, secretKey)
-			if err != nil {
-				return nil, err
-			}
-
-			// We verify if LDAP credentials are correct and no error is returned
-			_, err = creds.Get()
-
-			if err != nil && strings.Contains(strings.ToLower(err.Error()), "not found") {
-				// We try to use STS Credentials in case LDAP credentials are incorrect.
-				stsCreds, errSTS := stsCredentials(minioURL, accessKey, secretKey, location, clientIP)
-
-				// If there is an error with STS too, then we return the original LDAP error
-				if errSTS != nil {
-					LogError("error in STS credentials for LDAP case: %v ", errSTS)
-
-					// We return LDAP result
-					return creds, nil
-				}
-
-				_, err := stsCreds.Get()
-				// There is an error with STS credentials, We return the result of LDAP as STS is not a priority in this case.
-				if err != nil {
-					return creds, nil
-				}
-
-				return stsCreds, nil
-			}
-
-			return creds, nil
-		}
-	// default authentication for Console is via STS (Security Token Service) against MinIO
-	default:
-		{
-			return stsCredentials(minioURL, accessKey, secretKey, location, clientIP)
-		}
-	}
+	return stsCredentials(minioURL, accessKey, secretKey, location, client)
 }

 // getConsoleCredentialsFromSession returns the *consoleCredentials.Login associated to the
@@ -413,7 +352,7 @@ func newMinioClient(claims *models.Principal, clientIP string) (*minio.Client, e
 	minioClient, err := minio.New(endpoint, &minio.Options{
 		Creds:     creds,
 		Secure:    secure,
-		Transport: GetConsoleHTTPClient(getMinIOServer(), clientIP).Transport,
+		Transport: GetConsoleHTTPClient(clientIP).Transport,
 	})
 	if err != nil {
 		return nil, err
@@ -425,10 +364,9 @@ func newMinioClient(claims *models.Principal, clientIP string) (*minio.Client, e

 // computeObjectURLWithoutEncode returns a MinIO url containing the object filename without encoding
 func computeObjectURLWithoutEncode(bucketName, prefix string) (string, error) {
-	endpoint := getMinIOServer()
-	u, err := xnet.ParseHTTPURL(endpoint)
+	u, err := xnet.ParseHTTPURL(getMinIOServer())
 	if err != nil {
-		return "", fmt.Errorf("the provided endpoint is invalid")
+		return "", fmt.Errorf("the provided endpoint: '%s' is invalid", getMinIOServer())
 	}
 	var p string
 	if strings.TrimSpace(bucketName) != "" {
@@ -437,7 +375,7 @@ func computeObjectURLWithoutEncode(bucketName, prefix string) (string, error) {
 	if strings.TrimSpace(prefix) != "" {
 		p = pathJoinFinalSlash(p, prefix)
 	}
-	return fmt.Sprintf("%s://%s/%s", u.Scheme, u.Host, p), nil
+	return u.String() + "/" + p, nil
 }

 // newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket
@@ -478,22 +416,18 @@ func pathJoinFinalSlash(elem ...string) string {
 func newS3Config(endpoint, accessKey, secretKey, sessionToken string, clientIP string) *mc.Config {
 	// We have a valid alias and hostConfig. We populate the/
 	// consoleCredentials from the match found in the config file.
-	s3Config := new(mc.Config)
-
-	s3Config.AppName = globalAppName
-	s3Config.AppVersion = pkg.Version
-	s3Config.Debug = false
-
-	s3Config.HostURL = endpoint
-	s3Config.AccessKey = accessKey
-	s3Config.SecretKey = secretKey
-	s3Config.SessionToken = sessionToken
-	s3Config.Signature = "S3v4"
-
-	insecure := isLocalIPEndpoint(endpoint)
-
-	s3Config.Insecure = insecure
-	s3Config.Transport = PrepareSTSClientTransport(insecure, clientIP).Transport
-
-	return s3Config
+	return &mc.Config{
+		HostURL:      endpoint,
+		AccessKey:    accessKey,
+		SecretKey:    secretKey,
+		SessionToken: sessionToken,
+		Signature:    "S3v4",
+		AppName:      globalAppName,
+		AppVersion:   pkg.Version,
+		Insecure:     isLocalIPEndpoint(endpoint),
+		Transport: &ConsoleTransport{
+			ClientIP:  clientIP,
+			Transport: GlobalTransport,
+		},
+	}
 }
--- a/restapi/client_test.go
+++ b/restapi/client_test.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2024 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import "testing"

@@ -76,14 +76,15 @@ func Test_computeObjectURLWithoutEncode(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			got, err := computeObjectURLWithoutEncode(tt.args.bucketName, tt.args.prefix)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("computeObjectURLWithoutEncode() errors = %v, wantErr %v", err, tt.wantErr)
-				return
 			}
-			if got != tt.want {
-				t.Errorf("computeObjectURLWithoutEncode() got = %v, want %v", got, tt.want)
+			if err == nil {
+				if got != tt.want {
+					t.Errorf("computeObjectURLWithoutEncode() got = %v, want %v", got, tt.want)
+				}
 			}
 		})
 	}
--- a/restapi/config.go
+++ b/restapi/config.go
@@ -14,18 +14,21 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
+	"crypto/tls"
 	"crypto/x509"
 	"net"
+	"net/http"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/minio/console/pkg/auth/idp/oauth2"
-	xcerts "github.com/minio/pkg/v2/certs"
-	"github.com/minio/pkg/v2/env"
-	xnet "github.com/minio/pkg/v2/net"
+	xcerts "github.com/minio/pkg/v3/certs"
+	"github.com/minio/pkg/v3/env"
+	xnet "github.com/minio/pkg/v3/net"
 )

 var (
@@ -54,6 +57,31 @@ var (
 	GlobalPublicCerts []*x509.Certificate
 	// GlobalTLSCertsManager custom TLS Manager for SNI support
 	GlobalTLSCertsManager *xcerts.Manager
+	// GlobalTransport is common transport used for all HTTP calls, this is set via
+	// MinIO server to be the correct transport, however we still define some defaults
+	// here just in case.
+	GlobalTransport = &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   10 * time.Second,
+			KeepAlive: 15 * time.Second,
+		}).DialContext,
+		MaxIdleConns:          1024,
+		MaxIdleConnsPerHost:   1024,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 10 * time.Second,
+		DisableCompression:    true, // Set to avoid auto-decompression
+		TLSClientConfig: &tls.Config{
+			// Can't use SSLv3 because of POODLE and BEAST
+			// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
+			// Can't use TLSv1.1 because of RC4 cipher usage
+			MinVersion: tls.VersionTLS12,
+			// Console runs in the same pod/node as MinIO this is acceptable.
+			InsecureSkipVerify: true,
+			RootCAs:            GlobalRootCAs,
+		},
+	}
 )

 // MinIOConfig represents application configuration passed in from the MinIO
@@ -70,10 +98,6 @@ func getMinIOServer() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
 }

-func getSubnetProxy() string {
-	return strings.TrimSpace(env.Get(ConsoleSubnetProxy, ""))
-}
-
 func GetMinIORegion() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIORegion, ""))
 }
@@ -203,21 +227,11 @@ func GetSecureSTSPreload() bool {
 	return strings.ToLower(env.Get(ConsoleSecureSTSPreload, "off")) == "on"
 }

-// If TLSTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
-func GetSecureTLSTemporaryRedirect() bool {
-	return strings.ToLower(env.Get(ConsoleSecureTLSTemporaryRedirect, "off")) == "on"
-}
-
 // STS header is only included when the connection is HTTPS.
 func GetSecureForceSTSHeader() bool {
 	return strings.ToLower(env.Get(ConsoleSecureForceSTSHeader, "off")) == "on"
 }

-// PublicKey implements HPKP to prevent MITM attacks with forged certificates. Default is "".
-func GetSecurePublicKey() string {
-	return env.Get(ConsoleSecurePublicKey, "")
-}
-
 // ReferrerPolicy allows the Referrer-Policy header with the value to be set with a custom value. Default is "".
 func GetSecureReferrerPolicy() string {
 	return env.Get(ConsoleSecureReferrerPolicy, "")
@@ -228,10 +242,6 @@ func GetSecureFeaturePolicy() string {
 	return env.Get(ConsoleSecureFeaturePolicy, "")
 }

-func GetSecureExpectCTHeader() string {
-	return env.Get(ConsoleSecureExpectCTHeader, "")
-}
-
 func getLogSearchAPIToken() string {
 	if v := env.Get(ConsoleLogQueryAuthToken, ""); v != "" {
 		return v
@@ -239,26 +249,6 @@ func getLogSearchAPIToken() string {
 	return env.Get(LogSearchQueryAuthToken, "")
 }

-func getLogSearchURL() string {
-	return env.Get(ConsoleLogQueryURL, "")
-}
-
-func getPrometheusURL() string {
-	return env.Get(PrometheusURL, "")
-}
-
-func getPrometheusAuthToken() string {
-	return env.Get(PrometheusAuthToken, "")
-}
-
-func getPrometheusJobID() string {
-	return env.Get(PrometheusJobID, "minio-job")
-}
-
-func getPrometheusExtraLabels() string {
-	return env.Get(PrometheusExtraLabels, "")
-}
-
 func getMaxConcurrentUploadsLimit() int64 {
 	cu, err := strconv.ParseInt(env.Get(ConsoleMaxConcurrentUploads, "10"), 10, 64)
 	if err != nil {
@@ -284,3 +274,7 @@ func getConsoleDevMode() bool {
 func getConsoleAnimatedLogin() bool {
 	return strings.ToLower(env.Get(ConsoleAnimatedLogin, "on")) == "on"
 }
+
+func getConsoleBrowserRedirectURL() string {
+	return env.Get(ConsoleBrowserRedirectURL, "")
+}
--- a/restapi/config_test.go
+++ b/restapi/config_test.go
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"os"
@@ -54,7 +54,7 @@ func TestGetPort(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsolePort, tt.args.env)
 			assert.Equalf(t, tt.want, GetPort(), "GetPort()")
 			os.Unsetenv(ConsolePort)
@@ -87,7 +87,7 @@ func TestGetTLSPort(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleTLSPort, tt.args.env)
 			assert.Equalf(t, tt.want, GetTLSPort(), "GetTLSPort()")
 			os.Unsetenv(ConsoleTLSPort)
@@ -120,7 +120,7 @@ func TestGetSecureAllowedHosts(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleSecureAllowedHosts, tt.args.env)
 			assert.Equalf(t, tt.want, GetSecureAllowedHosts(), "GetSecureAllowedHosts()")
 			os.Unsetenv(ConsoleSecureAllowedHosts)
@@ -153,7 +153,7 @@ func TestGetSecureHostsProxyHeaders(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleSecureHostsProxyHeaders, tt.args.env)
 			assert.Equalf(t, tt.want, GetSecureHostsProxyHeaders(), "GetSecureHostsProxyHeaders()")
 			os.Unsetenv(ConsoleSecureHostsProxyHeaders)
@@ -186,7 +186,7 @@ func TestGetSecureSTSSeconds(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleSecureSTSSeconds, tt.args.env)
 			assert.Equalf(t, tt.want, GetSecureSTSSeconds(), "GetSecureSTSSeconds()")
 			os.Unsetenv(ConsoleSecureSTSSeconds)
@@ -219,7 +219,7 @@ func Test_getLogSearchAPIToken(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleLogQueryAuthToken, tt.args.env)
 			assert.Equalf(t, tt.want, getLogSearchAPIToken(), "getLogSearchAPIToken()")
 			os.Setenv(ConsoleLogQueryAuthToken, tt.args.env)
@@ -227,72 +227,6 @@ func Test_getLogSearchAPIToken(t *testing.T) {
 	}
 }

