Release v2.0.1 (#3542)

Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>

.dockerignore

@@ -1,7 +0,0 @@
-node_modules/
-dist/
-target/
-console
-!console/
-portal-ui/node_modules/
-.git/

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,49 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: community, triage
+assignees: ''
+
+---
+
+## NOTE
+
+Please subscribe to our [paid subscription plans](https://min.io/pricing) for 24x7 support from our Engineering team.
+
+<!--- Provide a general summary of the issue in the title above -->
+
+## Expected Behavior
+<!--- If you're describing a bug, tell us what should happen -->
+<!--- If you're suggesting a change/improvement, tell us how it should work -->
+
+## Current Behavior
+<!--- If describing a bug, tell us what happens instead of the expected behavior -->
+<!--- If suggesting a change/improvement, explain the difference from current behavior -->
+
+## Possible Solution
+<!--- Not obligatory, but suggest a fix/reason for the bug, -->
+<!--- or ideas how to implement the addition or change -->
+
+## Steps to Reproduce (for bugs)
+<!--- Provide a link to a live example, or an unambiguous set of steps to -->
+<!--- reproduce this bug. Include code to reproduce, if relevant -->
+
+1.
+2.
+3.
+4.
+
+## Context
+<!--- How has this issue affected you? What are you trying to accomplish? -->
+<!--- Providing context helps us come up with a solution that is most useful in the real world -->
+
+## Regression
+<!-- Is this issue a regression? (Yes / No) -->
+<!-- If Yes, optionally please include the MinIO version or commit id or PR# that caused this regression, if you have these details. -->
+
+## Your Environment
+<!--- Include as many relevant details about the environment you experienced the bug in -->
+* MinIO version used (`minio --version`):
+* Server setup and configuration:
+* Operating System and version (`uname -a`):

.github/workflows/codeql.yml

@@ -1,52 +0,0 @@
-name: "Code scanning - action"
-
-on:
-  push:
-  pull_request:
-  schedule:
-    - cron: '0 19 * * 0'
-
-jobs:
-  CodeQL-Build:
-
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-      
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows/go.yml

@@ -1,37 +0,0 @@
-name: Go
-
-on:
-  pull_request:
-    branches:
-      - master
-  push:
-    branches:
-      - master
-
-jobs:
-  build:
-    name: Test on Go ${{ matrix.go-version }} and ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.15.x]
-        os: [ubuntu-latest]
-    steps:
-      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go-version }}
-        id: go
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-
-      - name: Build on ${{ matrix.os }}
-        env:
-          GO111MODULE: on
-          GOOS: linux
-        run: |
-          make verifiers
-          make test
-          make crosscompile
-          make console

.github/workflows/issues.yaml

@@ -0,0 +1,18 @@
+# @format
+
+name: Issue Workflow
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add issue to project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@v0.5.0
+        with:
+          project-url: https://github.com/orgs/miniohq/projects/2
+          github-token: ${{ secrets.BOT_PAT }}

.github/workflows/react.yml

@@ -1,15 +0,0 @@
-name: "React Tests"
-on:
-  push:
-  pull_request:
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Install modules
-        working-directory: ./portal-ui
-        run: yarn
-      - name: Run tests
-        working-directory: ./portal-ui
-        run: yarn test

.github/workflows/vulncheck.yaml

@@ -0,0 +1,53 @@
+# @format
+
+name: Vulnerability Check
+on:
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
+jobs:
+  vulncheck:
+    name: Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.23.8
+          check-latest: true
+      - name: Get official govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+        shell: bash
+      - name: Run govulncheck
+        run: govulncheck ./...
+        shell: bash
+
+  react-code-known-vulnerabilities:
+    name: "React Code Has No Known Vulnerable Deps"
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [ 1.23.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Read .nvmrc
+        id: node_version
+        run: echo "$(cat .nvmrc)" && echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_ENV
+      - name: Enable Corepack
+        run: corepack enable
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NVMRC }}
+      - name: Checks for known security issues with the installed packages
+        working-directory: ./web-app
+        continue-on-error: false
+        run: |
+          yarn npm audit --recursive --environment production --no-deprecations

.gitignore

@@ -1,3 +1,13 @@
+# Playwright Data
+web-app/storage/
+web-app/playwright/.auth/admin.json
+
+# Report from Playwright
+web-app/playwright-report/
+
+# Coverage from Playwright
+web-app/.nyc_output/
+
 # Binaries for programs and plugins
 *.exe
 *.exe~
@@ -19,6 +29,7 @@ vendor/
 
 # Ignore executables
 target/
+!pkg/logger/target/
 console
 !console/
 
@@ -26,8 +37,7 @@ dist/
 
 # Ignore node_modules
 
-portal-ui/node_modules/
-portal-ui/build/
+web-app/node_modules/
 
 # Ignore tls cert and key
 private.key
@@ -38,3 +48,6 @@ public.crt
 *.code-workspace
 *~
 .eslintcache
+
+# Ignore Bin files
+bin/

.golangci.bck.yml

@@ -0,0 +1,55 @@
+linters-settings:
+  misspell:
+    locale: US
+  testifylint:
+    disable:
+      - go-require
+  staticcheck:
+    checks:
+      [
+        "all",
+        "-ST1005",
+        "-ST1000",
+        "-SA4000",
+        "-SA9004",
+        "-SA1019",
+        "-SA1008",
+        "-U1000",
+        "-ST1016",
+      ]
+  goheader:
+    values:
+      regexp:
+        copyright-holder: Copyright \(c\) (20\d\d\-20\d\d)|2021|({{year}})
+    template-path: .license.tmpl
+
+linters:
+  disable-all: true
+  enable:
+    - goimports
+    - misspell
+    - govet
+    - revive
+    - ineffassign
+    - gosimple
+    - gomodguard
+    - gofmt
+    - unused
+    - staticcheck
+    - unconvert
+    - gocritic
+    - gofumpt
+    - durationcheck
+
+issues:
+  exclude-use-default: false
+  exclude:
+    - should have a package comment
+    # TODO(y4m4): Remove once all exported ident. have comments!
+    - comment on exported function
+    - comment on exported type
+    - should have comment
+    - use leading k in Go names
+    - comment on exported const
+  exclude-dirs:
+    - api/operations

.golangci.yml

@@ -1,28 +1,73 @@
-linters-settings:
-  golint:
-    min-confidence: 0
-
-  misspell:
-    locale: US
-
+version: "2"
 linters:
-  disable-all: true
+  default: none
   enable:
-    - typecheck
-    - goimports
-    - misspell
+    - durationcheck
+    - gocritic
+    - gomodguard
     - govet
-    - golint
     - ineffassign
-    - gosimple
-    - deadcode
-    - unparam
+    - misspell
+    - revive
+    - staticcheck
+    - unconvert
     - unused
-    - structcheck
-
-service:
-  golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly
-
-run:
-  skip-dirs:
-    - pkg/clientgen
+  settings:
+    goheader:
+      values:
+        regexp:
+          copyright-holder: Copyright \(c\) (20\d\d\-20\d\d)|2021|({{year}})
+      template-path: .license.tmpl
+    misspell:
+      locale: US
+    staticcheck:
+      checks:
+        - all
+        - -QF1001
+        - -QF1008
+        - -QF1010
+        - -QF1012
+        - -SA1008
+        - -SA1019
+        - -SA4000
+        - -SA9004
+        - -ST1000
+        - -ST1005
+        - -ST1016
+        - -ST1019
+        - -U1000
+    testifylint:
+      disable:
+        - go-require
+  exclusions:
+    generated: lax
+    rules:
+      - path: (.+)\.go$
+        text: should have a package comment
+      - path: (.+)\.go$
+        text: comment on exported function
+      - path: (.+)\.go$
+        text: comment on exported type
+      - path: (.+)\.go$
+        text: should have comment
+      - path: (.+)\.go$
+        text: use leading k in Go names
+      - path: (.+)\.go$
+        text: comment on exported const
+    paths:
+      - api/operations
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - gofumpt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - api/operations
+      - third_party$
+      - builtin$
+      - examples$

.goreleaser.yml

@@ -1,136 +0,0 @@
-# This is an example goreleaser.yaml file with some sane defaults.
-# Make sure to check the documentation at http://goreleaser.com
-project_name: console
-
-release:
-   name_template: "Release version {{.Tag}}"
-   github:
-    owner: minio
-    name: console
-   extra_files:
-     - glob: "*.minisig"
-
-before:
-  hooks:
-    # you may remove this if you don't use vgo
-    - go mod tidy
-
-builds:
-  -
-    goos:
-      - linux
-      - darwin
-      - windows
-    goarch:
-      - amd64
-      - ppc64le
-      - s390x
-      - arm64
-    ignore:
-      - goos: darwin
-        goarch: arm
-      - goos: windows
-        goarch: arm64
-      - goos: windows
-        goarch: arm
-
-    env:
-      - CGO_ENABLED=0
-
-    main: ./cmd/console/
-
-    flags:
-      - -trimpath
-      - --tags=kqueue
-
-    ldflags:
-      - -s -w -X github.com/minio/console/pkg.ReleaseTag={{.Tag}} -X github.com/minio/console/pkg.CommitID={{.FullCommit}} -X github.com/minio/console/pkg.Version={{.Version}} -X github.com/minio/console/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/console/pkg.ReleaseTime={{.Date}}
-
-archives:
-  -
-    name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}"
-    format: binary
-    replacements:
-      arm: arm
-
-signs:
-  -
-    signature: "${artifact}.minisig"
-    cmd: "sh"
-    args:
-      - '-c'
-      - 'minisign -s /media/${USER}/minio/minisign.key -Sm ${artifact} < /media/${USER}/minio/minisign-passphrase'
-    artifacts: all
-
-snapshot:
-  name_template: v0.0.0@{{.ShortCommit}}
-
-changelog:
-  sort: asc
-
-nfpms:
-  -
-    vendor: MinIO, Inc.
-    homepage: https://github.com/minio/console
-    maintainer: MinIO Development <dev@min.io>
-    description: MinIO Console Server
-    license: GNU Affero General Public License v3.0
-    formats:
-      - deb
-      - rpm
-
-dockers:
-- image_templates:
-  - "minio/console:{{ .Tag }}-amd64"
-  use_buildx: true
-  goarch: amd64
-  dockerfile: Dockerfile.release
-  extra_files:
-    - LICENSE
-    - CREDITS
-  build_flag_templates:
-  - "--platform=linux/amd64"
-- image_templates:
-  - "minio/console:{{ .Tag }}-ppc64le"
-  use_buildx: true
-  goarch: ppc64le
-  dockerfile: Dockerfile.release
-  extra_files:
-    - LICENSE
-    - CREDITS
-  build_flag_templates:
-  - "--platform=linux/ppc64le"
-- image_templates:
-  - "minio/console:{{ .Tag }}-s390x"
-  use_buildx: true
-  goarch: s390x
-  dockerfile: Dockerfile.release
-  extra_files:
-    - LICENSE
-    - CREDITS
-  build_flag_templates:
-  - "--platform=linux/s390x"
-- image_templates:
-  - "minio/console:{{ .Tag }}-arm64"
-  use_buildx: true
-  goarch: arm64
-  goos: linux
-  dockerfile: Dockerfile.release
-  extra_files:
-    - LICENSE
-    - CREDITS
-  build_flag_templates:
-  - "--platform=linux/arm64"
-docker_manifests:
-- name_template: minio/console:{{ .Tag }}
-  image_templates:
-  - minio/console:{{ .Tag }}-amd64
-  - minio/console:{{ .Tag }}-arm64
-  - minio/console:{{ .Tag }}-ppc64le
-  - minio/console:{{ .Tag }}-s390x
-- name_template: minio/console:latest
-  image_templates:
-  - minio/console:{{ .Tag }}-amd64
-  - minio/console:{{ .Tag }}-arm64
-  - minio/console:{{ .Tag }}-ppc64le
-  - minio/console:{{ .Tag }}-s390x

.license.tmpl

@@ -0,0 +1,15 @@
+This file is part of MinIO Console Server
+{{copyright-holder}} MinIO, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.

.nvmrc

@@ -0,0 +1 @@
+18

.semgrepignore

@@ -0,0 +1,35 @@
+# Ignore git items
+.gitignore
+.git/
+:include .gitignore
+
+# Common large paths
+node_modules/
+web-app/node_modules/
+build/
+dist/
+.idea/
+vendor/
+.env/
+.venv/
+.tox/
+*.min.js
+
+# Common test paths
+test/
+tests/
+*_test.go
+
+# Semgrep rules folder
+.semgrep
+
+# Semgrep-action log folder
+.semgrep_logs/
+
+# Ignore VsCode files
+.vscode/
+*.code-workspace
+*~
+.eslintcache
+
+consoleApi.ts

CHANGELOG.md

@@ -0,0 +1,476 @@
+# Changelog
+
+## Release v2.0.1
+
+Bug Fix:
+
+- Updated project dependencies for vulnerabilities
+
+Changes:
+
+- Updated Object Browser console logos
+- Updated License page information
+
+
+
+## Release v2.0.0
+
+Community version is going back to be an object browser only.
+
+Bug Fix:
+
+- Fixed Dependencies vulnerabilities
+
+Deprecations:
+
+- Deprecated support of accounts & policies management, this can be managed by using mc admin commands. Please refer to the [MinIO Console User Management page](https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#id1) for more information.
+- Deprecated support of bucket management, this can be managed by using mc commands. Please refer to the [MinIO Client](https://min.io/docs/minio/linux/reference/minio-mc.html) for more information.
+- Deprecated support of configuration management, this can be managed by using mc admin config commands. Please refer to the [MinIO Client](https://min.io/docs/minio/linux/reference/minio-mc.html) for more information.
+
+
+## Release v1.7.6
+
+Bug Fix:
+
+- Fix null pointer exception in Admin Info
+- Ignore leading or trailing spaces in login request
+- Fix file path on drag and drop
+- Fix typo in User DN Search Filter example
+
+## Release v1.7.5
+
+Bug Fix:
+
+- Fixed leaks during ZIP multiobject downloads
+- Allow spaces in Policy names
+
+## Release v1.7.4
+
+Deprecations:
+
+- Deprecated support tools User Interface in favor of mc admin commands. Please refer to the [MinIO SUBNET Registration page](https://min.io/docs/minio/linux/administration/console/subnet-registration.html#subnet) for more information.
+- Deprecated Site replication User Interface in favor of mc admin commands. Please refer to the [MinIO Site Replication page](https://min.io/docs/minio/linux/operations/install-deploy-manage/multi-site-replication.html) for more information.
+- Deprecated Lifecycle & Tiers User Interface in favor of mc admin commands. Please refer to the [MinIO Tiers page](https://min.io/docs/minio/linux/reference/minio-mc/mc-ilm-tier.html) for more information.
+
+Bug Fix:
+
+- Avoid loading unpkg.com call when login animation is off
+
+## Release v1.7.3
+
+Bug Fix:
+
+- Use a fixed public license verification key
+- Show non-expiring access keys as `no-expiry` instead of Jan 1, 1970
+- Use "join Slack" button for non-commercial edition instead of "Signup"
+- Fix setting policies on groups that have spaces
+
+## Release v1.7.2
+
+Bug Fix:
+
+- Fixed issue in Server Health Info
+- Fixed Security vulnerability in dependencies
+- Fixed client string in trace message
+
+Additional Changes:
+
+- Remove live logs in Call Home Page
+- Update License page
+
+## Release v1.7.1
+
+Bug Fix:
+
+- Fixed issue that could cause a failure when attempting to view deleted files in the object browser
+- Return network error when logging in and the network connection fails
+
+Additional Changes:
+
+- Added debug logging for console HTTP request (see [PR #3440](https://github.com/minio/console/pull/3440) for more detailed information)
+
+## Release v1.7.0
+
+Bug Fix:
+
+- Fixed directory listing
+- Fix MinIO videos link
+
+Additional Changes:
+
+- Removed deprecated KES functionality
+
+## Release v1.6.3
+
+Additional Changes:
+
+- Updated go.mod version
+
+## Release v1.6.2
+
+Bug Fix:
+
+- Fixed minor user session issues
+- Updated project dependencies
+
+Additional Changes:
+
+- Improved Drives List visualization
+- Improved WS request logic
+- Updated License page with current MinIO plans.
+
+## Release v1.6.1
+
+Bug Fix:
+
+- Fixed objectManager issues under certain conditions
+- Fixed Security vulnerability in dependencies
+
+Additional Changes:
+
+- Improved Share Link behavior
+
+## Release v1.6.0
+
+Bug Fix:
+
+- Fixed share link encoding
+- Fixed Edit Lifecycle Storage Class
+- Added Tiers Improvements for Bucket Lifecycle management
+
+Additional Changes:
+
+- Vulnerability updates
+- Update Logo logic
+
+## Release v1.5.0
+
+Features:
+
+- Added remove Tier functionality
+
+Bug Fix:
+
+- Fixed ILM rule tags not being shown
+- Fixed race condition Object Browser websocket
+- Fixed Encryption page crashing on empty response
+- Fixed Replication Delete Marker comparisons
+
+Additional Changes:
+
+- Use automatic URI encoding for APIs
+- Vulnerability updates
+
+## Release v1.4.0
+
+Features:
+
+- Added VersionID support to metadata details
+- Improved Websockets handlers
+
+Bug Fix:
+
+- Fixed vulnerabilities and updated dependencies
+- Fixed an issue with Download URL decoding
+- Fixed leak in Object Browser Websocket
+- Minor UX fixes
+
+## Release v1.3.0
+
+Features:
+
+- Adds ExpireDeleteMarker status to BucketLifecycleRule UI
+
+Bug Fix:
+
+- Fixed vulnerability
+- Used URL-safe base64 enconding for Share API
+- Made Prefix field optional when Adding Tier
+- Added Console user agent in MinIO Admin Client
+
+## Release v1.2.0
+
+Features:
+
+- Updated file share logic to work as Proxy
+
+Bug Fix:
+
+- Updated project dependencies
+- Fixed Key Permissions UX
+- Added permissions validation to rewind button
+- Fixed Health report upload to SUBNET
+- Misc Cosmetic fixes
+
+## Release v1.1.1
+
+Bug Fix:
+
+- Fixed folder download issue
+
+## Release v1.1.0
+
+Features:
+
+- Added Set Expired object all versions selector
+
+Bug Fix:
+
+- Updated Go Dependencies
+
+## Release v1.0.0
+
+Features:
+
+- Updated Preview message alert
+
+Bug Fix:
+
+- Updated Websocket API
+- Fixed issues with download manager
+- Fixed policies issues
+
+## Release v0.46.0
+
+Features:
+
+- Added latest help content to forms
+
+Bug Fix:
+
+- Disabled Create User button in certain policy cases
+- Fixed an issue with Logout request
+- Upgraded project dependencies
+
+## Release v0.45.0
+
+Deprecated:
+
+- Deprecated Heal / Drives page
+
+Features:
+
+- Updated tines on menus & pages
+
+Bug Fix:
+
+- Upgraded project dependencies
+
+## Release v0.44.0
+
+Bug Fix:
+
+- Upgraded project dependencies
+- Fixed events icons not loading in subpaths
+
+## Release v0.43.1
+
+Bug Fix:
+
+- Update Share Object UI to reflect maximum expiration time in UI
+
+## Release v0.43.0
+
+Features:
+
+- Updated PDF preview method
+
+Bug Fix:
+
+- Fixed vulnerabilities
+- Prevented non-necessary metadata calls in object browser
+
+## Release v0.42.2
+
+Bug Fix:
+
+- Hidden Prometheus metrics if URL is empty
+
+## Release v0.42.1
+
+Bug Fix:
+
+- Reset go version to 1.19
+
+## Release v0.42.0
+
+Features:
+
+- Introducing Dark Mode
+
+Bug Fix:
+
+- Fixed vulnerabilities
+- Changes on Upload and Delete object urls
+- Fixed blocking subpath creation if not enough permissions
+- Removed share object option at prefix level
+- Updated allowed actions for a deleted object
+
+## Release v0.41.0
+
+Features:
+
+- Updated pages to use mds components
+- support for resolving IPv4/IPv6
+
+Bug Fix:
+
+- Remove cache for ClientIP
+- Fixed override environment variables display in settings page
+- Fixed daylight savings time support in share modal
+
+## Release v0.40.0
+
+Features:
+
+- Updated OpenID page
+- Added New bucket event types support
+
+Bug Fix:
+
+- Fixed crash in access keys page
+- Fixed AuditLog filters issue
+- Fixed multiple issues with Object Browser
+
+## Release v0.39.0
+
+Features:
+
+- Migrated metrics page to mds
+- Migrated Register page to mds
+
+Bug Fix:
+
+- Fixed LDAP configuration page issues
+- Load available certificates in logout
+- Updated dependencies & go version
+- Fixed delete objects functionality
+
+## Release v0.38.0
+
+Features:
+
+- Added extra information to Service Accounts page
+- Updated Tiers, Site Replication, Speedtest, Heal & Watch pages components
+
+Bug Fix:
+
+- Fixed IDP expiry time errors
+- Updated project Dependencies
+
+## Release v0.37.0
+
+Features:
+
+- Updated Trace and Logs page components
+- Updated Prometheus metrics
+
+Bug Fix:
+
+- Disabled input fields for Subscription features if MinIO is not registered
+
+## Release v0.36.0
+
+Features:
+
+- Updated Settings page components
+
+Bug Fix:
+
+- Show LDAP Enabled value LDAP configuration
+- Download multiple objects in same path as they were selected
+
+## Release v0.35.1
+
+Bug Fix:
+
+- Change timestamp format for zip creation
+
+## Release v0.35.0
+
+Features:
+
+- Add Exclude Folders and Exclude Prefixes during bucket creation
+- Download multiple selected objects as zip and ignore deleted objects
+- Updated Call Home, Inspet, Profile and Health components
+
+Bug Fix:
+
+- Remove extra white spaces for configuration strings
+- Allow Create New Path in bucket view when having right permissions
+
+## Release v0.34.0
+
+Features:
+
+- Updated Buckets components
+
+Bug Fix:
+
+- Fixed SUBNET Health report upload
+- Updated Download Handler
+- Fixes issue with rewind
+- Avoid 1 hour expiration for IDP credentials
+
+---
+
+## Release v0.33.0
+
+Features:
+
+- Updated OpenID, LDAP components
+
+Bug Fix:
+
+- Fixed security issues
+- Fixed navigation issues in Object Browser
+- Fixed Dashboard metrics
+
+---
+
+## Release v0.32.0
+
+Features:
+
+- Updated Users and Groups components
+- Added placeholder image for Help Menu
+
+Bug Fix:
+
+- Fixed memory leak in WebSocket API for Object Browser
+
+---
+
+## Release v0.31.0
+
+**Breaking Changes:**
+
+- **Removed support for Standalone Deployments**
+
+Features:
+
+- Updated way files are displayed in uploading component
+- Updated Audit Logs and Policies components
+
+Bug Fix:
+
+- Fixed Download folders issue in Object Browser
+- Added missing Notification Events (ILM & REPLICA) in Events Notification Page
+- Fixed Security Vulnerability for `semver` dependency
+
+---
+
+## Release v0.30.0
+
+Features:
+
+- Added MinIO Console Help Menu
+- Updated UI Menu components
+
+Bug Fix:
+
+- Disable the Upload button on Object Browser if the user is not allowed
+- Fixed security vulnerability for `lestrrat-go/jwx` and `fast-xml-parser`
+- Fixed bug on sub-paths for Object Browser
+- Reduce the number of calls to `/session` API endpoint to improve performance
+- Rolled back the previous change for the Share File feature to no longer ask for Service Account access keys

CONTRIBUTING.md

@@ -4,56 +4,80 @@ This is a REST portal server created using [go-swagger](https://github.com/go-sw
 
 The API handlers are created using a YAML definition located in `swagger.YAML`.
 
-To add new api, the YAML file needs to be updated with all the desired apis using the [Swagger Basic Structure](https://swagger.io/docs/specification/2-0/basic-structure/), this includes paths, parameters, definitions, tags, etc.
+To add new api, the YAML file needs to be updated with all the desired apis using
+the [Swagger Basic Structure](https://swagger.io/docs/specification/2-0/basic-structure/), this includes paths,
+parameters, definitions, tags, etc.
 
 ## Generate server from YAML
+
 Once the YAML file is ready we can autogenerate the code needed for the new api by just running:
 
 Validate it:
+
 ```
 swagger validate ./swagger.yml
 ```
+
 Update server code:
+
 ```
 make swagger-gen
 ```
 
 This will update all the necessary code.
 
-`./restapi/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
+`./api/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place
+where we need to update our code to support the new apis. This file is not affected when running the swagger generator
+and it is safe to edit.
 
 ## Unit Tests
-`./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
+
+`./api/handlers_test.go` needs to be updated with the proper tests for the new api.
 
 To run tests:
+
 ```
-go test ./restapi
+go test ./api
 ```
 
 ## Commit changes
-After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to write useful commit messages
+
+After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to
+write useful commit messages
 
 ```
 $ git commit -am 'Add some feature'
 ```
 
 ### Push to the branch
+
 Push your locally committed changes to the remote origin (your fork)
+
 ```
 $ git push origin my-new-feature
 ```
 
 ### Create a Pull Request
-Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.
+
+Pull requests can be created via GitHub. Refer
+to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull
+request. After a Pull Request gets peer reviewed and approved, it will be merged.
 
 ## FAQs
+
 ### How does ``console`` manages dependencies?
+
 ``MinIO`` uses `go mod` to manage its dependencies.
+
 - Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.
 
 To remove a dependency
+
 - Edit your code and remove the import reference.
 - Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.
 
 ### What are the coding guidelines for console?
-``console`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
+
+``console`` is fully conformant with Golang style.
+Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe
+offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).

DEVELOPMENT.md

@@ -1,3 +1,82 @@
+# Developing MinIO Console
+
+The MinIO Console requires the [MinIO Server](https://github.com/minio/minio). For development purposes, you also need
+to run both the MinIO Console web app and the MinIO Console server.
+
+## Running MinIO Console server
+
+Build the server in the main folder by running:
+
+```
+make
+```
+
+> Note: If it's the first time running the server, you might need to run `go mod tidy` to ensure you have all modules
+> required.
+> To start the server run:
+
+```
+CONSOLE_ACCESS_KEY=<your-access-key>
+CONSOLE_SECRET_KEY=<your-secret-key>
+CONSOLE_MINIO_SERVER=<minio-server-endpoint>
+CONSOLE_DEV_MODE=on
+./console server
+```
+
+## Running MinIO Console web app
+
+Refer to `/web-app` [instructions](/web-app/README.md) to run the web app locally.
+
+# Building with MinIO
+
+To test console in its shipping format, you need to build it from the MinIO repository, the following step will guide
+you to do that.
+
+### 0. Building with UI Changes
+
+If you are performing changes in the UI components of console and want to test inside the MinIO binary, you need to
+build assets first.
+
+In the console folder run
+
+```shell
+make assets
+```
+
+This will regenerate all the static assets that will be served by MinIO.
+
+### 1. Clone the `MinIO` repository
+
+In the parent folder of where you cloned this `console` repository, clone the MinIO Repository
+
+```shell
+git clone https://github.com/minio/minio.git
+```
+
+### 2. Update `go.mod` to use your local version
+
+In the MinIO repository open `go.mod` and after the first `require()` directive add a `replace()` directive
+
+```
+...
+)
+
+replace (
+github.com/minio/console => "../console"
+)
+
+require (
+...
+```
+
+### 3. Build `MinIO`
+
+Still in the MinIO folder, run
+
+```shell
+make build
+```
+
 # LDAP authentication with Console
 
 ## Setup
@@ -15,7 +94,8 @@ $ docker cp console/docs/ldap/billy.ldif my-openldap-container:/container/servic
 $ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost
 ```
 
-Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you should get a list 
+Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you
+should get a list
 containing ldap users and groups.
 
 ```
@@ -30,7 +110,7 @@ $ docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b uid=bil
 
 ### Change the password for user billy
 
-Set the new password for `billy` to `minio123` and enter `admin` as the default `LDAP Password` 
+Set the new password for `billy` to `minio123` and enter `admin` as the default `LDAP Password`
 
 ```
 $ docker exec -it my-openldap-container /bin/bash
@@ -41,6 +121,7 @@ Enter LDAP Password:
 ```
 
 ### Add the consoleAdmin policy to user billy on MinIO
+
 ```
 $ cat > consoleAdmin.json << EOF
 {
@@ -66,8 +147,8 @@ $ cat > consoleAdmin.json << EOF
   ]
 }
 EOF
-$ mc admin policy add myminio consoleAdmin consoleAdmin.json
-$ mc admin policy set myminio consoleAdmin user=billy
+$ mc admin policy create myminio consoleAdmin consoleAdmin.json
+$ mc admin policy attach myminio consoleAdmin --user="uid=billy,dc=example,dc=org"
 ```
 
 ## Run MinIO

Dockerfile

@@ -1,49 +0,0 @@
-FROM golang:1.15 as binlayer
-
-RUN go get github.com/go-bindata/go-bindata/... && go get github.com/elazarl/go-bindata-assetfs/...
-
-FROM node:10 as uilayer
-
-WORKDIR /app
-
-COPY --from=binlayer /go/bin/go-bindata-assetfs /bin/
-COPY --from=binlayer /go/bin/go-bindata /bin/
-
-COPY ./portal-ui/package.json ./
-COPY ./portal-ui/yarn.lock ./
-RUN yarn install
-
-COPY ./portal-ui .
-
-RUN yarn install && make build-static
-
-USER node
-
-FROM golang:1.15 as golayer
-
-RUN apt-get update -y && apt-get install -y ca-certificates
-
-ADD go.mod /go/src/github.com/minio/console/go.mod
-ADD go.sum /go/src/github.com/minio/console/go.sum
-WORKDIR /go/src/github.com/minio/console/
-
-# Get dependencies - will also be cached if we won't change mod/sum
-RUN go mod download
-
-ADD . /go/src/github.com/minio/console/
-WORKDIR /go/src/github.com/minio/console/
-
-COPY --from=uilayer /app/bindata_assetfs.go /go/src/github.com/minio/console/portal-ui/bindata_assetfs.go
-
-ENV CGO_ENABLED=0
-
-RUN go build -ldflags "-w -s" -a -o console ./cmd/console
-
-FROM scratch
-MAINTAINER MinIO Development "dev@min.io"
-EXPOSE 9090
-
-COPY --from=golayer /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=golayer /go/src/github.com/minio/console/console .
-
-ENTRYPOINT ["/console"]

Dockerfile.assets

@@ -1,20 +0,0 @@
-FROM golang:1.15 as binlayer
-
-RUN go get github.com/go-bindata/go-bindata/... && go get github.com/elazarl/go-bindata-assetfs/...
-
-FROM node:10 as uilayer
-
-WORKDIR /app
-
-COPY --from=binlayer /go/bin/go-bindata-assetfs /bin/
-COPY --from=binlayer /go/bin/go-bindata /bin/
-
-COPY ./portal-ui/package.json ./
-COPY ./portal-ui/yarn.lock ./
-RUN yarn install
-
-COPY ./portal-ui .
-
-RUN yarn install && make build-static
-
-USER node

Dockerfile.release

@@ -1,21 +0,0 @@
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
-
-COPY CREDITS /licenses/CREDITS
-COPY LICENSE /licenses/LICENSE
-
-LABEL name="MinIO" \
-      vendor="MinIO Inc <dev@min.io>" \
-      maintainer="MinIO Inc <dev@min.io>" \
-      version="v0.6.0" \
-      release="v0.6.0" \
-      summary="A graphical user interface for MinIO" \
-      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
-
-RUN \
-     microdnf update --nodocs && \
-     microdnf install ca-certificates --nodocs
-
-EXPOSE 9090
-COPY console /console
-
-ENTRYPOINT ["/console"]

Makefile

@@ -4,6 +4,9 @@ GOPATH := $(shell go env GOPATH)
 BUILD_VERSION:=$(shell git describe --exact-match --tags $(git log -n1 --pretty='%h') 2>/dev/null || git rev-parse --abbrev-ref HEAD 2>/dev/null)
 BUILD_TIME:=$(shell date 2>/dev/null)
 TAG ?= "minio/console:$(BUILD_VERSION)-dev"
+MINIO_VERSION ?= "quay.io/minio/minio:latest"
+TARGET_BUCKET ?= "target"
+NODE_VERSION := $(shell cat .nvmrc)
 
 default: console
 
@@ -12,52 +15,210 @@ console:
 	@echo "Building Console binary to './console'"
 	@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o console ./cmd/console)
 
-k8sdev:
-	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
-	@kind load docker-image $(TAG)
-	@echo "Done, now restart your console deployment"
-
 getdeps:
 	@mkdir -p ${GOPATH}/bin
-	@which golangci-lint 1>/dev/null || (echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.27.0)
+	@echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin
 
 verifiers: getdeps fmt lint
 
 fmt:
 	@echo "Running $@ check"
-	@GO111MODULE=on gofmt -d restapi/
-	@GO111MODULE=on gofmt -d pkg/
-	@GO111MODULE=on gofmt -d cmd/
-	@GO111MODULE=on gofmt -d cluster/
+	@(env bash $(PWD)/verify-gofmt.sh)
 
 crosscompile:
-	@(env bash $(PWD)/cross-compile.sh)
+	@(env bash $(PWD)/cross-compile.sh $(arg1))
 
 lint:
 	@echo "Running $@ check"
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml
 
+lint-fix: getdeps ## runs golangci-lint suite of linters with automatic fixes
+	@echo "Running $@ check"
+	@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml --fix
+
 install: console
 	@echo "Installing console binary to '$(GOPATH)/bin/console'"
 	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/console $(GOPATH)/bin/console
 	@echo "Installation successful. To learn more, try \"console --help\"."
 
-swagger-gen:
-	@echo "Generating swagger server code from yaml"
+swagger-gen: clean-swagger swagger-console apply-gofmt
+	@echo "Done Generating swagger server code from yaml"
+
+apply-gofmt:
+	@echo "Applying gofmt to all generated an existing files"
+	@GO111MODULE=on gofmt -w .
+
+clean-swagger:
+	@echo "cleaning"
 	@rm -rf models
-	@rm -rf restapi/operations
-	@swagger generate server -A console --main-package=console --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@rm -rf api/operations
+
+swagger-console:
+	@echo "Generating swagger server code from yaml"
+	@swagger generate server -A console --main-package=management --server-package=api --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@echo "Ensure basic install"
+	@(cd web-app; yarn; cd ..)
+	@echo "Generating typescript api"
+	@make swagger-typescript-api path="../swagger.yml" output="./src/api" name="consoleApi.ts"
+	@git restore api/server.go
+
+swagger-typescript-api:
+	@(cd web-app; yarn swagger-typescript-api -p $(path) -o $(output) -n $(name) --custom-config ../generator.config.js; cd ..)
 
 assets:
-	@(cd portal-ui; yarn install; make build-static; yarn prettier --write . --loglevel warn;  cd ..)
+	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
+	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --log-level warn; cd ..)
 
