feat: implements integration tests for the new advanced router

2026-01-08 12:41:10 +00:00 · 2025-07-18 01:21:50 +04:00
parent 394675a5a8
commit dc16c0448f
15 changed files with 289 additions and 122 deletions
--- a/s3api/controllers/admin.go
+++ b/s3api/controllers/admin.go
@@ -15,13 +15,10 @@
 package controllers

 import (
-	"encoding/json"
 	"encoding/xml"
-	"fmt"
 	"net/http"
 	"strings"

-	"github.com/aws/aws-sdk-go-v2/service/s3/types"
 	"github.com/gofiber/fiber/v2"
 	"github.com/versity/versitygw/auth"
 	"github.com/versity/versitygw/backend"
@@ -149,25 +146,7 @@ func (c AdminController) ChangeBucketOwner(ctx *fiber.Ctx) (*Response, error) {
 		}, s3err.GetAPIError(s3err.ErrAdminUserNotFound)
 	}

-	acl := auth.ACL{
-		Owner: owner,
-		Grantees: []auth.Grantee{
-			{
-				Permission: auth.PermissionFullControl,
-				Access:     owner,
-				Type:       types.TypeCanonicalUser,
-			},
-		},
-	}
-
-	aclParsed, err := json.Marshal(acl)
-	if err != nil {
-		return &Response{
-			MetaOpts: &MetaOptions{},
-		}, fmt.Errorf("failed to marshal the bucket acl: %w", err)
-	}
-
-	err = c.be.ChangeBucketOwner(ctx.Context(), bucket, aclParsed)
+	err = c.be.ChangeBucketOwner(ctx.Context(), bucket, owner)
 	return &Response{
 		MetaOpts: &MetaOptions{},
 	}, err
--- a/s3api/controllers/admin_test.go
+++ b/s3api/controllers/admin_test.go
@@ -490,7 +490,7 @@ func TestAdminController_ChangeBucketOwner(t *testing.T) {
 				},
 			}
 			be := &BackendMock{
-				ChangeBucketOwnerFunc: func(contextMoqParam context.Context, bucket string, acl []byte) error {
+				ChangeBucketOwnerFunc: func(contextMoqParam context.Context, bucket, owner string) error {
 					return tt.input.beErr
 				},
 			}
--- a/s3api/controllers/base.go
+++ b/s3api/controllers/base.go
@@ -69,8 +69,10 @@ func New(be backend.Backend, iam auth.IAMService, logger s3log.AuditLogger, evs
 }

 // Returns MethodNotAllowed for unmatched routes
-func (c S3ApiController) HandleUnmatch(ctx *fiber.Ctx) (*Response, error) {
-	return &Response{}, s3err.GetAPIError(s3err.ErrMethodNotAllowed)
+func (c S3ApiController) HandleErrorRoute(err error) Controller {
+	return func(ctx *fiber.Ctx) (*Response, error) {
+		return &Response{}, err
+	}
 }

 // MetaOptions holds the metadata for metrics, audit logs and s3 events
--- a/s3api/controllers/base_test.go
+++ b/s3api/controllers/base_test.go
@@ -201,27 +201,30 @@ func TestNew(t *testing.T) {
 	}
 }

-func TestS3ApiController_HandleUnmatch(t *testing.T) {
+func TestS3ApiController_HandleErrorRoute(t *testing.T) {
 	tests := []struct {
 		name   string
 		input  testInput
 		output testOutput
 	}{
 		{
-			name: "return method not allowed",
+			name: "should return the passed error",
+			input: testInput{
+				extraMockErr: s3err.GetAPIError(s3err.ErrAnonymousCreateMp),
+			},
 			output: testOutput{
 				response: &Response{},
-				err:      s3err.GetAPIError(s3err.ErrMethodNotAllowed),
+				err:      s3err.GetAPIError(s3err.ErrAnonymousCreateMp),
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctrl := S3ApiController{}
-
+			s3Ctrl := S3ApiController{}
+			ctrl := s3Ctrl.HandleErrorRoute(tt.input.extraMockErr)
 			testController(
 				t,
-				ctrl.HandleUnmatch,
+				ctrl,
 				tt.output.response,
 				tt.output.err,
 				ctxInputs{})
--- a/s3api/controllers/object-put.go
+++ b/s3api/controllers/object-put.go
@@ -15,6 +15,7 @@
 package controllers

 import (
+	"bytes"
 	"encoding/xml"
 	"fmt"
 	"io"
@@ -266,7 +267,7 @@ func (c S3ApiController) UploadPart(ctx *fiber.Ctx) (*Response, error) {
 	if bodyi != nil {
 		body = bodyi.(io.Reader)
 	} else {
-		body = ctx.Request().BodyStream()
+		body = bytes.NewReader([]byte{})
 	}