-func Test_getPrometheusURL(t *testing.T) {
-	type args struct {
-		env string
-	}
-	tests := []struct {
-		name string
-		args args
-		want string
-	}{
-		{
-			name: "env set",
-			args: args{
-				env: "value",
-			},
-			want: "value",
-		},
-		{
-			name: "env not set",
-			args: args{
-				env: "",
-			},
-			want: "",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			os.Setenv(PrometheusURL, tt.args.env)
-			assert.Equalf(t, tt.want, getPrometheusURL(), "getPrometheusURL()")
-			os.Setenv(PrometheusURL, tt.args.env)
-		})
-	}
-}
-
-func Test_getPrometheusJobID(t *testing.T) {
-	type args struct {
-		env string
-	}
-	tests := []struct {
-		name string
-		args args
-		want string
-	}{
-		{
-			name: "env set",
-			args: args{
-				env: "value",
-			},
-			want: "value",
-		},
-		{
-			name: "env not set",
-			args: args{
-				env: "",
-			},
-			want: "minio-job",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			os.Setenv(PrometheusJobID, tt.args.env)
-			assert.Equalf(t, tt.want, getPrometheusJobID(), "getPrometheusJobID()")
-			os.Setenv(PrometheusJobID, tt.args.env)
-		})
-	}
-}
-
 func Test_getMaxConcurrentUploadsLimit(t *testing.T) {
 	type args struct {
 		env string
@@ -318,7 +252,7 @@ func Test_getMaxConcurrentUploadsLimit(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleMaxConcurrentUploads, tt.args.env)
 			assert.Equalf(t, tt.want, getMaxConcurrentUploadsLimit(), "getMaxConcurrentUploadsLimit()")
 			os.Unsetenv(ConsoleMaxConcurrentUploads)
@@ -351,7 +285,7 @@ func Test_getMaxConcurrentDownloadsLimit(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleMaxConcurrentDownloads, tt.args.env)
 			assert.Equalf(t, tt.want, getMaxConcurrentDownloadsLimit(), "getMaxConcurrentDownloadsLimit()")
 			os.Unsetenv(ConsoleMaxConcurrentDownloads)
@@ -384,7 +318,7 @@ func Test_getConsoleDevMode(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			os.Setenv(ConsoleDevMode, tt.args.env)
 			assert.Equalf(t, tt.want, getConsoleDevMode(), "getConsoleDevMode()")
 			os.Unsetenv(ConsoleDevMode)
--- a/restapi/configure_console.go
+++ b/restapi/configure_console.go
@@ -16,7 +16,7 @@

 // This file is safe to edit. Once it exists it will not be overwritten

-package restapi
+package api

 import (
 	"bytes"
@@ -31,6 +31,8 @@ import (
 	"path"
 	"path/filepath"
 	"regexp"
+	"sort"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -43,16 +45,16 @@ import (

 	"github.com/klauspost/compress/gzhttp"

-	portal_ui "github.com/minio/console/portal-ui"
-	"github.com/minio/pkg/v2/env"
-	"github.com/minio/pkg/v2/mimedb"
-	xnet "github.com/minio/pkg/v2/net"
+	portal_ui "github.com/minio/console/web-app"
+	"github.com/minio/pkg/v3/env"
+	"github.com/minio/pkg/v3/mimedb"
+	xnet "github.com/minio/pkg/v3/net"

 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/swag"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/console/models"
 	"github.com/minio/console/pkg/auth"
-	"github.com/minio/console/restapi/operations"
 	"github.com/unrolled/secure"
 )

@@ -82,7 +84,7 @@ func configureFlags(api *operations.ConsoleAPI) {

 func configureAPI(api *operations.ConsoleAPI) http.Handler {
 	// Applies when the "x-token" header is set
-	api.KeyAuth = func(token string, scopes []string) (*models.Principal, error) {
+	api.KeyAuth = func(token string, _ []string) (*models.Principal, error) {
 		// we are validating the session token by decrypting the claims inside, if the operation succeed that means the jwt
 		// was generated and signed by us in the first place
 		if token == "Anonymous" {
@@ -103,7 +105,7 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {
 			CustomStyleOb:      claims.CustomStyleOB,
 		}, nil
 	}
-	api.AnonymousAuth = func(s string) (*models.Principal, error) {
+	api.AnonymousAuth = func(_ string) (*models.Principal, error) {
 		return &models.Principal{}, nil
 	}

@@ -113,70 +115,19 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {
 	registerLogoutHandlers(api)
 	// Register bucket handlers
 	registerBucketsHandlers(api)
-	// Register all users handlers
-	registerUsersHandlers(api)
-	// Register groups handlers
-	registerGroupsHandlers(api)
-	// Register policies handlers
-	registersPoliciesHandler(api)
-	// Register configurations handlers
-	registerConfigHandlers(api)
-	// Register bucket events handlers
-	registerBucketEventsHandlers(api)
-	// Register bucket lifecycle handlers
-	registerBucketsLifecycleHandlers(api)
-	// Register service handlers
-	registerServiceHandlers(api)
 	// Register session handlers
 	registerSessionHandlers(api)
-	// Register admin info handlers
-	registerAdminInfoHandlers(api)
-	// Register admin arns handlers
-	registerAdminArnsHandlers(api)
-	// Register admin notification endpoints handlers
-	registerAdminNotificationEndpointsHandlers(api)
-	// Register admin Service Account Handlers
-	registerServiceAccountsHandlers(api)
-	// Register admin remote buckets
-	registerAdminBucketRemoteHandlers(api)
-	// Register admin log search
-	registerLogSearchHandlers(api)
-	// Register admin subnet handlers
-	registerSubnetHandlers(api)
-	// Register admin KMS handlers
-	registerKMSHandlers(api)
-	// Register admin IDP handlers
-	registerIDPHandlers(api)
-	// Register Account handlers
-	registerAdminTiersHandlers(api)
-	// Register Inspect Handler
-	registerInspectHandler(api)
-	// Register nodes handlers
-	registerNodesHandler(api)
-
-	registerSiteReplicationHandler(api)
-	registerSiteReplicationStatusHandler(api)
-	// Register Support Handler
-	registerSupportHandlers(api)
-
-	// Operator Console
-
 	// Register Object's Handlers
 	registerObjectsHandlers(api)
 	// Register Bucket Quota's Handlers
 	registerBucketQuotaHandlers(api)
-	// Register Account handlers
-	registerAccountHandlers(api)
-
-	registerReleasesHandlers(api)
+	// Register Bucket Policy's Handlers
+	registerPublicObjectsHandlers(api)

 	api.PreServerShutdown = func() {}

 	api.ServerShutdown = func() {}

-	// do an initial subnet plan caching
-	fetchLicensePlan()
-
 	return setupGlobalMiddleware(api.Serve(setupMiddlewares))
 }

@@ -214,6 +165,97 @@ func AuditLogMiddleware(next http.Handler) http.Handler {
 	})
 }

+func DebugLogMiddleware(next http.Handler) http.Handler {
+	debugLogLevel, _ := env.GetInt("CONSOLE_DEBUG_LOGLEVEL", 0)
+	if debugLogLevel == 0 {
+		return next
+	}
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		rw := logger.NewResponseWriter(w)
+		next.ServeHTTP(rw, r)
+		debugLog(debugLogLevel, r, rw)
+	})
+}
+
+func debugLog(debugLogLevel int, r *http.Request, rw *logger.ResponseWriter) {
+	switch debugLogLevel {
+	case 1:
+		// Log server errors only (summary)
+		if rw.StatusCode >= 500 {
+			debugLogSummary(r, rw)
+		}
+	case 2:
+		// Log server and client errors (summary)
+		if rw.StatusCode >= 400 {
+			debugLogSummary(r, rw)
+		}
+	case 3:
+		// Log all requests (summary)
+		debugLogSummary(r, rw)
+	case 4:
+		// Log server errors only (including headers)
+		if rw.StatusCode >= 500 {
+			debugLogDetails(r, rw)
+		}
+	case 5:
+		// Log server and client errors (including headers)
+		if rw.StatusCode >= 400 {
+			debugLogDetails(r, rw)
+		}
+	case 6:
+		// Log all requests (including headers)
+		debugLogDetails(r, rw)
+	}
+}
+
+func debugLogSummary(r *http.Request, rw *logger.ResponseWriter) {
+	statusCode := strconv.Itoa(rw.StatusCode)
+	if rw.Hijacked {
+		statusCode = "hijacked"
+	}
+	logger.Info(fmt.Sprintf("%s %s %s %s %dms", r.RemoteAddr, r.Method, r.URL, statusCode, time.Since(rw.StartTime).Milliseconds()))
+}
+
+func debugLogDetails(r *http.Request, rw *logger.ResponseWriter) {
+	var sb strings.Builder
+	sb.WriteString(fmt.Sprintf("- Method/URL:       %s %s\n", r.Method, r.URL))
+	sb.WriteString(fmt.Sprintf("  Remote endpoint:  %s\n", r.RemoteAddr))
+	if rw.Hijacked {
+		sb.WriteString("  Status code:      <hijacked, probably a websocket>\n")
+	} else {
+		sb.WriteString(fmt.Sprintf("  Status code:      %d\n", rw.StatusCode))
+	}
+	sb.WriteString(fmt.Sprintf("  Duration (ms):    %d\n", time.Since(rw.StartTime).Milliseconds()))
+	sb.WriteString("  Request headers:  ")
+	debugLogHeaders(&sb, r.Header)
+	sb.WriteString("  Response headers: ")
+	debugLogHeaders(&sb, rw.Header())
+	logger.Info(sb.String())
+}
+
+func debugLogHeaders(sb *strings.Builder, h http.Header) {
+	keys := make([]string, 0, len(h))
+	for key := range h {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+	first := true
+	for _, key := range keys {
+		values := h[key]
+		for _, value := range values {
+			if !first {
+				sb.WriteString("                    ")
+			} else {
+				first = false
+			}
+			sb.WriteString(fmt.Sprintf("%s: %s\n", key, value))
+		}
+	}
+	if first {
+		sb.WriteRune('\n')
+	}
+}
+
 // The middleware configuration happens before anything, this middleware also applies to serving the swagger.json document.
 // So this is a good place to plug in a panic handling middleware, logger and metrics
 func setupGlobalMiddleware(handler http.Handler) http.Handler {
@@ -226,6 +268,8 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 	next = ContextMiddleware(next)
 	// handle cookie or authorization header for session
 	next = AuthenticationMiddleware(next)
+	// handle debug logging
+	next = DebugLogMiddleware(next)