+test-integration:
+	@(docker stop pgsqlcontainer || true)
+	@(docker stop minio || true)
+	@(docker stop minio2 || true)
+	@(docker network rm mynet123 || true)
+	@echo "create docker network to communicate containers MinIO & PostgreSQL"
+	@(docker network create --subnet=173.18.0.0/29 mynet123)
+	@echo "docker run with MinIO Version below:"
+	@echo $(MINIO_VERSION)
+	@echo "MinIO 1"
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 --net=mynet123 -d --name minio --rm -p 9000:9000 -p 9091:9091 -e MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= $(MINIO_VERSION) server /data{1...4} --console-address ':9091' && sleep 5)
+	@echo "MinIO 2"
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 --net=mynet123 -d --name minio2 --rm -p 9001:9001 -p 9092:9092 -e MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= $(MINIO_VERSION) server /data{1...4} --address ':9001' --console-address ':9092' && sleep 5)
+	@echo "Postgres"
+	@(docker run --net=mynet123 --ip=173.18.0.4 --name pgsqlcontainer --rm -p 5432:5432 -e POSTGRES_PASSWORD=password -d postgres && sleep 5)
+	@echo "execute test and get coverage for test-integration:"
+	@(cd integration && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage &&  ./integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/system.out)
+	@(docker stop pgsqlcontainer)
+	@(docker stop minio)
+	@(docker stop minio2)
+	@(docker network rm mynet123)
+
+test-replication:
+	@(docker stop minio || true)
+	@(docker stop minio1 || true)
+	@(docker stop minio2 || true)
+	@(docker network rm mynet123 || true)
+	@(docker network create mynet123)
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 \
+	  --net=mynet123 -d \
+	  --name minio \
+	  --rm \
+	  -p 9000:9000 \
+	  -p 6000:6000 \
+	  -e MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= \
+	  -e MINIO_ROOT_USER="minioadmin" \
+	  -e MINIO_ROOT_PASSWORD="minioadmin" \
+	  $(MINIO_VERSION) server /data{1...4} \
+	  --address :9000 \
+	  --console-address :6000)
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 \
+	  --net=mynet123 -d \
+	  --name minio1 \
+	  --rm \
+	  -p 9001:9001 \
+	  -p 6001:6001 \
+	  -e MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= \
+	  -e MINIO_ROOT_USER="minioadmin" \
+	  -e MINIO_ROOT_PASSWORD="minioadmin" \
+	  $(MINIO_VERSION) server /data{1...4} \
+	  --address :9001 \
+	  --console-address :6001)
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 \
+	  --net=mynet123 -d \
+	  --name minio2 \
+	  --rm \
+	  -p 9002:9002 \
+	  -p 6002:6002 \
+	  -e MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= \
+	  -e MINIO_ROOT_USER="minioadmin" \
+	  -e MINIO_ROOT_PASSWORD="minioadmin" \
+	  $(MINIO_VERSION) server /data{1...4} \
+	  --address :9002 \
+	  --console-address :6002)
+	@(cd replication && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage && ./replication.test -test.v -test.run "^Test*" -test.coverprofile=coverage/replication.out)
+	@(docker stop minio || true)
+	@(docker stop minio1 || true)
+	@(docker stop minio2 || true)
+	@(docker network rm mynet123 || true)
+
+test-permissions-1:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-1/")
+	@(docker stop minio)
+
+test-permissions-2:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-2/")
+	@(docker stop minio)
+
+test-permissions-3:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-3/")
+	@(docker stop minio)
+
+test-permissions-4:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-4/")
+	@(docker stop minio)
+
+test-permissions-6:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/web-app/tests/scripts/permissions.sh "web-app/tests/permissions-6/")
+	@(docker stop minio)
+
+test-apply-permissions:
+	@(env bash $(PWD)/web-app/tests/scripts/initialize-env.sh)
+
+test-start-docker-minio:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+
+initialize-permissions: test-start-docker-minio test-apply-permissions
+	@echo "Done initializing permissions test"
+
+cleanup-permissions:
+	@(env bash $(PWD)/web-app/tests/scripts/cleanup-env.sh)
+	@(docker stop minio)
+
+initialize-docker-network:
+	@(docker network create test-network)
+
+test-start-docker-minio-w-redirect-url: initialize-docker-network
+	@(docker run \
+    -e MINIO_BROWSER_REDIRECT_URL='http://localhost:8000/console/subpath/' \
+    -e MINIO_SERVER_URL='http://localhost:9000' \
+    -v /data1 -v /data2 -v /data3 -v /data4 \
+    -d --network host --name minio --rm\
+    quay.io/minio/minio:latest server /data{1...4})
+
+test-start-docker-nginx-w-subpath:
+	@(docker run \
+	--network host \
+	-d --rm \
+	--add-host=host.docker.internal:host-gateway \
+	-v ./web-app/tests/subpath-nginx/nginx.conf:/etc/nginx/nginx.conf \
+	--name test-nginx nginx)
+
+test-initialize-minio-nginx: test-start-docker-minio-w-redirect-url test-start-docker-nginx-w-subpath
+
+cleanup-minio-nginx:
+	@(docker stop minio test-nginx & docker network rm test-network)
+
+# https://stackoverflow.com/questions/19200235/golang-tests-in-sub-directory
+# Note: go test ./... will run tests on the current folder and all subfolders.
+# This is needed because tests can be in the folder or sub-folder(s), let's include them all please!.
 test:
-	@(GO111MODULE=on go test -race -v github.com/minio/console/restapi/...)
-	@(GO111MODULE=on go test -race -v github.com/minio/console/pkg/...)
+	@echo "execute test and get coverage"
+	@(cd api && mkdir -p coverage && GO111MODULE=on go test ./... -test.v -coverprofile=coverage/coverage.out)
+
+
+# https://stackoverflow.com/questions/19200235/golang-tests-in-sub-directory
+# Note: go test ./... will run tests on the current folder and all subfolders.
+# This is since tests in pkg folder are in subfolders and were not executed.
+test-pkg:
+	@echo "execute test and get coverage"
+	@(cd pkg && mkdir -p coverage && GO111MODULE=on go test ./... -test.v -coverprofile=coverage/coverage-pkg.out)
 
 coverage:
-	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/restapi/... && go tool cover -html=coverage.out && open coverage.html)
+	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/api/... && go tool cover -html=coverage.out && open coverage.html)
 
 clean:
 	@echo "Cleaning up all the generated files"
@@ -66,4 +227,10 @@ clean:
 	@rm -vf console
 
 docker:
-	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
+	@docker buildx build --output=type=docker --platform linux/amd64 -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' --build-arg NODE_VERSION='$(NODE_VERSION)' .
+
+release: swagger-gen
+	@echo "Generating Release: $(RELEASE)"
+	@make assets
+	@git add -u .
+	@git add web-app/build/

NOTICE

@@ -1,5 +1,5 @@
 This file is part of MinIO Console Server
-Copyright (c) 2021 MinIO, Inc.
+Copyright (c) 2023 MinIO, Inc.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License as published by

README.md

@@ -4,61 +4,28 @@
 
 A graphical user interface for [MinIO](https://github.com/minio/minio)
 
-| Dashboard                     | Creating a bucket             |
-| -------------                 | -------------                 |
-| ![Dashboard](images/pic1.png) | ![Dashboard](images/pic2.png) |
+| Object Browser                     | Dashboard                     | Creating a bucket             |
+|------------------------------------|-------------------------------|-------------------------------|
+| ![Object Browser](images/pic3.png) | ![Dashboard](images/pic1.png) | ![Dashboard](images/pic2.png) |
 
 <!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc -->
 **Table of Contents**
 
 - [MinIO Console](#minio-console)
-    - [Install](#install)
-        - [Binary Releases](#binary-releases)
-        - [Docker](#docker)
-        - [Build from source](#build-from-source)
-    - [Setup](#setup)
-        - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc)
-        - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing)
-        - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user)
-    - [Start Console service:](#start-console-service)
-    - [Start Console service with TLS:](#start-console-service-with-tls)
-    - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate)
+  - [Install](#install)
+    - [Build from source](#build-from-source)
+  - [Setup](#setup)
+    - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc)
+    - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing)
+    - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user)
+  - [Start Console service:](#start-console-service)
+  - [Start Console service with TLS:](#start-console-service-with-tls)
+  - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate)
 - [Contribute to console Project](#contribute-to-console-project)
 
 <!-- markdown-toc end -->
 
-## Install
-
-### Binary Releases
-
-| OS      | ARCH    | Binary                                                                                               |
-|:-------:|:-------:|:----------------------------------------------------------------------------------------------------:|
-| Linux   | amd64   | [linux-amd64](https://github.com/minio/console/releases/latest/download/console-linux-amd64)         |
-| Linux   | arm64   | [linux-arm64](https://github.com/minio/console/releases/latest/download/console-linux-arm64)         |
-| Linux   | ppc64le | [linux-ppc64le](https://github.com/minio/console/releases/latest/download/console-linux-ppc64le)     |
-| Linux   | s390x   | [linux-s390x](https://github.com/minio/console/releases/latest/download/console-linux-s390x)         |
-| Apple   | amd64   | [darwin-amd64](https://github.com/minio/console/releases/latest/download/console-darwin-amd64)       |
-| Windows | amd64   | [windows-amd64](https://github.com/minio/console/releases/latest/download/console-windows-amd64.exe) |
-
-You can also verify the binary with [minisign](https://jedisct1.github.io/minisign/) by downloading the corresponding [`.minisig`](https://github.com/minio/console/releases/latest) signature file. Then run:
-```
-minisign -Vm console-<OS>-<ARCH> -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
-```
-
-### Docker
-
-Pull the latest release via:
-```
-docker pull minio/console
-```
-
-### Build from source
-
-```
-GO111MODULE=on go get github.com/minio/console/cmd/console
-```
-> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
-> Minimum version required is go1.14
+MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.
 
 ## Setup
 
@@ -103,60 +70,64 @@ EOF
 ```
 
 ```sh
-mc admin policy add myminio/ consoleAdmin admin.json
+mc admin policy create myminio/ consoleAdmin admin.json
 ```
 
 ### 3. Set the policy for the new `console` user
 
 ```sh
-mc admin policy set myminio consoleAdmin user=console
+mc admin policy attach myminio consoleAdmin --user=console
 ```
 
-> NOTE: Additionally, you can create policies to limit the privileges for other `console` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
+> NOTE: Additionally, you can create policies to limit the privileges for other `console` users, for example, if you
+> want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like
+> this:
 
 ```json
 {
-	"Version": "2012-10-17",
-	"Statement": [{
-			"Action": [
-				"admin:ServerInfo"
-			],
-			"Effect": "Allow",
-			"Sid": ""
-		},
-		{
-			"Action": [
-				"s3:ListenBucketNotification",
-				"s3:PutBucketNotification",
-				"s3:GetBucketNotification",
-				"s3:ListMultipartUploadParts",
-				"s3:ListBucketMultipartUploads",
-				"s3:ListBucket",
-				"s3:HeadBucket",
-				"s3:GetObject",
-				"s3:GetBucketLocation",
-				"s3:AbortMultipartUpload",
-				"s3:CreateBucket",
-				"s3:PutObject",
-				"s3:DeleteObject",
-				"s3:DeleteBucket",
-				"s3:PutBucketPolicy",
-				"s3:DeleteBucketPolicy",
-				"s3:GetBucketPolicy"
-			],
-			"Effect": "Allow",
-			"Resource": [
-				"arn:aws:s3:::*"
-			],
-			"Sid": ""
-		}
-	]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "admin:ServerInfo"
+      ],
+      "Effect": "Allow",
+      "Sid": ""
+    },
+    {
+      "Action": [
+        "s3:ListenBucketNotification",
+        "s3:PutBucketNotification",
+        "s3:GetBucketNotification",
+        "s3:ListMultipartUploadParts",
+        "s3:ListBucketMultipartUploads",
+        "s3:ListBucket",
+        "s3:HeadBucket",
+        "s3:GetObject",
+        "s3:GetBucketLocation",
+        "s3:AbortMultipartUpload",
+        "s3:CreateBucket",
+        "s3:PutObject",
+        "s3:DeleteObject",
+        "s3:DeleteBucket",
+        "s3:PutBucketPolicy",
+        "s3:DeleteBucketPolicy",
+        "s3:GetBucketPolicy"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:s3:::*"
+      ],
+      "Sid": ""
+    }
+  ]
 }
 ```
 
 ## Start Console service:
 
 Before running console service, following environment settings must be supplied
+
 ```sh
 # Salt to encrypt JWT payload
 export CONSOLE_PBKDF_PASSPHRASE=SECRET
@@ -169,6 +140,7 @@ export CONSOLE_MINIO_SERVER=http://localhost:9000
 ```
 
 Now start the console service.
+
 ```
 ./console server
 2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090
@@ -182,12 +154,14 @@ Copy your `public.crt` and `private.key` to `~/.console/certs`, then:
 
 ```sh
 ./console server
-2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://localhost:9090
+2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090
+2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443
 ```
 
 For advanced users, `console` has support for multiple certificates to service clients through multiple domains.
 