 	res, err := c.be.UploadPart(ctx.Context(),
@@ -690,7 +691,7 @@ func (c S3ApiController) PutObject(ctx *fiber.Ctx) (*Response, error) {
 	if bodyi != nil {
 		body = bodyi.(io.Reader)
 	} else {
-		body = ctx.Request().BodyStream()
+		body = bytes.NewReader([]byte{})
 	}

 	res, err := c.be.PutObject(ctx.Context(),
--- a/s3api/middlewares/bucket-object-name-validator.go
+++ b/s3api/middlewares/bucket-object-name-validator.go
@@ -15,44 +15,28 @@
 package middlewares

 import (
-	"net/http"
-
 	"github.com/gofiber/fiber/v2"
-	"github.com/versity/versitygw/metrics"
 	"github.com/versity/versitygw/s3api/utils"
 	"github.com/versity/versitygw/s3err"
-	"github.com/versity/versitygw/s3log"
 )

 // BucketObjectNameValidator extracts and validates
 // the bucket and object names from the request URI.
-func BucketObjectNameValidator(l s3log.AuditLogger, mm *metrics.Manager) fiber.Handler {
+func BucketObjectNameValidator() fiber.Handler {
 	return func(ctx *fiber.Ctx) error {
-		// skip the check for admin apis
-		if ctx.Method() == http.MethodPatch {
-			return ctx.Next()
-		}
-
-		path := ctx.Path()
-		// skip the check if the operation isn't bucket/object scoped
-		// e.g ListBuckets
-		if path == "/" {
-			return ctx.Next()
-		}
-
-		bucket, object := parsePath(path)
+		bucket, object := parsePath(ctx.Path())

 		// check if the provided bucket name is valid
 		if !utils.IsValidBucketName(bucket) {
-			return sendResponse(ctx, s3err.GetAPIError(s3err.ErrInvalidBucketName), l, mm)
+			return s3err.GetAPIError(s3err.ErrInvalidBucketName)
 		}

 		// check if the provided object name is valid
 		// skip for empty objects: e.g bucket operations: HeadBucket...
 		if object != "" && !utils.IsObjectNameValid(object) {
-			return sendResponse(ctx, s3err.GetAPIError(s3err.ErrBadRequest), l, mm)
+			return s3err.GetAPIError(s3err.ErrBadRequest)
 		}

-		return ctx.Next()
+		return nil
 	}
 }
--- a/s3api/middlewares/public-bucket.go
+++ b/s3api/middlewares/public-bucket.go
@@ -76,26 +76,10 @@ func AuthorizePublicBucketAccess(be backend.Backend, s3action string, policyPerm
 				if err != nil {
 					return err
 				}
+			} else {
+				utils.ContextKeyBodyReader.Set(ctx, ctx.Request().BodyStream())
 			}
-		}

-		if utils.IsBigDataAction(ctx) {
-			payloadType := ctx.Get("X-Amz-Content-Sha256")
-			if utils.IsUnsignedStreamingPayload(payloadType) {
-				checksumType, err := utils.ExtractChecksumType(ctx)
-				if err != nil {
-					return err
-				}
-
-				wrapBodyReader(ctx, func(r io.Reader) io.Reader {
-					var cr io.Reader
-					cr, err = utils.NewUnsignedChunkReader(r, checksumType)
-					return cr
-				})
-				if err != nil {
-					return err
-				}
-			}
 		}