 	sslHostFn := secure.SSLHostFunc(func(host string) string {
 		xhost, err := xnet.ParseHost(host)
@@ -254,10 +298,8 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 		BrowserXssFilter:                GetSecureBrowserXSSFilter(),
 		ContentSecurityPolicy:           GetSecureContentSecurityPolicy(),
 		ContentSecurityPolicyReportOnly: GetSecureContentSecurityPolicyReportOnly(),
-		PublicKey:                       GetSecurePublicKey(),
 		ReferrerPolicy:                  GetSecureReferrerPolicy(),
 		FeaturePolicy:                   GetSecureFeaturePolicy(),
-		ExpectCTHeader:                  GetSecureExpectCTHeader(),
 		IsDevelopment:                   false,
 	}
 	secureMiddleware := secure.New(secureOptions)
@@ -313,6 +355,12 @@ func AuthenticationMiddleware(next http.Handler) http.Handler {

 // FileServerMiddleware serves files from the static folder
 func FileServerMiddleware(next http.Handler) http.Handler {
+	buildFs, err := fs.Sub(portal_ui.GetStaticAssets(), "build")
+	if err != nil {
+		panic(err)
+	}
+	spaFileHandler := wrapHandlerSinglePageApplication(requestBounce(http.FileServer(http.FS(buildFs))))
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Server", globalAppName) // do not add version information
 		switch {
@@ -321,11 +369,7 @@ func FileServerMiddleware(next http.Handler) http.Handler {
 		case strings.HasPrefix(r.URL.Path, "/api"):
 			next.ServeHTTP(w, r)
 		default:
-			buildFs, err := fs.Sub(portal_ui.GetStaticAssets(), "build")
-			if err != nil {
-				panic(err)
-			}
-			wrapHandlerSinglePageApplication(requestBounce(http.FileServer(http.FS(buildFs)))).ServeHTTP(w, r)
+			spaFileHandler.ServeHTTP(w, r)
 		}
 	})
 }
@@ -424,13 +468,10 @@ func handleSPA(w http.ResponseWriter, r *http.Request) {
 	}
 	indexPageBytes = replaceLicense(indexPageBytes)

-	mimeType := mimedb.TypeByExtension(filepath.Ext(r.URL.Path))
-
-	if mimeType == "application/octet-stream" {
-		mimeType = "text/html"
-	}
-
-	w.Header().Set("Content-Type", mimeType)
+	// it's important to force "Content-Type: text/html", because a previous
+	// handler may have already set the content-type to a different value.
+	// (i.e. the FileServer when it detected that it couldn't find the file)
+	w.Header().Set("Content-Type", "text/html")
 	http.ServeContent(w, r, "index.html", time.Now(), bytes.NewReader(indexPageBytes))
 }

@@ -507,8 +548,6 @@ func replaceBaseInIndex(indexPageBytes []byte, basePath string) []byte {

 func replaceLicense(indexPageBytes []byte) []byte {
 	indexPageStr := string(indexPageBytes)
-	newPlan := fmt.Sprintf("<meta name=\"minio-license\" content=\"%s\" />", InstanceLicensePlan.String())
-	indexPageStr = strings.Replace(indexPageStr, "<meta name=\"minio-license\" content=\"apgl\"/>", newPlan, 1)
 	indexPageBytes = []byte(indexPageStr)
 	return indexPageBytes
 }
--- a/restapi/configure_console_test.go
+++ b/restapi/configure_console_test.go
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"os"
@@ -70,7 +70,7 @@ func Test_parseSubPath(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			assert.Equalf(t, tt.want, parseSubPath(tt.args.v), "parseSubPath(%v)", tt.args.v)
 		})
 	}
@@ -115,7 +115,7 @@ func Test_getSubPath(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			t.Setenv(SubPath, tt.args.envValue)
 			defer os.Unsetenv(SubPath)
 			subPathOnce = sync.Once{}
--- a/restapi/consts.go
+++ b/restapi/consts.go
@@ -14,13 +14,12 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 // list of all console environment constants
 const (
 	// Constants for common configuration
 	ConsoleMinIOServer = "CONSOLE_MINIO_SERVER"
-	ConsoleSubnetProxy = "CONSOLE_SUBNET_PROXY"
 	ConsoleMinIORegion = "CONSOLE_MINIO_REGION"
 	ConsoleHostname    = "CONSOLE_HOSTNAME"
 	ConsolePort        = "CONSOLE_PORT"
@@ -40,22 +39,16 @@ const (
 	ConsoleSecureSTSPreload                      = "CONSOLE_SECURE_STS_PRELOAD"
 	ConsoleSecureTLSRedirect                     = "CONSOLE_SECURE_TLS_REDIRECT"
 	ConsoleSecureTLSHost                         = "CONSOLE_SECURE_TLS_HOST"
-	ConsoleSecureTLSTemporaryRedirect            = "CONSOLE_SECURE_TLS_TEMPORARY_REDIRECT"
 	ConsoleSecureForceSTSHeader                  = "CONSOLE_SECURE_FORCE_STS_HEADER"
-	ConsoleSecurePublicKey                       = "CONSOLE_SECURE_PUBLIC_KEY"
 	ConsoleSecureReferrerPolicy                  = "CONSOLE_SECURE_REFERRER_POLICY"
 	ConsoleSecureFeaturePolicy                   = "CONSOLE_SECURE_FEATURE_POLICY"
-	ConsoleSecureExpectCTHeader                  = "CONSOLE_SECURE_EXPECT_CT_HEADER"
-	PrometheusURL                                = "CONSOLE_PROMETHEUS_URL"
-	PrometheusAuthToken                          = "CONSOLE_PROMETHEUS_AUTH_TOKEN"
-	PrometheusJobID                              = "CONSOLE_PROMETHEUS_JOB_ID"
-	PrometheusExtraLabels                        = "CONSOLE_PROMETHEUS_EXTRA_LABELS"
 	ConsoleLogQueryURL                           = "CONSOLE_LOG_QUERY_URL"
 	ConsoleLogQueryAuthToken                     = "CONSOLE_LOG_QUERY_AUTH_TOKEN"
 	ConsoleMaxConcurrentUploads                  = "CONSOLE_MAX_CONCURRENT_UPLOADS"
 	ConsoleMaxConcurrentDownloads                = "CONSOLE_MAX_CONCURRENT_DOWNLOADS"
 	ConsoleDevMode                               = "CONSOLE_DEV_MODE"
 	ConsoleAnimatedLogin                         = "CONSOLE_ANIMATED_LOGIN"
+	ConsoleBrowserRedirectURL                    = "CONSOLE_BROWSER_REDIRECT_URL"
 	LogSearchQueryAuthToken                      = "LOGSEARCH_QUERY_AUTH_TOKEN"
 	SlashSeparator                               = "/"
 	LocalAddress                                 = "127.0.0.1"
--- a/restapi/custom-server.go
+++ b/restapi/custom-server.go
@@ -15,7 +15,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package restapi
+package api

 import (
 	"context"
@@ -39,7 +39,7 @@ import (
 	flags "github.com/jessevdk/go-flags"
 	"golang.org/x/net/netutil"

-	"github.com/minio/console/restapi/operations"
+	"github.com/minio/console/api/operations"
 )

 const (
--- a/restapi/doc.go
+++ b/restapi/doc.go
@@ -16,7 +16,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-// Package restapi MinIO Console Server
+// Package api MinIO Console Server
 //
 //	Schemes:
 //	  http
@@ -30,9 +30,8 @@
 //	  - multipart/form-data
 //
 //	Produces:
-//	  - application/zip
 //	  - application/octet-stream
 //	  - application/json
 //
 // swagger:meta
-package restapi
+package api
--- a/api/embedded_spec.go
+++ b/api/embedded_spec.go
--- a/restapi/errors.go
+++ b/restapi/errors.go
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"context"
@@ -29,7 +29,7 @@ import (

 var (
 	ErrDefault                          = errors.New("an error occurred, please try again")
-	ErrInvalidLogin                     = errors.New("invalid Login")
+	ErrInvalidLogin                     = errors.New("invalid login")
 	ErrForbidden                        = errors.New("403 Forbidden")
 	ErrBadRequest                       = errors.New("400 Bad Request")
 	ErrFileTooLarge                     = errors.New("413 File too Large")
@@ -43,7 +43,6 @@ var (
 	ErrGroupNameNotInRequest            = errors.New("error group name not in request")
 	ErrPolicyNameNotInRequest           = errors.New("error policy name not in request")
 	ErrPolicyBodyNotInRequest           = errors.New("error policy body not in request")
-	ErrPolicyNameContainsSpace          = errors.New("error policy name cannot contain spaces")
 	ErrInvalidEncryptionAlgorithm       = errors.New("error invalid encryption algorithm")
 	ErrSSENotConfigured                 = errors.New("error server side encryption configuration not found")
 	ErrBucketLifeCycleNotConfigured     = errors.New("error bucket life cycle configuration not found")
@@ -72,8 +71,8 @@ var (
 	ErrEncryptionConfigNotFound         = errors.New("encryption configuration not found")
 	ErrPolicyNotFound                   = errors.New("policy does not exist")
 	ErrLoginNotAllowed                  = errors.New("login not allowed")
-	ErrSubnetUploadFail                 = errors.New("SUBNET upload failed")
 	ErrHealthReportFail                 = errors.New("failure to generate Health report")
+	ErrNetworkError                     = errors.New("unable to login due to network error")
 )

 type CodedAPIError struct {
@@ -112,6 +111,11 @@ func ErrorWithContext(ctx context.Context, err ...interface{}) *CodedAPIError {
 				errorCode = 401
 				errorMessage = ErrInvalidLogin.Error()
 			}
+			if errors.Is(err1, ErrNetworkError) {
+				detailedMessage = ""
+				errorCode = 503
+				errorMessage = ErrNetworkError.Error()
+			}
 			if strings.Contains(strings.ToLower(err1.Error()), ErrAccessDenied.Error()) {
 				errorCode = 403
 				errorMessage = err1.Error()
@@ -156,10 +160,6 @@ func ErrorWithContext(ctx context.Context, err ...interface{}) *CodedAPIError {
 				errorCode = 400
 				errorMessage = ErrPolicyBodyNotInRequest.Error()
 			}
-			if errors.Is(err1, ErrPolicyNameContainsSpace) {
-				errorCode = 400
-				errorMessage = ErrPolicyNameContainsSpace.Error()
-			}
 			// console invalid session errors
 			if errors.Is(err1, ErrInvalidSession) {
 				errorCode = 401
--- a/restapi/errors_test.go
+++ b/restapi/errors_test.go
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"context"
@@ -46,25 +46,24 @@ func TestError(t *testing.T) {
 	appErrors := map[string]expectedError{
 		"ErrDefault": {code: 500, err: ErrDefault},

