mirror of
https://github.com/versity/versitygw.git
synced 2026-01-08 12:41:10 +00:00
fix: adds error routes to reject x-amz-copy-source for GET, POST, HEAD, DELETErequests
Fixes #1612 `x-amz-copy-source` is rejected with an **InvalidArgument** error in S3 for all HTTP methods other than **PUT** (i.e., **GET**, **POST**, **HEAD**, and **DELETE**). For **POST** requests, the behavior is slightly different: the error is returned only when the **uploadId** query parameter is present; otherwise, **MethodNotAllowed** is returned. This behavior applies to both bucket-level and object-level operations.
This commit is contained in:
niksis02
@@ -89,6 +89,12 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
}
|
||||
|
||||
// ListBuckets action
|
||||
|
||||
// copy source is not allowed on '/'
|
||||
app.Get("/", middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
app.Get("/",
|
||||
controllers.ProcessHandlers(
|
||||
ctrl.ListBuckets,
|
||||
@@ -384,6 +390,12 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
))
|
||||
|
||||
// HeadBucket action
|
||||
|
||||
// copy source is not allowed on bucket HEAD operation
|
||||
bucketRouter.Head("/", middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
bucketRouter.Head("",
|
||||
controllers.ProcessHandlers(
|
||||
ctrl.HeadBucket,
|
||||
@@ -399,6 +411,12 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
))
|
||||
|
||||
// DELETE bucket operations
|
||||
|
||||
// copy source is not allowed on bucket DELETE operation
|
||||
bucketRouter.Delete("/", middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
bucketRouter.Delete("",
|
||||
middlewares.MatchQueryArgs("tagging"),
|
||||
controllers.ProcessHandlers(
|
||||
@@ -582,6 +600,12 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
))
|
||||
|
||||
// GET bucket operations
|
||||
|
||||
// copy source is not allowed on bucket GET operation
|
||||
bucketRouter.Get("/", middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
bucketRouter.Get("",
|
||||
middlewares.MatchQueryArgs("location"),
|
||||
controllers.ProcessHandlers(
|
||||
@@ -973,6 +997,13 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
middlewares.ParseAcl(be),
|
||||
))
|
||||
|
||||
// bucket POST operation is not allowed with uploadId and copy source
|
||||
bucketRouter.Post("/",
|
||||
middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
middlewares.MatchQueryArgs("uploadId"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
// DeleteObjects action
|
||||
bucketRouter.Post("",
|
||||
middlewares.MatchQueryArgs("delete"),
|
||||
@@ -989,6 +1020,12 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
middlewares.ParseAcl(be),
|
||||
))
|
||||
|
||||
// object HEAD operation is not allowed with copy source
|
||||
objectRouter.Head("/",
|
||||
middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
// HeadObject
|
||||
objectRouter.Head("",
|
||||
controllers.ProcessHandlers(
|
||||
@@ -1011,6 +1048,12 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrGetUploadsWithKey)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
// object GET operation is not allowed with copy source
|
||||
objectRouter.Get("/",
|
||||
middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
objectRouter.Get("",
|
||||
middlewares.MatchQueryArgs("tagging"),
|
||||
controllers.ProcessHandlers(
|
||||
@@ -1103,6 +1146,13 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
))
|
||||
|
||||
// DELETE object operations
|
||||
|
||||
// object DELETE operation is not allowed with copy source
|
||||
objectRouter.Delete("/",
|
||||
middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
objectRouter.Delete("",
|
||||
middlewares.MatchQueryArgs("tagging"),
|
||||
controllers.ProcessHandlers(
|
||||
@@ -1142,6 +1192,15 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
|
||||
middlewares.ParseAcl(be),
|
||||
))
|
||||
|
||||
// object POST operations
|
||||
|
||||
// object POST operation is not allowed with copy source and uploadId
|
||||
objectRouter.Post("/",
|
||||
middlewares.MatchHeader("X-Amz-Copy-Source"),
|
||||
middlewares.MatchQueryArgs("uploadId"),
|
||||
controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrCopySourceNotAllowed)), metrics.ActionUndetected, services),
|
||||
)
|
||||
|
||||
objectRouter.Post("",
|
||||
middlewares.MatchQueryArgs("restore"),
|
||||
controllers.ProcessHandlers(
|
||||
|
||||
Reference in New Issue
Block a user