 Following tree structure is expected for supporting multiple domains:
+
 ```sh
  certs/
   │
@@ -217,5 +191,27 @@ export CONSOLE_MINIO_SERVER=https://localhost:9000
 
 You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`
 
+## Debug logging
+
+In some cases it may be convenient to log all HTTP requests. This can be enabled by setting
+the `CONSOLE_DEBUG_LOGLEVEL` environment variable to one of the following values:
+
+ - `0` (default) uses no logging.
+ - `1` log single line per request for server-side errors (status-code 5xx).
+ - `2` log single line per request for client-side and server-side errors (status-code 4xx/5xx).
+ - `3` log single line per request for all requests (status-code 4xx/5xx).
+ - `4` log details per request for server-side errors (status-code 5xx).
+ - `5` log details per request for client-side and server-side errors (status-code 4xx/5xx).
+ - `6` log details per request for all requests (status-code 4xx/5xx).
+
+ A single line logging has the following information:
+ - Remote endpoint (IP + port) of the request. Note that reverse proxies may hide the actual remote endpoint of the client's browser.
+ - HTTP method and URL
+ - Status code of the response (websocket connections are hijacked, so no response is shown)
+ - Duration of the request
+
+The detailed logging also includes all request and response headers (if any).
+ 
 # Contribute to console Project
+
 Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)

SECURITY.md

@@ -18,9 +18,10 @@ you need access credentials for a successful exploit).
 
 If you have not received a reply to your email within 48 hours or you have not heard from the security team
 for the past five days please contact the security team directly:
-  - Primary security coordinator: lenin@min.io
-  - Secondary coordinator: security@min.io
-  - If you receive no response: dev@min.io
+
+- Primary security coordinator: daniel@min.io
+- Secondary coordinator: security@min.io
+- If you receive no response: dev@min.io
 
 ### Disclosure Process
 

api/admin_client_mock.go

@@ -1,7 +1,5 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -15,23 +13,23 @@
 //
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
-//
 
-package models
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
+package api
 
 import (
-	"github.com/go-openapi/strfmt"
+	"context"
+
+	"github.com/minio/madmin-go/v3"
 )
 
-// ParityResponse parity response
-//
-// swagger:model parityResponse
-type ParityResponse []string
-
-// Validate validates this parity response
-func (m ParityResponse) Validate(formats strfmt.Registry) error {
-	return nil
+type AdminClientMock struct {
+	minioAccountInfoMock func(ctx context.Context) (madmin.AccountInfo, error)
+}
+
+func (ac AdminClientMock) kmsStatus(_ context.Context) (madmin.KMSStatus, error) {
+	return madmin.KMSStatus{Name: "name", DefaultKeyID: "key", Endpoints: map[string]madmin.ItemState{"localhost": madmin.ItemState("online")}}, nil
+}
+
+func (ac AdminClientMock) AccountInfo(ctx context.Context) (madmin.AccountInfo, error) {
+	return ac.minioAccountInfoMock(ctx)
 }

api/admin_objects.go

@@ -0,0 +1,90 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"context"
+	"time"
+
+	"github.com/minio/mc/cmd"
+	"github.com/minio/minio-go/v7"
+)
+
+type objectsListOpts struct {
+	BucketName string
+	Prefix     string
+	Date       time.Time
+}
+
+type ObjectsRequest struct {
+	Mode       string `json:"mode,omitempty"`
+	BucketName string `json:"bucket_name"`
+	Prefix     string `json:"prefix"`
+	Date       string `json:"date"`
+	RequestID  int64  `json:"request_id"`
+}
+
+type WSResponse struct {
+	RequestID  int64            `json:"request_id,omitempty"`
+	Error      *CodedAPIError   `json:"error,omitempty"`
+	RequestEnd bool             `json:"request_end,omitempty"`
+	Prefix     string           `json:"prefix,omitempty"`
+	BucketName string           `json:"bucketName,omitempty"`
+	Data       []ObjectResponse `json:"data,omitempty"`
+}
+
+type ObjectResponse struct {
+	Name         string `json:"name,omitempty"`
+	LastModified string `json:"last_modified,omitempty"`
+	Size         int64  `json:"size,omitempty"`
+	VersionID    string `json:"version_id,omitempty"`
+	DeleteMarker bool   `json:"delete_flag,omitempty"`
+	IsLatest     bool   `json:"is_latest,omitempty"`
+}
+
+func getObjectsOptionsFromReq(request ObjectsRequest) (*objectsListOpts, error) {
+	pOptions := objectsListOpts{
+		BucketName: request.BucketName,
+		Prefix:     request.Prefix,
+	}
+
+	if request.Mode == "rewind" {
+		parsedDate, errDate := time.Parse(time.RFC3339, request.Date)
+
+		if errDate != nil {
+			return nil, errDate
+		}
+
+		pOptions.Date = parsedDate
+	}
+
+	return &pOptions, nil
+}
+
+func startObjectsListing(ctx context.Context, client MinioClient, objOpts *objectsListOpts) <-chan minio.ObjectInfo {
+	opts := minio.ListObjectsOptions{
+		Prefix: objOpts.Prefix,
+	}
+
+	return client.listObjects(ctx, objOpts.BucketName, opts)
+}
+
+func startRewindListing(ctx context.Context, client MCClient, objOpts *objectsListOpts) <-chan *cmd.ClientContent {
+	lsRewind := client.list(ctx, cmd.ListOptions{TimeRef: objOpts.Date, WithDeleteMarkers: true})
+
+	return lsRewind
+}

api/admin_objects_test.go

@@ -0,0 +1,236 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	mc "github.com/minio/mc/cmd"
+	"github.com/minio/minio-go/v7"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWSRewindObjects(t *testing.T) {
+	assert := assert.New(t)
+	client := s3ClientMock{}
+
+	tests := []struct {
+		name         string
+		testOptions  objectsListOpts
+		testMessages []*mc.ClientContent
+	}{
+		{
+			name: "Get list with multiple elements",
+			testOptions: objectsListOpts{
+				BucketName: "buckettest",
+				Prefix:     "/",
+				Date:       time.Now(),
+			},
+			testMessages: []*mc.ClientContent{
+				{
+					BucketName: "buckettest",
+					URL:        mc.ClientURL{Path: "/file1.txt"},
+				},
+				{
+					BucketName: "buckettest",
+					URL:        mc.ClientURL{Path: "/file2.txt"},
+				},
+				{
+					BucketName: "buckettest",
+					URL:        mc.ClientURL{Path: "/path1"},
+				},
+			},
+		},
+		{
+			name: "Empty list of elements",
+			testOptions: objectsListOpts{
+				BucketName: "emptybucket",
+				Prefix:     "/",
+				Date:       time.Now(),
+			},
+			testMessages: []*mc.ClientContent{},
+		},
+		{
+			name: "Get list with one element",
+			testOptions: objectsListOpts{
+				BucketName: "buckettest",
+				Prefix:     "/",
+				Date:       time.Now(),
+			},
+			testMessages: []*mc.ClientContent{
+				{
+					BucketName: "buckettestsingle",
+					URL:        mc.ClientURL{Path: "/file12.txt"},
+				},
+			},
+		},
+		{
+			name: "Get data from subpaths",
+			testOptions: objectsListOpts{
+				BucketName: "buckettest",
+				Prefix:     "/path1/path2",
+				Date:       time.Now(),
+			},
+			testMessages: []*mc.ClientContent{
+				{
+					BucketName: "buckettestsingle",
+					URL:        mc.ClientURL{Path: "/path1/path2/file12.txt"},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			mcListMock = func(_ context.Context, _ mc.ListOptions) <-chan *mc.ClientContent {
+				ch := make(chan *mc.ClientContent)
+				go func() {
+					defer close(ch)
+					for _, m := range tt.testMessages {
+						ch <- m
+					}
+				}()
+				return ch
+			}
+
+			rewindList := startRewindListing(ctx, client, &tt.testOptions)
+
+			// check that the rewindList got the same number of data from Console.
+
+			totalItems := 0
+			for data := range rewindList {
+				// Compare elements as we are defining the channel responses
+				assert.Equal(tt.testMessages[totalItems].URL.Path, data.URL.Path)
+				totalItems++
+			}
+			assert.Equal(len(tt.testMessages), totalItems)
+		})
+	}
+}
+
+func TestWSListObjects(t *testing.T) {
+	assert := assert.New(t)
+	client := minioClientMock{}
+
+	tests := []struct {
+		name         string
+		wantErr      bool
+		testOptions  objectsListOpts
+		testMessages []minio.ObjectInfo
+	}{
+		{
+			name:    "Get list with multiple elements",
+			wantErr: false,
+			testOptions: objectsListOpts{
+				BucketName: "buckettest",
+				Prefix:     "/",
+			},
+			testMessages: []minio.ObjectInfo{
+				{
+					Key:          "/file1.txt",
+					Size:         500,
+					IsLatest:     true,
+					LastModified: time.Now(),
+				},
+				{
+					Key:          "/file2.txt",
+					Size:         500,
+					IsLatest:     true,
+					LastModified: time.Now(),
+				},
+				{
+					Key: "/path1",
+				},
+			},
+		},
+		{
+			name:    "Empty list of elements",
+			wantErr: false,
+			testOptions: objectsListOpts{
+				BucketName: "emptybucket",
+				Prefix:     "/",
+			},
+			testMessages: []minio.ObjectInfo{},
+		},
+		{
+			name:    "Get list with one element",
+			wantErr: false,
+			testOptions: objectsListOpts{
+				BucketName: "buckettest",
+				Prefix:     "/",
+			},
+			testMessages: []minio.ObjectInfo{
+				{
+					Key:          "/file2.txt",
+					Size:         500,
+					IsLatest:     true,
+					LastModified: time.Now(),
+				},
+			},
+		},
+		{
+			name:    "Get data from subpaths",
+			wantErr: false,
+			testOptions: objectsListOpts{
+				BucketName: "buckettest",
+				Prefix:     "/path1/path2",
+			},
+			testMessages: []minio.ObjectInfo{
+				{
+					Key:          "/path1/path2/file1.txt",
+					Size:         500,
+					IsLatest:     true,
+					LastModified: time.Now(),
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			minioListObjectsMock = func(_ context.Context, _ string, _ minio.ListObjectsOptions) <-chan minio.ObjectInfo {
+				ch := make(chan minio.ObjectInfo)
+				go func() {
+					defer close(ch)
+					for _, m := range tt.testMessages {
+						ch <- m
+					}
+				}()
+				return ch
+			}
+
+			objectsListing := startObjectsListing(ctx, client, &tt.testOptions)
+
+			// check that the TestReceiver got the same number of data from Console
+			totalItems := 0
+			for data := range objectsListing {
+				// Compare elements as we are defining the channel responses
+				assert.Equal(tt.testMessages[totalItems].Key, data.Key)
+				totalItems++
+			}
+			assert.Equal(len(tt.testMessages), totalItems)
+		})
+	}
+}

api/client-admin.go

@@ -0,0 +1,190 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"net/url"
+	"regexp"
+	"strings"
+
+	"github.com/minio/console/pkg"
+
+	"github.com/minio/console/pkg/utils"
+
+	"github.com/minio/console/models"
+	"github.com/minio/madmin-go/v3"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+)
+
+const globalAppName = "MinIO Console"
+
+// MinioAdmin interface with all functions to be implemented
+// by mock when testing, it should include all MinioAdmin respective api calls
+// that are used within this project.
+type MinioAdmin interface {
+	AccountInfo(ctx context.Context) (madmin.AccountInfo, error)
+	// KMS
+	kmsStatus(ctx context.Context) (madmin.KMSStatus, error)
+}
+
+// Interface implementation
+//
+// Define the structure of a minIO Client and define the functions that are actually used
+// from minIO api.
+type AdminClient struct {
+	Client *madmin.AdminClient
+}
+
+// AccountInfo implements madmin.AccountInfo()
+func (ac AdminClient) AccountInfo(ctx context.Context) (madmin.AccountInfo, error) {
+	return ac.Client.AccountInfo(ctx, madmin.AccountOpts{})
+}
+
+func (ac AdminClient) getBucketQuota(ctx context.Context, bucket string) (madmin.BucketQuota, error) {
+	return ac.Client.GetBucketQuota(ctx, bucket)
+}
+
+func (ac AdminClient) kmsStatus(ctx context.Context) (madmin.KMSStatus, error) {
+	return ac.Client.KMSStatus(ctx)
+}
+
+func NewMinioAdminClient(ctx context.Context, sessionClaims *models.Principal) (*madmin.AdminClient, error) {
+	clientIP := utils.ClientIPFromContext(ctx)
+	adminClient, err := newAdminFromClaims(sessionClaims, clientIP)
+	if err != nil {
+		return nil, err
+	}
+	adminClient.SetAppInfo(globalAppName, pkg.Version)
+	return adminClient, nil
+}
+
+// newAdminFromClaims creates a minio admin from Decrypted claims using Assume role credentials
+func newAdminFromClaims(claims *models.Principal, clientIP string) (*madmin.AdminClient, error) {
+	tlsEnabled := getMinIOEndpointIsSecure()
+	endpoint := getMinIOEndpoint()
+
+	adminClient, err := madmin.NewWithOptions(endpoint, &madmin.Options{
+		Creds:  credentials.NewStaticV4(claims.STSAccessKeyID, claims.STSSecretAccessKey, claims.STSSessionToken),
+		Secure: tlsEnabled,
+	})
+	if err != nil {
+		return nil, err
+	}
+	adminClient.SetAppInfo(globalAppName, pkg.Version)
+	adminClient.SetCustomTransport(PrepareSTSClientTransport(clientIP))
+	return adminClient, nil
+}
+
+// isLocalAddress returns true if the url contains an IPv4/IPv6 hostname
+// that points to the local machine - FQDN are not supported
+func isLocalIPEndpoint(endpoint string) bool {
+	u, err := url.Parse(endpoint)
+	if err != nil {
+		return false
+	}
+	return isLocalIPAddress(u.Hostname())
+}
+
+// isLocalAddress returns true if the url contains an IPv4/IPv6 hostname
+// that points to the local machine - FQDN are not supported
+func isLocalIPAddress(ipAddr string) bool {
+	if ipAddr == "" {
+		return false
+	}
+	if ipAddr == "localhost" {
+		return true
+	}
+	ip := net.ParseIP(ipAddr)
+	return ip != nil && ip.IsLoopback()
+}
+
+// GetConsoleHTTPClient caches different http clients depending on the target endpoint while taking
+// in consideration CA certs stored in ${HOME}/.console/certs/CAs and ${HOME}/.minio/certs/CAs
+// If the target endpoint points to a loopback device, skip the TLS verification.
+func GetConsoleHTTPClient(clientIP string) *http.Client {
+	return PrepareConsoleHTTPClient(clientIP)
+}
+
+var (
+	// De-facto standard header keys.
+	xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For")
+	xRealIP       = http.CanonicalHeaderKey("X-Real-IP")
+)
+
+var (
+	// RFC7239 defines a new "Forwarded: " header designed to replace the
+	// existing use of X-Forwarded-* headers.
+	// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43
+	forwarded = http.CanonicalHeaderKey("Forwarded")
+	// Allows for a sub-match of the first value after 'for=' to the next
+	// comma, semi-colon or space. The match is case-insensitive.
+	forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)(.*)`)
+)
+
+// getSourceIPFromHeaders retrieves the IP from the X-Forwarded-For, X-Real-IP
+// and RFC7239 Forwarded headers (in that order)
+func getSourceIPFromHeaders(r *http.Request) string {
+	var addr string
+
+	if fwd := r.Header.Get(xForwardedFor); fwd != "" {
+		// Only grab the first (client) address. Note that '192.168.0.1,
+		// 10.1.1.1' is a valid key for X-Forwarded-For where addresses after
+		// the first may represent forwarding proxies earlier in the chain.
+		s := strings.Index(fwd, ", ")
+		if s == -1 {
+			s = len(fwd)
+		}
+		addr = fwd[:s]
+	} else if fwd := r.Header.Get(xRealIP); fwd != "" {
+		// X-Real-IP should only contain one IP address (the client making the
+		// request).
+		addr = fwd
+	} else if fwd := r.Header.Get(forwarded); fwd != "" {
+		// match should contain at least two elements if the protocol was
+		// specified in the Forwarded header. The first element will always be
+		// the 'for=' capture, which we ignore. In the case of multiple IP
+		// addresses (for=8.8.8.8, 8.8.4.4, 172.16.1.20 is valid) we only
+		// extract the first, which should be the client IP.
+		if match := forRegex.FindStringSubmatch(fwd); len(match) > 1 {
+			// IPv6 addresses in Forwarded headers are quoted-strings. We strip
+			// these quotes.
+			addr = strings.Trim(match[1], `"`)
+		}
+	}
+
+	return addr
+}
+
+// getClientIP retrieves the IP from the request headers
+// and falls back to r.RemoteAddr when necessary.
+// however returns without bracketing.
+func getClientIP(r *http.Request) string {
+	addr := getSourceIPFromHeaders(r)
+	if addr == "" {
+		addr = r.RemoteAddr
+	}
+
+	// Default to remote address if headers not set.
+	raddr, _, _ := net.SplitHostPort(addr)
+	if raddr == "" {
+		return addr
+	}
+	return raddr
+}

api/client.go

@@ -1,4 +1,4 @@
-// This file is part of MinIO Orchestrator
+// This file is part of MinIO Console Server
 // Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
@@ -14,25 +14,23 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
+	"net/http"
+	"path"
 	"strings"
 	"time"
 
-	"github.com/minio/minio-go/v7/pkg/replication"
 	"github.com/minio/minio-go/v7/pkg/sse"
-
-	"errors"
+	xnet "github.com/minio/pkg/v3/net"
 
 	"github.com/minio/console/models"
 	"github.com/minio/console/pkg"
-	"github.com/minio/console/pkg/acl"
-	"github.com/minio/console/pkg/auth"
-	"github.com/minio/console/pkg/auth/ldap"
 	xjwt "github.com/minio/console/pkg/auth/token"
 	mc "github.com/minio/mc/cmd"
 	"github.com/minio/mc/pkg/probe"
@@ -64,6 +62,7 @@ type MinioClient interface {
 	putObject(ctx context.Context, bucketName, objectName string, reader io.Reader, objectSize int64, opts minio.PutObjectOptions) (info minio.UploadInfo, err error)
 	putObjectLegalHold(ctx context.Context, bucketName, objectName string, opts minio.PutObjectLegalHoldOptions) error
 	putObjectRetention(ctx context.Context, bucketName, objectName string, opts minio.PutObjectRetentionOptions) error
+	statObject(ctx context.Context, bucketName, prefix string, opts minio.GetObjectOptions) (objectInfo minio.ObjectInfo, err error)
 	setBucketEncryption(ctx context.Context, bucketName string, config *sse.Configuration) error
 	removeBucketEncryption(ctx context.Context, bucketName string) error
 	getBucketEncryption(ctx context.Context, bucketName string) (*sse.Configuration, error)
@@ -71,6 +70,11 @@ type MinioClient interface {
 	getObjectTagging(ctx context.Context, bucketName, objectName string, opts minio.GetObjectTaggingOptions) (*tags.Tags, error)
 	setObjectLockConfig(ctx context.Context, bucketName string, mode *minio.RetentionMode, validity *uint, unit *minio.ValidityUnit) error
 	getBucketObjectLockConfig(ctx context.Context, bucketName string) (mode *minio.RetentionMode, validity *uint, unit *minio.ValidityUnit, err error)
+	getObjectLockConfig(ctx context.Context, bucketName string) (lock string, mode *minio.RetentionMode, validity *uint, unit *minio.ValidityUnit, err error)
+	copyObject(ctx context.Context, dst minio.CopyDestOptions, src minio.CopySrcOptions) (minio.UploadInfo, error)
+	GetBucketTagging(ctx context.Context, bucketName string) (*tags.Tags, error)
+	SetBucketTagging(ctx context.Context, bucketName string, tags *tags.Tags) error
+	RemoveBucketTagging(ctx context.Context, bucketName string) error
 }
 
 // Interface implementation
@@ -81,6 +85,18 @@ type minioClient struct {
 	client *minio.Client
 }
 
+func (c minioClient) GetBucketTagging(ctx context.Context, bucketName string) (*tags.Tags, error) {
+	return c.client.GetBucketTagging(ctx, bucketName)
+}
+
+func (c minioClient) SetBucketTagging(ctx context.Context, bucketName string, tags *tags.Tags) error {
+	return c.client.SetBucketTagging(ctx, bucketName, tags)
+}
+
+func (c minioClient) RemoveBucketTagging(ctx context.Context, bucketName string) error {
+	return c.client.RemoveBucketTagging(ctx, bucketName)
+}
+
 // implements minio.ListBuckets(ctx)
 func (c minioClient) listBucketsWithContext(ctx context.Context) ([]minio.BucketInfo, error) {
 	return c.client.ListBuckets(ctx)
@@ -119,11 +135,6 @@ func (c minioClient) getBucketVersioning(ctx context.Context, bucketName string)
 	return c.client.GetBucketVersioning(ctx, bucketName)
 }
 
-// implements minio.getBucketVersioning(ctx, bucketName)
-func (c minioClient) getBucketReplication(ctx context.Context, bucketName string) (replication.Config, error) {
-	return c.client.GetBucketReplication(ctx, bucketName)
-}
-
 // implements minio.listObjects(ctx)
 func (c minioClient) listObjects(ctx context.Context, bucket string, opts minio.ListObjectsOptions) <-chan minio.ObjectInfo {
 	return c.client.ListObjects(ctx, bucket, opts)
@@ -149,6 +160,10 @@ func (c minioClient) putObjectRetention(ctx context.Context, bucketName, objectN
 	return c.client.PutObjectRetention(ctx, bucketName, objectName, opts)
 }
 
+func (c minioClient) statObject(ctx context.Context, bucketName, prefix string, opts minio.GetObjectOptions) (objectInfo minio.ObjectInfo, err error) {
+	return c.client.StatObject(ctx, bucketName, prefix, opts)
+}
+
 // implements minio.SetBucketEncryption(ctx, bucketName, config)
 func (c minioClient) setBucketEncryption(ctx context.Context, bucketName string, config *sse.Configuration) error {
 	return c.client.SetBucketEncryption(ctx, bucketName, config)
@@ -180,6 +195,14 @@ func (c minioClient) getBucketObjectLockConfig(ctx context.Context, bucketName s
 	return c.client.GetBucketObjectLockConfig(ctx, bucketName)
 }
 
+func (c minioClient) getObjectLockConfig(ctx context.Context, bucketName string) (lock string, mode *minio.RetentionMode, validity *uint, unit *minio.ValidityUnit, err error) {
+	return c.client.GetObjectLockConfig(ctx, bucketName)
+}
+
+func (c minioClient) copyObject(ctx context.Context, dst minio.CopyDestOptions, src minio.CopySrcOptions) (minio.UploadInfo, error) {
+	return c.client.CopyObject(ctx, dst, src)
+}
+
 // MCClient interface with all functions to be implemented
 // by mock when testing, it should include all mc/S3Client respective api calls
 // that are used within this project.
@@ -187,10 +210,11 @@ type MCClient interface {
 	addNotificationConfig(ctx context.Context, arn string, events []string, prefix, suffix string, ignoreExisting bool) *probe.Error
 	removeNotificationConfig(ctx context.Context, arn string, event string, prefix string, suffix string) *probe.Error
 	watch(ctx context.Context, options mc.WatchOptions) (*mc.WatchObject, *probe.Error)
-	remove(ctx context.Context, isIncomplete, isRemoveBucket, isBypass bool, contentCh <-chan *mc.ClientContent) <-chan *probe.Error
+	remove(ctx context.Context, isIncomplete, isRemoveBucket, isBypass, forceDelete bool, contentCh <-chan *mc.ClientContent) <-chan mc.RemoveResult
 	list(ctx context.Context, opts mc.ListOptions) <-chan *mc.ClientContent
 	get(ctx context.Context, opts mc.GetOptions) (io.ReadCloser, *probe.Error)
 	shareDownload(ctx context.Context, versionID string, expires time.Duration) (string, *probe.Error)
+	setVersioning(ctx context.Context, status string, excludePrefix []string, excludeFolders bool) *probe.Error
 }
 
 // Interface implementation
@@ -215,12 +239,12 @@ func (c mcClient) watch(ctx context.Context, options mc.WatchOptions) (*mc.Watch
 	return c.client.Watch(ctx, options)
 }
 
-func (c mcClient) setReplication(ctx context.Context, cfg *replication.Config, opts replication.Options) *probe.Error {
-	return c.client.SetReplication(ctx, cfg, opts)
+func (c mcClient) setVersioning(ctx context.Context, status string, excludePrefix []string, excludeFolders bool) *probe.Error {
+	return c.client.SetVersion(ctx, status, excludePrefix, excludeFolders)
 }
 
-func (c mcClient) remove(ctx context.Context, isIncomplete, isRemoveBucket, isBypass bool, contentCh <-chan *mc.ClientContent) <-chan *probe.Error {
-	return c.client.Remove(ctx, isIncomplete, isRemoveBucket, isBypass, contentCh)
+func (c mcClient) remove(ctx context.Context, isIncomplete, isRemoveBucket, isBypass, forceDelete bool, contentCh <-chan *mc.ClientContent) <-chan mc.RemoveResult {
+	return c.client.Remove(ctx, isIncomplete, isRemoveBucket, isBypass, forceDelete, contentCh)
 }
 
 func (c mcClient) list(ctx context.Context, opts mc.ListOptions) <-chan *mc.ClientContent {
@@ -228,7 +252,8 @@ func (c mcClient) list(ctx context.Context, opts mc.ListOptions) <-chan *mc.Clie
 }
 
 func (c mcClient) get(ctx context.Context, opts mc.GetOptions) (io.ReadCloser, *probe.Error) {
-	return c.client.Get(ctx, opts)
+	rd, _, err := c.client.Get(ctx, opts)
+	return rd, err
 }
 
 func (c mcClient) shareDownload(ctx context.Context, versionID string, expires time.Duration) (string, *probe.Error) {
@@ -242,38 +267,27 @@ type ConsoleCredentialsI interface {
 	Get() (credentials.Value, error)
 	Expire()
 	GetAccountAccessKey() string
-	GetAccountSecretKey() string
-	GetActions() []string
 }
 
 // Interface implementation
-type consoleCredentials struct {
-	consoleCredentials *credentials.Credentials
-	accountAccessKey   string
-	accountSecretKey   string
-	actions            []string
+type ConsoleCredentials struct {
+	ConsoleCredentials *credentials.Credentials
+	AccountAccessKey   string
+	CredContext        *credentials.CredContext
 }
 
-func (c consoleCredentials) GetActions() []string {
-	return c.actions
+func (c ConsoleCredentials) GetAccountAccessKey() string {
+	return c.AccountAccessKey
 }
 
-func (c consoleCredentials) GetAccountAccessKey() string {
-	return c.accountAccessKey
+// Get implements *Login.Get()
+func (c ConsoleCredentials) Get() (credentials.Value, error) {
+	return c.ConsoleCredentials.GetWithContext(c.CredContext)
 }
 
-func (c consoleCredentials) GetAccountSecretKey() string {
-	return c.accountSecretKey
-}
-
-// implements *Login.Get()
-func (c consoleCredentials) Get() (credentials.Value, error) {
-	return c.consoleCredentials.Get()
-}
-
-// implements *Login.Expire()
-func (c consoleCredentials) Expire() {
-	c.consoleCredentials.Expire()
+// Expire implements *Login.Expire()
+func (c ConsoleCredentials) Expire() {
+	c.ConsoleCredentials.Expire()
 }
 
 // consoleSTSAssumeRole it's a STSAssumeRole wrapper, in general
@@ -283,6 +297,10 @@ type consoleSTSAssumeRole struct {
 	stsAssumeRole *credentials.STSAssumeRole
 }
 
+func (s consoleSTSAssumeRole) RetrieveWithCredContext(cc *credentials.CredContext) (credentials.Value, error) {
+	return s.stsAssumeRole.RetrieveWithCredContext(cc)
+}
+
 func (s consoleSTSAssumeRole) Retrieve() (credentials.Value, error) {
 	return s.stsAssumeRole.Retrieve()
 }
@@ -291,96 +309,86 @@ func (s consoleSTSAssumeRole) IsExpired() bool {
 	return s.stsAssumeRole.IsExpired()
 }
 
-var (
-	MinioEndpoint = getMinIOServer()
-	MinioRegion   = getMinIORegion()
-)
-
-func newConsoleCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error) {
-	// Future authentication methods can be added under this switch statement
-	switch {
-	// authentication for Operator Console
-	case acl.GetOperatorMode():
-		{
-			creds, err := auth.GetConsoleCredentialsForOperator(secretKey)
-			if err != nil {
-				return nil, err
-			}
-			return creds, nil
-		}
-	// LDAP authentication for Console
-	case ldap.GetLDAPEnabled():
-		{
-			if MinioEndpoint == "" {
-				return nil, errors.New("endpoint cannot be empty for AssumeRoleSTS")
-			}
-			creds, err := auth.GetCredentialsFromLDAP(GetConsoleSTSClient(), MinioEndpoint, accessKey, secretKey)
-			if err != nil {
-				return nil, err
-			}
-			return creds, nil
-		}
-	// default authentication for Console is via STS (Security Token Service) against MinIO
-	default:
-		{
-			if MinioEndpoint == "" || accessKey == "" || secretKey == "" {
-				return nil, errors.New("credentials endpoint, access and secret key are mandatory for AssumeRoleSTS")
-			}
-			opts := credentials.STSAssumeRoleOptions{
-				AccessKey:       accessKey,
-				SecretKey:       secretKey,
-				Location:        location,
-				DurationSeconds: xjwt.GetConsoleSTSDurationInSeconds(),
-			}
-			stsAssumeRole := &credentials.STSAssumeRole{
-				Client:      GetConsoleSTSClient(),
-				STSEndpoint: MinioEndpoint,
-				Options:     opts,
-			}
-			consoleSTSWrapper := consoleSTSAssumeRole{stsAssumeRole: stsAssumeRole}
-			return credentials.New(consoleSTSWrapper), nil
-		}
+func stsCredentials(minioURL, accessKey, secretKey, location string, client *http.Client) (*credentials.Credentials, error) {
+	if accessKey == "" || secretKey == "" {
+		return nil, errors.New("credentials endpoint, access and secret key are mandatory for AssumeRoleSTS")
 	}
+	opts := credentials.STSAssumeRoleOptions{
+		AccessKey:       accessKey,
+		SecretKey:       secretKey,
+		Location:        location,
+		DurationSeconds: int(xjwt.GetConsoleSTSDuration().Seconds()),
+	}
+	stsAssumeRole := &credentials.STSAssumeRole{
+		Client:      client,
+		STSEndpoint: minioURL,
+		Options:     opts,
+	}
+	consoleSTSWrapper := consoleSTSAssumeRole{stsAssumeRole: stsAssumeRole}
+	return credentials.New(consoleSTSWrapper), nil
+}
+
+func NewConsoleCredentials(accessKey, secretKey, location string, client *http.Client) (*credentials.Credentials, error) {
+	minioURL := getMinIOServer()
+
+	return stsCredentials(minioURL, accessKey, secretKey, location, client)
 }
 
 // getConsoleCredentialsFromSession returns the *consoleCredentials.Login associated to the
 // provided session token, this is useful for running the Expire() or IsExpired() operations
 func getConsoleCredentialsFromSession(claims *models.Principal) *credentials.Credentials {
+	if claims == nil {
+		return credentials.NewStaticV4("", "", "")
+	}
 	return credentials.NewStaticV4(claims.STSAccessKeyID, claims.STSSecretAccessKey, claims.STSSessionToken)
 }
 
-// newMinioClient creates a new MinIO client based on the consoleCredentials extracted
+// newMinioClient creates a new MinIO client based on the ConsoleCredentials extracted
 // from the provided session token
-func newMinioClient(claims *models.Principal) (*minio.Client, error) {
+func newMinioClient(claims *models.Principal, clientIP string) (*minio.Client, error) {
 	creds := getConsoleCredentialsFromSession(claims)
-	minioClient, err := minio.New(getMinIOEndpoint(), &minio.Options{
+	endpoint := getMinIOEndpoint()
+	secure := getMinIOEndpointIsSecure()
+	minioClient, err := minio.New(endpoint, &minio.Options{
 		Creds:     creds,
-		Secure:    getMinIOEndpointIsSecure(),
-		Transport: GetConsoleSTSClient().Transport,
+		Secure:    secure,
+		Transport: GetConsoleHTTPClient(clientIP).Transport,
 	})
 	if err != nil {
 		return nil, err
 	}
+	// set user-agent to differentiate Console UI requests for auditing.
+	minioClient.SetAppInfo("MinIO Console", pkg.Version)
 	return minioClient, nil
 }
 
-// newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket
-func newS3BucketClient(claims *models.Principal, bucketName string, prefix string) (*mc.S3Client, error) {
-	endpoint := getMinIOServer()
-
+// computeObjectURLWithoutEncode returns a MinIO url containing the object filename without encoding
+func computeObjectURLWithoutEncode(bucketName, prefix string) (string, error) {
+	u, err := xnet.ParseHTTPURL(getMinIOServer())
+	if err != nil {
+		return "", fmt.Errorf("the provided endpoint: '%s' is invalid", getMinIOServer())
+	}
+	var p string
 	if strings.TrimSpace(bucketName) != "" {
-		endpoint += fmt.Sprintf("/%s", bucketName)
+		p = path.Join(p, bucketName)
 	}
-
 	if strings.TrimSpace(prefix) != "" {
-		endpoint += fmt.Sprintf("/%s", prefix)
+		p = pathJoinFinalSlash(p, prefix)
 	}
+	return u.String() + "/" + p, nil
+}
 
+// newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket
+func newS3BucketClient(claims *models.Principal, bucketName string, prefix string, clientIP string) (*mc.S3Client, error) {
 	if claims == nil {
 		return nil, fmt.Errorf("the provided credentials are invalid")
 	}
-
-	s3Config := newS3Config(endpoint, claims.STSAccessKeyID, claims.STSSecretAccessKey, claims.STSSessionToken, false)
+	// It's very important to avoid encoding the prefix since the minio client will encode the path itself
+	objectURL, err := computeObjectURLWithoutEncode(bucketName, prefix)
+	if err != nil {
+		return nil, fmt.Errorf("the provided endpoint is invalid")
+	}
+	s3Config := newS3Config(objectURL, claims.STSAccessKeyID, claims.STSSecretAccessKey, claims.STSSessionToken, clientIP)
 	client, pErr := mc.S3New(s3Config)
 	if pErr != nil {
 		return nil, pErr.Cause
@@ -389,28 +397,37 @@ func newS3BucketClient(claims *models.Principal, bucketName string, prefix strin
 	if !ok {
 		return nil, fmt.Errorf("the provided url doesn't point to a S3 server")
 	}
-
 	return s3Client, nil
 }
 
+// pathJoinFinalSlash - like path.Join() but retains trailing slashSeparator of the last element
+func pathJoinFinalSlash(elem ...string) string {
+	if len(elem) > 0 {
+		if strings.HasSuffix(elem[len(elem)-1], SlashSeparator) {
+			return path.Join(elem...) + SlashSeparator
+		}
+	}
+	return path.Join(elem...)
+}
+
+// Deprecated
 // newS3Config simply creates a new Config struct using the passed
 // parameters.
-func newS3Config(endpoint, accessKey, secretKey, sessionToken string, insecure bool) *mc.Config {
+func newS3Config(endpoint, accessKey, secretKey, sessionToken string, clientIP string) *mc.Config {
 	// We have a valid alias and hostConfig. We populate the/
 	// consoleCredentials from the match found in the config file.
-	s3Config := new(mc.Config)
-
-	s3Config.AppName = globalAppName
-	s3Config.AppVersion = pkg.Version
-	s3Config.Debug = false
-	s3Config.Insecure = insecure
-
-	s3Config.HostURL = endpoint
-	s3Config.AccessKey = accessKey
-	s3Config.SecretKey = secretKey
-	s3Config.SessionToken = sessionToken
-	s3Config.Signature = "S3v4"
-	s3Config.Transport = prepareSTSClientTransport(insecure)
-
-	return s3Config
+	return &mc.Config{
+		HostURL:      endpoint,
+		AccessKey:    accessKey,
+		SecretKey:    secretKey,
+		SessionToken: sessionToken,
+		Signature:    "S3v4",
+		AppName:      globalAppName,
+		AppVersion:   pkg.Version,
+		Insecure:     isLocalIPEndpoint(endpoint),
+		Transport: &ConsoleTransport{
+			ClientIP:  clientIP,
+			Transport: GlobalTransport,
+		},
+	}
 }

api/client_test.go

@@ -0,0 +1,91 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2024 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import "testing"
+
+func Test_computeObjectURLWithoutEncode(t *testing.T) {
+	type args struct {
+		bucketName string
+		prefix     string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			name: "http://localhost:9000/bucket-1/小飼弾小飼弾小飼弾.jp",
+			args: args{
+				bucketName: "bucket-1",
+				prefix:     "小飼弾小飼弾小飼弾.jpg",
+			},
+			want:    "http://localhost:9000/bucket-1/小飼弾小飼弾小飼弾.jpg",
+			wantErr: false,
+		},
+		{
+			name: "http://localhost:9000/bucket-1/a a - a a & a a - a a a.jpg",
+			args: args{
+				bucketName: "bucket-1",
+				prefix:     "a a - a a & a a - a a a.jpg",
+			},
+			want:    "http://localhost:9000/bucket-1/a a - a a & a a - a a a.jpg",
+			wantErr: false,
+		},
+		{
+			name: "http://localhost:9000/bucket-1/02%20-%20FLY%20ME%20TO%20THE%20MOON%20.jpg",
+			args: args{
+				bucketName: "bucket-1",
+				prefix:     "02%20-%20FLY%20ME%20TO%20THE%20MOON%20.jpg",
+			},
+			want:    "http://localhost:9000/bucket-1/02%20-%20FLY%20ME%20TO%20THE%20MOON%20.jpg",
+			wantErr: false,
+		},
+		{
+			name: "http://localhost:9000/bucket-1/!@#$%^&*()_+.jpg",
+			args: args{
+				bucketName: "bucket-1",
+				prefix:     "!@#$%^&*()_+.jpg",
+			},
+			want:    "http://localhost:9000/bucket-1/!@#$%^&*()_+.jpg",
+			wantErr: false,
+		},
+		{
+			name: "http://localhost:9000/bucket-1/test/test2/小飼弾小飼弾小飼弾.jpg",
+			args: args{
+				bucketName: "bucket-1",
+				prefix:     "test/test2/小飼弾小飼弾小飼弾.jpg",
+			},
+			want:    "http://localhost:9000/bucket-1/test/test2/小飼弾小飼弾小飼弾.jpg",
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			got, err := computeObjectURLWithoutEncode(tt.args.bucketName, tt.args.prefix)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("computeObjectURLWithoutEncode() errors = %v, wantErr %v", err, tt.wantErr)
+			}
+			if err == nil {
+				if got != tt.want {
+					t.Errorf("computeObjectURLWithoutEncode() got = %v, want %v", got, tt.want)
+				}
+			}
+		})
+	}
+}

api/config.go

@@ -14,19 +14,21 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
+	"crypto/tls"
 	"crypto/x509"
-	"fmt"
-	"io/ioutil"
+	"net"
+	"net/http"
 	"strconv"
 	"strings"
-	"sync"
 	"time"
 
-	"github.com/minio/minio/pkg/certs"
-	"github.com/minio/minio/pkg/env"
+	"github.com/minio/console/pkg/auth/idp/oauth2"
+	xcerts "github.com/minio/pkg/v3/certs"
+	"github.com/minio/pkg/v3/env"
+	xnet "github.com/minio/pkg/v3/net"
 )
 
 var (
@@ -34,10 +36,10 @@ var (
 	Port = "9090"
 
 	// Hostname console hostname
-	Hostname = "0.0.0.0"
-
-	// TLSHostname console tls hostname
-	TLSHostname = "0.0.0.0"
+	// avoid listening on 0.0.0.0 by default
+	// instead listen on all IPv4 and IPv6
+	// - Hostname should be empty.
+	Hostname = ""
 
 	// TLSPort console tls port
 	TLSPort = "9443"
@@ -45,53 +47,75 @@ var (
 	// TLSRedirect console tls redirect rule
 	TLSRedirect = "on"
 
-	// SessionDuration cookie validity duration
-	SessionDuration = 45 * time.Minute
