diff --git a/s3api/controllers/bucket-head.go b/s3api/controllers/bucket-head.go index f7e26cf..ed6696f 100644 --- a/s3api/controllers/bucket-head.go +++ b/s3api/controllers/bucket-head.go @@ -15,10 +15,13 @@ package controllers import ( + "errors" + "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/gofiber/fiber/v2" "github.com/versity/versitygw/auth" "github.com/versity/versitygw/s3api/utils" + "github.com/versity/versitygw/s3err" ) func (c S3ApiController) HeadBucket(ctx *fiber.Ctx) (*Response, error) { @@ -42,6 +45,9 @@ func (c S3ApiController) HeadBucket(ctx *fiber.Ctx) (*Response, error) { }) if err != nil { return &Response{ + Headers: map[string]*string{ + "x-amz-bucket-region": utils.GetStringPtr(region), + }, MetaOpts: &MetaOptions{ BucketOwner: parsedAcl.Owner, }, @@ -54,6 +60,17 @@ func (c S3ApiController) HeadBucket(ctx *fiber.Ctx) (*Response, error) { }) if err != nil { + if errors.Is(err, s3err.GetAPIError(s3err.ErrAccessDenied)) { + return &Response{ + // access denied for head object still returns region header + Headers: map[string]*string{ + "x-amz-bucket-region": utils.GetStringPtr(region), + }, + MetaOpts: &MetaOptions{ + BucketOwner: parsedAcl.Owner, + }, + }, err + } return &Response{ MetaOpts: &MetaOptions{ BucketOwner: parsedAcl.Owner, diff --git a/s3api/controllers/bucket-head_test.go b/s3api/controllers/bucket-head_test.go index 9338691..94ef6f6 100644 --- a/s3api/controllers/bucket-head_test.go +++ b/s3api/controllers/bucket-head_test.go @@ -48,6 +48,9 @@ func TestS3ApiController_HeadBucket(t *testing.T) { }, output: testOutput{ response: &Response{ + Headers: map[string]*string{ + "x-amz-bucket-region": utils.GetStringPtr(region), + }, MetaOpts: &MetaOptions{ BucketOwner: "root", }, diff --git a/s3api/middlewares/public-bucket.go b/s3api/middlewares/public-bucket.go index b3adcea..72da7d8 100644 --- a/s3api/middlewares/public-bucket.go +++ b/s3api/middlewares/public-bucket.go @@ -30,7 +30,7 @@ import ( // AuthorizePublicBucketAccess checks if the bucket grants public // access to anonymous requesters -func AuthorizePublicBucketAccess(be backend.Backend, s3action string, policyPermission auth.Action, permission auth.Permission, streamBody bool) fiber.Handler { +func AuthorizePublicBucketAccess(be backend.Backend, s3action string, policyPermission auth.Action, permission auth.Permission, region string, streamBody bool) fiber.Handler { return func(ctx *fiber.Ctx) error { // skip for authenticated requests if utils.IsPresignedURLAuth(ctx) || ctx.Get("Authorization") != "" { @@ -59,6 +59,11 @@ func AuthorizePublicBucketAccess(be backend.Backend, s3action string, policyPerm bucket, object := parsePath(ctx.Path()) err := auth.VerifyPublicAccess(ctx.Context(), be, policyPermission, permission, bucket, object) if err != nil { + if s3action == metrics.ActionHeadBucket { + // add the bucket region header for HeadBucket + // if anonymous access is denied + ctx.Response().Header.Add("x-amz-bucket-region", region) + } return err } diff --git a/s3api/router.go b/s3api/router.go index 27fd50a..40f7a54 100644 --- a/s3api/router.go +++ b/s3api/router.go @@ -94,7 +94,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ ctrl.ListBuckets, metrics.ActionListAllMyBuckets, services, - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListAllMyBuckets, "", auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListAllMyBuckets, "", auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), )) @@ -110,7 +110,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketTagging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketTagging, auth.PutBucketTaggingAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketTagging, auth.PutBucketTaggingAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -124,7 +124,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketOwnershipControls, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketOwnershipControls, auth.PutBucketOwnershipControlsAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketOwnershipControls, auth.PutBucketOwnershipControlsAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -138,7 +138,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketVersioning, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketVersioning, auth.PutBucketVersioningAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketVersioning, auth.PutBucketVersioningAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -152,7 +152,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutObjectLockConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectLockConfiguration, auth.PutBucketObjectLockConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectLockConfiguration, auth.PutBucketObjectLockConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -166,7 +166,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketCors, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketCors, auth.PutBucketCorsAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketCors, auth.PutBucketCorsAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -180,7 +180,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketPolicy, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketPolicy, auth.PutBucketPolicyAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketPolicy, auth.PutBucketPolicyAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -194,7 +194,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketAcl, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketAcl, auth.PutBucketAclAction, auth.PermissionWriteAcp, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketAcl, auth.PutBucketAclAction, auth.PermissionWriteAcp, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -208,7 +208,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketAnalyticsConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketAnalyticsConfiguration, auth.PutAnalyticsConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketAnalyticsConfiguration, auth.PutAnalyticsConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -222,7 +222,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketEncryption, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketEncryption, auth.PutEncryptionConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketEncryption, auth.PutEncryptionConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -236,7 +236,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketIntelligentTieringConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketIntelligentTieringConfiguration, auth.PutIntelligentTieringConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketIntelligentTieringConfiguration, auth.PutIntelligentTieringConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -250,7 +250,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketInventoryConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketInventoryConfiguration, auth.PutInventoryConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketInventoryConfiguration, auth.PutInventoryConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -264,7 +264,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketLifecycleConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketLifecycleConfiguration, auth.PutLifecycleConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketLifecycleConfiguration, auth.PutLifecycleConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -278,7 +278,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketLogging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketLogging, auth.PutBucketLoggingAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketLogging, auth.PutBucketLoggingAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -292,7 +292,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketRequestPayment, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketRequestPayment, auth.PutBucketRequestPaymentAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketRequestPayment, auth.PutBucketRequestPaymentAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -306,7 +306,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketMetricsConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketMetricsConfiguration, auth.PutMetricsConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketMetricsConfiguration, auth.PutMetricsConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -320,7 +320,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketReplication, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketReplication, auth.PutReplicationConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketReplication, auth.PutReplicationConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -334,7 +334,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutPublicAccessBlock, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutPublicAccessBlock, auth.PutBucketPublicAccessBlockAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutPublicAccessBlock, auth.PutBucketPublicAccessBlockAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -348,7 +348,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketNotificationConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketNotificationConfiguration, auth.PutBucketNotificationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketNotificationConfiguration, auth.PutBucketNotificationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -362,7 +362,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketAccelerateConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketAccelerateConfiguration, auth.PutAccelerateConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketAccelerateConfiguration, auth.PutAccelerateConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -376,7 +376,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutBucketWebsite, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketWebsite, auth.PutBucketWebsiteAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutBucketWebsite, auth.PutBucketWebsiteAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -389,7 +389,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionCreateBucket, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCreateBucket, auth.CreateBucketAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCreateBucket, auth.CreateBucketAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -404,7 +404,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ services, middlewares.ApplyBucketCORS(be), middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionHeadBucket, auth.ListBucketAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionHeadBucket, auth.ListBucketAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -419,7 +419,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketTagging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketTagging, auth.PutBucketTaggingAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketTagging, auth.PutBucketTaggingAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -432,7 +432,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketOwnershipControls, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketOwnershipControls, auth.PutBucketOwnershipControlsAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketOwnershipControls, auth.PutBucketOwnershipControlsAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -445,7 +445,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketPolicy, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketPolicy, auth.PutBucketPolicyAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketPolicy, auth.PutBucketPolicyAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -458,7 +458,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketCors, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketCors, auth.PutBucketCorsAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketCors, auth.PutBucketCorsAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -471,7 +471,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketAnalyticsConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketAnalyticsConfiguration, auth.PutAnalyticsConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketAnalyticsConfiguration, auth.PutAnalyticsConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -484,7 +484,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketEncryption, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketEncryption, auth.PutEncryptionConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketEncryption, auth.PutEncryptionConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -497,7 +497,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketIntelligentTieringConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketIntelligentTieringConfiguration, auth.PutIntelligentTieringConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketIntelligentTieringConfiguration, auth.PutIntelligentTieringConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -510,7 +510,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketInventoryConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketInventoryConfiguration, auth.PutInventoryConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketInventoryConfiguration, auth.PutInventoryConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -523,7 +523,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketLifecycle, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketLifecycle, auth.PutLifecycleConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketLifecycle, auth.PutLifecycleConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -536,7 +536,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketMetricsConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketMetricsConfiguration, auth.PutMetricsConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketMetricsConfiguration, auth.PutMetricsConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -549,7 +549,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketReplication, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketReplication, auth.PutReplicationConfigurationAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketReplication, auth.PutReplicationConfigurationAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -562,7 +562,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeletePublicAccessBlock, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeletePublicAccessBlock, auth.PutBucketPublicAccessBlockAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeletePublicAccessBlock, auth.PutBucketPublicAccessBlockAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -575,7 +575,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucketWebsite, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketWebsite, auth.PutBucketWebsiteAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucketWebsite, auth.PutBucketWebsiteAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -587,7 +587,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteBucket, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucket, auth.DeleteBucketAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteBucket, auth.DeleteBucketAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -602,7 +602,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketLocation, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketLocation, auth.GetBucketLocationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketLocation, auth.GetBucketLocationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -616,7 +616,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketTagging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketTagging, auth.GetBucketTaggingAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketTagging, auth.GetBucketTaggingAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -629,7 +629,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketOwnershipControls, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketOwnershipControls, auth.GetBucketOwnershipControlsAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketOwnershipControls, auth.GetBucketOwnershipControlsAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -642,7 +642,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketVersioning, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketVersioning, auth.GetBucketVersioningAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketVersioning, auth.GetBucketVersioningAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -655,7 +655,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketPolicy, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketPolicy, auth.GetBucketPolicyAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketPolicy, auth.GetBucketPolicyAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -668,7 +668,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketCors, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketCors, auth.GetBucketCorsAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketCors, auth.GetBucketCorsAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -681,7 +681,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetObjectLockConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectLockConfiguration, auth.GetBucketObjectLockConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectLockConfiguration, auth.GetBucketObjectLockConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -694,7 +694,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketAcl, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketAcl, auth.GetBucketAclAction, auth.PermissionReadAcp, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketAcl, auth.GetBucketAclAction, auth.PermissionReadAcp, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -707,7 +707,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListMultipartUploads, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListMultipartUploads, auth.ListBucketMultipartUploadsAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListMultipartUploads, auth.ListBucketMultipartUploadsAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -720,7 +720,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListObjectVersions, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjectVersions, auth.ListBucketVersionsAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjectVersions, auth.ListBucketVersionsAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -733,7 +733,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketPolicyStatus, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketPolicyStatus, auth.GetBucketPolicyStatusAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketPolicyStatus, auth.GetBucketPolicyStatusAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -746,7 +746,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketAnalyticsConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketAnalyticsConfiguration, auth.GetAnalyticsConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketAnalyticsConfiguration, auth.GetAnalyticsConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -759,7 +759,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListBucketAnalyticsConfigurations, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketAnalyticsConfigurations, auth.GetAnalyticsConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketAnalyticsConfigurations, auth.GetAnalyticsConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -772,7 +772,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketEncryption, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketEncryption, auth.GetEncryptionConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketEncryption, auth.GetEncryptionConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -785,7 +785,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketIntelligentTieringConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketIntelligentTieringConfiguration, auth.GetIntelligentTieringConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketIntelligentTieringConfiguration, auth.GetIntelligentTieringConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -798,7 +798,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListBucketIntelligentTieringConfigurations, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketIntelligentTieringConfigurations, auth.GetIntelligentTieringConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketIntelligentTieringConfigurations, auth.GetIntelligentTieringConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -811,7 +811,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketInventoryConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketInventoryConfiguration, auth.GetInventoryConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketInventoryConfiguration, auth.GetInventoryConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -824,7 +824,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListBucketInventoryConfigurations, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketInventoryConfigurations, auth.GetInventoryConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketInventoryConfigurations, auth.GetInventoryConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -837,7 +837,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketLifecycleConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketLifecycleConfiguration, auth.GetLifecycleConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketLifecycleConfiguration, auth.GetLifecycleConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -850,7 +850,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketLogging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketLogging, auth.GetBucketLoggingAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketLogging, auth.GetBucketLoggingAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -863,7 +863,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketRequestPayment, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketRequestPayment, auth.GetBucketRequestPaymentAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketRequestPayment, auth.GetBucketRequestPaymentAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -876,7 +876,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketMetricsConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketMetricsConfiguration, auth.GetMetricsConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketMetricsConfiguration, auth.GetMetricsConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -889,7 +889,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListBucketMetricsConfigurations, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketMetricsConfigurations, auth.GetMetricsConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListBucketMetricsConfigurations, auth.GetMetricsConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -902,7 +902,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketReplication, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketReplication, auth.GetReplicationConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketReplication, auth.GetReplicationConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -915,7 +915,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetPublicAccessBlock, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetPublicAccessBlock, auth.GetBucketPublicAccessBlockAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetPublicAccessBlock, auth.GetBucketPublicAccessBlockAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -928,7 +928,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketNotificationConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketNotificationConfiguration, auth.GetBucketNotificationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketNotificationConfiguration, auth.GetBucketNotificationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -941,7 +941,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketAccelerateConfiguration, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketAccelerateConfiguration, auth.GetAccelerateConfigurationAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketAccelerateConfiguration, auth.GetAccelerateConfigurationAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -954,7 +954,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetBucketWebsite, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketWebsite, auth.GetBucketWebsiteAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetBucketWebsite, auth.GetBucketWebsiteAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ParseAcl(be), @@ -967,7 +967,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListObjectsV2, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjectsV2, auth.ListBucketAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjectsV2, auth.ListBucketAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -979,7 +979,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListObjects, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjects, auth.ListBucketAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListObjects, auth.ListBucketAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -994,7 +994,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteObjects, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObjects, auth.DeleteObjectAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObjects, auth.DeleteObjectAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -1009,7 +1009,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionHeadObject, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionHeadObject, auth.GetObjectAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionHeadObject, auth.GetObjectAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1024,7 +1024,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetObjectTagging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectTagging, auth.GetObjectTaggingAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectTagging, auth.GetObjectTaggingAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1037,7 +1037,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetObjectRetention, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectRetention, auth.GetObjectRetentionAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectRetention, auth.GetObjectRetentionAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1050,7 +1050,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetObjectLegalHold, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectLegalHold, auth.GetObjectLegalHoldAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectLegalHold, auth.GetObjectLegalHoldAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1063,7 +1063,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetObjectAcl, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectAcl, auth.GetObjectAclAction, auth.PermissionReadAcp, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectAcl, auth.GetObjectAclAction, auth.PermissionReadAcp, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1076,7 +1076,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetObjectAttributes, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectAttributes, auth.GetObjectAttributesAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObjectAttributes, auth.GetObjectAttributesAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1089,7 +1089,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionListParts, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListParts, auth.ListMultipartUploadPartsAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionListParts, auth.ListMultipartUploadPartsAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1101,7 +1101,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionGetObject, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObject, auth.GetObjectAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionGetObject, auth.GetObjectAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1116,7 +1116,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteObjectTagging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObjectTagging, auth.DeleteObjectTaggingAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObjectTagging, auth.DeleteObjectTaggingAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1129,7 +1129,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionAbortMultipartUpload, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionAbortMultipartUpload, auth.AbortMultipartUploadAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionAbortMultipartUpload, auth.AbortMultipartUploadAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1141,7 +1141,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionDeleteObject, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObject, auth.DeleteObjectAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionDeleteObject, auth.DeleteObjectAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1155,7 +1155,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionRestoreObject, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionRestoreObject, auth.RestoreObjectAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionRestoreObject, auth.RestoreObjectAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -1170,7 +1170,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionSelectObjectContent, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionSelectObjectContent, auth.GetObjectAction, auth.PermissionRead, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionSelectObjectContent, auth.GetObjectAction, auth.PermissionRead, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -1184,7 +1184,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionCompleteMultipartUpload, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCompleteMultipartUpload, auth.PutObjectAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCompleteMultipartUpload, auth.PutObjectAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1197,7 +1197,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionCreateMultipartUpload, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCreateMultipartUpload, auth.PutObjectAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCreateMultipartUpload, auth.PutObjectAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1212,7 +1212,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutObjectTagging, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectTagging, auth.PutObjectTaggingAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectTagging, auth.PutObjectTaggingAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -1226,7 +1226,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutObjectRetention, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectRetention, auth.PutObjectRetentionAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectRetention, auth.PutObjectRetentionAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -1240,7 +1240,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutObjectLegalHold, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectLegalHold, auth.PutObjectLegalHoldAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectLegalHold, auth.PutObjectLegalHoldAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -1254,7 +1254,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutObjectAcl, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectAcl, auth.PutObjectAclAction, auth.PermissionWriteAcp, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObjectAcl, auth.PutObjectAclAction, auth.PermissionWriteAcp, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.VerifyMD5Body(false), @@ -1269,7 +1269,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionUploadPartCopy, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionUploadPartCopy, auth.PutObjectAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionUploadPartCopy, auth.PutObjectAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1282,7 +1282,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionUploadPart, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionUploadPart, auth.PutObjectAction, auth.PermissionWrite, true), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionUploadPart, auth.PutObjectAction, auth.PermissionWrite, region, true), middlewares.VerifyPresignedV4Signature(root, iam, region, true), middlewares.VerifyV4Signature(root, iam, region, true), middlewares.VerifyMD5Body(true), @@ -1308,7 +1308,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionCopyObject, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCopyObject, auth.PutObjectAction, auth.PermissionWrite, false), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionCopyObject, auth.PutObjectAction, auth.PermissionWrite, region, false), middlewares.VerifyPresignedV4Signature(root, iam, region, false), middlewares.VerifyV4Signature(root, iam, region, false), middlewares.ApplyBucketCORS(be), @@ -1320,7 +1320,7 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ metrics.ActionPutObject, services, middlewares.BucketObjectNameValidator(), - middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObject, auth.PutObjectAction, auth.PermissionWrite, true), + middlewares.AuthorizePublicBucketAccess(be, metrics.ActionPutObject, auth.PutObjectAction, auth.PermissionWrite, region, true), middlewares.VerifyPresignedV4Signature(root, iam, region, true), middlewares.VerifyV4Signature(root, iam, region, true), middlewares.VerifyMD5Body(true),