-		"ErrForbidden":                    {code: 403, err: ErrForbidden},
-		"ErrFileTooLarge":                 {code: 413, err: ErrFileTooLarge},
-		"ErrInvalidSession":               {code: 401, err: ErrInvalidSession},
-		"ErrNotFound":                     {code: 404, err: ErrNotFound},
-		"ErrGroupAlreadyExists":           {code: 400, err: ErrGroupAlreadyExists},
-		"ErrInvalidErasureCodingValue":    {code: 400, err: ErrInvalidErasureCodingValue},
-		"ErrBucketBodyNotInRequest":       {code: 400, err: ErrBucketBodyNotInRequest},
-		"ErrBucketNameNotInRequest":       {code: 400, err: ErrBucketNameNotInRequest},
-		"ErrGroupBodyNotInRequest":        {code: 400, err: ErrGroupBodyNotInRequest},
-		"ErrGroupNameNotInRequest":        {code: 400, err: ErrGroupNameNotInRequest},
-		"ErrPolicyNameNotInRequest":       {code: 400, err: ErrPolicyNameNotInRequest},
-		"ErrPolicyBodyNotInRequest":       {code: 400, err: ErrPolicyBodyNotInRequest},
-		"ErrInvalidEncryptionAlgorithm":   {code: 500, err: ErrInvalidEncryptionAlgorithm},
-		"ErrSSENotConfigured":             {code: 404, err: ErrSSENotConfigured},
-		"ErrBucketLifeCycleNotConfigured": {code: 404, err: ErrBucketLifeCycleNotConfigured},
-		"ErrChangePassword":               {code: 403, err: ErrChangePassword},
-		"ErrInvalidLicense":               {code: 404, err: ErrInvalidLicense},
-		"ErrLicenseNotFound":              {code: 404, err: ErrLicenseNotFound},
-		"ErrAvoidSelfAccountDelete":       {code: 403, err: ErrAvoidSelfAccountDelete},
+		"ErrForbidden":                  {code: 403, err: ErrForbidden},
+		"ErrFileTooLarge":               {code: 413, err: ErrFileTooLarge},
+		"ErrInvalidSession":             {code: 401, err: ErrInvalidSession},
+		"ErrNotFound":                   {code: 404, err: ErrNotFound},
+		"ErrGroupAlreadyExists":         {code: 400, err: ErrGroupAlreadyExists},
+		"ErrInvalidErasureCodingValue":  {code: 400, err: ErrInvalidErasureCodingValue},
+		"ErrBucketBodyNotInRequest":     {code: 400, err: ErrBucketBodyNotInRequest},
+		"ErrBucketNameNotInRequest":     {code: 400, err: ErrBucketNameNotInRequest},
+		"ErrGroupBodyNotInRequest":      {code: 400, err: ErrGroupBodyNotInRequest},
+		"ErrGroupNameNotInRequest":      {code: 400, err: ErrGroupNameNotInRequest},
+		"ErrPolicyNameNotInRequest":     {code: 400, err: ErrPolicyNameNotInRequest},
+		"ErrPolicyBodyNotInRequest":     {code: 400, err: ErrPolicyBodyNotInRequest},
+		"ErrInvalidEncryptionAlgorithm": {code: 500, err: ErrInvalidEncryptionAlgorithm},
+		"ErrSSENotConfigured":           {code: 404, err: ErrSSENotConfigured},
+		"ErrChangePassword":             {code: 403, err: ErrChangePassword},
+		"ErrInvalidLicense":             {code: 404, err: ErrInvalidLicense},
+		"ErrLicenseNotFound":            {code: 404, err: ErrLicenseNotFound},
+		"ErrAvoidSelfAccountDelete":     {code: 403, err: ErrAvoidSelfAccountDelete},

 		"ErrNonUniqueAccessKey":               {code: 500, err: ErrNonUniqueAccessKey},
 		"ErrRemoteTierExists":                 {code: 400, err: ErrRemoteTierExists},
@@ -122,7 +121,7 @@ func TestError(t *testing.T) {
 		})

 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			got := Error(tt.args.err...)
 			assert.Equalf(t, tt.want.Code, got.Code, "Error(%v) Got (%v)", tt.want.Code, got.Code)
 			assert.Equalf(t, tt.want.APIError.DetailedMessage, got.APIError.DetailedMessage, "Error(%s) Got (%s)", tt.want.APIError.DetailedMessage, got.APIError.DetailedMessage)
@@ -152,7 +151,7 @@ func TestErrorWithContext(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			assert.Equalf(t, tt.want, ErrorWithContext(tt.args.ctx, tt.args.err...), "ErrorWithContext(%v, %v)", tt.args.ctx, tt.args.err)
 		})
 	}
--- a/restapi/logs.go
+++ b/restapi/logs.go
@@ -15,7 +15,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package restapi
+package api

 import (
 	"context"
@@ -58,7 +58,7 @@ type Context struct {
 	TLSCertificate, TLSKey, TLSca string
 }

-// Load loads restapi Context from command line context.
+// Load loads api Context from command line context.
 func (c *Context) Load(ctx *cli.Context) error {
 	*c = Context{
 		Host:        ctx.String("host"),
--- a/restapi/logs_test.go
+++ b/restapi/logs_test.go
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-package restapi
+package api

 import (
 	"flag"
@@ -85,7 +85,7 @@ func TestContext_Load(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
+		t.Run(tt.name, func(_ *testing.T) {
 			c := &Context{}