+	ConsoleResourceName = "console-ui"
 )
 
 var (
-	logSearchAPI  string
-	logSearchURL  string
-	prometheusURL string
-	consoleImage  string
-
-	once sync.Once
+	// GlobalRootCAs is CA root certificates, a nil value means system certs pool will be used
+	GlobalRootCAs *x509.CertPool
+	// GlobalPublicCerts has certificates Console will use to serve clients
+	GlobalPublicCerts []*x509.Certificate
+	// GlobalTLSCertsManager custom TLS Manager for SNI support
+	GlobalTLSCertsManager *xcerts.Manager
+	// GlobalTransport is common transport used for all HTTP calls, this is set via
+	// MinIO server to be the correct transport, however we still define some defaults
+	// here just in case.
+	GlobalTransport = &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   10 * time.Second,
+			KeepAlive: 15 * time.Second,
+		}).DialContext,
+		MaxIdleConns:          1024,
+		MaxIdleConnsPerHost:   1024,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 10 * time.Second,
+		DisableCompression:    true, // Set to avoid auto-decompression
+		TLSClientConfig: &tls.Config{
+			// Can't use SSLv3 because of POODLE and BEAST
+			// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
+			// Can't use TLSv1.1 because of RC4 cipher usage
+			MinVersion: tls.VersionTLS12,
+			// Console runs in the same pod/node as MinIO this is acceptable.
+			InsecureSkipVerify: true,
+			RootCAs:            GlobalRootCAs,
+		},
+	}
 )
 
+// MinIOConfig represents application configuration passed in from the MinIO
+// server to the console.
+type MinIOConfig struct {
+	OpenIDProviders oauth2.OpenIDPCfg
+}
+
+// GlobalMinIOConfig is the global application configuration passed in from the
+// MinIO server.
+var GlobalMinIOConfig MinIOConfig
+
 func getMinIOServer() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
 }
 
-func getMinIORegion() string {
+func GetMinIORegion() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIORegion, ""))
 }
 
 func getMinIOEndpoint() string {
-	server := getMinIOServer()
-	if strings.Contains(server, "://") {
-		parts := strings.Split(server, "://")
-		if len(parts) > 1 {
-			server = parts[1]
-		}
+	u, err := xnet.ParseHTTPURL(getMinIOServer())
+	if err != nil {
+		panic(err)
 	}
-	return server
+	return u.Host
 }
 
 func getMinIOEndpointIsSecure() bool {
-	server := getMinIOServer()
-	if strings.Contains(server, "://") {
-		parts := strings.Split(server, "://")
-		if len(parts) > 1 {
-			if parts[0] == "https" {
-				return true
-			}
-		}
+	u, err := xnet.ParseHTTPURL(getMinIOServer())
+	if err != nil {
+		panic(err)
 	}
-	return false
-}
-
-func getProductionMode() bool {
-	return strings.ToLower(env.Get(ConsoleProductionMode, "on")) == "on"
+	return u.Scheme == "https"
 }
 
 // GetHostname gets console hostname set on env variable,
@@ -110,12 +134,6 @@ func GetPort() int {
 	return port
 }
 
-// GetTLSHostname gets console tls hostname set on env variable
-// or default one
-func GetTLSHostname() string {
-	return strings.ToLower(env.Get(ConsoleTLSHostname, TLSHostname))
-}
-
 // GetTLSPort gets console tls port set on env variable
 // or default one
 func GetTLSPort() int {
@@ -132,7 +150,7 @@ func GetTLSRedirect() string {
 }
 
 // Get secure middleware env variable configurations
-func getSecureAllowedHosts() []string {
+func GetSecureAllowedHosts() []string {
 	allowedHosts := env.Get(ConsoleSecureAllowedHosts, "")
 	if allowedHosts != "" {
 		return strings.Split(allowedHosts, ",")
@@ -141,39 +159,39 @@ func getSecureAllowedHosts() []string {
 }
 
 // AllowedHostsAreRegex determines, if the provided AllowedHosts slice contains valid regular expressions. Default is false.
-func getSecureAllowedHostsAreRegex() bool {
+func GetSecureAllowedHostsAreRegex() bool {
 	return strings.ToLower(env.Get(ConsoleSecureAllowedHostsAreRegex, "off")) == "on"
 }
 
 // If FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`. Default is true.
-func getSecureFrameDeny() bool {
+func GetSecureFrameDeny() bool {
 	return strings.ToLower(env.Get(ConsoleSecureFrameDeny, "on")) == "on"
 }
 
 // If ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`. Default is true.
-func getSecureContentTypeNonSniff() bool {
+func GetSecureContentTypeNonSniff() bool {
 	return strings.ToLower(env.Get(ConsoleSecureContentTypeNoSniff, "on")) == "on"
 }
 
 // If BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`. Default is true.
-func getSecureBrowserXSSFilter() bool {
+func GetSecureBrowserXSSFilter() bool {
 	return strings.ToLower(env.Get(ConsoleSecureBrowserXSSFilter, "on")) == "on"
 }
 
 // ContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value. Default is "".
 // Passing a template string will replace `$NONCE` with a dynamic nonce value of 16 bytes for each request which can be
 // later retrieved using the Nonce function.
-func getSecureContentSecurityPolicy() string {
+func GetSecureContentSecurityPolicy() string {
 	return env.Get(ConsoleSecureContentSecurityPolicy, "")
 }
 
 // ContentSecurityPolicyReportOnly allows the Content-Security-Policy-Report-Only header value to be set with a custom value. Default is "".
-func getSecureContentSecurityPolicyReportOnly() string {
+func GetSecureContentSecurityPolicyReportOnly() string {
 	return env.Get(ConsoleSecureContentSecurityPolicyReportOnly, "")
 }
 
 // HostsProxyHeaders is a set of header keys that may hold a proxied hostname value for the request.
-func getSecureHostsProxyHeaders() []string {
+func GetSecureHostsProxyHeaders() []string {
 	allowedHosts := env.Get(ConsoleSecureHostsProxyHeaders, "")
 	if allowedHosts != "" {
 		return strings.Split(allowedHosts, ",")
@@ -182,12 +200,16 @@ func getSecureHostsProxyHeaders() []string {
 }
 
 // TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
-func getSecureTLSHost() string {
-	return env.Get(ConsoleSecureTLSHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))
+func GetSecureTLSHost() string {
+	tlsHost := env.Get(ConsoleSecureTLSHost, "")
+	if tlsHost == "" && Hostname != "" {
+		return net.JoinHostPort(Hostname, TLSPort)
+	}
+	return ""
 }
 
 // STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header.
-func getSecureSTSSeconds() int64 {
+func GetSecureSTSSeconds() int64 {
 	seconds, err := strconv.Atoi(env.Get(ConsoleSecureSTSSeconds, "0"))
 	if err != nil {
 		seconds = 0
@@ -196,99 +218,63 @@ func getSecureSTSSeconds() int64 {
 }
 
 // If STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header. Default is false.
-func getSecureSTSIncludeSubdomains() bool {
+func GetSecureSTSIncludeSubdomains() bool {
 	return strings.ToLower(env.Get(ConsoleSecureSTSIncludeSubdomains, "off")) == "on"
 }
 
 // If STSPreload is set to true, the `preload` flag will be appended to the Strict-Transport-Security header. Default is false.
-func getSecureSTSPreload() bool {
+func GetSecureSTSPreload() bool {
 	return strings.ToLower(env.Get(ConsoleSecureSTSPreload, "off")) == "on"
 }
 
-// If TLSTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
-func getSecureTLSTemporaryRedirect() bool {
-	return strings.ToLower(env.Get(ConsoleSecureTLSTemporaryRedirect, "off")) == "on"
-}
-
 // STS header is only included when the connection is HTTPS.
-func getSecureForceSTSHeader() bool {
+func GetSecureForceSTSHeader() bool {
 	return strings.ToLower(env.Get(ConsoleSecureForceSTSHeader, "off")) == "on"
 }
 
-// PublicKey implements HPKP to prevent MITM attacks with forged certificates. Default is "".
-func getSecurePublicKey() string {
-	return env.Get(ConsoleSecurePublicKey, "")
-}
-
 // ReferrerPolicy allows the Referrer-Policy header with the value to be set with a custom value. Default is "".
-func getSecureReferrerPolicy() string {
+func GetSecureReferrerPolicy() string {
 	return env.Get(ConsoleSecureReferrerPolicy, "")
 }
 
 // FeaturePolicy allows the Feature-Policy header with the value to be set with a custom value. Default is "".
-func getSecureFeaturePolicy() string {
+func GetSecureFeaturePolicy() string {
 	return env.Get(ConsoleSecureFeaturePolicy, "")
 }
 
-func getSecureExpectCTHeader() string {
-	return env.Get(ConsoleSecureExpectCTHeader, "")
-}
-
 func getLogSearchAPIToken() string {
-	once.Do(func() {
-		initVars()
-	})
-	return logSearchAPI
-}
-
-func getLogSearchURL() string {
-	once.Do(func() {
-		initVars()
-	})
-	return logSearchURL
-}
-
-func getPrometheusURL() string {
-	once.Do(func() {
-		initVars()
-	})
-	return prometheusURL
-}
-
-// GetSubnetLicense returns the current subnet jwt license
-func GetSubnetLicense() string {
-	return env.Get(ConsoleSubnetLicense, "")
-}
-
-func initVars() {
-	logSearchAPI = env.Get(LogSearchQueryAuthToken, "")
-	logSearchURL = env.Get(LogSearchURL, "http://localhost:8080")
-	prometheusURL = env.Get(PrometheusURL, "")
-	consoleImage = env.Get(ConsoleOperatorConsoleImage, ConsoleImageDefaultVersion)
-}
-
-var (
-	// GlobalRootCAs is CA root certificates, a nil value means system certs pool will be used
-	GlobalRootCAs *x509.CertPool
-	// GlobalPublicCerts has certificates Console will use to serve clients
-	GlobalPublicCerts []*x509.Certificate
-	// GlobalTLSCertsManager custom TLS Manager for SNI support
-	GlobalTLSCertsManager *certs.Manager
-)
-
-// getK8sSAToken assumes the plugin is running inside a k8s pod and extract the current service account from the
-// /var/run/secrets/kubernetes.io/serviceaccount/token file
-func getK8sSAToken() string {
-	dat, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")
-	if err != nil {
-		return env.Get(ConsoleOperatorSAToken, "")
+	if v := env.Get(ConsoleLogQueryAuthToken, ""); v != "" {
+		return v
 	}
-	return string(dat)
+	return env.Get(LogSearchQueryAuthToken, "")
 }
 
-func getConsoleImage() string {
-	once.Do(func() {
-		initVars()
-	})
-	return consoleImage
+func getMaxConcurrentUploadsLimit() int64 {
+	cu, err := strconv.ParseInt(env.Get(ConsoleMaxConcurrentUploads, "10"), 10, 64)
+	if err != nil {
+		return 10
+	}
+
+	return cu
+}
+
+func getMaxConcurrentDownloadsLimit() int64 {
+	cu, err := strconv.ParseInt(env.Get(ConsoleMaxConcurrentDownloads, "20"), 10, 64)
+	if err != nil {
+		return 20
+	}
+
+	return cu
+}
+
+func getConsoleDevMode() bool {
+	return strings.ToLower(env.Get(ConsoleDevMode, "off")) == "on"
+}
+
+func getConsoleAnimatedLogin() bool {
+	return strings.ToLower(env.Get(ConsoleAnimatedLogin, "on")) == "on"
+}
+
+func getConsoleBrowserRedirectURL() string {
+	return env.Get(ConsoleBrowserRedirectURL, "")
 }

api/config_test.go

@@ -0,0 +1,327 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetHostname(t *testing.T) {
+	os.Setenv(ConsoleHostname, "x")
+	defer os.Unsetenv(ConsoleHostname)
+	assert.Equalf(t, "x", GetHostname(), "GetHostname()")
+}
+
+func TestGetPort(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want int
+	}{
+		{
+			name: "valid port",
+			args: args{
+				env: "9091",
+			},
+			want: 9091,
+		},
+		{
+			name: "invalid port",
+			args: args{
+				env: "duck",
+			},
+			want: 9090,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsolePort, tt.args.env)
+			assert.Equalf(t, tt.want, GetPort(), "GetPort()")
+			os.Unsetenv(ConsolePort)
+		})
+	}
+}
+
+func TestGetTLSPort(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want int
+	}{
+		{
+			name: "valid port",
+			args: args{
+				env: "9444",
+			},
+			want: 9444,
+		},
+		{
+			name: "invalid port",
+			args: args{
+				env: "duck",
+			},
+			want: 9443,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleTLSPort, tt.args.env)
+			assert.Equalf(t, tt.want, GetTLSPort(), "GetTLSPort()")
+			os.Unsetenv(ConsoleTLSPort)
+		})
+	}
+}
+
+func TestGetSecureAllowedHosts(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want []string
+	}{
+		{
+			name: "valid hosts",
+			args: args{
+				env: "host1,host2",
+			},
+			want: []string{"host1", "host2"},
+		},
+		{
+			name: "empty hosts",
+			args: args{
+				env: "",
+			},
+			want: []string{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleSecureAllowedHosts, tt.args.env)
+			assert.Equalf(t, tt.want, GetSecureAllowedHosts(), "GetSecureAllowedHosts()")
+			os.Unsetenv(ConsoleSecureAllowedHosts)
+		})
+	}
+}
+
+func TestGetSecureHostsProxyHeaders(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want []string
+	}{
+		{
+			name: "valid headers",
+			args: args{
+				env: "header1,header2",
+			},
+			want: []string{"header1", "header2"},
+		},
+		{
+			name: "empty headers",
+			args: args{
+				env: "",
+			},
+			want: []string{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleSecureHostsProxyHeaders, tt.args.env)
+			assert.Equalf(t, tt.want, GetSecureHostsProxyHeaders(), "GetSecureHostsProxyHeaders()")
+			os.Unsetenv(ConsoleSecureHostsProxyHeaders)
+		})
+	}
+}
+
+func TestGetSecureSTSSeconds(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want int64
+	}{
+		{
+			name: "valid",
+			args: args{
+				env: "1",
+			},
+			want: 1,
+		},
+		{
+			name: "invalid",
+			args: args{
+				env: "duck",
+			},
+			want: 0,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleSecureSTSSeconds, tt.args.env)
+			assert.Equalf(t, tt.want, GetSecureSTSSeconds(), "GetSecureSTSSeconds()")
+			os.Unsetenv(ConsoleSecureSTSSeconds)
+		})
+	}
+}
+
+func Test_getLogSearchAPIToken(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "env set",
+			args: args{
+				env: "value",
+			},
+			want: "value",
+		},
+		{
+			name: "env not set",
+			args: args{
+				env: "",
+			},
+			want: "",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleLogQueryAuthToken, tt.args.env)
+			assert.Equalf(t, tt.want, getLogSearchAPIToken(), "getLogSearchAPIToken()")
+			os.Setenv(ConsoleLogQueryAuthToken, tt.args.env)
+		})
+	}
+}
+
+func Test_getMaxConcurrentUploadsLimit(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want int64
+	}{
+		{
+			name: "valid",
+			args: args{
+				env: "1",
+			},
+			want: 1,
+		},
+		{
+			name: "invalid",
+			args: args{
+				env: "duck",
+			},
+			want: 10,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleMaxConcurrentUploads, tt.args.env)
+			assert.Equalf(t, tt.want, getMaxConcurrentUploadsLimit(), "getMaxConcurrentUploadsLimit()")
+			os.Unsetenv(ConsoleMaxConcurrentUploads)
+		})
+	}
+}
+
+func Test_getMaxConcurrentDownloadsLimit(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want int64
+	}{
+		{
+			name: "valid",
+			args: args{
+				env: "1",
+			},
+			want: 1,
+		},
+		{
+			name: "invalid",
+			args: args{
+				env: "duck",
+			},
+			want: 20,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleMaxConcurrentDownloads, tt.args.env)
+			assert.Equalf(t, tt.want, getMaxConcurrentDownloadsLimit(), "getMaxConcurrentDownloadsLimit()")
+			os.Unsetenv(ConsoleMaxConcurrentDownloads)
+		})
+	}
+}
+
+func Test_getConsoleDevMode(t *testing.T) {
+	type args struct {
+		env string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "value set",
+			args: args{
+				env: "on",
+			},
+			want: true,
+		},
+		{
+			name: "value not set",
+			args: args{
+				env: "",
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			os.Setenv(ConsoleDevMode, tt.args.env)
+			assert.Equalf(t, tt.want, getConsoleDevMode(), "getConsoleDevMode()")
+			os.Unsetenv(ConsoleDevMode)
+		})
+	}
+}

api/configure_console.go

@@ -0,0 +1,564 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// This file is safe to edit. Once it exists it will not be overwritten
+
+package api
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"io"
+	"io/fs"
+	"log"
+	"net"
+	"net/http"
+	"path"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+
+	"github.com/minio/console/pkg/logger"
+	"github.com/minio/console/pkg/utils"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+
+	"github.com/klauspost/compress/gzhttp"
+
+	portal_ui "github.com/minio/console/web-app"
+	"github.com/minio/pkg/v3/env"
+	"github.com/minio/pkg/v3/mimedb"
+	xnet "github.com/minio/pkg/v3/net"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/swag"
+	"github.com/minio/console/api/operations"
+	"github.com/minio/console/models"
+	"github.com/minio/console/pkg/auth"
+	"github.com/unrolled/secure"
+)
+
+//go:generate swagger generate server --target ../../console --name Console --spec ../swagger.yml
+
+var additionalServerFlags = struct {
+	CertsDir string `long:"certs-dir" description:"path to certs directory" env:"CONSOLE_CERTS_DIR"`
+}{}
+
+const (
+	SubPath = "CONSOLE_SUBPATH"
+)
+
+var (
+	cfgSubPath  = "/"
+	subPathOnce sync.Once
+)
+
+func configureFlags(api *operations.ConsoleAPI) {
+	api.CommandLineOptionsGroups = []swag.CommandLineOptionsGroup{
+		{
+			ShortDescription: "additional server flags",
+			Options:          &additionalServerFlags,
+		},
+	}
+}
+
+func configureAPI(api *operations.ConsoleAPI) http.Handler {
+	// Applies when the "x-token" header is set
+	api.KeyAuth = func(token string, _ []string) (*models.Principal, error) {
+		// we are validating the session token by decrypting the claims inside, if the operation succeed that means the jwt
+		// was generated and signed by us in the first place
+		if token == "Anonymous" {
+			return &models.Principal{}, nil
+		}
+		claims, err := auth.ParseClaimsFromToken(token)
+		if err != nil {
+			api.Logger("Unable to validate the session token %s: %v", token, err)
+			return nil, errors.New(401, "incorrect api key auth")
+		}
+		return &models.Principal{
+			STSAccessKeyID:     claims.STSAccessKeyID,
+			STSSecretAccessKey: claims.STSSecretAccessKey,
+			STSSessionToken:    claims.STSSessionToken,
+			AccountAccessKey:   claims.AccountAccessKey,
+			Hm:                 claims.HideMenu,
+			Ob:                 claims.ObjectBrowser,
+			CustomStyleOb:      claims.CustomStyleOB,
+		}, nil
+	}
+	api.AnonymousAuth = func(_ string) (*models.Principal, error) {
+		return &models.Principal{}, nil
+	}
+
+	// Register login handlers
+	registerLoginHandlers(api)
+	// Register logout handlers
+	registerLogoutHandlers(api)
+	// Register bucket handlers
+	registerBucketsHandlers(api)
+	// Register session handlers
+	registerSessionHandlers(api)
+	// Register Object's Handlers
+	registerObjectsHandlers(api)
+	// Register Bucket Quota's Handlers
+	registerBucketQuotaHandlers(api)
+	// Register Bucket Policy's Handlers
+	registerPublicObjectsHandlers(api)
+
+	api.PreServerShutdown = func() {}
+
+	api.ServerShutdown = func() {}
+
+	return setupGlobalMiddleware(api.Serve(setupMiddlewares))
+}
+
+// The TLS configuration before HTTPS server starts.
+func configureTLS(tlsConfig *tls.Config) {
+	tlsConfig.RootCAs = GlobalRootCAs
+	tlsConfig.GetCertificate = GlobalTLSCertsManager.GetCertificate
+}
+
+// The middleware configuration is for the handler executors. These do not apply to the swagger.json document.
+// The middleware executes after routing but before authentication, binding and validation
+func setupMiddlewares(handler http.Handler) http.Handler {
+	return handler
+}
+
+func ContextMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		requestID := uuid.NewString()
+		ctx := context.WithValue(r.Context(), utils.ContextRequestID, requestID)
+		ctx = context.WithValue(ctx, utils.ContextRequestUserAgent, r.UserAgent())
+		ctx = context.WithValue(ctx, utils.ContextRequestHost, r.Host)
+		ctx = context.WithValue(ctx, utils.ContextRequestRemoteAddr, r.RemoteAddr)
+		ctx = context.WithValue(ctx, utils.ContextClientIP, getClientIP(r))
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+func AuditLogMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		rw := logger.NewResponseWriter(w)
+		next.ServeHTTP(rw, r)
+		if strings.HasPrefix(r.URL.Path, "/ws") || strings.HasPrefix(r.URL.Path, "/api") {
+			logger.AuditLog(r.Context(), rw, r, map[string]interface{}{}, "Authorization", "Cookie", "Set-Cookie")
+		}
+	})
+}
+
+func DebugLogMiddleware(next http.Handler) http.Handler {
+	debugLogLevel, _ := env.GetInt("CONSOLE_DEBUG_LOGLEVEL", 0)
+	if debugLogLevel == 0 {
+		return next
+	}
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		rw := logger.NewResponseWriter(w)
+		next.ServeHTTP(rw, r)
+		debugLog(debugLogLevel, r, rw)
+	})
+}
+
+func debugLog(debugLogLevel int, r *http.Request, rw *logger.ResponseWriter) {
+	switch debugLogLevel {
+	case 1:
+		// Log server errors only (summary)
+		if rw.StatusCode >= 500 {
+			debugLogSummary(r, rw)
+		}
+	case 2:
+		// Log server and client errors (summary)
+		if rw.StatusCode >= 400 {
+			debugLogSummary(r, rw)
+		}
+	case 3:
+		// Log all requests (summary)
+		debugLogSummary(r, rw)
+	case 4:
+		// Log server errors only (including headers)
+		if rw.StatusCode >= 500 {
+			debugLogDetails(r, rw)
+		}
+	case 5:
+		// Log server and client errors (including headers)
+		if rw.StatusCode >= 400 {
+			debugLogDetails(r, rw)
+		}
+	case 6:
+		// Log all requests (including headers)
+		debugLogDetails(r, rw)
+	}
+}
+
+func debugLogSummary(r *http.Request, rw *logger.ResponseWriter) {
+	statusCode := strconv.Itoa(rw.StatusCode)
+	if rw.Hijacked {
+		statusCode = "hijacked"
+	}
+	logger.Info(fmt.Sprintf("%s %s %s %s %dms", r.RemoteAddr, r.Method, r.URL, statusCode, time.Since(rw.StartTime).Milliseconds()))
+}
+
+func debugLogDetails(r *http.Request, rw *logger.ResponseWriter) {
+	var sb strings.Builder
+	sb.WriteString(fmt.Sprintf("- Method/URL:       %s %s\n", r.Method, r.URL))
+	sb.WriteString(fmt.Sprintf("  Remote endpoint:  %s\n", r.RemoteAddr))
+	if rw.Hijacked {
+		sb.WriteString("  Status code:      <hijacked, probably a websocket>\n")
+	} else {
+		sb.WriteString(fmt.Sprintf("  Status code:      %d\n", rw.StatusCode))
+	}
+	sb.WriteString(fmt.Sprintf("  Duration (ms):    %d\n", time.Since(rw.StartTime).Milliseconds()))
+	sb.WriteString("  Request headers:  ")
+	debugLogHeaders(&sb, r.Header)
+	sb.WriteString("  Response headers: ")
+	debugLogHeaders(&sb, rw.Header())
+	logger.Info(sb.String())
+}
+
+func debugLogHeaders(sb *strings.Builder, h http.Header) {
+	keys := make([]string, 0, len(h))
+	for key := range h {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+	first := true
+	for _, key := range keys {
+		values := h[key]
+		for _, value := range values {
+			if !first {
+				sb.WriteString("                    ")
+			} else {
+				first = false
+			}
+			sb.WriteString(fmt.Sprintf("%s: %s\n", key, value))
+		}
+	}
+	if first {
+		sb.WriteRune('\n')
+	}
+}
+
+// The middleware configuration happens before anything, this middleware also applies to serving the swagger.json document.
+// So this is a good place to plug in a panic handling middleware, logger and metrics
+func setupGlobalMiddleware(handler http.Handler) http.Handler {
+	gnext := gzhttp.GzipHandler(handler)
+	// if audit-log is enabled console will log all incoming request
+	next := AuditLogMiddleware(gnext)
+	// serve static files
+	next = FileServerMiddleware(next)
+	// add information to request context
+	next = ContextMiddleware(next)
+	// handle cookie or authorization header for session
+	next = AuthenticationMiddleware(next)
+	// handle debug logging
+	next = DebugLogMiddleware(next)
+
+	sslHostFn := secure.SSLHostFunc(func(host string) string {
+		xhost, err := xnet.ParseHost(host)
+		if err != nil {
+			return host
+		}
+		return net.JoinHostPort(xhost.Name, TLSPort)
+	})
+
+	// Secure middleware, this middleware wrap all the previous handlers and add
+	// HTTP security headers
+	secureOptions := secure.Options{
+		AllowedHosts:                    GetSecureAllowedHosts(),
+		AllowedHostsAreRegex:            GetSecureAllowedHostsAreRegex(),
+		HostsProxyHeaders:               GetSecureHostsProxyHeaders(),
+		SSLRedirect:                     GetTLSRedirect() == "on" && len(GlobalPublicCerts) > 0,
+		SSLHostFunc:                     &sslHostFn,
+		SSLHost:                         GetSecureTLSHost(),
+		STSSeconds:                      GetSecureSTSSeconds(),
+		STSIncludeSubdomains:            GetSecureSTSIncludeSubdomains(),
+		STSPreload:                      GetSecureSTSPreload(),
+		SSLTemporaryRedirect:            false,
+		ForceSTSHeader:                  GetSecureForceSTSHeader(),
+		FrameDeny:                       GetSecureFrameDeny(),
+		ContentTypeNosniff:              GetSecureContentTypeNonSniff(),
+		BrowserXssFilter:                GetSecureBrowserXSSFilter(),
+		ContentSecurityPolicy:           GetSecureContentSecurityPolicy(),
+		ContentSecurityPolicyReportOnly: GetSecureContentSecurityPolicyReportOnly(),
+		ReferrerPolicy:                  GetSecureReferrerPolicy(),
+		FeaturePolicy:                   GetSecureFeaturePolicy(),
+		IsDevelopment:                   false,
+	}
+	secureMiddleware := secure.New(secureOptions)
+	next = secureMiddleware.Handler(next)
+	return RejectS3Middleware(next)
+}
+
+const apiRequestErr = `<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>S3 API Requests must be made to API port.</Message><RequestId>0</RequestId></Error>`
+
+// RejectS3Middleware will reject requests that have AWS S3 specific headers.
+func RejectS3Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if len(r.Header.Get("X-Amz-Content-Sha256")) > 0 ||
+			len(r.Header.Get("X-Amz-Date")) > 0 ||
+			strings.HasPrefix(r.Header.Get("Authorization"), "AWS4-HMAC-SHA256") ||
+			r.URL.Query().Get("AWSAccessKeyId") != "" {
+
+			w.Header().Set("Location", getMinIOServer())
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(apiRequestErr))
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
+
+func AuthenticationMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		token, err := auth.GetTokenFromRequest(r)
+		if err != nil && err != auth.ErrNoAuthToken {
+			http.Error(w, err.Error(), http.StatusUnauthorized)
+			return
+		}
+		sessionToken, _ := auth.DecryptToken(token)
+		// All handlers handle appropriately to return errors
+		// based on their swagger rules, we do not need to
+		// additionally return error here, let the next ServeHTTPs
+		// handle it appropriately.
+		if len(sessionToken) > 0 {
+			r.Header.Add("Authorization", fmt.Sprintf("Bearer  %s", string(sessionToken)))
+		} else {
+			r.Header.Add("Authorization", fmt.Sprintf("Bearer %s", "Anonymous"))
+		}
+		ctx := r.Context()
+		claims, _ := auth.ParseClaimsFromToken(string(sessionToken))
+		if claims != nil {
+			// save user session id context
+			ctx = context.WithValue(r.Context(), utils.ContextRequestUserID, claims.STSSessionToken)
+		}
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+// FileServerMiddleware serves files from the static folder
+func FileServerMiddleware(next http.Handler) http.Handler {
+	buildFs, err := fs.Sub(portal_ui.GetStaticAssets(), "build")
+	if err != nil {
+		panic(err)
+	}
+	spaFileHandler := wrapHandlerSinglePageApplication(requestBounce(http.FileServer(http.FS(buildFs))))
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Server", globalAppName) // do not add version information
+		switch {
+		case strings.HasPrefix(r.URL.Path, "/ws"):
+			serveWS(w, r)
+		case strings.HasPrefix(r.URL.Path, "/api"):
+			next.ServeHTTP(w, r)
+		default:
+			spaFileHandler.ServeHTTP(w, r)
+		}
+	})
+}
+
+type notFoundRedirectRespWr struct {
+	http.ResponseWriter // We embed http.ResponseWriter
+	status              int
+}
+
+func (w *notFoundRedirectRespWr) WriteHeader(status int) {
+	w.status = status // Store the status for our own use
+	if status != http.StatusNotFound {
+		w.ResponseWriter.WriteHeader(status)
+	}
+}
+
+func (w *notFoundRedirectRespWr) Write(p []byte) (int, error) {
+	if w.status != http.StatusNotFound {
+		return w.ResponseWriter.Write(p)
+	}
+	return len(p), nil // Lie that we successfully wrote it
+}
+
+// handleSPA handles the serving of the React Single Page Application
+func handleSPA(w http.ResponseWriter, r *http.Request) {
+	basePath := "/"
+	// For SPA mode we will replace root base with a sub path if configured unless we received cp=y and cpb=/NEW/BASE
+	if v := r.URL.Query().Get("cp"); v == "y" {
+		if base := r.URL.Query().Get("cpb"); base != "" {
+			// make sure the subpath has a trailing slash
+			if !strings.HasSuffix(base, "/") {
+				base = fmt.Sprintf("%s/", base)
+			}
+			basePath = base
+		}
+	}
+
+	indexPage, err := portal_ui.GetStaticAssets().Open("build/index.html")
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	sts := r.URL.Query().Get("sts")
+	stsAccessKey := r.URL.Query().Get("sts_a")
+	stsSecretKey := r.URL.Query().Get("sts_s")
+	overridenStyles := r.URL.Query().Get("ov_st")
+
+	// if these three parameters are present we are being asked to issue a session with these values
+	if sts != "" && stsAccessKey != "" && stsSecretKey != "" {
+		creds := credentials.NewStaticV4(stsAccessKey, stsSecretKey, sts)
+		consoleCreds := &ConsoleCredentials{
+			ConsoleCredentials: creds,
+			AccountAccessKey:   stsAccessKey,
+		}
+		sf := &auth.SessionFeatures{}
+		sf.HideMenu = true
+		sf.ObjectBrowser = true
+
+		if overridenStyles != "" {
+			err := ValidateEncodedStyles(overridenStyles)
+			if err != nil {
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+
+			sf.CustomStyleOB = overridenStyles
+		}
+
+		sessionID, err := login(consoleCreds, sf)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		cookie := NewSessionCookieForConsole(*sessionID)
+
+		http.SetCookie(w, &cookie)
+
+		// Allow us to be iframed
+		w.Header().Del("X-Frame-Options")
+	}
+
+	indexPageBytes, err := io.ReadAll(indexPage)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	// if we have a seeded basePath. This should override CONSOLE_SUBPATH every time, thus the `if else`
+	if basePath != "/" {
+		indexPageBytes = replaceBaseInIndex(indexPageBytes, basePath)
+		// if we have a custom subpath replace it in
+	} else if getSubPath() != "/" {
+		indexPageBytes = replaceBaseInIndex(indexPageBytes, getSubPath())
+	}
+	indexPageBytes = replaceLicense(indexPageBytes)
+
+	// it's important to force "Content-Type: text/html", because a previous
+	// handler may have already set the content-type to a different value.
+	// (i.e. the FileServer when it detected that it couldn't find the file)
+	w.Header().Set("Content-Type", "text/html")
+	http.ServeContent(w, r, "index.html", time.Now(), bytes.NewReader(indexPageBytes))
+}
+
+// wrapHandlerSinglePageApplication handles a http.FileServer returning a 404 and overrides it with index.html
+func wrapHandlerSinglePageApplication(h http.Handler) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/" {
+			handleSPA(w, r)
+			return
+		}
+
+		w.Header().Set("Content-Type", mimedb.TypeByExtension(filepath.Ext(r.URL.Path)))
+		nfw := &notFoundRedirectRespWr{ResponseWriter: w}
+		h.ServeHTTP(nfw, r)
+		if nfw.status == http.StatusNotFound {
+			handleSPA(w, r)
+		}
+	}
+}
+
+type nullWriter struct{}
+
+func (lw nullWriter) Write(b []byte) (int, error) {
+	return len(b), nil
+}
+
+// As soon as server is initialized but not run yet, this function will be called.
+// If you need to modify a config, store server instance to stop it individually later, this is the place.
+// This function can be called multiple times, depending on the number of serving schemes.
+// scheme value will be set accordingly: "http", "https" or "unix"
+func configureServer(s *http.Server, _, _ string) {
+	// Turn-off random logger by Go net/http
+	s.ErrorLog = log.New(&nullWriter{}, "", 0)
+}
+
+func getSubPath() string {
+	subPathOnce.Do(func() {
+		cfgSubPath = parseSubPath(env.Get(SubPath, ""))
+	})
+	return cfgSubPath
+}
+
+func parseSubPath(v string) string {
+	v = strings.TrimSpace(v)
+	if v == "" {
+		return SlashSeparator
+	}
+	// Replace all unnecessary `\` to `/`
+	// also add pro-actively at the end.
+	subPath := path.Clean(filepath.ToSlash(v))
+	if !strings.HasPrefix(subPath, SlashSeparator) {
+		subPath = SlashSeparator + subPath
+	}
+	if !strings.HasSuffix(subPath, SlashSeparator) {
+		subPath += SlashSeparator
+	}
+	return subPath
+}
+
+func replaceBaseInIndex(indexPageBytes []byte, basePath string) []byte {
+	if basePath != "" {
+		validBasePath := regexp.MustCompile(`^[0-9a-zA-Z\/-]+$`)
+		if !validBasePath.MatchString(basePath) {
+			return indexPageBytes
+		}
+		indexPageStr := string(indexPageBytes)
+		newBase := fmt.Sprintf("<base href=\"%s\"/>", basePath)
+		indexPageStr = strings.Replace(indexPageStr, "<base href=\"/\"/>", newBase, 1)
+		indexPageBytes = []byte(indexPageStr)
+
+	}
+	return indexPageBytes
+}
+
+func replaceLicense(indexPageBytes []byte) []byte {
+	indexPageStr := string(indexPageBytes)
+	indexPageBytes = []byte(indexPageStr)
+	return indexPageBytes
+}
+
+func requestBounce(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if strings.HasSuffix(r.URL.Path, "/") {
+			http.NotFound(w, r)
+			return
+		}
+
+		handler.ServeHTTP(w, r)
+	})
+}

api/configure_console_test.go

@@ -0,0 +1,125 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"os"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_parseSubPath(t *testing.T) {
+	type args struct {
+		v string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "Empty",
+			args: args{
+				v: "",
+			},
+			want: "/",
+		},
+		{
+			name: "Slash",
+			args: args{
+				v: "/",
+			},
+			want: "/",
+		},
+		{
+			name: "Double Slash",
+			args: args{
+				v: "//",
+			},
+			want: "/",
+		},
+		{
+			name: "No slashes",
+			args: args{
+				v: "route",
+			},
+			want: "/route/",
+		},
+		{
+			name: "No trailing slashes",
+			args: args{
+				v: "/route",
+			},
+			want: "/route/",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			assert.Equalf(t, tt.want, parseSubPath(tt.args.v), "parseSubPath(%v)", tt.args.v)
+		})
+	}
+}
+
+func Test_getSubPath(t *testing.T) {
+	type args struct {
+		envValue string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "Empty",
+			args: args{
+				envValue: "",
+			},
+			want: "/",
+		},
+		{
+			name: "Slash",
+			args: args{
+				envValue: "/",
+			},
+			want: "/",
+		},
+		{
+			name: "Valid Value",
+			args: args{
+				envValue: "/subpath/",
+			},
+			want: "/subpath/",
+		},
+		{
+			name: "No starting slash",
+			args: args{
+				envValue: "subpath/",
+			},
+			want: "/subpath/",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			t.Setenv(SubPath, tt.args.envValue)
+			defer os.Unsetenv(SubPath)
+			subPathOnce = sync.Once{}
+			assert.Equalf(t, tt.want, getSubPath(), "getSubPath()")
+		})
+	}
+}

api/consts.go

@@ -14,19 +14,16 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 // list of all console environment constants
 const (
 	// Constants for common configuration
-	ConsoleMinIOServer    = "CONSOLE_MINIO_SERVER"
-	ConsoleMinIORegion    = "CONSOLE_MINIO_REGION"
-	ConsoleProductionMode = "CONSOLE_PRODUCTION_MODE"
-	ConsoleHostname       = "CONSOLE_HOSTNAME"
-	ConsolePort           = "CONSOLE_PORT"
-	ConsoleTLSHostname    = "CONSOLE_TLS_HOSTNAME"
-	ConsoleTLSPort        = "CONSOLE_TLS_PORT"
-	ConsoleSubnetLicense  = "CONSOLE_SUBNET_LICENSE"
+	ConsoleMinIOServer = "CONSOLE_MINIO_SERVER"
+	ConsoleMinIORegion = "CONSOLE_MINIO_REGION"
+	ConsoleHostname    = "CONSOLE_HOSTNAME"
+	ConsolePort        = "CONSOLE_PORT"
+	ConsoleTLSPort     = "CONSOLE_TLS_PORT"
 
 	// Constants for Secure middleware
 	ConsoleSecureAllowedHosts                    = "CONSOLE_SECURE_ALLOWED_HOSTS"
@@ -42,32 +39,17 @@ const (
 	ConsoleSecureSTSPreload                      = "CONSOLE_SECURE_STS_PRELOAD"
 	ConsoleSecureTLSRedirect                     = "CONSOLE_SECURE_TLS_REDIRECT"
 	ConsoleSecureTLSHost                         = "CONSOLE_SECURE_TLS_HOST"
-	ConsoleSecureTLSTemporaryRedirect            = "CONSOLE_SECURE_TLS_TEMPORARY_REDIRECT"
 	ConsoleSecureForceSTSHeader                  = "CONSOLE_SECURE_FORCE_STS_HEADER"
-	ConsoleSecurePublicKey                       = "CONSOLE_SECURE_PUBLIC_KEY"
 	ConsoleSecureReferrerPolicy                  = "CONSOLE_SECURE_REFERRER_POLICY"
 	ConsoleSecureFeaturePolicy                   = "CONSOLE_SECURE_FEATURE_POLICY"
-	ConsoleSecureExpectCTHeader                  = "CONSOLE_SECURE_EXPECT_CT_HEADER"
-	ConsoleOperatorSAToken                       = "CONSOLE_OPERATOR_SA_TOKEN"
-	ConsoleOperatorConsoleImage                  = "CONSOLE_OPERATOR_CONSOLE_IMAGE"
-	LogSearchURL                                 = "CONSOLE_LOG_QUERY_URL"
-	PrometheusURL                                = "CONSOLE_PROMETHEUS_URL"
+	ConsoleLogQueryURL                           = "CONSOLE_LOG_QUERY_URL"
+	ConsoleLogQueryAuthToken                     = "CONSOLE_LOG_QUERY_AUTH_TOKEN"
+	ConsoleMaxConcurrentUploads                  = "CONSOLE_MAX_CONCURRENT_UPLOADS"
+	ConsoleMaxConcurrentDownloads                = "CONSOLE_MAX_CONCURRENT_DOWNLOADS"