 		utils.ContextKeyPublicBucket.Set(ctx, true)
--- a/s3api/router.go
+++ b/s3api/router.go
@@ -21,6 +21,7 @@ import (
 	"github.com/versity/versitygw/metrics"
 	"github.com/versity/versitygw/s3api/controllers"
 	"github.com/versity/versitygw/s3api/middlewares"
+	"github.com/versity/versitygw/s3err"
 	"github.com/versity/versitygw/s3event"
 	"github.com/versity/versitygw/s3log"
 )
@@ -109,6 +110,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutBucketTagging,
 			metrics.ActionPutBucketTagging,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketTagging, auth.PutBucketTaggingAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -121,6 +123,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutBucketOwnershipControls,
 			metrics.ActionPutBucketOwnershipControls,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketOwnershipControls, auth.PutBucketOwnershipControlsAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -133,6 +136,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutBucketVersioning,
 			metrics.ActionPutBucketVersioning,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketVersioning, auth.PutBucketVersioningAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -145,6 +149,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutObjectLockConfiguration,
 			metrics.ActionPutObjectLockConfiguration,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectLockConfiguration, auth.PutBucketObjectLockConfigurationAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -157,6 +162,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutBucketCors,
 			metrics.ActionPutBucketCors,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketCors, auth.PutBucketCorsAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -169,6 +175,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutBucketPolicy,
 			metrics.ActionPutBucketPolicy,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketPolicy, auth.PutBucketPolicyAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -181,6 +188,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutBucketAcl,
 			metrics.ActionPutBucketAcl,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketAcl, auth.PutBucketAclAction, auth.PermissionWriteAcp),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -192,6 +200,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.CreateBucket,
 			metrics.ActionCreateBucket,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCreateBucket, auth.CreateBucketAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -204,6 +213,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.HeadBucket,
 			metrics.ActionHeadBucket,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionHeadBucket, auth.ListBucketAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -218,6 +228,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteBucketTagging,
 			metrics.ActionDeleteBucketTagging,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketTagging, auth.PutBucketTaggingAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -230,6 +241,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteBucketOwnershipControls,
 			metrics.ActionDeleteBucketOwnershipControls,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketOwnershipControls, auth.PutBucketOwnershipControlsAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -242,6 +254,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteBucketPolicy,
 			metrics.ActionDeleteBucketPolicy,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketPolicy, auth.PutBucketPolicyAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -254,6 +267,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteBucketCors,
 			metrics.ActionDeleteBucketCors,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketCors, auth.PutBucketCorsAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -265,6 +279,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteBucket,
 			metrics.ActionDeleteBucket,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucket, auth.DeleteBucketAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -279,6 +294,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetBucketTagging,
 			metrics.ActionGetBucketTagging,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketTagging, auth.GetBucketTaggingAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -291,6 +307,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetBucketOwnershipControls,
 			metrics.ActionGetBucketOwnershipControls,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketOwnershipControls, auth.GetBucketOwnershipControlsAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -303,6 +320,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetBucketVersioning,
 			metrics.ActionGetBucketVersioning,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketVersioning, auth.GetBucketVersioningAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -315,6 +333,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetBucketPolicy,
 			metrics.ActionGetBucketPolicy,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketPolicy, auth.GetBucketPolicyAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -327,6 +346,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetBucketCors,
 			metrics.ActionGetBucketCors,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketCors, auth.GetBucketCorsAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -339,6 +359,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetObjectLockConfiguration,
 			metrics.ActionGetObjectLockConfiguration,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectLockConfiguration, auth.GetBucketObjectLockConfigurationAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -351,6 +372,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetBucketAcl,
 			metrics.ActionGetBucketAcl,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketAcl, auth.GetBucketAclAction, auth.PermissionReadAcp),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -363,6 +385,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.ListMultipartUploads,
 			metrics.ActionListMultipartUploads,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListMultipartUploads, auth.ListBucketMultipartUploadsAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -375,6 +398,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.ListObjectVersions,
 			metrics.ActionListObjectVersions,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjectVersions, auth.ListBucketVersionsAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -387,6 +411,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.ListObjectsV2,
 			metrics.ActionListObjectsV2,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjectsV2, auth.ListBucketAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -398,6 +423,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.ListObjects,
 			metrics.ActionListObjects,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjects, auth.ListBucketAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -412,6 +438,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteObjects,
 			metrics.ActionDeleteObjects,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObjects, auth.DeleteObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -425,6 +452,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.HeadObject,
 			metrics.ActionHeadObject,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionHeadObject, auth.GetObjectAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -439,6 +467,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetObjectTagging,
 			metrics.ActionGetObjectTagging,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectTagging, auth.GetObjectTaggingAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -451,6 +480,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetObjectRetention,
 			metrics.ActionGetObjectRetention,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectRetention, auth.GetObjectRetentionAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -463,6 +493,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetObjectLegalHold,
 			metrics.ActionGetObjectLegalHold,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectLegalHold, auth.GetObjectLegalHoldAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -475,6 +506,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetObjectAcl,
 			metrics.ActionGetObjectAcl,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectAcl, auth.GetObjectAclAction, auth.PermissionReadAcp),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -487,6 +519,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetObjectAttributes,
 			metrics.ActionGetObjectAttributes,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectAttributes, auth.GetObjectAttributesAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -499,6 +532,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.ListParts,
 			metrics.ActionListParts,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListParts, auth.ListMultipartUploadPartsAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -510,6 +544,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.GetObject,
 			metrics.ActionGetObject,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObject, auth.GetObjectAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -524,6 +559,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteObjectTagging,
 			metrics.ActionDeleteObjectTagging,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObjectTagging, auth.DeleteObjectTaggingAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -536,6 +572,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.AbortMultipartUpload,
 			metrics.ActionAbortMultipartUpload,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionAbortMultipartUpload, auth.AbortMultipartUploadAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -547,6 +584,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.DeleteObject,
 			metrics.ActionDeleteObject,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObject, auth.DeleteObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -560,6 +598,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.RestoreObject,
 			metrics.ActionRestoreObject,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionRestoreObject, auth.RestoreObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -573,6 +612,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.SelectObjectContent,
 			metrics.ActionSelectObjectContent,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionSelectObjectContent, auth.GetObjectAction, auth.PermissionRead),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -585,6 +625,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.CompleteMultipartUpload,
 			metrics.ActionCompleteMultipartUpload,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCompleteMultipartUpload, auth.PutObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -597,6 +638,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.CreateMultipartUpload,
 			metrics.ActionCreateMultipartUpload,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCreateMultipartUpload, auth.PutObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -611,6 +653,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutObjectTagging,
 			metrics.ActionPutObjectTagging,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectTagging, auth.PutObjectTaggingAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -623,6 +666,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutObjectRetention,
 			metrics.ActionPutObjectRetention,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectRetention, auth.PutObjectRetentionAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -635,6 +679,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutObjectLegalHold,
 			metrics.ActionPutObjectLegalHold,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectLegalHold, auth.PutObjectLegalHoldAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -647,6 +692,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutObjectAcl,
 			metrics.ActionPutObjectAcl,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectAcl, auth.PutObjectAclAction, auth.PermissionWriteAcp),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -660,6 +706,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.UploadPartCopy,
 			metrics.ActionUploadPartCopy,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionUploadPartCopy, auth.PutObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -672,18 +719,32 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.UploadPart,
 			metrics.ActionUploadPart,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionUploadPart, auth.PutObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
 			middlewares.VerifyMD5Body(),
 			middlewares.ParseAcl(be),
 		))
+
+	// return error if partNumber is used without uploadId
+	objectRouter.Put("",
+		middlewares.MatchQueryArgs("partNumber"),
+		controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrMissingUploadId)), metrics.ActionUndetected, services))
+
+	// return 'MethodNotAllowed' if uploadId is provided without partNumber
+	// before the router reaches to 'PutObject'
+	objectRouter.Put("",
+		middlewares.MatchQueryArgs("uploadId"),
+		controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrMethodNotAllowed)), metrics.ActionUndetected, services))
+
 	objectRouter.Put("",
 		middlewares.MatchHeader("X-Amz-Copy-Source"),
 		controllers.ProcessHandlers(
 			ctrl.CopyObject,
 			metrics.ActionCopyObject,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCopyObject, auth.PutObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -695,6 +756,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 			ctrl.PutObject,
 			metrics.ActionPutObject,
 			services,
+			middlewares.BucketObjectNameValidator(),
 			middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObject, auth.PutObjectAction, auth.PermissionWrite),
 			middlewares.VerifyPresignedV4Signature(root, iam, region, debug),
 			middlewares.VerifyV4Signature(root, iam, region, debug),
@@ -703,5 +765,5 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ
 		))