 			fs := flag.NewFlagSet("flags", flag.ContinueOnError)
--- a/restapi/operations/auth/login.go
+++ b/restapi/operations/auth/login.go
--- a/restapi/operations/auth/login_detail.go
+++ b/restapi/operations/auth/login_detail.go
--- a/restapi/operations/auth/login_detail_parameters.go
+++ b/restapi/operations/auth/login_detail_parameters.go
--- a/restapi/operations/auth/login_detail_responses.go
+++ b/restapi/operations/auth/login_detail_responses.go
--- a/restapi/operations/auth/login_detail_urlbuilder.go
+++ b/restapi/operations/auth/login_detail_urlbuilder.go
--- a/restapi/operations/auth/login_parameters.go
+++ b/restapi/operations/auth/login_parameters.go
--- a/restapi/operations/auth/login_responses.go
+++ b/restapi/operations/auth/login_responses.go
--- a/restapi/operations/auth/login_urlbuilder.go
+++ b/restapi/operations/auth/login_urlbuilder.go
--- a/restapi/operations/auth/logout.go
+++ b/restapi/operations/auth/logout.go
--- a/restapi/operations/auth/logout_parameters.go
+++ b/restapi/operations/auth/logout_parameters.go
--- a/restapi/operations/auth/logout_responses.go
+++ b/restapi/operations/auth/logout_responses.go
--- a/restapi/operations/auth/logout_urlbuilder.go
+++ b/restapi/operations/auth/logout_urlbuilder.go
--- a/restapi/operations/auth/session_check.go
+++ b/restapi/operations/auth/session_check.go
--- a/restapi/operations/auth/session_check_parameters.go
+++ b/restapi/operations/auth/session_check_parameters.go
--- a/restapi/operations/auth/session_check_responses.go
+++ b/restapi/operations/auth/session_check_responses.go
--- a/restapi/operations/auth/session_check_urlbuilder.go
+++ b/restapi/operations/auth/session_check_urlbuilder.go
--- a/restapi/operations/bucket/bucket_info.go
+++ b/restapi/operations/bucket/bucket_info.go
--- a/restapi/operations/bucket/bucket_info_parameters.go
+++ b/restapi/operations/bucket/bucket_info_parameters.go
--- a/restapi/operations/bucket/bucket_info_responses.go
+++ b/restapi/operations/bucket/bucket_info_responses.go
--- a/restapi/operations/bucket/bucket_info_urlbuilder.go
+++ b/restapi/operations/bucket/bucket_info_urlbuilder.go
--- a/restapi/operations/bucket/get_bucket_quota.go
+++ b/restapi/operations/bucket/get_bucket_quota.go
--- a/restapi/operations/bucket/get_bucket_quota_parameters.go
+++ b/restapi/operations/bucket/get_bucket_quota_parameters.go
--- a/restapi/operations/bucket/get_bucket_quota_responses.go
+++ b/restapi/operations/bucket/get_bucket_quota_responses.go
--- a/restapi/operations/bucket/get_bucket_quota_urlbuilder.go
+++ b/restapi/operations/bucket/get_bucket_quota_urlbuilder.go
--- a/restapi/operations/bucket/get_bucket_rewind.go
+++ b/restapi/operations/bucket/get_bucket_rewind.go
--- a/restapi/operations/bucket/get_bucket_rewind_parameters.go
+++ b/restapi/operations/bucket/get_bucket_rewind_parameters.go
--- a/restapi/operations/bucket/get_bucket_rewind_responses.go
+++ b/restapi/operations/bucket/get_bucket_rewind_responses.go
--- a/restapi/operations/bucket/get_bucket_rewind_urlbuilder.go
+++ b/restapi/operations/bucket/get_bucket_rewind_urlbuilder.go
--- a/restapi/operations/bucket/get_bucket_versioning.go
+++ b/restapi/operations/bucket/get_bucket_versioning.go
--- a/restapi/operations/bucket/get_bucket_versioning_parameters.go
+++ b/restapi/operations/bucket/get_bucket_versioning_parameters.go
--- a/restapi/operations/bucket/get_bucket_versioning_responses.go
+++ b/restapi/operations/bucket/get_bucket_versioning_responses.go
--- a/restapi/operations/bucket/get_bucket_versioning_urlbuilder.go
+++ b/restapi/operations/bucket/get_bucket_versioning_urlbuilder.go
--- a/restapi/operations/bucket/get_max_share_link_exp.go
+++ b/restapi/operations/bucket/get_max_share_link_exp.go
--- a/restapi/operations/bucket/get_max_share_link_exp_parameters.go
+++ b/restapi/operations/bucket/get_max_share_link_exp_parameters.go
--- a/restapi/operations/bucket/get_max_share_link_exp_responses.go
+++ b/restapi/operations/bucket/get_max_share_link_exp_responses.go
--- a/restapi/operations/bucket/get_max_share_link_exp_urlbuilder.go
+++ b/restapi/operations/bucket/get_max_share_link_exp_urlbuilder.go
--- a/restapi/operations/bucket/list_buckets.go
+++ b/restapi/operations/bucket/list_buckets.go
--- a/restapi/operations/bucket/list_buckets_parameters.go
+++ b/restapi/operations/bucket/list_buckets_parameters.go
--- a/restapi/operations/bucket/list_buckets_responses.go
+++ b/restapi/operations/bucket/list_buckets_responses.go
--- a/restapi/operations/bucket/list_buckets_urlbuilder.go
+++ b/restapi/operations/bucket/list_buckets_urlbuilder.go
--- a/restapi/operations/bucket/make_bucket.go
+++ b/restapi/operations/bucket/make_bucket.go
--- a/restapi/operations/bucket/make_bucket_parameters.go
+++ b/restapi/operations/bucket/make_bucket_parameters.go
--- a/restapi/operations/bucket/make_bucket_responses.go
+++ b/restapi/operations/bucket/make_bucket_responses.go
--- a/restapi/operations/bucket/make_bucket_urlbuilder.go
+++ b/restapi/operations/bucket/make_bucket_urlbuilder.go
--- a/restapi/operations/bucket/set_bucket_versioning.go
+++ b/restapi/operations/bucket/set_bucket_versioning.go
--- a/restapi/operations/bucket/set_bucket_versioning_parameters.go
+++ b/restapi/operations/bucket/set_bucket_versioning_parameters.go
--- a/restapi/operations/bucket/set_bucket_versioning_responses.go
+++ b/restapi/operations/bucket/set_bucket_versioning_responses.go
--- a/restapi/operations/bucket/set_bucket_versioning_urlbuilder.go
+++ b/restapi/operations/bucket/set_bucket_versioning_urlbuilder.go
--- a/api/operations/console_api.go
+++ b/api/operations/console_api.go
@@ -0,0 +1,676 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/loads"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/runtime/security"
+	"github.com/go-openapi/spec"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/minio/console/api/operations/auth"
+	"github.com/minio/console/api/operations/bucket"
+	"github.com/minio/console/api/operations/license"
+	"github.com/minio/console/api/operations/object"
+	"github.com/minio/console/api/operations/public"
+	"github.com/minio/console/api/operations/system"
+	"github.com/minio/console/models"
+)
+
+// NewConsoleAPI creates a new Console instance
+func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
+	return &ConsoleAPI{
+		handlers:            make(map[string]map[string]http.Handler),
+		formats:             strfmt.Default,
+		defaultConsumes:     "application/json",
+		defaultProduces:     "application/json",
+		customConsumers:     make(map[string]runtime.Consumer),
+		customProducers:     make(map[string]runtime.Producer),
+		PreServerShutdown:   func() {},
+		ServerShutdown:      func() {},
+		spec:                spec,
+		useSwaggerUI:        false,
+		ServeError:          errors.ServeError,
+		BasicAuthenticator:  security.BasicAuth,
+		APIKeyAuthenticator: security.APIKeyAuth,
+		BearerAuthenticator: security.BearerAuth,
+
+		JSONConsumer:          runtime.JSONConsumer(),
+		MultipartformConsumer: runtime.DiscardConsumer,
+
+		BinProducer:  runtime.ByteStreamProducer(),
+		JSONProducer: runtime.JSONProducer(),
+
+		SystemAdminInfoHandler: system.AdminInfoHandlerFunc(func(params system.AdminInfoParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation system.AdminInfo has not yet been implemented")
+		}),
+		BucketBucketInfoHandler: bucket.BucketInfoHandlerFunc(func(params bucket.BucketInfoParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.BucketInfo has not yet been implemented")
+		}),
+		ObjectDeleteMultipleObjectsHandler: object.DeleteMultipleObjectsHandlerFunc(func(params object.DeleteMultipleObjectsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DeleteMultipleObjects has not yet been implemented")
+		}),
+		ObjectDeleteObjectHandler: object.DeleteObjectHandlerFunc(func(params object.DeleteObjectParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DeleteObject has not yet been implemented")
+		}),
+		ObjectDownloadObjectHandler: object.DownloadObjectHandlerFunc(func(params object.DownloadObjectParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DownloadObject has not yet been implemented")
+		}),
+		ObjectDownloadMultipleObjectsHandler: object.DownloadMultipleObjectsHandlerFunc(func(params object.DownloadMultipleObjectsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DownloadMultipleObjects has not yet been implemented")
+		}),
+		PublicDownloadSharedObjectHandler: public.DownloadSharedObjectHandlerFunc(func(params public.DownloadSharedObjectParams) middleware.Responder {
+			return middleware.NotImplemented("operation public.DownloadSharedObject has not yet been implemented")
+		}),
+		BucketGetBucketQuotaHandler: bucket.GetBucketQuotaHandlerFunc(func(params bucket.GetBucketQuotaParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetBucketQuota has not yet been implemented")
+		}),
+		BucketGetBucketRewindHandler: bucket.GetBucketRewindHandlerFunc(func(params bucket.GetBucketRewindParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetBucketRewind has not yet been implemented")
+		}),
+		BucketGetBucketVersioningHandler: bucket.GetBucketVersioningHandlerFunc(func(params bucket.GetBucketVersioningParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetBucketVersioning has not yet been implemented")
+		}),
+		BucketGetMaxShareLinkExpHandler: bucket.GetMaxShareLinkExpHandlerFunc(func(params bucket.GetMaxShareLinkExpParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetMaxShareLinkExp has not yet been implemented")
+		}),
+		ObjectGetObjectMetadataHandler: object.GetObjectMetadataHandlerFunc(func(params object.GetObjectMetadataParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.GetObjectMetadata has not yet been implemented")
+		}),
+		LicenseLicenseAcknowledgeHandler: license.LicenseAcknowledgeHandlerFunc(func(params license.LicenseAcknowledgeParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation license.LicenseAcknowledge has not yet been implemented")
+		}),
+		BucketListBucketsHandler: bucket.ListBucketsHandlerFunc(func(params bucket.ListBucketsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.ListBuckets has not yet been implemented")
+		}),
+		ObjectListObjectsHandler: object.ListObjectsHandlerFunc(func(params object.ListObjectsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.ListObjects has not yet been implemented")
+		}),
+		AuthLoginHandler: auth.LoginHandlerFunc(func(params auth.LoginParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.Login has not yet been implemented")
+		}),
+		AuthLoginDetailHandler: auth.LoginDetailHandlerFunc(func(params auth.LoginDetailParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginDetail has not yet been implemented")
+		}),
+		AuthLogoutHandler: auth.LogoutHandlerFunc(func(params auth.LogoutParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.Logout has not yet been implemented")
+		}),
+		BucketMakeBucketHandler: bucket.MakeBucketHandlerFunc(func(params bucket.MakeBucketParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.MakeBucket has not yet been implemented")
+		}),
+		ObjectPostBucketsBucketNameObjectsUploadHandler: object.PostBucketsBucketNameObjectsUploadHandlerFunc(func(params object.PostBucketsBucketNameObjectsUploadParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.PostBucketsBucketNameObjectsUpload has not yet been implemented")
+		}),
+		ObjectPutObjectRestoreHandler: object.PutObjectRestoreHandlerFunc(func(params object.PutObjectRestoreParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.PutObjectRestore has not yet been implemented")
+		}),
+		ObjectPutObjectTagsHandler: object.PutObjectTagsHandlerFunc(func(params object.PutObjectTagsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.PutObjectTags has not yet been implemented")
+		}),
+		AuthSessionCheckHandler: auth.SessionCheckHandlerFunc(func(params auth.SessionCheckParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.SessionCheck has not yet been implemented")
+		}),
+		BucketSetBucketVersioningHandler: bucket.SetBucketVersioningHandlerFunc(func(params bucket.SetBucketVersioningParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.SetBucketVersioning has not yet been implemented")
+		}),
+		ObjectShareObjectHandler: object.ShareObjectHandlerFunc(func(params object.ShareObjectParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.ShareObject has not yet been implemented")
+		}),
+
+		// Applies when the "X-Anonymous" header is set
+		AnonymousAuth: func(token string) (*models.Principal, error) {
+			return nil, errors.NotImplemented("api key auth (anonymous) X-Anonymous from header param [X-Anonymous] has not yet been implemented")
+		},
+		KeyAuth: func(token string, scopes []string) (*models.Principal, error) {
+			return nil, errors.NotImplemented("oauth2 bearer auth (key) has not yet been implemented")
+		},
+		// default authorizer is authorized meaning no requests are blocked
+		APIAuthorizer: security.Authorized(),
+	}
+}
+
+/*ConsoleAPI the console API */
+type ConsoleAPI struct {
+	spec            *loads.Document
+	context         *middleware.Context
+	handlers        map[string]map[string]http.Handler
+	formats         strfmt.Registry
+	customConsumers map[string]runtime.Consumer
+	customProducers map[string]runtime.Producer
+	defaultConsumes string
+	defaultProduces string
+	Middleware      func(middleware.Builder) http.Handler
+	useSwaggerUI    bool
+
+	// BasicAuthenticator generates a runtime.Authenticator from the supplied basic auth function.
+	// It has a default implementation in the security package, however you can replace it for your particular usage.
+	BasicAuthenticator func(security.UserPassAuthentication) runtime.Authenticator
+
+	// APIKeyAuthenticator generates a runtime.Authenticator from the supplied token auth function.
+	// It has a default implementation in the security package, however you can replace it for your particular usage.
+	APIKeyAuthenticator func(string, string, security.TokenAuthentication) runtime.Authenticator
+
+	// BearerAuthenticator generates a runtime.Authenticator from the supplied bearer token auth function.
+	// It has a default implementation in the security package, however you can replace it for your particular usage.
+	BearerAuthenticator func(string, security.ScopedTokenAuthentication) runtime.Authenticator
+
+	// JSONConsumer registers a consumer for the following mime types:
+	//   - application/json
+	JSONConsumer runtime.Consumer
+	// MultipartformConsumer registers a consumer for the following mime types:
+	//   - multipart/form-data
+	MultipartformConsumer runtime.Consumer
+
+	// BinProducer registers a producer for the following mime types:
+	//   - application/octet-stream
+	BinProducer runtime.Producer
+	// JSONProducer registers a producer for the following mime types:
+	//   - application/json
+	JSONProducer runtime.Producer
+
+	// AnonymousAuth registers a function that takes a token and returns a principal
+	// it performs authentication based on an api key X-Anonymous provided in the header
+	AnonymousAuth func(string) (*models.Principal, error)
+
+	// KeyAuth registers a function that takes an access token and a collection of required scopes and returns a principal
+	// it performs authentication based on an oauth2 bearer token provided in the request
+	KeyAuth func(string, []string) (*models.Principal, error)
+
+	// APIAuthorizer provides access control (ACL/RBAC/ABAC) by providing access to the request and authenticated principal
+	APIAuthorizer runtime.Authorizer
+
+	// SystemAdminInfoHandler sets the operation handler for the admin info operation
+	SystemAdminInfoHandler system.AdminInfoHandler
+	// BucketBucketInfoHandler sets the operation handler for the bucket info operation
+	BucketBucketInfoHandler bucket.BucketInfoHandler
+	// ObjectDeleteMultipleObjectsHandler sets the operation handler for the delete multiple objects operation
+	ObjectDeleteMultipleObjectsHandler object.DeleteMultipleObjectsHandler
+	// ObjectDeleteObjectHandler sets the operation handler for the delete object operation
+	ObjectDeleteObjectHandler object.DeleteObjectHandler
+	// ObjectDownloadObjectHandler sets the operation handler for the download object operation
+	ObjectDownloadObjectHandler object.DownloadObjectHandler
+	// ObjectDownloadMultipleObjectsHandler sets the operation handler for the download multiple objects operation
+	ObjectDownloadMultipleObjectsHandler object.DownloadMultipleObjectsHandler
+	// PublicDownloadSharedObjectHandler sets the operation handler for the download shared object operation
+	PublicDownloadSharedObjectHandler public.DownloadSharedObjectHandler