+	ConsoleDevMode                               = "CONSOLE_DEV_MODE"
+	ConsoleAnimatedLogin                         = "CONSOLE_ANIMATED_LOGIN"
+	ConsoleBrowserRedirectURL                    = "CONSOLE_BROWSER_REDIRECT_URL"
 	LogSearchQueryAuthToken                      = "LOGSEARCH_QUERY_AUTH_TOKEN"
-
-	// Constants for prometheus annotations
-	prometheusPath   = "prometheus.io/path"
-	prometheusPort   = "prometheus.io/port"
-	prometheusScrape = "prometheus.io/scrape"
-)
-
-// Image versions
-const (
-	KESImageVersion            = "minio/kes:v0.13.4"
-	ConsoleImageDefaultVersion = "minio/console:v0.6.0"
-)
-
-// K8s
-
-const (
-	OperatorSubnetLicenseSecretName = "subnet-license"
+	SlashSeparator                               = "/"
+	LocalAddress                                 = "127.0.0.1"
 )

api/custom-server.go

@@ -0,0 +1,556 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package api
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"os/signal"
+	"strconv"
+	"sync"
+	"sync/atomic"
+	"syscall"
+	"time"
+
+	"github.com/go-openapi/runtime/flagext"
+	"github.com/go-openapi/swag"
+	flags "github.com/jessevdk/go-flags"
+	"golang.org/x/net/netutil"
+
+	"github.com/minio/console/api/operations"
+)
+
+const (
+	schemeHTTP  = "http"
+	schemeHTTPS = "https"
+	schemeUnix  = "unix"
+)
+
+var defaultSchemes []string
+
+func init() {
+	defaultSchemes = []string{
+		schemeHTTP,
+	}
+}
+
+// NewServer creates a new api console server but does not configure it
+func NewServer(api *operations.ConsoleAPI) *Server {
+	s := new(Server)
+
+	s.shutdown = make(chan struct{})
+	s.api = api
+	s.interrupt = make(chan os.Signal, 1)
+	return s
+}
+
+// ConfigureAPI configures the API and handlers.
+func (s *Server) ConfigureAPI() {
+	if s.api != nil {
+		s.handler = configureAPI(s.api)
+	}
+}
+
+// ConfigureFlags configures the additional flags defined by the handlers. Needs to be called before the parser.Parse
+func (s *Server) ConfigureFlags() {
+	if s.api != nil {
+		configureFlags(s.api)
+	}
+}
+
+// Server for the console API
+type Server struct {
+	EnabledListeners []string         `long:"scheme" description:"the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec"`
+	CleanupTimeout   time.Duration    `long:"cleanup-timeout" description:"grace period for which to wait before killing idle connections" default:"10s"`
+	GracefulTimeout  time.Duration    `long:"graceful-timeout" description:"grace period for which to wait before shutting down the server" default:"15s"`
+	MaxHeaderSize    flagext.ByteSize `long:"max-header-size" description:"controls the maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body." default:"1MiB"`
+
+	SocketPath    flags.Filename `long:"socket-path" description:"the unix socket to listen on" default:"/var/run/console.sock"`
+	domainSocketL net.Listener
+
+	Host         string        `long:"host" description:"the IP to listen on" default:"localhost" env:"HOST"`
+	Port         int           `long:"port" description:"the port to listen on for insecure connections, defaults to a random value" env:"PORT"`
+	ListenLimit  int           `long:"listen-limit" description:"limit the number of outstanding requests"`
+	KeepAlive    time.Duration `long:"keep-alive" description:"sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)" default:"3m"`
+	ReadTimeout  time.Duration `long:"read-timeout" description:"maximum duration before timing out read of the request" default:"30s"`
+	WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"60s"`
+	httpServerL  []net.Listener
+
+	TLSHost           string         `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"`
+	TLSPort           int            `long:"tls-port" description:"the port to listen on for secure connections, defaults to a random value" env:"TLS_PORT"`
+	TLSCertificate    flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" env:"TLS_CERTIFICATE"`
+	TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" env:"TLS_PRIVATE_KEY"`
+	TLSCACertificate  flags.Filename `long:"tls-ca" description:"the certificate authority file to be used with mutual tls auth" env:"TLS_CA_CERTIFICATE"`
+	TLSListenLimit    int            `long:"tls-listen-limit" description:"limit the number of outstanding requests"`
+	TLSKeepAlive      time.Duration  `long:"tls-keep-alive" description:"sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)"`
+	TLSReadTimeout    time.Duration  `long:"tls-read-timeout" description:"maximum duration before timing out read of the request"`
+	TLSWriteTimeout   time.Duration  `long:"tls-write-timeout" description:"maximum duration before timing out write of the response"`
+	httpsServerL      []net.Listener
+
+	api          *operations.ConsoleAPI
+	handler      http.Handler
+	hasListeners bool
+	shutdown     chan struct{}
+	shuttingDown int32
+	interrupted  bool
+	interrupt    chan os.Signal
+}
+
+// Logf logs message either via defined user logger or via system one if no user logger is defined.
+func (s *Server) Logf(f string, args ...interface{}) {
+	if s.api != nil && s.api.Logger != nil {
+		s.api.Logger(f, args...)
+	} else {
+		log.Printf(f, args...)
+	}
+}
+
+// Fatalf logs message either via defined user logger or via system one if no user logger is defined.
+// Exits with non-zero status after printing
+func (s *Server) Fatalf(f string, args ...interface{}) {
+	if s.api != nil && s.api.Logger != nil {
+		s.api.Logger(f, args...)
+		os.Exit(1)
+	}
+	log.Fatalf(f, args...)
+}
+
+// SetAPI configures the server with the specified API. Needs to be called before Serve
+func (s *Server) SetAPI(api *operations.ConsoleAPI) {
+	if api == nil {
+		s.api = nil
+		s.handler = nil
+		return
+	}
+
+	s.api = api
+	s.handler = configureAPI(api)
+}
+
+func (s *Server) hasScheme(scheme string) bool {
+	schemes := s.EnabledListeners
+	if len(schemes) == 0 {
+		schemes = defaultSchemes
+	}
+
+	for _, v := range schemes {
+		if v == scheme {
+			return true
+		}
+	}
+	return false
+}
+
+// Serve the api
+func (s *Server) Serve() (err error) {
+	if !s.hasListeners {
+		if err = s.Listen(); err != nil {
+			return err
+		}
+	}
+
+	// set default handler, if none is set
+	if s.handler == nil {
+		if s.api == nil {
+			return errors.New("can't create the default handler, as no api is set")
+		}
+
+		s.SetHandler(s.api.Serve(nil))
+	}
+
+	wg := new(sync.WaitGroup)
+	once := new(sync.Once)
+	signalNotify(s.interrupt)
+	go handleInterrupt(once, s)
+
+	servers := []*http.Server{}
+
+	if s.hasScheme(schemeUnix) {
+		domainSocket := new(http.Server)
+		domainSocket.MaxHeaderBytes = int(s.MaxHeaderSize)
+		domainSocket.Handler = s.handler
+		if int64(s.CleanupTimeout) > 0 {
+			domainSocket.IdleTimeout = s.CleanupTimeout
+		}
+
+		configureServer(domainSocket, "unix", string(s.SocketPath))
+
+		servers = append(servers, domainSocket)
+		wg.Add(1)
+		s.Logf("Serving console at unix://%s", s.SocketPath)
+		go func(l net.Listener) {
+			defer wg.Done()
+			if err := domainSocket.Serve(l); err != nil && err != http.ErrServerClosed {
+				s.Fatalf("%v", err)
+			}
+			s.Logf("Stopped serving console at unix://%s", s.SocketPath)
+		}(s.domainSocketL)
+	}
+
+	if s.hasScheme(schemeHTTP) {
+		httpServer := new(http.Server)
+		httpServer.MaxHeaderBytes = int(s.MaxHeaderSize)
+		httpServer.ReadTimeout = s.ReadTimeout
+		httpServer.WriteTimeout = s.WriteTimeout
+		httpServer.SetKeepAlivesEnabled(int64(s.KeepAlive) > 0)
+		if s.ListenLimit > 0 {
+			for i := range s.httpServerL {
+				s.httpServerL[i] = netutil.LimitListener(s.httpServerL[i], s.ListenLimit)
+			}
+		}
+
+		if int64(s.CleanupTimeout) > 0 {
+			httpServer.IdleTimeout = s.CleanupTimeout
+		}
+
+		httpServer.Handler = s.handler
+
+		configureServer(httpServer, "http", s.httpServerL[0].Addr().String())
+
+		servers = append(servers, httpServer)
+		s.Logf("Serving console at http://%s", s.httpServerL[0].Addr())
+		for i := range s.httpServerL {
+			wg.Add(1)
+			go func(l net.Listener) {
+				defer wg.Done()
+				if err := httpServer.Serve(l); err != nil && err != http.ErrServerClosed {
+					s.Fatalf("%v", err)
+				}
+				s.Logf("Stopped serving console at http://%s", l.Addr())
+			}(s.httpServerL[i])
+		}
+	}
+
+	if s.hasScheme(schemeHTTPS) {
+		httpsServer := new(http.Server)
+		httpsServer.MaxHeaderBytes = int(s.MaxHeaderSize)
+		httpsServer.ReadTimeout = s.TLSReadTimeout
+		httpsServer.WriteTimeout = s.TLSWriteTimeout
+		httpsServer.SetKeepAlivesEnabled(int64(s.TLSKeepAlive) > 0)
+		if s.TLSListenLimit > 0 {
+			for i := range s.httpsServerL {
+				s.httpsServerL[i] = netutil.LimitListener(s.httpsServerL[i], s.TLSListenLimit)
+			}
+		}
+		if int64(s.CleanupTimeout) > 0 {
+			httpsServer.IdleTimeout = s.CleanupTimeout
+		}
+		httpsServer.Handler = s.handler
+
+		// Inspired by https://blog.bracebin.com/achieving-perfect-ssl-labs-score-with-go
+		httpsServer.TLSConfig = &tls.Config{
+			// Causes servers to use Go's default ciphersuite preferences,
+			// which are tuned to avoid attacks. Does nothing on clients.
+			PreferServerCipherSuites: true,
+			// Only use curves which have assembly implementations
+			// https://github.com/golang/go/tree/master/src/crypto/elliptic
+			CurvePreferences: []tls.CurveID{tls.CurveP256},
+			// Use modern tls mode https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+			NextProtos: []string{"h2", "http/1.1"},
+			// https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Protocols
+			MinVersion: tls.VersionTLS12,
+			// These ciphersuites support Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy
+			CipherSuites: []uint16{
+				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+				tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			},
+		}
+
+		// build standard config from server options
+		if s.TLSCertificate != "" && s.TLSCertificateKey != "" {
+			httpsServer.TLSConfig.Certificates = make([]tls.Certificate, 1)
+			httpsServer.TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(string(s.TLSCertificate), string(s.TLSCertificateKey))
+			if err != nil {
+				return err
+			}
+		}
+
+		if s.TLSCACertificate != "" {
+			// include specified CA certificate
+			caCert, caCertErr := os.ReadFile(string(s.TLSCACertificate))
+			if caCertErr != nil {
+				return caCertErr
+			}
+			caCertPool := x509.NewCertPool()
+			ok := caCertPool.AppendCertsFromPEM(caCert)
+			if !ok {
+				return fmt.Errorf("cannot parse CA certificate")
+			}
+			httpsServer.TLSConfig.ClientCAs = caCertPool
+			httpsServer.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert
+		}
+
+		// call custom TLS configurator
+		configureTLS(httpsServer.TLSConfig)
+
+		if len(httpsServer.TLSConfig.Certificates) == 0 && httpsServer.TLSConfig.GetCertificate == nil {
+			// after standard and custom config are passed, this ends up with no certificate
+			if s.TLSCertificate == "" {
+				if s.TLSCertificateKey == "" {
+					s.Fatalf("the required flags `--tls-certificate` and `--tls-key` were not specified")
+				}
+				s.Fatalf("the required flag `--tls-certificate` was not specified")
+			}
+			if s.TLSCertificateKey == "" {
+				s.Fatalf("the required flag `--tls-key` was not specified")
+			}
+			// this happens with a wrong custom TLS configurator
+			s.Fatalf("no certificate was configured for TLS")
+		}
+
+		configureServer(httpsServer, "https", s.httpsServerL[0].Addr().String())
+
+		servers = append(servers, httpsServer)
+		s.Logf("Serving console at https://%s", s.httpsServerL[0].Addr())
+		for i := range s.httpsServerL {
+			wg.Add(1)
+			go func(l net.Listener) {
+				defer wg.Done()
+				if err := httpsServer.Serve(l); err != nil && err != http.ErrServerClosed {
+					s.Fatalf("%v", err)
+				}
+				s.Logf("Stopped serving console at https://%s", l.Addr())
+			}(tls.NewListener(s.httpsServerL[i], httpsServer.TLSConfig))
+		}
+	}
+
+	wg.Add(1)
+	go s.handleShutdown(wg, &servers)
+
+	wg.Wait()
+	return nil
+}
+
+// Listen creates the listeners for the server
+func (s *Server) Listen() error {
+	if s.hasListeners { // already done this
+		return nil
+	}
+
+	if s.hasScheme(schemeHTTPS) {
+		// Use http host if https host wasn't defined
+		if s.TLSHost == "" {
+			s.TLSHost = s.Host
+		}
+		// Use http listen limit if https listen limit wasn't defined
+		if s.TLSListenLimit == 0 {
+			s.TLSListenLimit = s.ListenLimit
+		}
+		// Use http tcp keep alive if https tcp keep alive wasn't defined
+		if int64(s.TLSKeepAlive) == 0 {
+			s.TLSKeepAlive = s.KeepAlive
+		}
+		// Use http read timeout if https read timeout wasn't defined
+		if int64(s.TLSReadTimeout) == 0 {
+			s.TLSReadTimeout = s.ReadTimeout
+		}
+		// Use http write timeout if https write timeout wasn't defined
+		if int64(s.TLSWriteTimeout) == 0 {
+			s.TLSWriteTimeout = s.WriteTimeout
+		}
+	}
+
+	if s.hasScheme(schemeUnix) {
+		domSockListener, err := net.Listen("unix", string(s.SocketPath))
+		if err != nil {
+			return err
+		}
+		s.domainSocketL = domSockListener
+	}
+
+	lookup := func(addr string) []net.IP {
+		ips, err := net.LookupIP(addr)
+		if err == nil {
+			return ips
+		}
+		return []net.IP{net.ParseIP(addr)}
+	}
+
+	convert := func(ip net.IP) (string, string) {
+		if ip == nil {
+			return "", "tcp"
+		}
+		proto := "tcp4"
+		if ip.To4() == nil {
+			proto = "tcp6"
+		}
+		return ip.String(), proto
+	}
+
+	if s.hasScheme(schemeHTTP) {
+		for _, ip := range lookup(s.Host) {
+			host, proto := convert(ip)
+			listener, err := net.Listen(proto, net.JoinHostPort(host, strconv.Itoa(s.Port)))
+			if err != nil {
+				return err
+			}
+			if s.Host == "" || s.Port == 0 {
+				h, p, err := swag.SplitHostPort(listener.Addr().String())
+				if err != nil {
+					return err
+				}
+				s.Host = h
+				s.Port = p
+			}
+			s.httpServerL = append(s.httpServerL, listener)
+		}
+	}
+
+	if s.hasScheme(schemeHTTPS) {
+		for _, ip := range lookup(s.TLSHost) {
+			host, proto := convert(ip)
+			tlsListener, err := net.Listen(proto, net.JoinHostPort(host, strconv.Itoa(s.TLSPort)))
+			if err != nil {
+				return err
+			}
+			if s.TLSHost == "" || s.TLSPort == 0 {
+				sh, sp, err := swag.SplitHostPort(tlsListener.Addr().String())
+				if err != nil {
+					return err
+				}
+				s.TLSHost = sh
+				s.TLSPort = sp
+			}
+			s.httpsServerL = append(s.httpsServerL, tlsListener)
+		}
+	}
+
+	s.hasListeners = true
+	return nil
+}
+
+// Shutdown server and clean up resources
+func (s *Server) Shutdown() error {
+	if atomic.CompareAndSwapInt32(&s.shuttingDown, 0, 1) {
+		close(s.shutdown)
+	}
+	return nil
+}
+
+func (s *Server) handleShutdown(wg *sync.WaitGroup, serversPtr *[]*http.Server) {
+	// wg.Done must occur last, after s.api.ServerShutdown()
+	// (to preserve old behavior)
+	defer wg.Done()
+
+	<-s.shutdown
+
+	servers := *serversPtr
+
+	ctx, cancel := context.WithTimeout(context.TODO(), s.GracefulTimeout)
+	defer cancel()
+
+	// first execute the pre-shutdown hook
+	s.api.PreServerShutdown()
+
+	shutdownChan := make(chan bool)
+	for i := range servers {
+		server := servers[i]
+		go func() {
+			var success bool
+			defer func() {
+				shutdownChan <- success
+			}()
+			if err := server.Shutdown(ctx); err != nil {
+				// Error from closing listeners, or context timeout:
+				s.Logf("HTTP server Shutdown: %v", err)
+			} else {
+				success = true
+			}
+		}()
+	}
+
+	// Wait until all listeners have successfully shut down before calling ServerShutdown
+	success := true
+	for range servers {
+		success = success && <-shutdownChan
+	}
+	if success {
+		s.api.ServerShutdown()
+	}
+}
+
+// GetHandler returns a handler useful for testing
+func (s *Server) GetHandler() http.Handler {
+	return s.handler
+}
+
+// SetHandler allows for setting a http handler on this server
+func (s *Server) SetHandler(handler http.Handler) {
+	s.handler = handler
+}
+
+// UnixListener returns the domain socket listener
+func (s *Server) UnixListener() (net.Listener, error) {
+	if !s.hasListeners {
+		if err := s.Listen(); err != nil {
+			return nil, err
+		}
+	}
+	return s.domainSocketL, nil
+}
+
+// HTTPListener returns the http listener
+func (s *Server) HTTPListener() ([]net.Listener, error) {
+	if !s.hasListeners {
+		if err := s.Listen(); err != nil {
+			return nil, err
+		}
+	}
+	return s.httpServerL, nil
+}
+
+// TLSListener returns the https listener
+func (s *Server) TLSListener() ([]net.Listener, error) {
+	if !s.hasListeners {
+		if err := s.Listen(); err != nil {
+			return nil, err
+		}
+	}
+	return s.httpsServerL, nil
+}
+
+func handleInterrupt(once *sync.Once, s *Server) {
+	once.Do(func() {
+		for range s.interrupt {
+			if s.interrupted {
+				s.Logf("Server already shutting down")
+				continue
+			}
+			s.interrupted = true
+			s.Logf("Shutting down... ")
+			if err := s.Shutdown(); err != nil {
+				s.Logf("HTTP server Shutdown: %v", err)
+			}
+		}
+	})
+}
+
+func signalNotify(interrupt chan<- os.Signal) {
+	signal.Notify(interrupt, syscall.SIGINT, syscall.SIGTERM)
+}

api/doc.go

@@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -16,22 +16,22 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-// Package restapi MinIO Console Server
+// Package api MinIO Console Server
 //
-//  Schemes:
-//    http
-//    ws
-//  Host: localhost
-//  BasePath: /api/v1
-//  Version: 0.1.0
+//	Schemes:
+//	  http
+//	  ws
+//	Host: localhost
+//	BasePath: /api/v1
+//	Version: 0.1.0
 //
-//  Consumes:
-//    - application/json
-//    - multipart/form-data
+//	Consumes:
+//	  - application/json
+//	  - multipart/form-data
 //
-//  Produces:
-//    - application/octet-stream
-//    - application/json
+//	Produces:
+//	  - application/octet-stream
+//	  - application/json
 //
 // swagger:meta
-package restapi
+package api

api/errors.go

@@ -0,0 +1,279 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"context"
+	"errors"
+	"strings"
+
+	"github.com/minio/minio-go/v7"
+
+	"github.com/minio/console/models"
+	"github.com/minio/madmin-go/v3"
+)
+
+var (
+	ErrDefault                          = errors.New("an error occurred, please try again")
+	ErrInvalidLogin                     = errors.New("invalid login")
+	ErrForbidden                        = errors.New("403 Forbidden")
+	ErrBadRequest                       = errors.New("400 Bad Request")
+	ErrFileTooLarge                     = errors.New("413 File too Large")
+	ErrInvalidSession                   = errors.New("invalid session")
+	ErrNotFound                         = errors.New("not found")
+	ErrGroupAlreadyExists               = errors.New("error group name already in use")
+	ErrInvalidErasureCodingValue        = errors.New("invalid Erasure Coding Value")
+	ErrBucketBodyNotInRequest           = errors.New("error bucket body not in request")
+	ErrBucketNameNotInRequest           = errors.New("error bucket name not in request")
+	ErrGroupBodyNotInRequest            = errors.New("error group body not in request")
+	ErrGroupNameNotInRequest            = errors.New("error group name not in request")
+	ErrPolicyNameNotInRequest           = errors.New("error policy name not in request")
+	ErrPolicyBodyNotInRequest           = errors.New("error policy body not in request")
+	ErrInvalidEncryptionAlgorithm       = errors.New("error invalid encryption algorithm")
+	ErrSSENotConfigured                 = errors.New("error server side encryption configuration not found")
+	ErrBucketLifeCycleNotConfigured     = errors.New("error bucket life cycle configuration not found")
+	ErrChangePassword                   = errors.New("error please check your current password")
+	ErrInvalidLicense                   = errors.New("invalid license key")
+	ErrLicenseNotFound                  = errors.New("license not found")
+	ErrAvoidSelfAccountDelete           = errors.New("logged in user cannot be deleted by itself")
+	ErrAccessDenied                     = errors.New("access denied")
+	ErrOauth2Provider                   = errors.New("unable to contact configured identity provider")
+	ErrOauth2Login                      = errors.New("unable to login using configured identity provider")
+	ErrNonUniqueAccessKey               = errors.New("access key already in use")
+	ErrRemoteTierExists                 = errors.New("specified remote tier already exists")
+	ErrRemoteTierNotFound               = errors.New("specified remote tier was not found")
+	ErrRemoteTierUppercase              = errors.New("tier name must be in uppercase")
+	ErrRemoteTierBucketNotFound         = errors.New("remote tier bucket not found")
+	ErrRemoteInvalidCredentials         = errors.New("invalid remote tier credentials")
+	ErrUnableToGetTenantUsage           = errors.New("unable to get tenant usage")
+	ErrTooManyNodes                     = errors.New("cannot request more nodes than what is available in the cluster")
+	ErrTooFewNodes                      = errors.New("there are not enough nodes in the cluster to support this tenant")
+	ErrTooFewAvailableNodes             = errors.New("there is not enough available nodes to satisfy this requirement")
+	ErrFewerThanFourNodes               = errors.New("at least 4 nodes are required for a tenant")
+	ErrUnableToGetTenantLogs            = errors.New("unable to get tenant logs")
+	ErrUnableToUpdateTenantCertificates = errors.New("unable to update tenant certificates")
+	ErrUpdatingEncryptionConfig         = errors.New("unable to update encryption configuration")
+	ErrDeletingEncryptionConfig         = errors.New("error disabling tenant encryption")
+	ErrEncryptionConfigNotFound         = errors.New("encryption configuration not found")
+	ErrPolicyNotFound                   = errors.New("policy does not exist")
+	ErrLoginNotAllowed                  = errors.New("login not allowed")
+	ErrHealthReportFail                 = errors.New("failure to generate Health report")
+	ErrNetworkError                     = errors.New("unable to login due to network error")
+)
+
+type CodedAPIError struct {
+	Code     int
+	APIError *models.APIError
+}
+
+// ErrorWithContext :
+func ErrorWithContext(ctx context.Context, err ...interface{}) *CodedAPIError {
+	errorCode := 500
+	errorMessage := ErrDefault.Error()
+	var detailedMessage string
+	var err1 error
+	var exists bool
+	if len(err) > 0 {
+		if err1, exists = err[0].(error); exists {
+			detailedMessage = err1.Error()
+			var lastError error
+			if len(err) > 1 {
+				if err2, lastExists := err[1].(error); lastExists {
+					lastError = err2
+				}
+			}
+			if err1.Error() == ErrForbidden.Error() {
+				errorCode = 403
+			}
+			if err1.Error() == ErrBadRequest.Error() {
+				errorCode = 400
+			}
+			if err1 == ErrNotFound {
+				errorCode = 404
+				errorMessage = ErrNotFound.Error()
+			}
+			if errors.Is(err1, ErrInvalidLogin) {
+				detailedMessage = ""
+				errorCode = 401
+				errorMessage = ErrInvalidLogin.Error()
+			}
+			if errors.Is(err1, ErrNetworkError) {
+				detailedMessage = ""
+				errorCode = 503
+				errorMessage = ErrNetworkError.Error()
+			}
+			if strings.Contains(strings.ToLower(err1.Error()), ErrAccessDenied.Error()) {
+				errorCode = 403
+				errorMessage = err1.Error()
+			}
+			// If the last error is ErrInvalidLogin, this is a login failure
+			if errors.Is(lastError, ErrInvalidLogin) {
+				detailedMessage = ""
+				errorCode = 401
+				errorMessage = err1.Error()
+			}
+			if strings.Contains(err1.Error(), ErrLoginNotAllowed.Error()) {
+				detailedMessage = ""
+				errorCode = 400
+				errorMessage = ErrLoginNotAllowed.Error()
+			}
+			// console invalid erasure coding value
+			if errors.Is(err1, ErrInvalidErasureCodingValue) {
+				errorCode = 400
+				errorMessage = ErrInvalidErasureCodingValue.Error()
+			}
+			if errors.Is(err1, ErrBucketBodyNotInRequest) {
+				errorCode = 400
+				errorMessage = ErrBucketBodyNotInRequest.Error()
+			}
+			if errors.Is(err1, ErrBucketNameNotInRequest) {
+				errorCode = 400
+				errorMessage = ErrBucketNameNotInRequest.Error()
+			}
+			if errors.Is(err1, ErrGroupBodyNotInRequest) {
+				errorCode = 400
+				errorMessage = ErrGroupBodyNotInRequest.Error()
+			}
+			if errors.Is(err1, ErrGroupNameNotInRequest) {
+				errorCode = 400
+				errorMessage = ErrGroupNameNotInRequest.Error()
+			}
+			if errors.Is(err1, ErrPolicyNameNotInRequest) {
+				errorCode = 400
+				errorMessage = ErrPolicyNameNotInRequest.Error()
+			}
+			if errors.Is(err1, ErrPolicyBodyNotInRequest) {
+				errorCode = 400
+				errorMessage = ErrPolicyBodyNotInRequest.Error()
+			}
+			// console invalid session errors
+			if errors.Is(err1, ErrInvalidSession) {
+				errorCode = 401
+				errorMessage = ErrInvalidSession.Error()
+			}
+			if errors.Is(err1, ErrGroupAlreadyExists) {
+				errorCode = 400
+				errorMessage = ErrGroupAlreadyExists.Error()
+			}
+			// Bucket life cycle not configured
+			if errors.Is(err1, ErrBucketLifeCycleNotConfigured) {
+				errorCode = 404
+				errorMessage = ErrBucketLifeCycleNotConfigured.Error()
+			}
+			// Encryption not configured
+			if errors.Is(err1, ErrSSENotConfigured) {
+				errorCode = 404
+				errorMessage = ErrSSENotConfigured.Error()
+			}
+			if errors.Is(err1, ErrEncryptionConfigNotFound) {
+				errorCode = 404
+				errorMessage = err1.Error()
+			}
+			// account change password
+			if errors.Is(err1, ErrChangePassword) {
+				errorCode = 403
+				errorMessage = ErrChangePassword.Error()
+			}
+			if madmin.ToErrorResponse(err1).Code == "SignatureDoesNotMatch" {
+				errorCode = 403
+				errorMessage = ErrChangePassword.Error()
+			}
+			if errors.Is(err1, ErrLicenseNotFound) {
+				errorCode = 404
+				errorMessage = ErrLicenseNotFound.Error()
+			}
+			if errors.Is(err1, ErrInvalidLicense) {
+				errorCode = 404
+				errorMessage = ErrInvalidLicense.Error()
+			}
+			if errors.Is(err1, ErrAvoidSelfAccountDelete) {
+				errorCode = 403
+				errorMessage = ErrAvoidSelfAccountDelete.Error()
+			}
+			if errors.Is(err1, ErrAccessDenied) {
+				errorCode = 403
+				errorMessage = ErrAccessDenied.Error()
+			}
+			if errors.Is(err1, ErrPolicyNotFound) {
+				errorCode = 404
+				errorMessage = ErrPolicyNotFound.Error()
+			}
+			if madmin.ToErrorResponse(err1).Code == "AccessDenied" {
+				errorCode = 403
+				errorMessage = ErrAccessDenied.Error()
+			}
+			if madmin.ToErrorResponse(err1).Code == "InvalidAccessKeyId" {
+
+				errorCode = 401
+				errorMessage = ErrInvalidSession.Error()
+			}
+			// console invalid session errors
+			if madmin.ToErrorResponse(err1).Code == "XMinioAdminNoSuchUser" {
+				errorCode = 401
+				errorMessage = ErrInvalidSession.Error()
+			}
+			// tiering errors
+			if err1.Error() == ErrRemoteTierExists.Error() {
+				errorCode = 400
+				errorMessage = err1.Error()
+			}
+			if err1.Error() == ErrRemoteTierNotFound.Error() {
+				errorCode = 400
+				errorMessage = err1.Error()
+			}
+
+			if err1.Error() == ErrRemoteTierUppercase.Error() {
+				errorCode = 400
+				errorMessage = err1.Error()
+			}
+			if err1.Error() == ErrRemoteTierBucketNotFound.Error() {
+				errorCode = 400
+				errorMessage = err1.Error()
+			}
+			if err1.Error() == ErrRemoteInvalidCredentials.Error() {
+				errorCode = 403
+				errorMessage = err1.Error()
+			}
+			if err1.Error() == ErrFileTooLarge.Error() {
+				errorCode = 413
+				errorMessage = err1.Error()
+			}
+			// bucket already exists
+			if minio.ToErrorResponse(err1).Code == "BucketAlreadyOwnedByYou" {
+				errorCode = 400
+				errorMessage = "Bucket already exists"
+			}
+
+			LogError("ErrorWithContext:%v", err...)
+			LogIf(ctx, err1, err...)
+		}
+
+		if len(err) > 1 && err[1] != nil {
+			if err2, ok := err[1].(error); ok {
+				errorMessage = err2.Error()
+			}
+		}
+	}
+	return &CodedAPIError{Code: errorCode, APIError: &models.APIError{Message: errorMessage, DetailedMessage: detailedMessage}}
+}
+
+// Error receives an errors object and parse it against k8sErrors, returns the right errors code paired with a generic errors message
+func Error(err ...interface{}) *CodedAPIError {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	return ErrorWithContext(ctx, err...)
+}

api/errors_test.go

@@ -0,0 +1,158 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/minio/console/models"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestError(t *testing.T) {
+	type args struct {
+		err []interface{}
+	}
+
+	type testError struct {
+		name string
+		args args
+		want *CodedAPIError
+	}
+
+	var tests []testError
+
+	type expectedError struct {
+		err  error
+		code int
+	}
+
+	appErrors := map[string]expectedError{
+		"ErrDefault": {code: 500, err: ErrDefault},
+
+		"ErrForbidden":                  {code: 403, err: ErrForbidden},
+		"ErrFileTooLarge":               {code: 413, err: ErrFileTooLarge},
+		"ErrInvalidSession":             {code: 401, err: ErrInvalidSession},
+		"ErrNotFound":                   {code: 404, err: ErrNotFound},
+		"ErrGroupAlreadyExists":         {code: 400, err: ErrGroupAlreadyExists},
+		"ErrInvalidErasureCodingValue":  {code: 400, err: ErrInvalidErasureCodingValue},
+		"ErrBucketBodyNotInRequest":     {code: 400, err: ErrBucketBodyNotInRequest},
+		"ErrBucketNameNotInRequest":     {code: 400, err: ErrBucketNameNotInRequest},
+		"ErrGroupBodyNotInRequest":      {code: 400, err: ErrGroupBodyNotInRequest},
+		"ErrGroupNameNotInRequest":      {code: 400, err: ErrGroupNameNotInRequest},
+		"ErrPolicyNameNotInRequest":     {code: 400, err: ErrPolicyNameNotInRequest},
+		"ErrPolicyBodyNotInRequest":     {code: 400, err: ErrPolicyBodyNotInRequest},
+		"ErrInvalidEncryptionAlgorithm": {code: 500, err: ErrInvalidEncryptionAlgorithm},
+		"ErrSSENotConfigured":           {code: 404, err: ErrSSENotConfigured},
+		"ErrChangePassword":             {code: 403, err: ErrChangePassword},
+		"ErrInvalidLicense":             {code: 404, err: ErrInvalidLicense},
+		"ErrLicenseNotFound":            {code: 404, err: ErrLicenseNotFound},
+		"ErrAvoidSelfAccountDelete":     {code: 403, err: ErrAvoidSelfAccountDelete},
+
+		"ErrNonUniqueAccessKey":               {code: 500, err: ErrNonUniqueAccessKey},
+		"ErrRemoteTierExists":                 {code: 400, err: ErrRemoteTierExists},
+		"ErrRemoteTierNotFound":               {code: 400, err: ErrRemoteTierNotFound},
+		"ErrRemoteTierUppercase":              {code: 400, err: ErrRemoteTierUppercase},
+		"ErrRemoteTierBucketNotFound":         {code: 400, err: ErrRemoteTierBucketNotFound},
+		"ErrRemoteInvalidCredentials":         {code: 403, err: ErrRemoteInvalidCredentials},
+		"ErrTooFewNodes":                      {code: 500, err: ErrTooFewNodes},
+		"ErrUnableToGetTenantUsage":           {code: 500, err: ErrUnableToGetTenantUsage},
+		"ErrTooManyNodes":                     {code: 500, err: ErrTooManyNodes},
+		"ErrAccessDenied":                     {code: 403, err: ErrAccessDenied},
+		"ErrTooFewAvailableNodes":             {code: 500, err: ErrTooFewAvailableNodes},
+		"ErrFewerThanFourNodes":               {code: 500, err: ErrFewerThanFourNodes},
+		"ErrUnableToGetTenantLogs":            {code: 500, err: ErrUnableToGetTenantLogs},
+		"ErrUnableToUpdateTenantCertificates": {code: 500, err: ErrUnableToUpdateTenantCertificates},
+		"ErrUpdatingEncryptionConfig":         {code: 500, err: ErrUpdatingEncryptionConfig},
+		"ErrDeletingEncryptionConfig":         {code: 500, err: ErrDeletingEncryptionConfig},
+		"ErrEncryptionConfigNotFound":         {code: 404, err: ErrEncryptionConfigNotFound},
+	}
+
+	for k, e := range appErrors {
+		tests = append(tests, testError{
+			name: fmt.Sprintf("%s error", k),
+			args: args{
+				err: []interface{}{e.err},
+			},
+			want: &CodedAPIError{
+				Code:     e.code,
+				APIError: &models.APIError{Message: e.err.Error(), DetailedMessage: e.err.Error()},
+			},
+		})
+	}
+
+	tests = append(tests,
+		testError{
+			name: "passing multiple errors but ErrInvalidLogin is last",
+			args: args{
+				err: []interface{}{ErrDefault, ErrInvalidLogin},
+			},
+			want: &CodedAPIError{
+				Code:     int(401),
+				APIError: &models.APIError{Message: ErrDefault.Error(), DetailedMessage: ""},
+			},
+		})
+	tests = append(tests,
+		testError{
+			name: "login error omits detailedMessage",
+			args: args{
+				err: []interface{}{ErrInvalidLogin},
+			},
+			want: &CodedAPIError{
+				Code:     int(401),
+				APIError: &models.APIError{Message: ErrInvalidLogin.Error(), DetailedMessage: ""},
+			},
+		})
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			got := Error(tt.args.err...)
+			assert.Equalf(t, tt.want.Code, got.Code, "Error(%v) Got (%v)", tt.want.Code, got.Code)
+			assert.Equalf(t, tt.want.APIError.DetailedMessage, got.APIError.DetailedMessage, "Error(%s) Got (%s)", tt.want.APIError.DetailedMessage, got.APIError.DetailedMessage)
+		})
+	}
+}
+
+func TestErrorWithContext(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		err []interface{}
+	}
+	tests := []struct {
+		name string
+		args args
+		want *CodedAPIError
+	}{
+		{
+			name: "default error",
+			args: args{
+				ctx: context.Background(),
+				err: []interface{}{ErrDefault},
+			},
+			want: &CodedAPIError{
+				Code: 500, APIError: &models.APIError{Message: ErrDefault.Error(), DetailedMessage: ErrDefault.Error()},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			assert.Equalf(t, tt.want, ErrorWithContext(tt.args.ctx, tt.args.err...), "ErrorWithContext(%v, %v)", tt.args.ctx, tt.args.err)
+		})
+	}
+}

api/logs.go

@@ -0,0 +1,83 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package api
+
+import (
+	"context"
+	"errors"
+	"log"
+	"os"
+
+	"github.com/minio/cli"
+)
+
+var (
+	infoLog  = log.New(os.Stdout, "I: ", log.LstdFlags)
+	errorLog = log.New(os.Stdout, "E: ", log.LstdFlags)
+)
+
+func logInfo(msg string, data ...interface{}) {
+	infoLog.Printf(msg+"\n", data...)
+}
+
+func logError(msg string, data ...interface{}) {
+	errorLog.Printf(msg+"\n", data...)
+}
+
+func logIf(_ context.Context, _ error, _ ...interface{}) {
+}
+
+// globally changeable logger styles
+var (
+	LogInfo  = logInfo
+	LogError = logError
+	LogIf    = logIf
+)
+
+// Context captures all command line flags values
+type Context struct {
+	Host                string
+	HTTPPort, HTTPSPort int
+	TLSRedirect         string
+	// Legacy options, TODO: remove in future
+	TLSCertificate, TLSKey, TLSca string
+}
+
+// Load loads api Context from command line context.
+func (c *Context) Load(ctx *cli.Context) error {
+	*c = Context{
+		Host:        ctx.String("host"),
+		HTTPPort:    ctx.Int("port"),
+		HTTPSPort:   ctx.Int("tls-port"),
+		TLSRedirect: ctx.String("tls-redirect"),
+		// Legacy options to be removed.
+		TLSCertificate: ctx.String("tls-certificate"),
+		TLSKey:         ctx.String("tls-key"),
+		TLSca:          ctx.String("tls-ca"),
+	}
+	if c.HTTPPort > 65535 {
+		return errors.New("invalid argument --port out of range - ports can range from 1-65535")
+	}
+	if c.HTTPSPort > 65535 {
+		return errors.New("invalid argument --tls-port out of range - ports can range from 1-65535")
+	}
+	if c.TLSRedirect != "on" && c.TLSRedirect != "off" {
+		return errors.New("invalid argument --tls-redirect only accepts either 'on' or 'off'")
+	}
+	return nil
+}

api/logs_test.go

@@ -0,0 +1,110 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"flag"
+	"fmt"
+	"testing"
+
+	"github.com/minio/cli"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestContext_Load(t *testing.T) {
+	type fields struct {
+		Host           string
+		HTTPPort       int
+		HTTPSPort      int
+		TLSRedirect    string
+		TLSCertificate string
+		TLSKey         string
+		TLSca          string
+	}
+	type args struct {
+		values map[string]string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "valid args",
+			args: args{
+				values: map[string]string{
+					"tls-redirect": "on",
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "invalid args",
+			args: args{
+				values: map[string]string{
+					"tls-redirect": "aaaa",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "invalid port http",
+			args: args{
+				values: map[string]string{
+					"tls-redirect": "on",
+					"port":         "65536",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "invalid port https",
+			args: args{
+				values: map[string]string{
+					"tls-redirect": "on",
+					"port":         "65534",
+					"tls-port":     "65536",
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(_ *testing.T) {
+			c := &Context{}
+
+			fs := flag.NewFlagSet("flags", flag.ContinueOnError)
+			for k, v := range tt.args.values {
+				fs.String(k, v, "ok")
+			}
+
