Remove the client-side search that filtered already-loaded objects by
name. Replace it with a prefix input that is appended to the current
path prefix and passed directly to the S3 ListObjectsV2 API, so
filtering is performed server-side and works correctly across all pages.
Fixes#2091
Replace `encodeURIComponent()` with a custom `awsUriEncode()` that also
percent-encodes characters not in the SigV4 unreserved set.
This fixes invalid signatures for object keys or query values containing
those characters.
Fixes#2060.
encodeURIComponent encodes the trailing slash as %2F, producing a path
like /bucket/folder%2F. S3 servers (e.g. Ceph) reject this with a
SignatureDoesNotMatch error because the canonical URI used for signing
differs from what the server reconstructs.
encodeS3Key encodes each path segment individually, leaving slashes as
literal /, which is consistent with all other object-key operations in
the API client.
Fixes#2029
Refactor webui so that we have a template,
webui/web/js/config.js.tmpl, instead of the /api/gateways to
retrieve the gateways listing. This also restructures the
css theme into separate common files for easier maintenance.
The fifth parameter of request() is useAdminEndpoint (boolean), but
putBucketPolicy was passing a Content-Type header object instead.
This caused useAdminEndpoint to be truthy and contentType to default
to 'application/xml' instead of 'application/json'.
Fixed by passing false for useAdminEndpoint and 'application/json'
as the contentType argument.
Fixes#1928
The PutBucketObjectLockConfiguration now requires Content-MD5
header to match AWS behavior. This broke the GUI from being able
to set object lock configuration for a bucket.
This fix adds the Content-MD5 header to this request.
Implements a web interface for VersityGW with role-based access:
- Object explorer for all users to browse, upload, and download S3 objects
- Admin dashboard showing system overview and gateway status
- Admin-only user management for IAM user administration
- Admin-only bucket management for creating and configuring S3 buckets
- User authentication with automatic role-based page access
The web UI is disabled by default and only enabled with the --webui or
VGW_WEBUI_PORT env options that specify the listening address/port for
the web UI server. This preserves previous version behavior to not enable
any new ports/services unless opted in.
Login to the web UI login page with accesskey/secretkey credentials as
either user or admin account. UI functionality will auto detect login
role.
Regular users have access to the object explorer for managing files within
their accessible buckets. Admins additionally have access to user and bucket
management interfaces. The web UI is served on a separate port from the S3
server and integrates with existing S3 and Admin API endpoints.
All requests to the S3 and Admin services are signed by the browser and sent
directly to the S3/Admin service handlers. The login credentials are never
sent over the network for security purposes. This requires the S3/Admin
service to configure CORS Access-Control-Allow-Origin headers for these
requests.