 	// Return MethodNotAllowed for all the unmatched routes
-	app.All("*", controllers.ProcessHandlers(ctrl.HandleUnmatch, metrics.ActionUndetected, services))
+	app.All("*", controllers.ProcessHandlers(ctrl.HandleErrorRoute(s3err.GetAPIError(s3err.ErrMethodNotAllowed)), metrics.ActionUndetected, services))
 }
--- a/s3api/server.go
+++ b/s3api/server.go
@@ -95,19 +95,7 @@ func New(
 		app.Use(middlewares.DebugLogger())
 	}

-	// initialize the bucket/object name validator
-	app.Use(middlewares.BucketObjectNameValidator(l, mm))
-
-	// Public buckets access checker
-	app.Use(middlewares.AuthorizePublicBucketAccess(be, l, mm))
-
-	// Authentication middlewares
-	app.Use(middlewares.VerifyPresignedV4Signature(root, iam, l, mm, region, server.debug))
-	app.Use(middlewares.VerifyV4Signature(root, iam, l, mm, region, server.debug))
-	app.Use(middlewares.VerifyMD5Body(l))
-	app.Use(middlewares.AclParser(be, l, server.readonly))
-
-	server.router.Init(app, be, iam, l, adminLogger, evs, mm, server.debug, server.readonly)
+	server.router.Init(app, be, iam, l, adminLogger, evs, mm, server.debug, server.readonly, region, root)

 	return server, nil
 }