+			ctx := cli.NewContext(nil, fs, &cli.Context{})
+
+			err := c.Load(ctx)
+			if tt.wantErr {
+				assert.NotNilf(t, err, fmt.Sprintf("Load(%v)", err))
+			} else {
+				assert.Nilf(t, err, fmt.Sprintf("Load(%v)", err))
+			}
+		})
+	}
+}
+
+func Test_logInfo(_ *testing.T) {
+	logInfo("message", nil)
+}

api/operations/auth/login.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,10 +46,10 @@ func NewLogin(ctx *middleware.Context, handler LoginHandler) *Login {
 	return &Login{Context: ctx, Handler: handler}
 }
 
-/*Login swagger:route POST /login UserAPI login
+/*
+	Login swagger:route POST /login Auth login
 
 Login to Console
-
 */
 type Login struct {
 	Context *middleware.Context
@@ -59,17 +59,15 @@ type Login struct {
 func (o *Login) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewLoginParams()
-
 	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 
 	res := o.Handler.Handle(Params) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/auth/login_detail.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,10 +46,10 @@ func NewLoginDetail(ctx *middleware.Context, handler LoginDetailHandler) *LoginD
 	return &LoginDetail{Context: ctx, Handler: handler}
 }
 
-/*LoginDetail swagger:route GET /login UserAPI loginDetail
+/*
+	LoginDetail swagger:route GET /login Auth loginDetail
 
 Returns login strategy, form or sso.
-
 */
 type LoginDetail struct {
 	Context *middleware.Context
@@ -59,17 +59,15 @@ type LoginDetail struct {
 func (o *LoginDetail) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewLoginDetailParams()
-
 	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 
 	res := o.Handler.Handle(Params) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/auth/login_detail_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,7 +30,8 @@ import (
 )
 
 // NewLoginDetailParams creates a new LoginDetailParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewLoginDetailParams() LoginDetailParams {
 
 	return LoginDetailParams{}

api/operations/auth/login_detail_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // LoginDetailOKCode is the HTTP code returned for type LoginDetailOK
 const LoginDetailOKCode int = 200
 
-/*LoginDetailOK A successful response.
+/*
+LoginDetailOK A successful response.
 
 swagger:response loginDetailOK
 */
@@ -74,7 +75,8 @@ func (o *LoginDetailOK) WriteResponse(rw http.ResponseWriter, producer runtime.P
 	}
 }
 
-/*LoginDetailDefault Generic error response.
+/*
+LoginDetailDefault Generic error response.
 
 swagger:response loginDetailDefault
 */
@@ -84,7 +86,7 @@ type LoginDetailDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewLoginDetailDefault creates LoginDetailDefault with default headers values
@@ -110,13 +112,13 @@ func (o *LoginDetailDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the login detail default response
-func (o *LoginDetailDefault) WithPayload(payload *models.Error) *LoginDetailDefault {
+func (o *LoginDetailDefault) WithPayload(payload *models.APIError) *LoginDetailDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the login detail default response
-func (o *LoginDetailDefault) SetPayload(payload *models.Error) {
+func (o *LoginDetailDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/auth/login_detail_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/auth/login_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,12 +29,14 @@ import (
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
 
 	"github.com/minio/console/models"
 )
 
 // NewLoginParams creates a new LoginParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewLoginParams() LoginParams {
 
 	return LoginParams{}
@@ -80,6 +82,11 @@ func (o *LoginParams) BindRequest(r *http.Request, route *middleware.MatchedRout
 				res = append(res, err)
 			}
 
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
 			if len(res) == 0 {
 				o.Body = &body
 			}

api/operations/auth/login_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,51 +30,33 @@ import (
 	"github.com/minio/console/models"
 )
 
-// LoginCreatedCode is the HTTP code returned for type LoginCreated
-const LoginCreatedCode int = 201
+// LoginNoContentCode is the HTTP code returned for type LoginNoContent
+const LoginNoContentCode int = 204
 
-/*LoginCreated A successful login.
+/*
+LoginNoContent A successful login.
 
-swagger:response loginCreated
+swagger:response loginNoContent
 */
-type LoginCreated struct {
-
-	/*
-	  In: Body
-	*/
-	Payload *models.LoginResponse `json:"body,omitempty"`
+type LoginNoContent struct {
 }
 
-// NewLoginCreated creates LoginCreated with default headers values
-func NewLoginCreated() *LoginCreated {
+// NewLoginNoContent creates LoginNoContent with default headers values
+func NewLoginNoContent() *LoginNoContent {
 
-	return &LoginCreated{}
-}
-
-// WithPayload adds the payload to the login created response
-func (o *LoginCreated) WithPayload(payload *models.LoginResponse) *LoginCreated {
-	o.Payload = payload
-	return o
-}
-
-// SetPayload sets the payload to the login created response
-func (o *LoginCreated) SetPayload(payload *models.LoginResponse) {
-	o.Payload = payload
+	return &LoginNoContent{}
 }
 
 // WriteResponse to the client
-func (o *LoginCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *LoginNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 
-	rw.WriteHeader(201)
-	if o.Payload != nil {
-		payload := o.Payload
-		if err := producer.Produce(rw, payload); err != nil {
-			panic(err) // let the recovery middleware deal with this
-		}
-	}
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(204)
 }
 
-/*LoginDefault Generic error response.
+/*
+LoginDefault Generic error response.
 
 swagger:response loginDefault
 */
@@ -84,7 +66,7 @@ type LoginDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewLoginDefault creates LoginDefault with default headers values
@@ -110,13 +92,13 @@ func (o *LoginDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the login default response
-func (o *LoginDefault) WithPayload(payload *models.Error) *LoginDefault {
+func (o *LoginDefault) WithPayload(payload *models.APIError) *LoginDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the login default response
-func (o *LoginDefault) SetPayload(payload *models.Error) {
+func (o *LoginDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/auth/login_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/auth/logout.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewLogout(ctx *middleware.Context, handler LogoutHandler) *Logout {
 	return &Logout{Context: ctx, Handler: handler}
 }
 
-/*Logout swagger:route POST /logout UserAPI logout
+/*
+	Logout swagger:route POST /logout Auth logout
 
 Logout from Console.
-
 */
 type Logout struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type Logout struct {
 func (o *Logout) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewLogoutParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *Logout) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/auth/logout_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package admin_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,22 +29,24 @@ import (
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
 
 	"github.com/minio/console/models"
 )
 
-// NewCreateTenantParams creates a new CreateTenantParams object
-// no default values defined in spec.
-func NewCreateTenantParams() CreateTenantParams {
+// NewLogoutParams creates a new LogoutParams object
+//
+// There are no default values defined in the spec.
+func NewLogoutParams() LogoutParams {
 
-	return CreateTenantParams{}
+	return LogoutParams{}
 }
 
-// CreateTenantParams contains all the bound params for the create tenant operation
+// LogoutParams contains all the bound params for the logout operation
 // typically these are obtained from a http.Request
 //
-// swagger:parameters CreateTenant
-type CreateTenantParams struct {
+// swagger:parameters Logout
+type LogoutParams struct {
 
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
@@ -53,21 +55,21 @@ type CreateTenantParams struct {
 	  Required: true
 	  In: body
 	*/
-	Body *models.CreateTenantRequest
+	Body *models.LogoutRequest
 }
 
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
-// To ensure default values, the struct must have been initialized with NewCreateTenantParams() beforehand.
-func (o *CreateTenantParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+// To ensure default values, the struct must have been initialized with NewLogoutParams() beforehand.
+func (o *LogoutParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 
 	o.HTTPRequest = r
 
 	if runtime.HasBody(r) {
 		defer r.Body.Close()
-		var body models.CreateTenantRequest
+		var body models.LogoutRequest
 		if err := route.Consumer.Consume(r.Body, &body); err != nil {
 			if err == io.EOF {
 				res = append(res, errors.Required("body", "body", ""))
@@ -80,6 +82,11 @@ func (o *CreateTenantParams) BindRequest(r *http.Request, route *middleware.Matc
 				res = append(res, err)
 			}
 
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
 			if len(res) == 0 {
 				o.Body = &body
 			}

api/operations/auth/logout_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // LogoutOKCode is the HTTP code returned for type LogoutOK
 const LogoutOKCode int = 200
 
-/*LogoutOK A successful response.
+/*
+LogoutOK A successful response.
 
 swagger:response logoutOK
 */
@@ -54,7 +55,8 @@ func (o *LogoutOK) WriteResponse(rw http.ResponseWriter, producer runtime.Produc
 	rw.WriteHeader(200)
 }
 
-/*LogoutDefault Generic error response.
+/*
+LogoutDefault Generic error response.
 
 swagger:response logoutDefault
 */
@@ -64,7 +66,7 @@ type LogoutDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewLogoutDefault creates LogoutDefault with default headers values
@@ -90,13 +92,13 @@ func (o *LogoutDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the logout default response
-func (o *LogoutDefault) WithPayload(payload *models.Error) *LogoutDefault {
+func (o *LogoutDefault) WithPayload(payload *models.APIError) *LogoutDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the logout default response
-func (o *LogoutDefault) SetPayload(payload *models.Error) {
+func (o *LogoutDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/auth/logout_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/auth/session_check.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewSessionCheck(ctx *middleware.Context, handler SessionCheckHandler) *Sess
 	return &SessionCheck{Context: ctx, Handler: handler}
 }
 
-/*SessionCheck swagger:route GET /session UserAPI sessionCheck
+/*
+	SessionCheck swagger:route GET /session Auth sessionCheck
 
 Endpoint to check if your session is still valid
-
 */
 type SessionCheck struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type SessionCheck struct {
 func (o *SessionCheck) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewSessionCheckParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *SessionCheck) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/auth/session_check_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,7 +30,8 @@ import (
 )
 
 // NewSessionCheckParams creates a new SessionCheckParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewSessionCheckParams() SessionCheckParams {
 
 	return SessionCheckParams{}

api/operations/auth/session_check_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // SessionCheckOKCode is the HTTP code returned for type SessionCheckOK
 const SessionCheckOKCode int = 200
 
-/*SessionCheckOK A successful response.
+/*
+SessionCheckOK A successful response.
 
 swagger:response sessionCheckOK
 */
@@ -74,7 +75,8 @@ func (o *SessionCheckOK) WriteResponse(rw http.ResponseWriter, producer runtime.
 	}
 }
 
-/*SessionCheckDefault Generic error response.
+/*
+SessionCheckDefault Generic error response.
 
 swagger:response sessionCheckDefault
 */
@@ -84,7 +86,7 @@ type SessionCheckDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewSessionCheckDefault creates SessionCheckDefault with default headers values
@@ -110,13 +112,13 @@ func (o *SessionCheckDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the session check default response
-func (o *SessionCheckDefault) WithPayload(payload *models.Error) *SessionCheckDefault {
+func (o *SessionCheckDefault) WithPayload(payload *models.APIError) *SessionCheckDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the session check default response
-func (o *SessionCheckDefault) SetPayload(payload *models.Error) {
+func (o *SessionCheckDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/auth/session_check_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/bucket/bucket_info.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewBucketInfo(ctx *middleware.Context, handler BucketInfoHandler) *BucketIn
 	return &BucketInfo{Context: ctx, Handler: handler}
 }
 
-/*BucketInfo swagger:route GET /buckets/{name} UserAPI bucketInfo
+/*
+	BucketInfo swagger:route GET /buckets/{name} Bucket bucketInfo
 
 Bucket Info
-
 */
 type BucketInfo struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type BucketInfo struct {
 func (o *BucketInfo) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewBucketInfoParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *BucketInfo) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/bucket_info_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -31,7 +31,8 @@ import (
 )
 
 // NewBucketInfoParams creates a new BucketInfoParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewBucketInfoParams() BucketInfoParams {
 
 	return BucketInfoParams{}
@@ -66,7 +67,6 @@ func (o *BucketInfoParams) BindRequest(r *http.Request, route *middleware.Matche
 	if err := o.bindName(rName, rhkName, route.Formats); err != nil {
 		res = append(res, err)
 	}
-
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -82,7 +82,6 @@ func (o *BucketInfoParams) bindName(rawData []string, hasKey bool, formats strfm
 
 	// Required: true
 	// Parameter is provided by construction from the route
-
 	o.Name = raw
 
 	return nil

api/operations/bucket/bucket_info_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // BucketInfoOKCode is the HTTP code returned for type BucketInfoOK
 const BucketInfoOKCode int = 200
 
-/*BucketInfoOK A successful response.
+/*
+BucketInfoOK A successful response.
 
 swagger:response bucketInfoOK
 */
@@ -74,7 +75,8 @@ func (o *BucketInfoOK) WriteResponse(rw http.ResponseWriter, producer runtime.Pr
 	}
 }
 
-/*BucketInfoDefault Generic error response.
+/*
+BucketInfoDefault Generic error response.
 
 swagger:response bucketInfoDefault
 */
@@ -84,7 +86,7 @@ type BucketInfoDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewBucketInfoDefault creates BucketInfoDefault with default headers values
@@ -110,13 +112,13 @@ func (o *BucketInfoDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the bucket info default response
-func (o *BucketInfoDefault) WithPayload(payload *models.Error) *BucketInfoDefault {
+func (o *BucketInfoDefault) WithPayload(payload *models.APIError) *BucketInfoDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the bucket info default response
-func (o *BucketInfoDefault) SetPayload(payload *models.Error) {
+func (o *BucketInfoDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/bucket/bucket_info_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/bucket/get_bucket_quota.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewGetBucketQuota(ctx *middleware.Context, handler GetBucketQuotaHandler) *
 	return &GetBucketQuota{Context: ctx, Handler: handler}
 }
 
-/*GetBucketQuota swagger:route GET /buckets/{name}/quota UserAPI getBucketQuota
+/*
+	GetBucketQuota swagger:route GET /buckets/{name}/quota Bucket getBucketQuota
 
 Get Bucket Quota
-
 */
 type GetBucketQuota struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type GetBucketQuota struct {
 func (o *GetBucketQuota) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewGetBucketQuotaParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *GetBucketQuota) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/get_bucket_quota_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -31,7 +31,8 @@ import (
 )
 
 // NewGetBucketQuotaParams creates a new GetBucketQuotaParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewGetBucketQuotaParams() GetBucketQuotaParams {
 
 	return GetBucketQuotaParams{}
@@ -66,7 +67,6 @@ func (o *GetBucketQuotaParams) BindRequest(r *http.Request, route *middleware.Ma
 	if err := o.bindName(rName, rhkName, route.Formats); err != nil {
 		res = append(res, err)
 	}
-
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -82,7 +82,6 @@ func (o *GetBucketQuotaParams) bindName(rawData []string, hasKey bool, formats s
 
 	// Required: true
 	// Parameter is provided by construction from the route
-
 	o.Name = raw
 
 	return nil

api/operations/bucket/get_bucket_quota_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // GetBucketQuotaOKCode is the HTTP code returned for type GetBucketQuotaOK
 const GetBucketQuotaOKCode int = 200
 
-/*GetBucketQuotaOK A successful response.
+/*
+GetBucketQuotaOK A successful response.
 
 swagger:response getBucketQuotaOK
 */
@@ -42,7 +43,7 @@ type GetBucketQuotaOK struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.ListObjectsResponse `json:"body,omitempty"`
+	Payload *models.BucketQuota `json:"body,omitempty"`
 }
 
 // NewGetBucketQuotaOK creates GetBucketQuotaOK with default headers values
@@ -52,13 +53,13 @@ func NewGetBucketQuotaOK() *GetBucketQuotaOK {
 }
 
 // WithPayload adds the payload to the get bucket quota o k response
-func (o *GetBucketQuotaOK) WithPayload(payload *models.ListObjectsResponse) *GetBucketQuotaOK {
+func (o *GetBucketQuotaOK) WithPayload(payload *models.BucketQuota) *GetBucketQuotaOK {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the get bucket quota o k response
-func (o *GetBucketQuotaOK) SetPayload(payload *models.ListObjectsResponse) {
+func (o *GetBucketQuotaOK) SetPayload(payload *models.BucketQuota) {
 	o.Payload = payload
 }
 
@@ -74,7 +75,8 @@ func (o *GetBucketQuotaOK) WriteResponse(rw http.ResponseWriter, producer runtim
 	}
 }
 
-/*GetBucketQuotaDefault Generic error response.
+/*
+GetBucketQuotaDefault Generic error response.
 
 swagger:response getBucketQuotaDefault
 */
@@ -84,7 +86,7 @@ type GetBucketQuotaDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewGetBucketQuotaDefault creates GetBucketQuotaDefault with default headers values
@@ -110,13 +112,13 @@ func (o *GetBucketQuotaDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the get bucket quota default response
-func (o *GetBucketQuotaDefault) WithPayload(payload *models.Error) *GetBucketQuotaDefault {
+func (o *GetBucketQuotaDefault) WithPayload(payload *models.APIError) *GetBucketQuotaDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the get bucket quota default response
-func (o *GetBucketQuotaDefault) SetPayload(payload *models.Error) {
+func (o *GetBucketQuotaDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/bucket/get_bucket_quota_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/bucket/get_bucket_rewind.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -30,48 +30,47 @@ import (
 	"github.com/minio/console/models"
 )
 
-// AddRemoteBucketHandlerFunc turns a function with the right signature into a add remote bucket handler
-type AddRemoteBucketHandlerFunc func(AddRemoteBucketParams, *models.Principal) middleware.Responder
+// GetBucketRewindHandlerFunc turns a function with the right signature into a get bucket rewind handler
+type GetBucketRewindHandlerFunc func(GetBucketRewindParams, *models.Principal) middleware.Responder
 
 // Handle executing the request and returning a response
-func (fn AddRemoteBucketHandlerFunc) Handle(params AddRemoteBucketParams, principal *models.Principal) middleware.Responder {
+func (fn GetBucketRewindHandlerFunc) Handle(params GetBucketRewindParams, principal *models.Principal) middleware.Responder {
 	return fn(params, principal)
 }
 
-// AddRemoteBucketHandler interface for that can handle valid add remote bucket params
-type AddRemoteBucketHandler interface {
-	Handle(AddRemoteBucketParams, *models.Principal) middleware.Responder
+// GetBucketRewindHandler interface for that can handle valid get bucket rewind params
+type GetBucketRewindHandler interface {
+	Handle(GetBucketRewindParams, *models.Principal) middleware.Responder
 }
 
-// NewAddRemoteBucket creates a new http.Handler for the add remote bucket operation
-func NewAddRemoteBucket(ctx *middleware.Context, handler AddRemoteBucketHandler) *AddRemoteBucket {
-	return &AddRemoteBucket{Context: ctx, Handler: handler}
+// NewGetBucketRewind creates a new http.Handler for the get bucket rewind operation
+func NewGetBucketRewind(ctx *middleware.Context, handler GetBucketRewindHandler) *GetBucketRewind {
+	return &GetBucketRewind{Context: ctx, Handler: handler}
 }
 
-/*AddRemoteBucket swagger:route POST /remote-buckets UserAPI addRemoteBucket
-
-Add Remote Bucket
+/*
+	GetBucketRewind swagger:route GET /buckets/{bucket_name}/rewind/{date} Bucket getBucketRewind
 
+Get objects in a bucket for a rewind date
 */
-type AddRemoteBucket struct {
+type GetBucketRewind struct {
 	Context *middleware.Context
-	Handler AddRemoteBucketHandler
+	Handler GetBucketRewindHandler
 }
 
-func (o *AddRemoteBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+func (o *GetBucketRewind) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
-	var Params = NewAddRemoteBucketParams()
-
+	var Params = NewGetBucketRewindParams()
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *AddRemoteBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/get_bucket_rewind_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,21 +29,21 @@ import (
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/swag"
 )
 
-// NewListBucketEventsParams creates a new ListBucketEventsParams object
-// no default values defined in spec.
-func NewListBucketEventsParams() ListBucketEventsParams {
+// NewGetBucketRewindParams creates a new GetBucketRewindParams object
+//
+// There are no default values defined in the spec.
+func NewGetBucketRewindParams() GetBucketRewindParams {
 
-	return ListBucketEventsParams{}
+	return GetBucketRewindParams{}
 }
 
-// ListBucketEventsParams contains all the bound params for the list bucket events operation
+// GetBucketRewindParams contains all the bound params for the get bucket rewind operation
 // typically these are obtained from a http.Request
 //
-// swagger:parameters ListBucketEvents
-type ListBucketEventsParams struct {
+// swagger:parameters GetBucketRewind
+type GetBucketRewindParams struct {
 
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
@@ -54,20 +54,21 @@ type ListBucketEventsParams struct {
 	*/
 	BucketName string
 	/*
-	  In: query
+	  Required: true
+	  In: path
 	*/
-	Limit *int32
+	Date string
 	/*
 	  In: query
 	*/
-	Offset *int32
+	Prefix *string
 }
 
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
-// To ensure default values, the struct must have been initialized with NewListBucketEventsParams() beforehand.
-func (o *ListBucketEventsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+// To ensure default values, the struct must have been initialized with NewGetBucketRewindParams() beforehand.
+func (o *GetBucketRewindParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 
 	o.HTTPRequest = r
@@ -79,16 +80,15 @@ func (o *ListBucketEventsParams) BindRequest(r *http.Request, route *middleware.
 		res = append(res, err)
 	}
 
-	qLimit, qhkLimit, _ := qs.GetOK("limit")
-	if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil {
+	rDate, rhkDate, _ := route.Params.GetOK("date")
+	if err := o.bindDate(rDate, rhkDate, route.Formats); err != nil {
 		res = append(res, err)
 	}
 
-	qOffset, qhkOffset, _ := qs.GetOK("offset")
-	if err := o.bindOffset(qOffset, qhkOffset, route.Formats); err != nil {
+	qPrefix, qhkPrefix, _ := qs.GetOK("prefix")
+	if err := o.bindPrefix(qPrefix, qhkPrefix, route.Formats); err != nil {
 		res = append(res, err)
 	}
-
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -96,7 +96,7 @@ func (o *ListBucketEventsParams) BindRequest(r *http.Request, route *middleware.
 }
 
 // bindBucketName binds and validates parameter BucketName from path.
-func (o *ListBucketEventsParams) bindBucketName(rawData []string, hasKey bool, formats strfmt.Registry) error {
+func (o *GetBucketRewindParams) bindBucketName(rawData []string, hasKey bool, formats strfmt.Registry) error {
 	var raw string
 	if len(rawData) > 0 {
 		raw = rawData[len(rawData)-1]
@@ -104,14 +104,27 @@ func (o *ListBucketEventsParams) bindBucketName(rawData []string, hasKey bool, f
 
 	// Required: true
 	// Parameter is provided by construction from the route
-
 	o.BucketName = raw
 
 	return nil
 }
 
-// bindLimit binds and validates parameter Limit from query.
-func (o *ListBucketEventsParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error {
+// bindDate binds and validates parameter Date from path.
+func (o *GetBucketRewindParams) bindDate(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Date = raw
+
+	return nil
+}
+
+// bindPrefix binds and validates parameter Prefix from query.
+func (o *GetBucketRewindParams) bindPrefix(rawData []string, hasKey bool, formats strfmt.Registry) error {
 	var raw string
 	if len(rawData) > 0 {
 		raw = rawData[len(rawData)-1]
@@ -119,37 +132,11 @@ func (o *ListBucketEventsParams) bindLimit(rawData []string, hasKey bool, format
 
 	// Required: false
 	// AllowEmptyValue: false
+
 	if raw == "" { // empty values pass all other validations
 		return nil
 	}
-
-	value, err := swag.ConvertInt32(raw)
-	if err != nil {
-		return errors.InvalidType("limit", "query", "int32", raw)
-	}
-	o.Limit = &value
-
-	return nil
-}
-
-// bindOffset binds and validates parameter Offset from query.
-func (o *ListBucketEventsParams) bindOffset(rawData []string, hasKey bool, formats strfmt.Registry) error {
-	var raw string
-	if len(rawData) > 0 {
-		raw = rawData[len(rawData)-1]
-	}
-
-	// Required: false
-	// AllowEmptyValue: false
-	if raw == "" { // empty values pass all other validations
-		return nil
-	}
-
-	value, err := swag.ConvertInt32(raw)
-	if err != nil {
-		return errors.InvalidType("offset", "query", "int32", raw)
-	}
-	o.Offset = &value
+	o.Prefix = &raw
 
 	return nil
 }

api/operations/bucket/get_bucket_rewind_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,40 +30,41 @@ import (
 	"github.com/minio/console/models"
 )
 
-// BucketSetPolicyOKCode is the HTTP code returned for type BucketSetPolicyOK
-const BucketSetPolicyOKCode int = 200
+// GetBucketRewindOKCode is the HTTP code returned for type GetBucketRewindOK
+const GetBucketRewindOKCode int = 200
 
-/*BucketSetPolicyOK A successful response.
+/*
+GetBucketRewindOK A successful response.
 
-swagger:response bucketSetPolicyOK
+swagger:response getBucketRewindOK
 */
-type BucketSetPolicyOK struct {
+type GetBucketRewindOK struct {
 
 	/*
 	  In: Body
 	*/
-	Payload *models.Bucket `json:"body,omitempty"`
+	Payload *models.RewindResponse `json:"body,omitempty"`
 }
 
-// NewBucketSetPolicyOK creates BucketSetPolicyOK with default headers values
-func NewBucketSetPolicyOK() *BucketSetPolicyOK {
+// NewGetBucketRewindOK creates GetBucketRewindOK with default headers values
+func NewGetBucketRewindOK() *GetBucketRewindOK {
 
-	return &BucketSetPolicyOK{}
+	return &GetBucketRewindOK{}
 }
 
-// WithPayload adds the payload to the bucket set policy o k response
-func (o *BucketSetPolicyOK) WithPayload(payload *models.Bucket) *BucketSetPolicyOK {
+// WithPayload adds the payload to the get bucket rewind o k response
+func (o *GetBucketRewindOK) WithPayload(payload *models.RewindResponse) *GetBucketRewindOK {
 	o.Payload = payload
 	return o
 }
 
-// SetPayload sets the payload to the bucket set policy o k response
-func (o *BucketSetPolicyOK) SetPayload(payload *models.Bucket) {
+// SetPayload sets the payload to the get bucket rewind o k response
+func (o *GetBucketRewindOK) SetPayload(payload *models.RewindResponse) {
 	o.Payload = payload
 }
 
 // WriteResponse to the client
-func (o *BucketSetPolicyOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *GetBucketRewindOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 
 	rw.WriteHeader(200)
 	if o.Payload != nil {
@@ -74,54 +75,55 @@ func (o *BucketSetPolicyOK) WriteResponse(rw http.ResponseWriter, producer runti
 	}
 }
 
-/*BucketSetPolicyDefault Generic error response.
+/*
+GetBucketRewindDefault Generic error response.
 
-swagger:response bucketSetPolicyDefault
+swagger:response getBucketRewindDefault
 */
-type BucketSetPolicyDefault struct {
+type GetBucketRewindDefault struct {
 	_statusCode int
 
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
-// NewBucketSetPolicyDefault creates BucketSetPolicyDefault with default headers values
-func NewBucketSetPolicyDefault(code int) *BucketSetPolicyDefault {
+// NewGetBucketRewindDefault creates GetBucketRewindDefault with default headers values
+func NewGetBucketRewindDefault(code int) *GetBucketRewindDefault {
 	if code <= 0 {
 		code = 500
 	}
 
-	return &BucketSetPolicyDefault{
+	return &GetBucketRewindDefault{
 		_statusCode: code,
 	}
 }
 
-// WithStatusCode adds the status to the bucket set policy default response
-func (o *BucketSetPolicyDefault) WithStatusCode(code int) *BucketSetPolicyDefault {
+// WithStatusCode adds the status to the get bucket rewind default response
+func (o *GetBucketRewindDefault) WithStatusCode(code int) *GetBucketRewindDefault {
 	o._statusCode = code
 	return o
 }
 
-// SetStatusCode sets the status to the bucket set policy default response
-func (o *BucketSetPolicyDefault) SetStatusCode(code int) {
+// SetStatusCode sets the status to the get bucket rewind default response
+func (o *GetBucketRewindDefault) SetStatusCode(code int) {
 	o._statusCode = code
 }
 
-// WithPayload adds the payload to the bucket set policy default response
-func (o *BucketSetPolicyDefault) WithPayload(payload *models.Error) *BucketSetPolicyDefault {
+// WithPayload adds the payload to the get bucket rewind default response
+func (o *GetBucketRewindDefault) WithPayload(payload *models.APIError) *GetBucketRewindDefault {
 	o.Payload = payload
 	return o
 }
 
-// SetPayload sets the payload to the bucket set policy default response
-func (o *BucketSetPolicyDefault) SetPayload(payload *models.Error) {
+// SetPayload sets the payload to the get bucket rewind default response
+func (o *GetBucketRewindDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 
 // WriteResponse to the client
-func (o *BucketSetPolicyDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *GetBucketRewindDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 
 	rw.WriteHeader(o._statusCode)
 	if o.Payload != nil {

api/operations/bucket/get_bucket_rewind_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -29,9 +29,12 @@ import (
 	"strings"
 )
 
-// GetBucketEncryptionInfoURL generates an URL for the get bucket encryption info operation
-type GetBucketEncryptionInfoURL struct {
+// GetBucketRewindURL generates an URL for the get bucket rewind operation
+type GetBucketRewindURL struct {
 	BucketName string
+	Date       string
+
+	Prefix *string
 
 	_basePath string
 	// avoid unkeyed usage
@@ -41,7 +44,7 @@ type GetBucketEncryptionInfoURL struct {
 // WithBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *GetBucketEncryptionInfoURL) WithBasePath(bp string) *GetBucketEncryptionInfoURL {
+func (o *GetBucketRewindURL) WithBasePath(bp string) *GetBucketRewindURL {
 	o.SetBasePath(bp)
 	return o
 }
@@ -49,21 +52,28 @@ func (o *GetBucketEncryptionInfoURL) WithBasePath(bp string) *GetBucketEncryptio
 // SetBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *GetBucketEncryptionInfoURL) SetBasePath(bp string) {
+func (o *GetBucketRewindURL) SetBasePath(bp string) {
 	o._basePath = bp
 }
 
 // Build a url path and query string
-func (o *GetBucketEncryptionInfoURL) Build() (*url.URL, error) {
+func (o *GetBucketRewindURL) Build() (*url.URL, error) {
 	var _result url.URL
 
-	var _path = "/buckets/{bucket_name}/encryption/info"
+	var _path = "/buckets/{bucket_name}/rewind/{date}"
 
 	bucketName := o.BucketName
 	if bucketName != "" {
 		_path = strings.Replace(_path, "{bucket_name}", bucketName, -1)
 	} else {
-		return nil, errors.New("bucketName is required on GetBucketEncryptionInfoURL")
+		return nil, errors.New("bucketName is required on GetBucketRewindURL")
+	}
+
+	date := o.Date
+	if date != "" {
+		_path = strings.Replace(_path, "{date}", date, -1)
+	} else {
+		return nil, errors.New("date is required on GetBucketRewindURL")
 	}
 
 	_basePath := o._basePath
@@ -72,11 +82,23 @@ func (o *GetBucketEncryptionInfoURL) Build() (*url.URL, error) {
 	}
 	_result.Path = golangswaggerpaths.Join(_basePath, _path)
 
+	qs := make(url.Values)
+
+	var prefixQ string
+	if o.Prefix != nil {
+		prefixQ = *o.Prefix
+	}
+	if prefixQ != "" {
+		qs.Set("prefix", prefixQ)
+	}
+
+	_result.RawQuery = qs.Encode()
+
 	return &_result, nil
 }
 
 // Must is a helper function to panic when the url builder returns an error
-func (o *GetBucketEncryptionInfoURL) Must(u *url.URL, err error) *url.URL {
+func (o *GetBucketRewindURL) Must(u *url.URL, err error) *url.URL {
 	if err != nil {
 		panic(err)
 	}
@@ -87,17 +109,17 @@ func (o *GetBucketEncryptionInfoURL) Must(u *url.URL, err error) *url.URL {
 }
 
 // String returns the string representation of the path with query string
-func (o *GetBucketEncryptionInfoURL) String() string {
+func (o *GetBucketRewindURL) String() string {
 	return o.Must(o.Build()).String()
 }
 
 // BuildFull builds a full url with scheme, host, path and query string
-func (o *GetBucketEncryptionInfoURL) BuildFull(scheme, host string) (*url.URL, error) {
+func (o *GetBucketRewindURL) BuildFull(scheme, host string) (*url.URL, error) {
 	if scheme == "" {
-		return nil, errors.New("scheme is required for a full url on GetBucketEncryptionInfoURL")
+		return nil, errors.New("scheme is required for a full url on GetBucketRewindURL")
 	}
 	if host == "" {
-		return nil, errors.New("host is required for a full url on GetBucketEncryptionInfoURL")
+		return nil, errors.New("host is required for a full url on GetBucketRewindURL")
 	}
 
 	base, err := o.Build()
@@ -111,6 +133,6 @@ func (o *GetBucketEncryptionInfoURL) BuildFull(scheme, host string) (*url.URL, e
 }
 
 // StringFull returns the string representation of a complete url
-func (o *GetBucketEncryptionInfoURL) StringFull(scheme, host string) string {
+func (o *GetBucketRewindURL) StringFull(scheme, host string) string {
 	return o.Must(o.BuildFull(scheme, host)).String()
 }

api/operations/bucket/get_bucket_versioning.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewGetBucketVersioning(ctx *middleware.Context, handler GetBucketVersioning
 	return &GetBucketVersioning{Context: ctx, Handler: handler}
 }
 
-/*GetBucketVersioning swagger:route GET /buckets/{bucket_name}/versioning UserAPI getBucketVersioning
+/*
+	GetBucketVersioning swagger:route GET /buckets/{bucket_name}/versioning Bucket getBucketVersioning
 
 Bucket Versioning
-
 */
 type GetBucketVersioning struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type GetBucketVersioning struct {
 func (o *GetBucketVersioning) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewGetBucketVersioningParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *GetBucketVersioning) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/get_bucket_versioning_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -31,7 +31,8 @@ import (
 )
 
 // NewGetBucketVersioningParams creates a new GetBucketVersioningParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewGetBucketVersioningParams() GetBucketVersioningParams {
 
 	return GetBucketVersioningParams{}
@@ -66,7 +67,6 @@ func (o *GetBucketVersioningParams) BindRequest(r *http.Request, route *middlewa
 	if err := o.bindBucketName(rBucketName, rhkBucketName, route.Formats); err != nil {
 		res = append(res, err)
 	}
-
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -82,7 +82,6 @@ func (o *GetBucketVersioningParams) bindBucketName(rawData []string, hasKey bool
 
 	// Required: true
 	// Parameter is provided by construction from the route
-
 	o.BucketName = raw
 
 	return nil