+	// BucketGetBucketQuotaHandler sets the operation handler for the get bucket quota operation
+	BucketGetBucketQuotaHandler bucket.GetBucketQuotaHandler
+	// BucketGetBucketRewindHandler sets the operation handler for the get bucket rewind operation
+	BucketGetBucketRewindHandler bucket.GetBucketRewindHandler
+	// BucketGetBucketVersioningHandler sets the operation handler for the get bucket versioning operation
+	BucketGetBucketVersioningHandler bucket.GetBucketVersioningHandler
+	// BucketGetMaxShareLinkExpHandler sets the operation handler for the get max share link exp operation
+	BucketGetMaxShareLinkExpHandler bucket.GetMaxShareLinkExpHandler
+	// ObjectGetObjectMetadataHandler sets the operation handler for the get object metadata operation
+	ObjectGetObjectMetadataHandler object.GetObjectMetadataHandler
+	// LicenseLicenseAcknowledgeHandler sets the operation handler for the license acknowledge operation
+	LicenseLicenseAcknowledgeHandler license.LicenseAcknowledgeHandler
+	// BucketListBucketsHandler sets the operation handler for the list buckets operation
+	BucketListBucketsHandler bucket.ListBucketsHandler
+	// ObjectListObjectsHandler sets the operation handler for the list objects operation
+	ObjectListObjectsHandler object.ListObjectsHandler
+	// AuthLoginHandler sets the operation handler for the login operation
+	AuthLoginHandler auth.LoginHandler
+	// AuthLoginDetailHandler sets the operation handler for the login detail operation
+	AuthLoginDetailHandler auth.LoginDetailHandler
+	// AuthLogoutHandler sets the operation handler for the logout operation
+	AuthLogoutHandler auth.LogoutHandler
+	// BucketMakeBucketHandler sets the operation handler for the make bucket operation
+	BucketMakeBucketHandler bucket.MakeBucketHandler
+	// ObjectPostBucketsBucketNameObjectsUploadHandler sets the operation handler for the post buckets bucket name objects upload operation
+	ObjectPostBucketsBucketNameObjectsUploadHandler object.PostBucketsBucketNameObjectsUploadHandler
+	// ObjectPutObjectRestoreHandler sets the operation handler for the put object restore operation
+	ObjectPutObjectRestoreHandler object.PutObjectRestoreHandler
+	// ObjectPutObjectTagsHandler sets the operation handler for the put object tags operation
+	ObjectPutObjectTagsHandler object.PutObjectTagsHandler
+	// AuthSessionCheckHandler sets the operation handler for the session check operation
+	AuthSessionCheckHandler auth.SessionCheckHandler
+	// BucketSetBucketVersioningHandler sets the operation handler for the set bucket versioning operation
+	BucketSetBucketVersioningHandler bucket.SetBucketVersioningHandler
+	// ObjectShareObjectHandler sets the operation handler for the share object operation
+	ObjectShareObjectHandler object.ShareObjectHandler
+
+	// ServeError is called when an error is received, there is a default handler
+	// but you can set your own with this
+	ServeError func(http.ResponseWriter, *http.Request, error)
+
+	// PreServerShutdown is called before the HTTP(S) server is shutdown
+	// This allows for custom functions to get executed before the HTTP(S) server stops accepting traffic
+	PreServerShutdown func()
+
+	// ServerShutdown is called when the HTTP(S) server is shut down and done
+	// handling all active connections and does not accept connections any more
+	ServerShutdown func()
+
+	// Custom command line argument groups with their descriptions
+	CommandLineOptionsGroups []swag.CommandLineOptionsGroup
+
+	// User defined logger function.
+	Logger func(string, ...interface{})
+}
+
+// UseRedoc for documentation at /docs
+func (o *ConsoleAPI) UseRedoc() {
+	o.useSwaggerUI = false
+}
+
+// UseSwaggerUI for documentation at /docs
+func (o *ConsoleAPI) UseSwaggerUI() {
+	o.useSwaggerUI = true
+}
+
+// SetDefaultProduces sets the default produces media type
+func (o *ConsoleAPI) SetDefaultProduces(mediaType string) {
+	o.defaultProduces = mediaType
+}
+
+// SetDefaultConsumes returns the default consumes media type
+func (o *ConsoleAPI) SetDefaultConsumes(mediaType string) {
+	o.defaultConsumes = mediaType
+}
+
+// SetSpec sets a spec that will be served for the clients.
+func (o *ConsoleAPI) SetSpec(spec *loads.Document) {
+	o.spec = spec
+}
+
+// DefaultProduces returns the default produces media type
+func (o *ConsoleAPI) DefaultProduces() string {
+	return o.defaultProduces
+}
+
+// DefaultConsumes returns the default consumes media type
+func (o *ConsoleAPI) DefaultConsumes() string {
+	return o.defaultConsumes
+}
+
+// Formats returns the registered string formats
+func (o *ConsoleAPI) Formats() strfmt.Registry {
+	return o.formats
+}
+
+// RegisterFormat registers a custom format validator
+func (o *ConsoleAPI) RegisterFormat(name string, format strfmt.Format, validator strfmt.Validator) {
+	o.formats.Add(name, format, validator)
+}
+
+// Validate validates the registrations in the ConsoleAPI
+func (o *ConsoleAPI) Validate() error {
+	var unregistered []string
+
+	if o.JSONConsumer == nil {
+		unregistered = append(unregistered, "JSONConsumer")
+	}
+	if o.MultipartformConsumer == nil {
+		unregistered = append(unregistered, "MultipartformConsumer")
+	}
+
+	if o.BinProducer == nil {
+		unregistered = append(unregistered, "BinProducer")
+	}
+	if o.JSONProducer == nil {
+		unregistered = append(unregistered, "JSONProducer")
+	}
+
+	if o.AnonymousAuth == nil {
+		unregistered = append(unregistered, "XAnonymousAuth")
+	}
+	if o.KeyAuth == nil {
+		unregistered = append(unregistered, "KeyAuth")
+	}
+
+	if o.SystemAdminInfoHandler == nil {
+		unregistered = append(unregistered, "system.AdminInfoHandler")
+	}
+	if o.BucketBucketInfoHandler == nil {
+		unregistered = append(unregistered, "bucket.BucketInfoHandler")
+	}
+	if o.ObjectDeleteMultipleObjectsHandler == nil {
+		unregistered = append(unregistered, "object.DeleteMultipleObjectsHandler")
+	}
+	if o.ObjectDeleteObjectHandler == nil {
+		unregistered = append(unregistered, "object.DeleteObjectHandler")
+	}
+	if o.ObjectDownloadObjectHandler == nil {
+		unregistered = append(unregistered, "object.DownloadObjectHandler")
+	}
+	if o.ObjectDownloadMultipleObjectsHandler == nil {
+		unregistered = append(unregistered, "object.DownloadMultipleObjectsHandler")
+	}
+	if o.PublicDownloadSharedObjectHandler == nil {
+		unregistered = append(unregistered, "public.DownloadSharedObjectHandler")
+	}
+	if o.BucketGetBucketQuotaHandler == nil {
+		unregistered = append(unregistered, "bucket.GetBucketQuotaHandler")
+	}
+	if o.BucketGetBucketRewindHandler == nil {
+		unregistered = append(unregistered, "bucket.GetBucketRewindHandler")
+	}
+	if o.BucketGetBucketVersioningHandler == nil {
+		unregistered = append(unregistered, "bucket.GetBucketVersioningHandler")
+	}
+	if o.BucketGetMaxShareLinkExpHandler == nil {
+		unregistered = append(unregistered, "bucket.GetMaxShareLinkExpHandler")
+	}
+	if o.ObjectGetObjectMetadataHandler == nil {
+		unregistered = append(unregistered, "object.GetObjectMetadataHandler")
+	}
+	if o.LicenseLicenseAcknowledgeHandler == nil {
+		unregistered = append(unregistered, "license.LicenseAcknowledgeHandler")
+	}
+	if o.BucketListBucketsHandler == nil {
+		unregistered = append(unregistered, "bucket.ListBucketsHandler")
+	}
+	if o.ObjectListObjectsHandler == nil {
+		unregistered = append(unregistered, "object.ListObjectsHandler")
+	}
+	if o.AuthLoginHandler == nil {
+		unregistered = append(unregistered, "auth.LoginHandler")
+	}
+	if o.AuthLoginDetailHandler == nil {
+		unregistered = append(unregistered, "auth.LoginDetailHandler")
+	}
+	if o.AuthLogoutHandler == nil {
+		unregistered = append(unregistered, "auth.LogoutHandler")
+	}
+	if o.BucketMakeBucketHandler == nil {
+		unregistered = append(unregistered, "bucket.MakeBucketHandler")
+	}
+	if o.ObjectPostBucketsBucketNameObjectsUploadHandler == nil {
+		unregistered = append(unregistered, "object.PostBucketsBucketNameObjectsUploadHandler")
+	}
+	if o.ObjectPutObjectRestoreHandler == nil {
+		unregistered = append(unregistered, "object.PutObjectRestoreHandler")
+	}
+	if o.ObjectPutObjectTagsHandler == nil {
+		unregistered = append(unregistered, "object.PutObjectTagsHandler")
+	}
+	if o.AuthSessionCheckHandler == nil {
+		unregistered = append(unregistered, "auth.SessionCheckHandler")
+	}
+	if o.BucketSetBucketVersioningHandler == nil {
+		unregistered = append(unregistered, "bucket.SetBucketVersioningHandler")
+	}
+	if o.ObjectShareObjectHandler == nil {
+		unregistered = append(unregistered, "object.ShareObjectHandler")
+	}
+
+	if len(unregistered) > 0 {
+		return fmt.Errorf("missing registration: %s", strings.Join(unregistered, ", "))
+	}
+
+	return nil
+}
+
+// ServeErrorFor gets a error handler for a given operation id
+func (o *ConsoleAPI) ServeErrorFor(operationID string) func(http.ResponseWriter, *http.Request, error) {
+	return o.ServeError
+}
+
+// AuthenticatorsFor gets the authenticators for the specified security schemes
+func (o *ConsoleAPI) AuthenticatorsFor(schemes map[string]spec.SecurityScheme) map[string]runtime.Authenticator {
+	result := make(map[string]runtime.Authenticator)
+	for name := range schemes {
+		switch name {
+		case "anonymous":
+			scheme := schemes[name]
+			result[name] = o.APIKeyAuthenticator(scheme.Name, scheme.In, func(token string) (interface{}, error) {
+				return o.AnonymousAuth(token)
+			})
+
+		case "key":
+			result[name] = o.BearerAuthenticator(name, func(token string, scopes []string) (interface{}, error) {
+				return o.KeyAuth(token, scopes)
+			})
+
+		}
+	}
+	return result
+}
+
+// Authorizer returns the registered authorizer
+func (o *ConsoleAPI) Authorizer() runtime.Authorizer {
+	return o.APIAuthorizer
+}
+
+// ConsumersFor gets the consumers for the specified media types.
+// MIME type parameters are ignored here.
+func (o *ConsoleAPI) ConsumersFor(mediaTypes []string) map[string]runtime.Consumer {
+	result := make(map[string]runtime.Consumer, len(mediaTypes))
+	for _, mt := range mediaTypes {
+		switch mt {
+		case "application/json":
+			result["application/json"] = o.JSONConsumer
+		case "multipart/form-data":
+			result["multipart/form-data"] = o.MultipartformConsumer
+		}
+
+		if c, ok := o.customConsumers[mt]; ok {
+			result[mt] = c
+		}
+	}
+	return result
+}
+
+// ProducersFor gets the producers for the specified media types.
+// MIME type parameters are ignored here.
+func (o *ConsoleAPI) ProducersFor(mediaTypes []string) map[string]runtime.Producer {
+	result := make(map[string]runtime.Producer, len(mediaTypes))
+	for _, mt := range mediaTypes {
+		switch mt {
+		case "application/octet-stream":
+			result["application/octet-stream"] = o.BinProducer
+		case "application/json":
+			result["application/json"] = o.JSONProducer
+		}
+
+		if p, ok := o.customProducers[mt]; ok {
+			result[mt] = p
+		}
+	}
+	return result
+}
+
+// HandlerFor gets a http.Handler for the provided operation method and path
+func (o *ConsoleAPI) HandlerFor(method, path string) (http.Handler, bool) {
+	if o.handlers == nil {
+		return nil, false
+	}
+	um := strings.ToUpper(method)
+	if _, ok := o.handlers[um]; !ok {
+		return nil, false
+	}
+	if path == "/" {
+		path = ""
+	}
+	h, ok := o.handlers[um][path]
+	return h, ok
+}
+
+// Context returns the middleware context for the console API
+func (o *ConsoleAPI) Context() *middleware.Context {
+	if o.context == nil {
+		o.context = middleware.NewRoutableContext(o.spec, o, nil)
+	}
+
+	return o.context
+}
+
+func (o *ConsoleAPI) initHandlerCache() {
+	o.Context() // don't care about the result, just that the initialization happened
+	if o.handlers == nil {
+		o.handlers = make(map[string]map[string]http.Handler)
+	}
+
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/admin/info"] = system.NewAdminInfo(o.context, o.SystemAdminInfoHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{name}"] = bucket.NewBucketInfo(o.context, o.BucketBucketInfoHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets/{bucket_name}/delete-objects"] = object.NewDeleteMultipleObjects(o.context, o.ObjectDeleteMultipleObjectsHandler)
+	if o.handlers["DELETE"] == nil {
+		o.handlers["DELETE"] = make(map[string]http.Handler)
+	}
+	o.handlers["DELETE"]["/buckets/{bucket_name}/objects"] = object.NewDeleteObject(o.context, o.ObjectDeleteObjectHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects/download"] = object.NewDownloadObject(o.context, o.ObjectDownloadObjectHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets/{bucket_name}/objects/download-multiple"] = object.NewDownloadMultipleObjects(o.context, o.ObjectDownloadMultipleObjectsHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/download-shared-object/{url}"] = public.NewDownloadSharedObject(o.context, o.PublicDownloadSharedObjectHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{name}/quota"] = bucket.NewGetBucketQuota(o.context, o.BucketGetBucketQuotaHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/rewind/{date}"] = bucket.NewGetBucketRewind(o.context, o.BucketGetBucketRewindHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/versioning"] = bucket.NewGetBucketVersioning(o.context, o.BucketGetBucketVersioningHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/max-share-exp"] = bucket.NewGetMaxShareLinkExp(o.context, o.BucketGetMaxShareLinkExpHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects/metadata"] = object.NewGetObjectMetadata(o.context, o.ObjectGetObjectMetadataHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/license/acknowledge"] = license.NewLicenseAcknowledge(o.context, o.LicenseLicenseAcknowledgeHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets"] = bucket.NewListBuckets(o.context, o.BucketListBucketsHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects"] = object.NewListObjects(o.context, o.ObjectListObjectsHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/login"] = auth.NewLogin(o.context, o.AuthLoginHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/login"] = auth.NewLoginDetail(o.context, o.AuthLoginDetailHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/logout"] = auth.NewLogout(o.context, o.AuthLogoutHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets"] = bucket.NewMakeBucket(o.context, o.BucketMakeBucketHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets/{bucket_name}/objects/upload"] = object.NewPostBucketsBucketNameObjectsUpload(o.context, o.ObjectPostBucketsBucketNameObjectsUploadHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/buckets/{bucket_name}/objects/restore"] = object.NewPutObjectRestore(o.context, o.ObjectPutObjectRestoreHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/buckets/{bucket_name}/objects/tags"] = object.NewPutObjectTags(o.context, o.ObjectPutObjectTagsHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/session"] = auth.NewSessionCheck(o.context, o.AuthSessionCheckHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/buckets/{bucket_name}/versioning"] = bucket.NewSetBucketVersioning(o.context, o.BucketSetBucketVersioningHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects/share"] = object.NewShareObject(o.context, o.ObjectShareObjectHandler)
+}
+
+// Serve creates a http handler to serve the API over HTTP
+// can be used directly in http.ListenAndServe(":8000", api.Serve(nil))
+func (o *ConsoleAPI) Serve(builder middleware.Builder) http.Handler {
+	o.Init()
+
+	if o.Middleware != nil {
+		return o.Middleware(builder)
+	}
+	if o.useSwaggerUI {
+		return o.context.APIHandlerSwaggerUI(builder)
+	}
+	return o.context.APIHandler(builder)
+}
+
+// Init allows you to just initialize the handler cache, you can then recompose the middleware as you see fit
+func (o *ConsoleAPI) Init() {
+	if len(o.handlers) == 0 {
+		o.initHandlerCache()
+	}
+}
+
+// RegisterConsumer allows you to add (or override) a consumer for a media type.
+func (o *ConsoleAPI) RegisterConsumer(mediaType string, consumer runtime.Consumer) {
+	o.customConsumers[mediaType] = consumer
+}
+
+// RegisterProducer allows you to add (or override) a producer for a media type.
+func (o *ConsoleAPI) RegisterProducer(mediaType string, producer runtime.Producer) {
+	o.customProducers[mediaType] = producer
+}
+
+// AddMiddlewareFor adds a http middleware to existing handler
+func (o *ConsoleAPI) AddMiddlewareFor(method, path string, builder middleware.Builder) {
+	um := strings.ToUpper(method)
+	if path == "/" {
+		path = ""
+	}
+	o.Init()
+	if h, ok := o.handlers[um][path]; ok {
+		o.handlers[um][path] = builder(h)
+	}
+}
--- a/api/operations/license/license_acknowledge.go
+++ b/api/operations/license/license_acknowledge.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package idp
+package license