api/operations/bucket/get_bucket_versioning_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // GetBucketVersioningOKCode is the HTTP code returned for type GetBucketVersioningOK
 const GetBucketVersioningOKCode int = 200
 
-/*GetBucketVersioningOK A successful response.
+/*
+GetBucketVersioningOK A successful response.
 
 swagger:response getBucketVersioningOK
 */
@@ -74,7 +75,8 @@ func (o *GetBucketVersioningOK) WriteResponse(rw http.ResponseWriter, producer r
 	}
 }
 
-/*GetBucketVersioningDefault Generic error response.
+/*
+GetBucketVersioningDefault Generic error response.
 
 swagger:response getBucketVersioningDefault
 */
@@ -84,7 +86,7 @@ type GetBucketVersioningDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewGetBucketVersioningDefault creates GetBucketVersioningDefault with default headers values
@@ -110,13 +112,13 @@ func (o *GetBucketVersioningDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the get bucket versioning default response
-func (o *GetBucketVersioningDefault) WithPayload(payload *models.Error) *GetBucketVersioningDefault {
+func (o *GetBucketVersioningDefault) WithPayload(payload *models.APIError) *GetBucketVersioningDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the get bucket versioning default response
-func (o *GetBucketVersioningDefault) SetPayload(payload *models.Error) {
+func (o *GetBucketVersioningDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/bucket/get_bucket_versioning_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/bucket/get_max_share_link_exp.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -30,48 +30,47 @@ import (
 	"github.com/minio/console/models"
 )
 
-// PutObjectLegalHoldHandlerFunc turns a function with the right signature into a put object legal hold handler
-type PutObjectLegalHoldHandlerFunc func(PutObjectLegalHoldParams, *models.Principal) middleware.Responder
+// GetMaxShareLinkExpHandlerFunc turns a function with the right signature into a get max share link exp handler
+type GetMaxShareLinkExpHandlerFunc func(GetMaxShareLinkExpParams, *models.Principal) middleware.Responder
 
 // Handle executing the request and returning a response
-func (fn PutObjectLegalHoldHandlerFunc) Handle(params PutObjectLegalHoldParams, principal *models.Principal) middleware.Responder {
+func (fn GetMaxShareLinkExpHandlerFunc) Handle(params GetMaxShareLinkExpParams, principal *models.Principal) middleware.Responder {
 	return fn(params, principal)
 }
 
-// PutObjectLegalHoldHandler interface for that can handle valid put object legal hold params
-type PutObjectLegalHoldHandler interface {
-	Handle(PutObjectLegalHoldParams, *models.Principal) middleware.Responder
+// GetMaxShareLinkExpHandler interface for that can handle valid get max share link exp params
+type GetMaxShareLinkExpHandler interface {
+	Handle(GetMaxShareLinkExpParams, *models.Principal) middleware.Responder
 }
 
-// NewPutObjectLegalHold creates a new http.Handler for the put object legal hold operation
-func NewPutObjectLegalHold(ctx *middleware.Context, handler PutObjectLegalHoldHandler) *PutObjectLegalHold {
-	return &PutObjectLegalHold{Context: ctx, Handler: handler}
+// NewGetMaxShareLinkExp creates a new http.Handler for the get max share link exp operation
+func NewGetMaxShareLinkExp(ctx *middleware.Context, handler GetMaxShareLinkExpHandler) *GetMaxShareLinkExp {
+	return &GetMaxShareLinkExp{Context: ctx, Handler: handler}
 }
 
-/*PutObjectLegalHold swagger:route PUT /buckets/{bucket_name}/objects/legalhold UserAPI putObjectLegalHold
-
-Put Object's legalhold status
+/*
+	GetMaxShareLinkExp swagger:route GET /buckets/max-share-exp Bucket getMaxShareLinkExp
 
+Get max expiration time for share link in seconds
 */
-type PutObjectLegalHold struct {
+type GetMaxShareLinkExp struct {
 	Context *middleware.Context
-	Handler PutObjectLegalHoldHandler
+	Handler GetMaxShareLinkExpHandler
 }
 
-func (o *PutObjectLegalHold) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+func (o *GetMaxShareLinkExp) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
-	var Params = NewPutObjectLegalHoldParams()
-
+	var Params = NewGetMaxShareLinkExpParams()
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *PutObjectLegalHold) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/get_max_share_link_exp_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package admin_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,18 +29,19 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 )
 
-// NewSubscriptionInfoParams creates a new SubscriptionInfoParams object
-// no default values defined in spec.
-func NewSubscriptionInfoParams() SubscriptionInfoParams {
+// NewGetMaxShareLinkExpParams creates a new GetMaxShareLinkExpParams object
+//
+// There are no default values defined in the spec.
+func NewGetMaxShareLinkExpParams() GetMaxShareLinkExpParams {
 
-	return SubscriptionInfoParams{}
+	return GetMaxShareLinkExpParams{}
 }
 
-// SubscriptionInfoParams contains all the bound params for the subscription info operation
+// GetMaxShareLinkExpParams contains all the bound params for the get max share link exp operation
 // typically these are obtained from a http.Request
 //
-// swagger:parameters SubscriptionInfo
-type SubscriptionInfoParams struct {
+// swagger:parameters GetMaxShareLinkExp
+type GetMaxShareLinkExpParams struct {
 
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
@@ -49,8 +50,8 @@ type SubscriptionInfoParams struct {
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
-// To ensure default values, the struct must have been initialized with NewSubscriptionInfoParams() beforehand.
-func (o *SubscriptionInfoParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+// To ensure default values, the struct must have been initialized with NewGetMaxShareLinkExpParams() beforehand.
+func (o *GetMaxShareLinkExpParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 
 	o.HTTPRequest = r

api/operations/bucket/get_max_share_link_exp_responses.go

@@ -0,0 +1,135 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package bucket
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// GetMaxShareLinkExpOKCode is the HTTP code returned for type GetMaxShareLinkExpOK
+const GetMaxShareLinkExpOKCode int = 200
+
+/*
+GetMaxShareLinkExpOK A successful response.
+
+swagger:response getMaxShareLinkExpOK
+*/
+type GetMaxShareLinkExpOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.MaxShareLinkExpResponse `json:"body,omitempty"`
+}
+
+// NewGetMaxShareLinkExpOK creates GetMaxShareLinkExpOK with default headers values
+func NewGetMaxShareLinkExpOK() *GetMaxShareLinkExpOK {
+
+	return &GetMaxShareLinkExpOK{}
+}
+
+// WithPayload adds the payload to the get max share link exp o k response
+func (o *GetMaxShareLinkExpOK) WithPayload(payload *models.MaxShareLinkExpResponse) *GetMaxShareLinkExpOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the get max share link exp o k response
+func (o *GetMaxShareLinkExpOK) SetPayload(payload *models.MaxShareLinkExpResponse) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *GetMaxShareLinkExpOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+/*
+GetMaxShareLinkExpDefault Generic error response.
+
+swagger:response getMaxShareLinkExpDefault
+*/
+type GetMaxShareLinkExpDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.APIError `json:"body,omitempty"`
+}
+
+// NewGetMaxShareLinkExpDefault creates GetMaxShareLinkExpDefault with default headers values
+func NewGetMaxShareLinkExpDefault(code int) *GetMaxShareLinkExpDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &GetMaxShareLinkExpDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the get max share link exp default response
+func (o *GetMaxShareLinkExpDefault) WithStatusCode(code int) *GetMaxShareLinkExpDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the get max share link exp default response
+func (o *GetMaxShareLinkExpDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the get max share link exp default response
+func (o *GetMaxShareLinkExpDefault) WithPayload(payload *models.APIError) *GetMaxShareLinkExpDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the get max share link exp default response
+func (o *GetMaxShareLinkExpDefault) SetPayload(payload *models.APIError) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *GetMaxShareLinkExpDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}

api/operations/bucket/get_max_share_link_exp_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package admin_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -26,22 +26,17 @@ import (
 	"errors"
 	"net/url"
 	golangswaggerpaths "path"
-	"strings"
 )
 
-// GetUserInfoURL generates an URL for the get user info operation
-type GetUserInfoURL struct {
-	Name string
-
+// GetMaxShareLinkExpURL generates an URL for the get max share link exp operation
+type GetMaxShareLinkExpURL struct {
 	_basePath string
-	// avoid unkeyed usage
-	_ struct{}
 }
 
 // WithBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *GetUserInfoURL) WithBasePath(bp string) *GetUserInfoURL {
+func (o *GetMaxShareLinkExpURL) WithBasePath(bp string) *GetMaxShareLinkExpURL {
 	o.SetBasePath(bp)
 	return o
 }
@@ -49,22 +44,15 @@ func (o *GetUserInfoURL) WithBasePath(bp string) *GetUserInfoURL {
 // SetBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *GetUserInfoURL) SetBasePath(bp string) {
+func (o *GetMaxShareLinkExpURL) SetBasePath(bp string) {
 	o._basePath = bp
 }
 
 // Build a url path and query string
-func (o *GetUserInfoURL) Build() (*url.URL, error) {
+func (o *GetMaxShareLinkExpURL) Build() (*url.URL, error) {
 	var _result url.URL
 
-	var _path = "/users/{name}"
-
-	name := o.Name
-	if name != "" {
-		_path = strings.Replace(_path, "{name}", name, -1)
-	} else {
-		return nil, errors.New("name is required on GetUserInfoURL")
-	}
+	var _path = "/buckets/max-share-exp"
 
 	_basePath := o._basePath
 	if _basePath == "" {
@@ -76,7 +64,7 @@ func (o *GetUserInfoURL) Build() (*url.URL, error) {
 }
 
 // Must is a helper function to panic when the url builder returns an error
-func (o *GetUserInfoURL) Must(u *url.URL, err error) *url.URL {
+func (o *GetMaxShareLinkExpURL) Must(u *url.URL, err error) *url.URL {
 	if err != nil {
 		panic(err)
 	}
@@ -87,17 +75,17 @@ func (o *GetUserInfoURL) Must(u *url.URL, err error) *url.URL {
 }
 
 // String returns the string representation of the path with query string
-func (o *GetUserInfoURL) String() string {
+func (o *GetMaxShareLinkExpURL) String() string {
 	return o.Must(o.Build()).String()
 }
 
 // BuildFull builds a full url with scheme, host, path and query string
-func (o *GetUserInfoURL) BuildFull(scheme, host string) (*url.URL, error) {
+func (o *GetMaxShareLinkExpURL) BuildFull(scheme, host string) (*url.URL, error) {
 	if scheme == "" {
-		return nil, errors.New("scheme is required for a full url on GetUserInfoURL")
+		return nil, errors.New("scheme is required for a full url on GetMaxShareLinkExpURL")
 	}
 	if host == "" {
-		return nil, errors.New("host is required for a full url on GetUserInfoURL")
+		return nil, errors.New("host is required for a full url on GetMaxShareLinkExpURL")
 	}
 
 	base, err := o.Build()
@@ -111,6 +99,6 @@ func (o *GetUserInfoURL) BuildFull(scheme, host string) (*url.URL, error) {
 }
 
 // StringFull returns the string representation of a complete url
-func (o *GetUserInfoURL) StringFull(scheme, host string) string {
+func (o *GetMaxShareLinkExpURL) StringFull(scheme, host string) string {
 	return o.Must(o.BuildFull(scheme, host)).String()
 }

api/operations/bucket/list_buckets.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewListBuckets(ctx *middleware.Context, handler ListBucketsHandler) *ListBu
 	return &ListBuckets{Context: ctx, Handler: handler}
 }
 
-/*ListBuckets swagger:route GET /buckets UserAPI listBuckets
+/*
+	ListBuckets swagger:route GET /buckets Bucket listBuckets
 
 List Buckets
-
 */
 type ListBuckets struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type ListBuckets struct {
 func (o *ListBuckets) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewListBucketsParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *ListBuckets) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/list_buckets_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,18 +29,19 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 )
 
-// NewLogoutParams creates a new LogoutParams object
-// no default values defined in spec.
-func NewLogoutParams() LogoutParams {
+// NewListBucketsParams creates a new ListBucketsParams object
+//
+// There are no default values defined in the spec.
+func NewListBucketsParams() ListBucketsParams {
 
-	return LogoutParams{}
+	return ListBucketsParams{}
 }
 
-// LogoutParams contains all the bound params for the logout operation
+// ListBucketsParams contains all the bound params for the list buckets operation
 // typically these are obtained from a http.Request
 //
-// swagger:parameters Logout
-type LogoutParams struct {
+// swagger:parameters ListBuckets
+type ListBucketsParams struct {
 
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
@@ -49,8 +50,8 @@ type LogoutParams struct {
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
-// To ensure default values, the struct must have been initialized with NewLogoutParams() beforehand.
-func (o *LogoutParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+// To ensure default values, the struct must have been initialized with NewListBucketsParams() beforehand.
+func (o *ListBucketsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 
 	o.HTTPRequest = r

api/operations/bucket/list_buckets_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // ListBucketsOKCode is the HTTP code returned for type ListBucketsOK
 const ListBucketsOKCode int = 200
 
-/*ListBucketsOK A successful response.
+/*
+ListBucketsOK A successful response.
 
 swagger:response listBucketsOK
 */
@@ -74,7 +75,8 @@ func (o *ListBucketsOK) WriteResponse(rw http.ResponseWriter, producer runtime.P
 	}
 }
 
-/*ListBucketsDefault Generic error response.
+/*
+ListBucketsDefault Generic error response.
 
 swagger:response listBucketsDefault
 */
@@ -84,7 +86,7 @@ type ListBucketsDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewListBucketsDefault creates ListBucketsDefault with default headers values
@@ -110,13 +112,13 @@ func (o *ListBucketsDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the list buckets default response
-func (o *ListBucketsDefault) WithPayload(payload *models.Error) *ListBucketsDefault {
+func (o *ListBucketsDefault) WithPayload(payload *models.APIError) *ListBucketsDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the list buckets default response
-func (o *ListBucketsDefault) SetPayload(payload *models.Error) {
+func (o *ListBucketsDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/bucket/list_buckets_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -26,19 +26,11 @@ import (
 	"errors"
 	"net/url"
 	golangswaggerpaths "path"
-
-	"github.com/go-openapi/swag"
 )
 
 // ListBucketsURL generates an URL for the list buckets operation
 type ListBucketsURL struct {
-	Limit  *int32
-	Offset *int32
-	SortBy *string
-
 	_basePath string
-	// avoid unkeyed usage
-	_ struct{}
 }
 
 // WithBasePath sets the base path for this url builder, only required when it's different from the
@@ -68,34 +60,6 @@ func (o *ListBucketsURL) Build() (*url.URL, error) {
 	}
 	_result.Path = golangswaggerpaths.Join(_basePath, _path)
 
-	qs := make(url.Values)
-
-	var limitQ string
-	if o.Limit != nil {
-		limitQ = swag.FormatInt32(*o.Limit)
-	}
-	if limitQ != "" {
-		qs.Set("limit", limitQ)
-	}
-
-	var offsetQ string
-	if o.Offset != nil {
-		offsetQ = swag.FormatInt32(*o.Offset)
-	}
-	if offsetQ != "" {
-		qs.Set("offset", offsetQ)
-	}
-
-	var sortByQ string
-	if o.SortBy != nil {
-		sortByQ = *o.SortBy
-	}
-	if sortByQ != "" {
-		qs.Set("sort_by", sortByQ)
-	}
-
-	_result.RawQuery = qs.Encode()
-
 	return &_result, nil
 }
 

api/operations/bucket/make_bucket.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewMakeBucket(ctx *middleware.Context, handler MakeBucketHandler) *MakeBuck
 	return &MakeBucket{Context: ctx, Handler: handler}
 }
 
-/*MakeBucket swagger:route POST /buckets UserAPI makeBucket
+/*
+	MakeBucket swagger:route POST /buckets Bucket makeBucket
 
 Make bucket
-
 */
 type MakeBucket struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type MakeBucket struct {
 func (o *MakeBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewMakeBucketParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *MakeBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/make_bucket_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,12 +29,14 @@ import (
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
 
 	"github.com/minio/console/models"
 )
 
 // NewMakeBucketParams creates a new MakeBucketParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewMakeBucketParams() MakeBucketParams {
 
 	return MakeBucketParams{}
@@ -80,6 +82,11 @@ func (o *MakeBucketParams) BindRequest(r *http.Request, route *middleware.Matche
 				res = append(res, err)
 			}
 
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
 			if len(res) == 0 {
 				o.Body = &body
 			}

api/operations/bucket/make_bucket_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,31 +30,53 @@ import (
 	"github.com/minio/console/models"
 )
 
-// MakeBucketCreatedCode is the HTTP code returned for type MakeBucketCreated
-const MakeBucketCreatedCode int = 201
+// MakeBucketOKCode is the HTTP code returned for type MakeBucketOK
+const MakeBucketOKCode int = 200
 
-/*MakeBucketCreated A successful response.
+/*
+MakeBucketOK A successful response.
 
-swagger:response makeBucketCreated
+swagger:response makeBucketOK
 */
-type MakeBucketCreated struct {
+type MakeBucketOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.MakeBucketsResponse `json:"body,omitempty"`
 }
 
-// NewMakeBucketCreated creates MakeBucketCreated with default headers values
-func NewMakeBucketCreated() *MakeBucketCreated {
+// NewMakeBucketOK creates MakeBucketOK with default headers values
+func NewMakeBucketOK() *MakeBucketOK {
 
-	return &MakeBucketCreated{}
+	return &MakeBucketOK{}
+}
+
+// WithPayload adds the payload to the make bucket o k response
+func (o *MakeBucketOK) WithPayload(payload *models.MakeBucketsResponse) *MakeBucketOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the make bucket o k response
+func (o *MakeBucketOK) SetPayload(payload *models.MakeBucketsResponse) {
+	o.Payload = payload
 }
 
 // WriteResponse to the client
-func (o *MakeBucketCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *MakeBucketOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 
-	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
-
-	rw.WriteHeader(201)
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
 }
 
-/*MakeBucketDefault Generic error response.
+/*
+MakeBucketDefault Generic error response.
 
 swagger:response makeBucketDefault
 */
@@ -64,7 +86,7 @@ type MakeBucketDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewMakeBucketDefault creates MakeBucketDefault with default headers values
@@ -90,13 +112,13 @@ func (o *MakeBucketDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the make bucket default response
-func (o *MakeBucketDefault) WithPayload(payload *models.Error) *MakeBucketDefault {
+func (o *MakeBucketDefault) WithPayload(payload *models.APIError) *MakeBucketDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the make bucket default response
-func (o *MakeBucketDefault) SetPayload(payload *models.Error) {
+func (o *MakeBucketDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/bucket/make_bucket_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/bucket/set_bucket_versioning.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,10 +48,10 @@ func NewSetBucketVersioning(ctx *middleware.Context, handler SetBucketVersioning
 	return &SetBucketVersioning{Context: ctx, Handler: handler}
 }
 
-/*SetBucketVersioning swagger:route PUT /buckets/{bucket_name}/versioning UserAPI setBucketVersioning
+/*
+	SetBucketVersioning swagger:route PUT /buckets/{bucket_name}/versioning Bucket setBucketVersioning
 
 Set Bucket Versioning
-
 */
 type SetBucketVersioning struct {
 	Context *middleware.Context
@@ -61,17 +61,16 @@ type SetBucketVersioning struct {
 func (o *SetBucketVersioning) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
 	var Params = NewSetBucketVersioningParams()
-
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *SetBucketVersioning) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/bucket/set_bucket_versioning_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,12 +30,14 @@ import (
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
 
 	"github.com/minio/console/models"
 )
 
 // NewSetBucketVersioningParams creates a new SetBucketVersioningParams object
-// no default values defined in spec.
+//
+// There are no default values defined in the spec.
 func NewSetBucketVersioningParams() SetBucketVersioningParams {
 
 	return SetBucketVersioningParams{}
@@ -86,6 +88,11 @@ func (o *SetBucketVersioningParams) BindRequest(r *http.Request, route *middlewa
 				res = append(res, err)
 			}
 
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
 			if len(res) == 0 {
 				o.Body = &body
 			}
@@ -93,11 +100,11 @@ func (o *SetBucketVersioningParams) BindRequest(r *http.Request, route *middlewa
 	} else {
 		res = append(res, errors.Required("body", "body", ""))
 	}
+
 	rBucketName, rhkBucketName, _ := route.Params.GetOK("bucket_name")
 	if err := o.bindBucketName(rBucketName, rhkBucketName, route.Formats); err != nil {
 		res = append(res, err)
 	}
-
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -113,7 +120,6 @@ func (o *SetBucketVersioningParams) bindBucketName(rawData []string, hasKey bool
 
 	// Required: true
 	// Parameter is provided by construction from the route
-
 	o.BucketName = raw
 
 	return nil

api/operations/bucket/set_bucket_versioning_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -33,7 +33,8 @@ import (
 // SetBucketVersioningCreatedCode is the HTTP code returned for type SetBucketVersioningCreated
 const SetBucketVersioningCreatedCode int = 201
 
-/*SetBucketVersioningCreated A successful response.
+/*
+SetBucketVersioningCreated A successful response.
 
 swagger:response setBucketVersioningCreated
 */
@@ -54,7 +55,8 @@ func (o *SetBucketVersioningCreated) WriteResponse(rw http.ResponseWriter, produ
 	rw.WriteHeader(201)
 }
 
-/*SetBucketVersioningDefault Generic error response.
+/*
+SetBucketVersioningDefault Generic error response.
 
 swagger:response setBucketVersioningDefault
 */
@@ -64,7 +66,7 @@ type SetBucketVersioningDefault struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
 // NewSetBucketVersioningDefault creates SetBucketVersioningDefault with default headers values
@@ -90,13 +92,13 @@ func (o *SetBucketVersioningDefault) SetStatusCode(code int) {
 }
 
 // WithPayload adds the payload to the set bucket versioning default response
-func (o *SetBucketVersioningDefault) WithPayload(payload *models.Error) *SetBucketVersioningDefault {
+func (o *SetBucketVersioningDefault) WithPayload(payload *models.APIError) *SetBucketVersioningDefault {
 	o.Payload = payload
 	return o
 }
 
 // SetPayload sets the payload to the set bucket versioning default response
-func (o *SetBucketVersioningDefault) SetPayload(payload *models.Error) {
+func (o *SetBucketVersioningDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 

api/operations/bucket/set_bucket_versioning_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package bucket
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

api/operations/console_api.go

@@ -0,0 +1,676 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/loads"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/runtime/security"
+	"github.com/go-openapi/spec"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/minio/console/api/operations/auth"
+	"github.com/minio/console/api/operations/bucket"
+	"github.com/minio/console/api/operations/license"
+	"github.com/minio/console/api/operations/object"
+	"github.com/minio/console/api/operations/public"
+	"github.com/minio/console/api/operations/system"
+	"github.com/minio/console/models"
+)
+
+// NewConsoleAPI creates a new Console instance
+func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
+	return &ConsoleAPI{
+		handlers:            make(map[string]map[string]http.Handler),
+		formats:             strfmt.Default,
+		defaultConsumes:     "application/json",
+		defaultProduces:     "application/json",
+		customConsumers:     make(map[string]runtime.Consumer),
+		customProducers:     make(map[string]runtime.Producer),
+		PreServerShutdown:   func() {},
+		ServerShutdown:      func() {},
+		spec:                spec,
+		useSwaggerUI:        false,
+		ServeError:          errors.ServeError,
+		BasicAuthenticator:  security.BasicAuth,
+		APIKeyAuthenticator: security.APIKeyAuth,
+		BearerAuthenticator: security.BearerAuth,
+
+		JSONConsumer:          runtime.JSONConsumer(),
+		MultipartformConsumer: runtime.DiscardConsumer,
+
+		BinProducer:  runtime.ByteStreamProducer(),
+		JSONProducer: runtime.JSONProducer(),
+
+		SystemAdminInfoHandler: system.AdminInfoHandlerFunc(func(params system.AdminInfoParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation system.AdminInfo has not yet been implemented")
+		}),
+		BucketBucketInfoHandler: bucket.BucketInfoHandlerFunc(func(params bucket.BucketInfoParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.BucketInfo has not yet been implemented")
+		}),
+		ObjectDeleteMultipleObjectsHandler: object.DeleteMultipleObjectsHandlerFunc(func(params object.DeleteMultipleObjectsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DeleteMultipleObjects has not yet been implemented")
+		}),
+		ObjectDeleteObjectHandler: object.DeleteObjectHandlerFunc(func(params object.DeleteObjectParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DeleteObject has not yet been implemented")
+		}),
+		ObjectDownloadObjectHandler: object.DownloadObjectHandlerFunc(func(params object.DownloadObjectParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DownloadObject has not yet been implemented")
+		}),
+		ObjectDownloadMultipleObjectsHandler: object.DownloadMultipleObjectsHandlerFunc(func(params object.DownloadMultipleObjectsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.DownloadMultipleObjects has not yet been implemented")
+		}),
+		PublicDownloadSharedObjectHandler: public.DownloadSharedObjectHandlerFunc(func(params public.DownloadSharedObjectParams) middleware.Responder {
+			return middleware.NotImplemented("operation public.DownloadSharedObject has not yet been implemented")
+		}),
+		BucketGetBucketQuotaHandler: bucket.GetBucketQuotaHandlerFunc(func(params bucket.GetBucketQuotaParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetBucketQuota has not yet been implemented")
+		}),
+		BucketGetBucketRewindHandler: bucket.GetBucketRewindHandlerFunc(func(params bucket.GetBucketRewindParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetBucketRewind has not yet been implemented")
+		}),
+		BucketGetBucketVersioningHandler: bucket.GetBucketVersioningHandlerFunc(func(params bucket.GetBucketVersioningParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetBucketVersioning has not yet been implemented")
+		}),
+		BucketGetMaxShareLinkExpHandler: bucket.GetMaxShareLinkExpHandlerFunc(func(params bucket.GetMaxShareLinkExpParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.GetMaxShareLinkExp has not yet been implemented")
+		}),
+		ObjectGetObjectMetadataHandler: object.GetObjectMetadataHandlerFunc(func(params object.GetObjectMetadataParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.GetObjectMetadata has not yet been implemented")
+		}),
+		LicenseLicenseAcknowledgeHandler: license.LicenseAcknowledgeHandlerFunc(func(params license.LicenseAcknowledgeParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation license.LicenseAcknowledge has not yet been implemented")
+		}),
+		BucketListBucketsHandler: bucket.ListBucketsHandlerFunc(func(params bucket.ListBucketsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.ListBuckets has not yet been implemented")
+		}),
+		ObjectListObjectsHandler: object.ListObjectsHandlerFunc(func(params object.ListObjectsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.ListObjects has not yet been implemented")
+		}),
+		AuthLoginHandler: auth.LoginHandlerFunc(func(params auth.LoginParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.Login has not yet been implemented")
+		}),
+		AuthLoginDetailHandler: auth.LoginDetailHandlerFunc(func(params auth.LoginDetailParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginDetail has not yet been implemented")
+		}),
+		AuthLogoutHandler: auth.LogoutHandlerFunc(func(params auth.LogoutParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.Logout has not yet been implemented")
+		}),
+		BucketMakeBucketHandler: bucket.MakeBucketHandlerFunc(func(params bucket.MakeBucketParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.MakeBucket has not yet been implemented")
+		}),
+		ObjectPostBucketsBucketNameObjectsUploadHandler: object.PostBucketsBucketNameObjectsUploadHandlerFunc(func(params object.PostBucketsBucketNameObjectsUploadParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.PostBucketsBucketNameObjectsUpload has not yet been implemented")
+		}),
+		ObjectPutObjectRestoreHandler: object.PutObjectRestoreHandlerFunc(func(params object.PutObjectRestoreParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.PutObjectRestore has not yet been implemented")
+		}),
+		ObjectPutObjectTagsHandler: object.PutObjectTagsHandlerFunc(func(params object.PutObjectTagsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.PutObjectTags has not yet been implemented")
+		}),
+		AuthSessionCheckHandler: auth.SessionCheckHandlerFunc(func(params auth.SessionCheckParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.SessionCheck has not yet been implemented")
+		}),
+		BucketSetBucketVersioningHandler: bucket.SetBucketVersioningHandlerFunc(func(params bucket.SetBucketVersioningParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation bucket.SetBucketVersioning has not yet been implemented")
+		}),
+		ObjectShareObjectHandler: object.ShareObjectHandlerFunc(func(params object.ShareObjectParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation object.ShareObject has not yet been implemented")
+		}),
+
+		// Applies when the "X-Anonymous" header is set
+		AnonymousAuth: func(token string) (*models.Principal, error) {
+			return nil, errors.NotImplemented("api key auth (anonymous) X-Anonymous from header param [X-Anonymous] has not yet been implemented")
+		},
+		KeyAuth: func(token string, scopes []string) (*models.Principal, error) {
+			return nil, errors.NotImplemented("oauth2 bearer auth (key) has not yet been implemented")
+		},
+		// default authorizer is authorized meaning no requests are blocked
+		APIAuthorizer: security.Authorized(),
+	}
+}
+
+/*ConsoleAPI the console API */
+type ConsoleAPI struct {
+	spec            *loads.Document
+	context         *middleware.Context
+	handlers        map[string]map[string]http.Handler
+	formats         strfmt.Registry
+	customConsumers map[string]runtime.Consumer
+	customProducers map[string]runtime.Producer
+	defaultConsumes string
+	defaultProduces string
+	Middleware      func(middleware.Builder) http.Handler
+	useSwaggerUI    bool
+
+	// BasicAuthenticator generates a runtime.Authenticator from the supplied basic auth function.
+	// It has a default implementation in the security package, however you can replace it for your particular usage.
+	BasicAuthenticator func(security.UserPassAuthentication) runtime.Authenticator
+
+	// APIKeyAuthenticator generates a runtime.Authenticator from the supplied token auth function.
+	// It has a default implementation in the security package, however you can replace it for your particular usage.
+	APIKeyAuthenticator func(string, string, security.TokenAuthentication) runtime.Authenticator
+
+	// BearerAuthenticator generates a runtime.Authenticator from the supplied bearer token auth function.
+	// It has a default implementation in the security package, however you can replace it for your particular usage.
+	BearerAuthenticator func(string, security.ScopedTokenAuthentication) runtime.Authenticator
+
+	// JSONConsumer registers a consumer for the following mime types:
+	//   - application/json
+	JSONConsumer runtime.Consumer
+	// MultipartformConsumer registers a consumer for the following mime types:
+	//   - multipart/form-data
+	MultipartformConsumer runtime.Consumer
+
+	// BinProducer registers a producer for the following mime types:
+	//   - application/octet-stream
+	BinProducer runtime.Producer
+	// JSONProducer registers a producer for the following mime types:
+	//   - application/json
+	JSONProducer runtime.Producer
+
+	// AnonymousAuth registers a function that takes a token and returns a principal
+	// it performs authentication based on an api key X-Anonymous provided in the header
+	AnonymousAuth func(string) (*models.Principal, error)
+
+	// KeyAuth registers a function that takes an access token and a collection of required scopes and returns a principal
+	// it performs authentication based on an oauth2 bearer token provided in the request
+	KeyAuth func(string, []string) (*models.Principal, error)
+
+	// APIAuthorizer provides access control (ACL/RBAC/ABAC) by providing access to the request and authenticated principal
+	APIAuthorizer runtime.Authorizer
+
+	// SystemAdminInfoHandler sets the operation handler for the admin info operation
+	SystemAdminInfoHandler system.AdminInfoHandler
+	// BucketBucketInfoHandler sets the operation handler for the bucket info operation
+	BucketBucketInfoHandler bucket.BucketInfoHandler
+	// ObjectDeleteMultipleObjectsHandler sets the operation handler for the delete multiple objects operation
+	ObjectDeleteMultipleObjectsHandler object.DeleteMultipleObjectsHandler
+	// ObjectDeleteObjectHandler sets the operation handler for the delete object operation
+	ObjectDeleteObjectHandler object.DeleteObjectHandler
+	// ObjectDownloadObjectHandler sets the operation handler for the download object operation
+	ObjectDownloadObjectHandler object.DownloadObjectHandler
+	// ObjectDownloadMultipleObjectsHandler sets the operation handler for the download multiple objects operation
+	ObjectDownloadMultipleObjectsHandler object.DownloadMultipleObjectsHandler
+	// PublicDownloadSharedObjectHandler sets the operation handler for the download shared object operation
+	PublicDownloadSharedObjectHandler public.DownloadSharedObjectHandler
+	// BucketGetBucketQuotaHandler sets the operation handler for the get bucket quota operation
+	BucketGetBucketQuotaHandler bucket.GetBucketQuotaHandler
+	// BucketGetBucketRewindHandler sets the operation handler for the get bucket rewind operation
+	BucketGetBucketRewindHandler bucket.GetBucketRewindHandler
+	// BucketGetBucketVersioningHandler sets the operation handler for the get bucket versioning operation
+	BucketGetBucketVersioningHandler bucket.GetBucketVersioningHandler
+	// BucketGetMaxShareLinkExpHandler sets the operation handler for the get max share link exp operation
+	BucketGetMaxShareLinkExpHandler bucket.GetMaxShareLinkExpHandler
+	// ObjectGetObjectMetadataHandler sets the operation handler for the get object metadata operation
+	ObjectGetObjectMetadataHandler object.GetObjectMetadataHandler
+	// LicenseLicenseAcknowledgeHandler sets the operation handler for the license acknowledge operation
+	LicenseLicenseAcknowledgeHandler license.LicenseAcknowledgeHandler
+	// BucketListBucketsHandler sets the operation handler for the list buckets operation
+	BucketListBucketsHandler bucket.ListBucketsHandler
+	// ObjectListObjectsHandler sets the operation handler for the list objects operation
+	ObjectListObjectsHandler object.ListObjectsHandler
+	// AuthLoginHandler sets the operation handler for the login operation
+	AuthLoginHandler auth.LoginHandler
+	// AuthLoginDetailHandler sets the operation handler for the login detail operation
+	AuthLoginDetailHandler auth.LoginDetailHandler
+	// AuthLogoutHandler sets the operation handler for the logout operation
+	AuthLogoutHandler auth.LogoutHandler
+	// BucketMakeBucketHandler sets the operation handler for the make bucket operation
+	BucketMakeBucketHandler bucket.MakeBucketHandler
+	// ObjectPostBucketsBucketNameObjectsUploadHandler sets the operation handler for the post buckets bucket name objects upload operation
+	ObjectPostBucketsBucketNameObjectsUploadHandler object.PostBucketsBucketNameObjectsUploadHandler
+	// ObjectPutObjectRestoreHandler sets the operation handler for the put object restore operation
+	ObjectPutObjectRestoreHandler object.PutObjectRestoreHandler
+	// ObjectPutObjectTagsHandler sets the operation handler for the put object tags operation
+	ObjectPutObjectTagsHandler object.PutObjectTagsHandler
+	// AuthSessionCheckHandler sets the operation handler for the session check operation
+	AuthSessionCheckHandler auth.SessionCheckHandler
+	// BucketSetBucketVersioningHandler sets the operation handler for the set bucket versioning operation
+	BucketSetBucketVersioningHandler bucket.SetBucketVersioningHandler
+	// ObjectShareObjectHandler sets the operation handler for the share object operation
+	ObjectShareObjectHandler object.ShareObjectHandler
+
+	// ServeError is called when an error is received, there is a default handler
+	// but you can set your own with this
+	ServeError func(http.ResponseWriter, *http.Request, error)
+
+	// PreServerShutdown is called before the HTTP(S) server is shutdown
+	// This allows for custom functions to get executed before the HTTP(S) server stops accepting traffic
+	PreServerShutdown func()
+
+	// ServerShutdown is called when the HTTP(S) server is shut down and done
+	// handling all active connections and does not accept connections any more
+	ServerShutdown func()
+
+	// Custom command line argument groups with their descriptions
+	CommandLineOptionsGroups []swag.CommandLineOptionsGroup
+
+	// User defined logger function.
+	Logger func(string, ...interface{})
+}
+
+// UseRedoc for documentation at /docs
+func (o *ConsoleAPI) UseRedoc() {
+	o.useSwaggerUI = false
+}
+
+// UseSwaggerUI for documentation at /docs
+func (o *ConsoleAPI) UseSwaggerUI() {
+	o.useSwaggerUI = true
+}
+
+// SetDefaultProduces sets the default produces media type
+func (o *ConsoleAPI) SetDefaultProduces(mediaType string) {
+	o.defaultProduces = mediaType
+}
+
+// SetDefaultConsumes returns the default consumes media type
+func (o *ConsoleAPI) SetDefaultConsumes(mediaType string) {
+	o.defaultConsumes = mediaType
+}
+
+// SetSpec sets a spec that will be served for the clients.
+func (o *ConsoleAPI) SetSpec(spec *loads.Document) {
+	o.spec = spec
+}
+
+// DefaultProduces returns the default produces media type
+func (o *ConsoleAPI) DefaultProduces() string {
+	return o.defaultProduces
+}
+
+// DefaultConsumes returns the default consumes media type
+func (o *ConsoleAPI) DefaultConsumes() string {
+	return o.defaultConsumes
+}
+
+// Formats returns the registered string formats
+func (o *ConsoleAPI) Formats() strfmt.Registry {
+	return o.formats
+}
+
+// RegisterFormat registers a custom format validator
+func (o *ConsoleAPI) RegisterFormat(name string, format strfmt.Format, validator strfmt.Validator) {
+	o.formats.Add(name, format, validator)
+}
+
+// Validate validates the registrations in the ConsoleAPI
+func (o *ConsoleAPI) Validate() error {
+	var unregistered []string
+
+	if o.JSONConsumer == nil {
+		unregistered = append(unregistered, "JSONConsumer")
+	}
+	if o.MultipartformConsumer == nil {
+		unregistered = append(unregistered, "MultipartformConsumer")
+	}
+
+	if o.BinProducer == nil {
+		unregistered = append(unregistered, "BinProducer")
+	}
+	if o.JSONProducer == nil {
+		unregistered = append(unregistered, "JSONProducer")
+	}
+
+	if o.AnonymousAuth == nil {
+		unregistered = append(unregistered, "XAnonymousAuth")
+	}
+	if o.KeyAuth == nil {
+		unregistered = append(unregistered, "KeyAuth")
+	}
+
+	if o.SystemAdminInfoHandler == nil {
+		unregistered = append(unregistered, "system.AdminInfoHandler")
+	}
+	if o.BucketBucketInfoHandler == nil {
+		unregistered = append(unregistered, "bucket.BucketInfoHandler")
+	}
+	if o.ObjectDeleteMultipleObjectsHandler == nil {
+		unregistered = append(unregistered, "object.DeleteMultipleObjectsHandler")
+	}
+	if o.ObjectDeleteObjectHandler == nil {
+		unregistered = append(unregistered, "object.DeleteObjectHandler")
+	}
+	if o.ObjectDownloadObjectHandler == nil {
+		unregistered = append(unregistered, "object.DownloadObjectHandler")
+	}
+	if o.ObjectDownloadMultipleObjectsHandler == nil {
+		unregistered = append(unregistered, "object.DownloadMultipleObjectsHandler")
+	}
+	if o.PublicDownloadSharedObjectHandler == nil {
+		unregistered = append(unregistered, "public.DownloadSharedObjectHandler")
+	}
+	if o.BucketGetBucketQuotaHandler == nil {
+		unregistered = append(unregistered, "bucket.GetBucketQuotaHandler")
+	}
+	if o.BucketGetBucketRewindHandler == nil {
+		unregistered = append(unregistered, "bucket.GetBucketRewindHandler")
+	}
+	if o.BucketGetBucketVersioningHandler == nil {
+		unregistered = append(unregistered, "bucket.GetBucketVersioningHandler")
+	}
+	if o.BucketGetMaxShareLinkExpHandler == nil {
+		unregistered = append(unregistered, "bucket.GetMaxShareLinkExpHandler")
+	}
+	if o.ObjectGetObjectMetadataHandler == nil {
+		unregistered = append(unregistered, "object.GetObjectMetadataHandler")
+	}
+	if o.LicenseLicenseAcknowledgeHandler == nil {
+		unregistered = append(unregistered, "license.LicenseAcknowledgeHandler")
+	}
+	if o.BucketListBucketsHandler == nil {
+		unregistered = append(unregistered, "bucket.ListBucketsHandler")
+	}
+	if o.ObjectListObjectsHandler == nil {
+		unregistered = append(unregistered, "object.ListObjectsHandler")
+	}
+	if o.AuthLoginHandler == nil {
+		unregistered = append(unregistered, "auth.LoginHandler")
+	}
+	if o.AuthLoginDetailHandler == nil {
+		unregistered = append(unregistered, "auth.LoginDetailHandler")
+	}
+	if o.AuthLogoutHandler == nil {
+		unregistered = append(unregistered, "auth.LogoutHandler")
+	}
+	if o.BucketMakeBucketHandler == nil {
+		unregistered = append(unregistered, "bucket.MakeBucketHandler")
+	}
+	if o.ObjectPostBucketsBucketNameObjectsUploadHandler == nil {
+		unregistered = append(unregistered, "object.PostBucketsBucketNameObjectsUploadHandler")
+	}
+	if o.ObjectPutObjectRestoreHandler == nil {
+		unregistered = append(unregistered, "object.PutObjectRestoreHandler")
+	}
+	if o.ObjectPutObjectTagsHandler == nil {
+		unregistered = append(unregistered, "object.PutObjectTagsHandler")
+	}
+	if o.AuthSessionCheckHandler == nil {
+		unregistered = append(unregistered, "auth.SessionCheckHandler")
+	}
+	if o.BucketSetBucketVersioningHandler == nil {
+		unregistered = append(unregistered, "bucket.SetBucketVersioningHandler")
+	}
+	if o.ObjectShareObjectHandler == nil {
+		unregistered = append(unregistered, "object.ShareObjectHandler")
+	}
+
+	if len(unregistered) > 0 {
+		return fmt.Errorf("missing registration: %s", strings.Join(unregistered, ", "))
+	}
+
+	return nil
+}
+
+// ServeErrorFor gets a error handler for a given operation id
+func (o *ConsoleAPI) ServeErrorFor(operationID string) func(http.ResponseWriter, *http.Request, error) {
+	return o.ServeError
+}
+
+// AuthenticatorsFor gets the authenticators for the specified security schemes
+func (o *ConsoleAPI) AuthenticatorsFor(schemes map[string]spec.SecurityScheme) map[string]runtime.Authenticator {
+	result := make(map[string]runtime.Authenticator)
+	for name := range schemes {
+		switch name {
+		case "anonymous":
+			scheme := schemes[name]
+			result[name] = o.APIKeyAuthenticator(scheme.Name, scheme.In, func(token string) (interface{}, error) {
+				return o.AnonymousAuth(token)
+			})
+
+		case "key":
+			result[name] = o.BearerAuthenticator(name, func(token string, scopes []string) (interface{}, error) {
+				return o.KeyAuth(token, scopes)
+			})
+
+		}
+	}
+	return result
+}
+
+// Authorizer returns the registered authorizer
+func (o *ConsoleAPI) Authorizer() runtime.Authorizer {
+	return o.APIAuthorizer
+}
+
+// ConsumersFor gets the consumers for the specified media types.
+// MIME type parameters are ignored here.
+func (o *ConsoleAPI) ConsumersFor(mediaTypes []string) map[string]runtime.Consumer {
+	result := make(map[string]runtime.Consumer, len(mediaTypes))
+	for _, mt := range mediaTypes {
+		switch mt {
+		case "application/json":
+			result["application/json"] = o.JSONConsumer
+		case "multipart/form-data":
+			result["multipart/form-data"] = o.MultipartformConsumer
+		}
+
+		if c, ok := o.customConsumers[mt]; ok {
+			result[mt] = c
+		}
+	}
+	return result
+}
+
+// ProducersFor gets the producers for the specified media types.
+// MIME type parameters are ignored here.
+func (o *ConsoleAPI) ProducersFor(mediaTypes []string) map[string]runtime.Producer {
+	result := make(map[string]runtime.Producer, len(mediaTypes))
+	for _, mt := range mediaTypes {
+		switch mt {
+		case "application/octet-stream":
+			result["application/octet-stream"] = o.BinProducer
+		case "application/json":
+			result["application/json"] = o.JSONProducer
+		}
+
+		if p, ok := o.customProducers[mt]; ok {
+			result[mt] = p
+		}
+	}
+	return result
+}
+
+// HandlerFor gets a http.Handler for the provided operation method and path
+func (o *ConsoleAPI) HandlerFor(method, path string) (http.Handler, bool) {
+	if o.handlers == nil {
+		return nil, false
+	}
+	um := strings.ToUpper(method)
+	if _, ok := o.handlers[um]; !ok {
+		return nil, false
+	}
+	if path == "/" {
+		path = ""
+	}
+	h, ok := o.handlers[um][path]
+	return h, ok
+}
+
+// Context returns the middleware context for the console API
+func (o *ConsoleAPI) Context() *middleware.Context {
+	if o.context == nil {
+		o.context = middleware.NewRoutableContext(o.spec, o, nil)
+	}
+
+	return o.context
+}
+
+func (o *ConsoleAPI) initHandlerCache() {
+	o.Context() // don't care about the result, just that the initialization happened
+	if o.handlers == nil {
+		o.handlers = make(map[string]map[string]http.Handler)
+	}
+
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/admin/info"] = system.NewAdminInfo(o.context, o.SystemAdminInfoHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{name}"] = bucket.NewBucketInfo(o.context, o.BucketBucketInfoHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets/{bucket_name}/delete-objects"] = object.NewDeleteMultipleObjects(o.context, o.ObjectDeleteMultipleObjectsHandler)
+	if o.handlers["DELETE"] == nil {
+		o.handlers["DELETE"] = make(map[string]http.Handler)
+	}
+	o.handlers["DELETE"]["/buckets/{bucket_name}/objects"] = object.NewDeleteObject(o.context, o.ObjectDeleteObjectHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects/download"] = object.NewDownloadObject(o.context, o.ObjectDownloadObjectHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets/{bucket_name}/objects/download-multiple"] = object.NewDownloadMultipleObjects(o.context, o.ObjectDownloadMultipleObjectsHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/download-shared-object/{url}"] = public.NewDownloadSharedObject(o.context, o.PublicDownloadSharedObjectHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{name}/quota"] = bucket.NewGetBucketQuota(o.context, o.BucketGetBucketQuotaHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/rewind/{date}"] = bucket.NewGetBucketRewind(o.context, o.BucketGetBucketRewindHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/versioning"] = bucket.NewGetBucketVersioning(o.context, o.BucketGetBucketVersioningHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/max-share-exp"] = bucket.NewGetMaxShareLinkExp(o.context, o.BucketGetMaxShareLinkExpHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects/metadata"] = object.NewGetObjectMetadata(o.context, o.ObjectGetObjectMetadataHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/license/acknowledge"] = license.NewLicenseAcknowledge(o.context, o.LicenseLicenseAcknowledgeHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets"] = bucket.NewListBuckets(o.context, o.BucketListBucketsHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects"] = object.NewListObjects(o.context, o.ObjectListObjectsHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/login"] = auth.NewLogin(o.context, o.AuthLoginHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/login"] = auth.NewLoginDetail(o.context, o.AuthLoginDetailHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/logout"] = auth.NewLogout(o.context, o.AuthLogoutHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets"] = bucket.NewMakeBucket(o.context, o.BucketMakeBucketHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/buckets/{bucket_name}/objects/upload"] = object.NewPostBucketsBucketNameObjectsUpload(o.context, o.ObjectPostBucketsBucketNameObjectsUploadHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/buckets/{bucket_name}/objects/restore"] = object.NewPutObjectRestore(o.context, o.ObjectPutObjectRestoreHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/buckets/{bucket_name}/objects/tags"] = object.NewPutObjectTags(o.context, o.ObjectPutObjectTagsHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/session"] = auth.NewSessionCheck(o.context, o.AuthSessionCheckHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/buckets/{bucket_name}/versioning"] = bucket.NewSetBucketVersioning(o.context, o.BucketSetBucketVersioningHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/buckets/{bucket_name}/objects/share"] = object.NewShareObject(o.context, o.ObjectShareObjectHandler)
+}
+
+// Serve creates a http handler to serve the API over HTTP
+// can be used directly in http.ListenAndServe(":8000", api.Serve(nil))
+func (o *ConsoleAPI) Serve(builder middleware.Builder) http.Handler {
+	o.Init()
+
+	if o.Middleware != nil {
+		return o.Middleware(builder)
+	}
+	if o.useSwaggerUI {
+		return o.context.APIHandlerSwaggerUI(builder)
+	}
+	return o.context.APIHandler(builder)
+}
+
+// Init allows you to just initialize the handler cache, you can then recompose the middleware as you see fit
+func (o *ConsoleAPI) Init() {
+	if len(o.handlers) == 0 {
+		o.initHandlerCache()
+	}
+}
+
+// RegisterConsumer allows you to add (or override) a consumer for a media type.
+func (o *ConsoleAPI) RegisterConsumer(mediaType string, consumer runtime.Consumer) {
+	o.customConsumers[mediaType] = consumer
+}
+
+// RegisterProducer allows you to add (or override) a producer for a media type.
+func (o *ConsoleAPI) RegisterProducer(mediaType string, producer runtime.Producer) {
+	o.customProducers[mediaType] = producer
+}
+
+// AddMiddlewareFor adds a http middleware to existing handler
+func (o *ConsoleAPI) AddMiddlewareFor(method, path string, builder middleware.Builder) {
+	um := strings.ToUpper(method)
+	if path == "/" {
+		path = ""
+	}
+	o.Init()
+	if h, ok := o.handlers[um][path]; ok {
+		o.handlers[um][path] = builder(h)
+	}
+}

api/operations/license/license_acknowledge.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package license
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -30,48 +30,47 @@ import (
 	"github.com/minio/console/models"
 )
 
-// DeleteRemoteBucketHandlerFunc turns a function with the right signature into a delete remote bucket handler
-type DeleteRemoteBucketHandlerFunc func(DeleteRemoteBucketParams, *models.Principal) middleware.Responder
+// LicenseAcknowledgeHandlerFunc turns a function with the right signature into a license acknowledge handler
+type LicenseAcknowledgeHandlerFunc func(LicenseAcknowledgeParams, *models.Principal) middleware.Responder
 
 // Handle executing the request and returning a response
-func (fn DeleteRemoteBucketHandlerFunc) Handle(params DeleteRemoteBucketParams, principal *models.Principal) middleware.Responder {
+func (fn LicenseAcknowledgeHandlerFunc) Handle(params LicenseAcknowledgeParams, principal *models.Principal) middleware.Responder {
 	return fn(params, principal)
 }
 
-// DeleteRemoteBucketHandler interface for that can handle valid delete remote bucket params
-type DeleteRemoteBucketHandler interface {
-	Handle(DeleteRemoteBucketParams, *models.Principal) middleware.Responder
+// LicenseAcknowledgeHandler interface for that can handle valid license acknowledge params
+type LicenseAcknowledgeHandler interface {
+	Handle(LicenseAcknowledgeParams, *models.Principal) middleware.Responder
 }
 
-// NewDeleteRemoteBucket creates a new http.Handler for the delete remote bucket operation
-func NewDeleteRemoteBucket(ctx *middleware.Context, handler DeleteRemoteBucketHandler) *DeleteRemoteBucket {
-	return &DeleteRemoteBucket{Context: ctx, Handler: handler}
+// NewLicenseAcknowledge creates a new http.Handler for the license acknowledge operation
+func NewLicenseAcknowledge(ctx *middleware.Context, handler LicenseAcknowledgeHandler) *LicenseAcknowledge {
+	return &LicenseAcknowledge{Context: ctx, Handler: handler}
 }
 
-/*DeleteRemoteBucket swagger:route DELETE /remote-buckets/{source-bucket-name}/{arn} UserAPI deleteRemoteBucket
-
-Delete Remote Bucket
+/*
+	LicenseAcknowledge swagger:route GET /license/acknowledge License licenseAcknowledge
 
+Acknowledge the license
 */
-type DeleteRemoteBucket struct {
+type LicenseAcknowledge struct {
 	Context *middleware.Context
-	Handler DeleteRemoteBucketHandler
+	Handler LicenseAcknowledgeHandler
 }
 
-func (o *DeleteRemoteBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+func (o *LicenseAcknowledge) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
-	var Params = NewDeleteRemoteBucketParams()
-
+	var Params = NewLicenseAcknowledgeParams()
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *DeleteRemoteBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/license/license_acknowledge_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package admin_api
+package license
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -29,18 +29,19 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 )
 
-// NewProfilingStopParams creates a new ProfilingStopParams object
-// no default values defined in spec.
-func NewProfilingStopParams() ProfilingStopParams {
+// NewLicenseAcknowledgeParams creates a new LicenseAcknowledgeParams object
+//
+// There are no default values defined in the spec.
+func NewLicenseAcknowledgeParams() LicenseAcknowledgeParams {
 
-	return ProfilingStopParams{}
+	return LicenseAcknowledgeParams{}
 }
 
-// ProfilingStopParams contains all the bound params for the profiling stop operation
+// LicenseAcknowledgeParams contains all the bound params for the license acknowledge operation
 // typically these are obtained from a http.Request
 //
-// swagger:parameters ProfilingStop
-type ProfilingStopParams struct {
+// swagger:parameters LicenseAcknowledge
+type LicenseAcknowledgeParams struct {
 
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
@@ -49,8 +50,8 @@ type ProfilingStopParams struct {
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
-// To ensure default values, the struct must have been initialized with NewProfilingStopParams() beforehand.
-func (o *ProfilingStopParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+// To ensure default values, the struct must have been initialized with NewLicenseAcknowledgeParams() beforehand.
+func (o *LicenseAcknowledgeParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 
 	o.HTTPRequest = r

api/operations/license/license_acknowledge_responses.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package license
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,78 +30,80 @@ import (
 	"github.com/minio/console/models"
 )
 
-// PutObjectRetentionOKCode is the HTTP code returned for type PutObjectRetentionOK
-const PutObjectRetentionOKCode int = 200
+// LicenseAcknowledgeOKCode is the HTTP code returned for type LicenseAcknowledgeOK
+const LicenseAcknowledgeOKCode int = 200
 
-/*PutObjectRetentionOK A successful response.
+/*
+LicenseAcknowledgeOK A successful response.
 
-swagger:response putObjectRetentionOK
+swagger:response licenseAcknowledgeOK
 */
-type PutObjectRetentionOK struct {
+type LicenseAcknowledgeOK struct {
 }
 
-// NewPutObjectRetentionOK creates PutObjectRetentionOK with default headers values
-func NewPutObjectRetentionOK() *PutObjectRetentionOK {
+// NewLicenseAcknowledgeOK creates LicenseAcknowledgeOK with default headers values
+func NewLicenseAcknowledgeOK() *LicenseAcknowledgeOK {
 
-	return &PutObjectRetentionOK{}
+	return &LicenseAcknowledgeOK{}
 }
 
 // WriteResponse to the client
-func (o *PutObjectRetentionOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *LicenseAcknowledgeOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 
 	rw.WriteHeader(200)
 }
 
-/*PutObjectRetentionDefault Generic error response.
+/*
+LicenseAcknowledgeDefault Generic error response.
 
-swagger:response putObjectRetentionDefault
+swagger:response licenseAcknowledgeDefault
 */
-type PutObjectRetentionDefault struct {
+type LicenseAcknowledgeDefault struct {
 	_statusCode int
 
 	/*
 	  In: Body
 	*/
-	Payload *models.Error `json:"body,omitempty"`
+	Payload *models.APIError `json:"body,omitempty"`
 }
 
-// NewPutObjectRetentionDefault creates PutObjectRetentionDefault with default headers values
-func NewPutObjectRetentionDefault(code int) *PutObjectRetentionDefault {
+// NewLicenseAcknowledgeDefault creates LicenseAcknowledgeDefault with default headers values
+func NewLicenseAcknowledgeDefault(code int) *LicenseAcknowledgeDefault {
 	if code <= 0 {
 		code = 500
 	}
 
-	return &PutObjectRetentionDefault{
+	return &LicenseAcknowledgeDefault{
 		_statusCode: code,
 	}
 }
 
-// WithStatusCode adds the status to the put object retention default response
-func (o *PutObjectRetentionDefault) WithStatusCode(code int) *PutObjectRetentionDefault {
+// WithStatusCode adds the status to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) WithStatusCode(code int) *LicenseAcknowledgeDefault {
 	o._statusCode = code
 	return o
 }
 
-// SetStatusCode sets the status to the put object retention default response
-func (o *PutObjectRetentionDefault) SetStatusCode(code int) {
+// SetStatusCode sets the status to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) SetStatusCode(code int) {
 	o._statusCode = code
 }
 
-// WithPayload adds the payload to the put object retention default response
-func (o *PutObjectRetentionDefault) WithPayload(payload *models.Error) *PutObjectRetentionDefault {
+// WithPayload adds the payload to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) WithPayload(payload *models.APIError) *LicenseAcknowledgeDefault {
 	o.Payload = payload
 	return o
 }
 
-// SetPayload sets the payload to the put object retention default response
-func (o *PutObjectRetentionDefault) SetPayload(payload *models.Error) {
+// SetPayload sets the payload to the license acknowledge default response
+func (o *LicenseAcknowledgeDefault) SetPayload(payload *models.APIError) {
 	o.Payload = payload
 }
 
 // WriteResponse to the client
-func (o *PutObjectRetentionDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *LicenseAcknowledgeDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 
 	rw.WriteHeader(o._statusCode)
 	if o.Payload != nil {

api/operations/license/license_acknowledge_urlbuilder.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package license
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -28,15 +28,15 @@ import (
 	golangswaggerpaths "path"
 )
 
-// ListRemoteBucketsURL generates an URL for the list remote buckets operation
-type ListRemoteBucketsURL struct {
+// LicenseAcknowledgeURL generates an URL for the license acknowledge operation
+type LicenseAcknowledgeURL struct {
 	_basePath string
 }
 
 // WithBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *ListRemoteBucketsURL) WithBasePath(bp string) *ListRemoteBucketsURL {
+func (o *LicenseAcknowledgeURL) WithBasePath(bp string) *LicenseAcknowledgeURL {
 	o.SetBasePath(bp)
 	return o
 }
@@ -44,15 +44,15 @@ func (o *ListRemoteBucketsURL) WithBasePath(bp string) *ListRemoteBucketsURL {
 // SetBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *ListRemoteBucketsURL) SetBasePath(bp string) {
+func (o *LicenseAcknowledgeURL) SetBasePath(bp string) {
 	o._basePath = bp
 }
 
 // Build a url path and query string
-func (o *ListRemoteBucketsURL) Build() (*url.URL, error) {
+func (o *LicenseAcknowledgeURL) Build() (*url.URL, error) {
 	var _result url.URL
 
-	var _path = "/remote-buckets"
+	var _path = "/license/acknowledge"
 
 	_basePath := o._basePath
 	if _basePath == "" {
@@ -64,7 +64,7 @@ func (o *ListRemoteBucketsURL) Build() (*url.URL, error) {
 }
 
 // Must is a helper function to panic when the url builder returns an error
-func (o *ListRemoteBucketsURL) Must(u *url.URL, err error) *url.URL {
+func (o *LicenseAcknowledgeURL) Must(u *url.URL, err error) *url.URL {
 	if err != nil {
 		panic(err)
 	}
@@ -75,17 +75,17 @@ func (o *ListRemoteBucketsURL) Must(u *url.URL, err error) *url.URL {
 }
 
 // String returns the string representation of the path with query string
-func (o *ListRemoteBucketsURL) String() string {
+func (o *LicenseAcknowledgeURL) String() string {
 	return o.Must(o.Build()).String()
 }
 
 // BuildFull builds a full url with scheme, host, path and query string
-func (o *ListRemoteBucketsURL) BuildFull(scheme, host string) (*url.URL, error) {
+func (o *LicenseAcknowledgeURL) BuildFull(scheme, host string) (*url.URL, error) {
 	if scheme == "" {
-		return nil, errors.New("scheme is required for a full url on ListRemoteBucketsURL")
+		return nil, errors.New("scheme is required for a full url on LicenseAcknowledgeURL")
 	}
 	if host == "" {
-		return nil, errors.New("host is required for a full url on ListRemoteBucketsURL")
+		return nil, errors.New("host is required for a full url on LicenseAcknowledgeURL")
 	}
 
 	base, err := o.Build()
@@ -99,6 +99,6 @@ func (o *ListRemoteBucketsURL) BuildFull(scheme, host string) (*url.URL, error)
 }
 
 // StringFull returns the string representation of a complete url
-func (o *ListRemoteBucketsURL) StringFull(scheme, host string) string {
+func (o *LicenseAcknowledgeURL) StringFull(scheme, host string) string {
 	return o.Must(o.BuildFull(scheme, host)).String()
 }

api/operations/object/delete_multiple_objects.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package admin_api
+package object
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -30,48 +30,47 @@ import (
 	"github.com/minio/console/models"
 )
 
-// BulkUpdateUsersGroupsHandlerFunc turns a function with the right signature into a bulk update users groups handler
-type BulkUpdateUsersGroupsHandlerFunc func(BulkUpdateUsersGroupsParams, *models.Principal) middleware.Responder
+// DeleteMultipleObjectsHandlerFunc turns a function with the right signature into a delete multiple objects handler
+type DeleteMultipleObjectsHandlerFunc func(DeleteMultipleObjectsParams, *models.Principal) middleware.Responder
 
 // Handle executing the request and returning a response
-func (fn BulkUpdateUsersGroupsHandlerFunc) Handle(params BulkUpdateUsersGroupsParams, principal *models.Principal) middleware.Responder {
+func (fn DeleteMultipleObjectsHandlerFunc) Handle(params DeleteMultipleObjectsParams, principal *models.Principal) middleware.Responder {
 	return fn(params, principal)
 }
 
-// BulkUpdateUsersGroupsHandler interface for that can handle valid bulk update users groups params
-type BulkUpdateUsersGroupsHandler interface {
-	Handle(BulkUpdateUsersGroupsParams, *models.Principal) middleware.Responder
+// DeleteMultipleObjectsHandler interface for that can handle valid delete multiple objects params
+type DeleteMultipleObjectsHandler interface {
+	Handle(DeleteMultipleObjectsParams, *models.Principal) middleware.Responder
 }
 
-// NewBulkUpdateUsersGroups creates a new http.Handler for the bulk update users groups operation
-func NewBulkUpdateUsersGroups(ctx *middleware.Context, handler BulkUpdateUsersGroupsHandler) *BulkUpdateUsersGroups {
-	return &BulkUpdateUsersGroups{Context: ctx, Handler: handler}
+// NewDeleteMultipleObjects creates a new http.Handler for the delete multiple objects operation
+func NewDeleteMultipleObjects(ctx *middleware.Context, handler DeleteMultipleObjectsHandler) *DeleteMultipleObjects {
+	return &DeleteMultipleObjects{Context: ctx, Handler: handler}
 }
 
-/*BulkUpdateUsersGroups swagger:route PUT /users-groups-bulk AdminAPI bulkUpdateUsersGroups
-
-Bulk functionality to Add Users to Groups
+/*
+	DeleteMultipleObjects swagger:route POST /buckets/{bucket_name}/delete-objects Object deleteMultipleObjects
 
+Delete Multiple Objects
 */
-type BulkUpdateUsersGroups struct {
+type DeleteMultipleObjects struct {
 	Context *middleware.Context
-	Handler BulkUpdateUsersGroupsHandler
+	Handler DeleteMultipleObjectsHandler
 }
 
-func (o *BulkUpdateUsersGroups) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+func (o *DeleteMultipleObjects) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
-		r = rCtx
+		*r = *rCtx
 	}
-	var Params = NewBulkUpdateUsersGroupsParams()
-
+	var Params = NewDeleteMultipleObjectsParams()
 	uprinc, aCtx, err := o.Context.Authorize(r, route)
 	if err != nil {
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	if aCtx != nil {
-		r = aCtx
+		*r = *aCtx
 	}
 	var principal *models.Principal
 	if uprinc != nil {
@@ -84,7 +83,6 @@ func (o *BulkUpdateUsersGroups) ServeHTTP(rw http.ResponseWriter, r *http.Reques
 	}
 
 	res := o.Handler.Handle(Params, principal) // actually handle the request
-
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

api/operations/object/delete_multiple_objects_parameters.go

@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package object
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@@ -30,105 +30,134 @@ import (
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/validate"
+	"github.com/go-openapi/swag"
 
 	"github.com/minio/console/models"
 )
 
-// NewPutObjectLegalHoldParams creates a new PutObjectLegalHoldParams object
-// no default values defined in spec.
-func NewPutObjectLegalHoldParams() PutObjectLegalHoldParams {
+// NewDeleteMultipleObjectsParams creates a new DeleteMultipleObjectsParams object
+//
+// There are no default values defined in the spec.
+func NewDeleteMultipleObjectsParams() DeleteMultipleObjectsParams {
 
-	return PutObjectLegalHoldParams{}
+	return DeleteMultipleObjectsParams{}
 }
 
-// PutObjectLegalHoldParams contains all the bound params for the put object legal hold operation
+// DeleteMultipleObjectsParams contains all the bound params for the delete multiple objects operation
 // typically these are obtained from a http.Request
 //
-// swagger:parameters PutObjectLegalHold
-type PutObjectLegalHoldParams struct {
+// swagger:parameters DeleteMultipleObjects
+type DeleteMultipleObjectsParams struct {
 
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
 
 	/*
-	  Required: true
-	  In: body
+	  In: query
 	*/
-	Body *models.PutObjectLegalHoldRequest
+	AllVersions *bool
 	/*
 	  Required: true
 	  In: path
 	*/
 	BucketName string
 	/*
-	  Required: true
 	  In: query
 	*/
-	Prefix string
+	Bypass *bool
 	/*
 	  Required: true
-	  In: query
+	  In: body
 	*/
-	VersionID string
+	Files []*models.DeleteFile
 }
 
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
-// To ensure default values, the struct must have been initialized with NewPutObjectLegalHoldParams() beforehand.
-func (o *PutObjectLegalHoldParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+// To ensure default values, the struct must have been initialized with NewDeleteMultipleObjectsParams() beforehand.
+func (o *DeleteMultipleObjectsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 
 	o.HTTPRequest = r
 
 	qs := runtime.Values(r.URL.Query())
 
-	if runtime.HasBody(r) {
-		defer r.Body.Close()
-		var body models.PutObjectLegalHoldRequest
-		if err := route.Consumer.Consume(r.Body, &body); err != nil {
-			if err == io.EOF {
-				res = append(res, errors.Required("body", "body", ""))
-			} else {
-				res = append(res, errors.NewParseError("body", "body", "", err))
-			}
-		} else {
-			// validate body object
-			if err := body.Validate(route.Formats); err != nil {
-				res = append(res, err)
-			}
-
-			if len(res) == 0 {
-				o.Body = &body
-			}
-		}
-	} else {
-		res = append(res, errors.Required("body", "body", ""))
+	qAllVersions, qhkAllVersions, _ := qs.GetOK("all_versions")
+	if err := o.bindAllVersions(qAllVersions, qhkAllVersions, route.Formats); err != nil {
+		res = append(res, err)
 	}
+
 	rBucketName, rhkBucketName, _ := route.Params.GetOK("bucket_name")
 	if err := o.bindBucketName(rBucketName, rhkBucketName, route.Formats); err != nil {
 		res = append(res, err)
 	}
 
-	qPrefix, qhkPrefix, _ := qs.GetOK("prefix")
-	if err := o.bindPrefix(qPrefix, qhkPrefix, route.Formats); err != nil {
+	qBypass, qhkBypass, _ := qs.GetOK("bypass")
+	if err := o.bindBypass(qBypass, qhkBypass, route.Formats); err != nil {
 		res = append(res, err)
 	}
 
-	qVersionID, qhkVersionID, _ := qs.GetOK("version_id")
-	if err := o.bindVersionID(qVersionID, qhkVersionID, route.Formats); err != nil {
-		res = append(res, err)
-	}
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body []*models.DeleteFile
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			if err == io.EOF {
+				res = append(res, errors.Required("files", "body", ""))
+			} else {
+				res = append(res, errors.NewParseError("files", "body", "", err))
+			}
+		} else {
 
+			// validate array of body objects
+			for i := range body {
+				if body[i] == nil {
+					continue
+				}
+				if err := body[i].Validate(route.Formats); err != nil {
+					res = append(res, err)
+					break
+				}
+			}
+
+			if len(res) == 0 {
+				o.Files = body
+			}
+		}
+	} else {
+		res = append(res, errors.Required("files", "body", ""))
+	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
 
+// bindAllVersions binds and validates parameter AllVersions from query.
+func (o *DeleteMultipleObjectsParams) bindAllVersions(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: false
+	// AllowEmptyValue: false
+
+	if raw == "" { // empty values pass all other validations
+		return nil
+	}
+
+	value, err := swag.ConvertBool(raw)
+	if err != nil {
+		return errors.InvalidType("all_versions", "query", "bool", raw)
+	}
+	o.AllVersions = &value
+
+	return nil
+}
+
 // bindBucketName binds and validates parameter BucketName from path.
-func (o *PutObjectLegalHoldParams) bindBucketName(rawData []string, hasKey bool, formats strfmt.Registry) error {
+func (o *DeleteMultipleObjectsParams) bindBucketName(rawData []string, hasKey bool, formats strfmt.Registry) error {
 	var raw string
 	if len(rawData) > 0 {
 		raw = rawData[len(rawData)-1]
@@ -136,50 +165,30 @@ func (o *PutObjectLegalHoldParams) bindBucketName(rawData []string, hasKey bool,
 
 	// Required: true
 	// Parameter is provided by construction from the route
-
 	o.BucketName = raw
 
 	return nil
 }
 
-// bindPrefix binds and validates parameter Prefix from query.
-func (o *PutObjectLegalHoldParams) bindPrefix(rawData []string, hasKey bool, formats strfmt.Registry) error {
-	if !hasKey {
-		return errors.Required("prefix", "query", rawData)
-	}
+// bindBypass binds and validates parameter Bypass from query.
+func (o *DeleteMultipleObjectsParams) bindBypass(rawData []string, hasKey bool, formats strfmt.Registry) error {
 	var raw string
 	if len(rawData) > 0 {
 		raw = rawData[len(rawData)-1]
 	}
 
-	// Required: true
+	// Required: false
 	// AllowEmptyValue: false
-	if err := validate.RequiredString("prefix", "query", raw); err != nil {
-		return err
+
+	if raw == "" { // empty values pass all other validations
+		return nil
 	}
 
-	o.Prefix = raw
-
-	return nil
-}
-
-// bindVersionID binds and validates parameter VersionID from query.
-func (o *PutObjectLegalHoldParams) bindVersionID(rawData []string, hasKey bool, formats strfmt.Registry) error {
-	if !hasKey {
-		return errors.Required("version_id", "query", rawData)
-	}
-	var raw string
-	if len(rawData) > 0 {
-		raw = rawData[len(rawData)-1]
-	}
-
-	// Required: true
-	// AllowEmptyValue: false
-	if err := validate.RequiredString("version_id", "query", raw); err != nil {
-		return err
-	}
-
-	o.VersionID = raw
+	value, err := swag.ConvertBool(raw)
+	if err != nil {
+		return errors.InvalidType("bypass", "query", "bool", raw)
+	}
+	o.Bypass = &value
 
 	return nil
 }