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -30,40 +30,40 @@ import (
 	"github.com/minio/console/models"
 )

-// ListConfigurationsHandlerFunc turns a function with the right signature into a list configurations handler
-type ListConfigurationsHandlerFunc func(ListConfigurationsParams, *models.Principal) middleware.Responder
+// LicenseAcknowledgeHandlerFunc turns a function with the right signature into a license acknowledge handler
+type LicenseAcknowledgeHandlerFunc func(LicenseAcknowledgeParams, *models.Principal) middleware.Responder

 // Handle executing the request and returning a response
-func (fn ListConfigurationsHandlerFunc) Handle(params ListConfigurationsParams, principal *models.Principal) middleware.Responder {
+func (fn LicenseAcknowledgeHandlerFunc) Handle(params LicenseAcknowledgeParams, principal *models.Principal) middleware.Responder {
 	return fn(params, principal)
 }

-// ListConfigurationsHandler interface for that can handle valid list configurations params
-type ListConfigurationsHandler interface {
-	Handle(ListConfigurationsParams, *models.Principal) middleware.Responder
+// LicenseAcknowledgeHandler interface for that can handle valid license acknowledge params
+type LicenseAcknowledgeHandler interface {
+	Handle(LicenseAcknowledgeParams, *models.Principal) middleware.Responder
 }

-// NewListConfigurations creates a new http.Handler for the list configurations operation
-func NewListConfigurations(ctx *middleware.Context, handler ListConfigurationsHandler) *ListConfigurations {
-	return &ListConfigurations{Context: ctx, Handler: handler}
+// NewLicenseAcknowledge creates a new http.Handler for the license acknowledge operation
+func NewLicenseAcknowledge(ctx *middleware.Context, handler LicenseAcknowledgeHandler) *LicenseAcknowledge {
+	return &LicenseAcknowledge{Context: ctx, Handler: handler}
 }

 /*
-	ListConfigurations swagger:route GET /idp/{type} idp listConfigurations
+	LicenseAcknowledge swagger:route GET /license/acknowledge License licenseAcknowledge

-List IDP Configurations
+Acknowledge the license
 */
-type ListConfigurations struct {
+type LicenseAcknowledge struct {
 	Context *middleware.Context
-	Handler ListConfigurationsHandler
+	Handler LicenseAcknowledgeHandler
 }

-func (o *ListConfigurations) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+func (o *LicenseAcknowledge) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
 		*r = *rCtx
 	}
-	var Params = NewListConfigurationsParams()
+	var Params = NewLicenseAcknowledgeParams()
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
--- a/restapi/operations/bucket/list_remote_buckets_parameters.go
+++ b/restapi/operations/bucket/list_remote_buckets_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package bucket
+package license

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,19 +29,19 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 )

-// NewListRemoteBucketsParams creates a new ListRemoteBucketsParams object
+// NewLicenseAcknowledgeParams creates a new LicenseAcknowledgeParams object
 //
 // There are no default values defined in the spec.
-func NewListRemoteBucketsParams() ListRemoteBucketsParams {
+func NewLicenseAcknowledgeParams() LicenseAcknowledgeParams {

-	return ListRemoteBucketsParams{}
+	return LicenseAcknowledgeParams{}
 }

-// ListRemoteBucketsParams contains all the bound params for the list remote buckets operation
+// LicenseAcknowledgeParams contains all the bound params for the license acknowledge operation
 // typically these are obtained from a http.Request
 //
-// swagger:parameters ListRemoteBuckets
-type ListRemoteBucketsParams struct {
+// swagger:parameters LicenseAcknowledge
+type LicenseAcknowledgeParams struct {

 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
@@ -50,8 +50,8 @@ type ListRemoteBucketsParams struct {
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
-// To ensure default values, the struct must have been initialized with NewListRemoteBucketsParams() beforehand.
-func (o *ListRemoteBucketsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+// To ensure default values, the struct must have been initialized with NewLicenseAcknowledgeParams() beforehand.
+func (o *LicenseAcknowledgeParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error

 	o.HTTPRequest = r
--- a/restapi/operations/object/put_object_retention_responses.go
+++ b/restapi/operations/object/put_object_retention_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package object
+package license

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,25 +30,25 @@ import (
 	"github.com/minio/console/models"
 )

-// PutObjectRetentionOKCode is the HTTP code returned for type PutObjectRetentionOK
-const PutObjectRetentionOKCode int = 200
+// LicenseAcknowledgeOKCode is the HTTP code returned for type LicenseAcknowledgeOK
+const LicenseAcknowledgeOKCode int = 200

 /*
-PutObjectRetentionOK A successful response.
+LicenseAcknowledgeOK A successful response.

-swagger:response putObjectRetentionOK
+swagger:response licenseAcknowledgeOK
 */
-type PutObjectRetentionOK struct {
+type LicenseAcknowledgeOK struct {
 }

-// NewPutObjectRetentionOK creates PutObjectRetentionOK with default headers values
-func NewPutObjectRetentionOK() *PutObjectRetentionOK {
+// NewLicenseAcknowledgeOK creates LicenseAcknowledgeOK with default headers values
+func NewLicenseAcknowledgeOK() *LicenseAcknowledgeOK {

-	return &PutObjectRetentionOK{}
+	return &LicenseAcknowledgeOK{}
 }

 // WriteResponse to the client
-func (o *PutObjectRetentionOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *LicenseAcknowledgeOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses

@@ -56,11 +56,11 @@ func (o *PutObjectRetentionOK) WriteResponse(rw http.ResponseWriter, producer ru
 }

 /*
-PutObjectRetentionDefault Generic error response.
+LicenseAcknowledgeDefault Generic error response.

-swagger:response putObjectRetentionDefault
+swagger:response licenseAcknowledgeDefault
 */
-type PutObjectRetentionDefault struct {
+type LicenseAcknowledgeDefault struct {
 	_statusCode int

 	/*
@@ -69,41 +69,41 @@ type PutObjectRetentionDefault struct {
 	Payload *models.APIError `json:"body,omitempty"`
 }

-// NewPutObjectRetentionDefault creates PutObjectRetentionDefault with default headers values
-func NewPutObjectRetentionDefault(code int) *PutObjectRetentionDefault {
+// NewLicenseAcknowledgeDefault creates LicenseAcknowledgeDefault with default headers values
+func NewLicenseAcknowledgeDefault(code int) *LicenseAcknowledgeDefault {
 	if code <= 0 {
 		code = 500
 	}

-	return &PutObjectRetentionDefault{
+	return &LicenseAcknowledgeDefault{
 		_statusCode: code,
 	}
 }

-// WithStatusCode adds the status to the put object retention default response
-func (o *PutObjectRetentionDefault) WithStatusCode(code int) *PutObjectRetentionDefault {
+// WithStatusCode adds the status to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) WithStatusCode(code int) *LicenseAcknowledgeDefault {
 	o._statusCode = code
 	return o
 }

-// SetStatusCode sets the status to the put object retention default response
-func (o *PutObjectRetentionDefault) SetStatusCode(code int) {
+// SetStatusCode sets the status to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) SetStatusCode(code int) {
 	o._statusCode = code
 }

-// WithPayload adds the payload to the put object retention default response
-func (o *PutObjectRetentionDefault) WithPayload(payload *models.APIError) *PutObjectRetentionDefault {
+// WithPayload adds the payload to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) WithPayload(payload *models.APIError) *LicenseAcknowledgeDefault {
 	o.Payload = payload
 	return o
 }

-// SetPayload sets the payload to the put object retention default response
-func (o *PutObjectRetentionDefault) SetPayload(payload *models.APIError) {
+// SetPayload sets the payload to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }

 // WriteResponse to the client
-func (o *PutObjectRetentionDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *LicenseAcknowledgeDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

 	rw.WriteHeader(o._statusCode)
 	if o.Payload != nil {
--- a/api/operations/license/license_acknowledge_urlbuilder.go
+++ b/api/operations/license/license_acknowledge_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package auth
+package license

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -28,15 +28,15 @@ import (
 	golangswaggerpaths "path"
 )

-// LoginOauth2AuthURL generates an URL for the login oauth2 auth operation
-type LoginOauth2AuthURL struct {
+// LicenseAcknowledgeURL generates an URL for the license acknowledge operation
+type LicenseAcknowledgeURL struct {
 	_basePath string
 }

 // WithBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *LoginOauth2AuthURL) WithBasePath(bp string) *LoginOauth2AuthURL {
+func (o *LicenseAcknowledgeURL) WithBasePath(bp string) *LicenseAcknowledgeURL {
 	o.SetBasePath(bp)
 	return o
 }
@@ -44,15 +44,15 @@ func (o *LoginOauth2AuthURL) WithBasePath(bp string) *LoginOauth2AuthURL {
 // SetBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *LoginOauth2AuthURL) SetBasePath(bp string) {
+func (o *LicenseAcknowledgeURL) SetBasePath(bp string) {
 	o._basePath = bp
 }

 // Build a url path and query string
-func (o *LoginOauth2AuthURL) Build() (*url.URL, error) {
+func (o *LicenseAcknowledgeURL) Build() (*url.URL, error) {
 	var _result url.URL

-	var _path = "/login/oauth2/auth"
+	var _path = "/license/acknowledge"

 	_basePath := o._basePath
 	if _basePath == "" {
@@ -64,7 +64,7 @@ func (o *LoginOauth2AuthURL) Build() (*url.URL, error) {
 }

 // Must is a helper function to panic when the url builder returns an error
-func (o *LoginOauth2AuthURL) Must(u *url.URL, err error) *url.URL {
+func (o *LicenseAcknowledgeURL) Must(u *url.URL, err error) *url.URL {
 	if err != nil {
 		panic(err)
 	}
@@ -75,17 +75,17 @@ func (o *LoginOauth2AuthURL) Must(u *url.URL, err error) *url.URL {
 }

 // String returns the string representation of the path with query string
-func (o *LoginOauth2AuthURL) String() string {
+func (o *LicenseAcknowledgeURL) String() string {
 	return o.Must(o.Build()).String()
 }

 // BuildFull builds a full url with scheme, host, path and query string
-func (o *LoginOauth2AuthURL) BuildFull(scheme, host string) (*url.URL, error) {
+func (o *LicenseAcknowledgeURL) BuildFull(scheme, host string) (*url.URL, error) {
 	if scheme == "" {
-		return nil, errors.New("scheme is required for a full url on LoginOauth2AuthURL")
+		return nil, errors.New("scheme is required for a full url on LicenseAcknowledgeURL")
 	}
 	if host == "" {
-		return nil, errors.New("host is required for a full url on LoginOauth2AuthURL")
+		return nil, errors.New("host is required for a full url on LicenseAcknowledgeURL")
 	}

 	base, err := o.Build()
@@ -99,6 +99,6 @@ func (o *LoginOauth2AuthURL) BuildFull(scheme, host string) (*url.URL, error) {
 }

 // StringFull returns the string representation of a complete url
-func (o *LoginOauth2AuthURL) StringFull(scheme, host string) string {
+func (o *LicenseAcknowledgeURL) StringFull(scheme, host string) string {
 	return o.Must(o.BuildFull(scheme, host)).String()
 }
--- a/restapi/operations/object/delete_multiple_objects.go
+++ b/restapi/operations/object/delete_multiple_objects.go
--- a/restapi/operations/object/delete_multiple_objects_parameters.go
+++ b/restapi/operations/object/delete_multiple_objects_parameters.go
--- a/restapi/operations/object/delete_multiple_objects_responses.go
+++ b/restapi/operations/object/delete_multiple_objects_responses.go
--- a/restapi/operations/object/delete_multiple_objects_urlbuilder.go
+++ b/restapi/operations/object/delete_multiple_objects_urlbuilder.go
--- a/restapi/operations/object/delete_object.go
+++ b/restapi/operations/object/delete_object.go
--- a/restapi/operations/object/delete_object_parameters.go
+++ b/restapi/operations/object/delete_object_parameters.go
--- a/restapi/operations/object/delete_object_responses.go
+++ b/restapi/operations/object/delete_object_responses.go
--- a/restapi/operations/object/delete_object_urlbuilder.go
+++ b/restapi/operations/object/delete_object_urlbuilder.go
--- a/restapi/operations/object/download_multiple_objects.go
+++ b/restapi/operations/object/download_multiple_objects.go
--- a/restapi/operations/object/download_multiple_objects_parameters.go
+++ b/restapi/operations/object/download_multiple_objects_parameters.go
--- a/Show More
+++ b/Show More