Commit Graph

19 Commits

Author SHA1 Message Date
Marc Singer 375c2764d5 Add website integration tests and remove NotImplemented stubs
Replace PutBucketWebsite, GetBucketWebsite, DeleteBucketWebsite
NotImplemented test stubs with comprehensive integration tests covering:
- non-existing bucket errors
- validation (empty suffix, suffix with slash, invalid protocol, mutual
  exclusion of RedirectAllRequestsTo and IndexDocument)
- successful put/get round-trips for both index+error and redirect-all configs
- delete idempotency and verification

Signed-off-by: Marc Singer <marc@singer.gg>

Add error document serving, routing rules, and integration tests

Implement Features 1 and 2 of S3 static website hosting:

- WebsiteErrorDocument controller wrapper intercepts 4xx errors on
  website-enabled buckets and serves the configured error document or
  evaluates post-request routing rules (error code match redirects)
- ResolveWebsiteIndex middleware now caches parsed WebsiteConfiguration
  in context, handles RedirectAllRequestsTo, evaluates pre-request
  routing rules (key prefix match redirects), and rewrites directory
  keys for index document
- MatchPreRequestRule and MatchPostRequestRule methods on
  WebsiteConfiguration for routing rule evaluation
- 14 unit tests for routing rule matching
- 7 integration tests covering error document, routing rules,
  redirect-all, and index document behavior

Signed-off-by: Marc Singer <marc@singer.gg>

Add separate website hosting endpoint with virtual-host routing

Signed-off-by: Marc Singer <marc@singer.gg>

Support catch-all mode for website endpoint when --website-domain is omitted

Signed-off-by: Marc Singer <marc@singer.gg>
2026-06-10 12:41:51 +04:00
Ben McClelland d498d48497 fix: replace misleading webui CORS error toast with generic network error message
Browsers throw an opaque TypeError for all network-level failures — CORS
policy violations, TLS/certificate rejections (e.g. self-signed certs), DNS
failures, and unreachable hosts — with no way to distinguish between them.
Asserting "CORS blocked" on every TypeError caused users to chase a CORS
misconfiguration when the real problem was an untrusted certificate or
unreachable gateway. The error message now lists some plausible causes so users
have possible diagnostics regardless of the actual failure mode.

Fixes #2143
2026-05-29 21:10:22 -07:00
Ben McClelland a5fc7c1ee5 fix: decode URL hash in webui before parsing bucket/prefix
window.location.hash returns the hash percent-encoded by the browser,
so a prefix like "X Y/" is read back as "X%20Y/" (literal %20).
Without decoding, all subsequent operations (list, upload, create
folder) used the encoded string, causing the server to look
for a directory named "X%20Y/" instead of "X Y/" — resulting in empty
listings and uploads landing in a newly created "X%20Y/" directory.

Fix by calling decodeURIComponent() on the hash before splitting into
bucket and prefix parts.

Fixes #2098
2026-05-12 19:45:31 -07:00
Ben McClelland cb609e40a6 feat: replace webui client-side name filter with server-side prefix filter
Remove the client-side search that filtered already-loaded objects by
name. Replace it with a prefix input that is appended to the current
path prefix and passed directly to the S3 ListObjectsV2 API, so
filtering is performed server-side and works correctly across all pages.

Fixes #2091
2026-05-06 12:34:52 -07:00
Antoine POPINEAU 41fc459213 feat: history back/forward actions on explorer and modals
Most actions within each page is stateless (show modals) or change the
URL hash. As it is, those are not tracked and using the back button has
no effect.

This commits implements two things:

 - Tracking of the URL hash in the explorer to move from bucket/folders
   on history change.
 - Add a history state when a modal is open, so the back button closes
   the modal.
2026-04-21 18:43:32 -07:00
Ben McClelland 545a9e9a12 feat: add server-side pagination for webui object explorer
The object listing now fetches pages from S3 directly using ListObjectsV2
continuation tokens rather than loading all objects at once. Users can
navigate forward and back with first/prev/next buttons and choose how many
rows to show per page (10/20/50/100/1000, defaulting to 10), which keeps
the listing fast and responsive even in buckets with thousands of objects.

Pagination resets automatically when navigating into a folder, running a
search, or changing page size. While a search is active, forward navigation
is disabled since search filters within the current page only, and the item
count shows "(filtered)" to make that clear. When versioning is enabled,
delete-marker rows are scoped to the current page's key range so they don't
bleed in from adjacent pages.

Fixes #2055
2026-04-21 09:06:51 -07:00
Ben McClelland fcb540e067 feat: in webui add bucket favorites and direct-navigation to explorer
Users may have access to buckets that don't appear in their owned-bucket
list. Previously there was no way to reach those buckets from the explorer
without knowing and manually editing the URL.

This adds a "go to bucket by name" input to the buckets view. Typing a
name and pressing Enter (or clicking Open) navigates to the bucket if
the user has permissions to allow it.

To avoid re-typing bucket names on every visit, users can now save buckets
to a favorites panel that persists in localStorage. Favorites are keyed by
access key so different users sharing the same browser each see only their
own list. Any bucket in the owned list can be starred directly from its row.
Favorites chips are clickable with the same access check, and a hover ×
removes them. The panel hides itself automatically when the list is empty.
2026-04-20 18:33:03 -07:00
Antoine POPINEAU 3529e1b9aa fix: in webui use AWS SigV4-compliant URI encoding for path and query params
Replace `encodeURIComponent()` with a custom `awsUriEncode()` that also
percent-encodes characters not in the SigV4 unreserved set.
This fixes invalid signatures for object keys or query values containing
those characters.

Fixes #2060.
2026-04-20 15:09:05 -07:00
Antoine POPINEAU 53bbaf2ada feat: add presigned URL generation in webui
Add a modal dialog to the object explorer that generates presigned GET
URLs for S3 objects. Supports configurable expiration in minutes, hours,
or days, and includes a copy-to-clipboard button for the result.

Reuses the existing `api.presignUrl()` function; adds only the UI layer.
2026-04-20 15:06:08 -07:00
Ben McClelland 5ff1c4ba3b fix: use encodeS3Key in webui instead of encodeURIComponent in createFolder
encodeURIComponent encodes the trailing slash as %2F, producing a path
like /bucket/folder%2F. S3 servers (e.g. Ceph) reject this with a
SignatureDoesNotMatch error because the canonical URI used for signing
differs from what the server reconstructs.

encodeS3Key encodes each path segment individually, leaving slashes as
literal /, which is consistent with all other object-key operations in
the API client.

Fixes #2029
2026-04-14 11:32:19 -07:00
Ben McClelland e0275baa25 fix: webui move explorer styling to theme.css 2026-03-10 09:11:47 -07:00
Ben McClelland 17e5e20b64 fix: webui location of tailwind.js asset 2026-03-10 09:03:10 -07:00
Ben McClelland 9a3ccf68f3 feat: add option to change webui path prefix
New option webui-path-prefix that specifies a prefix for the
webui endpoint. The default is the old behavior at the root.
2026-03-09 16:45:16 -07:00
Ben McClelland e023f00923 feat: remove /api/gateways webserver endpoint
Refactor webui so that we have a template,
webui/web/js/config.js.tmpl, instead of the /api/gateways to
retrieve the gateways listing. This also restructures the
css theme into separate common files for easier maintenance.
2026-03-09 15:43:03 -07:00
Ben McClelland 07c970e3fe fix: webui pass correct arguments to request() in putBucketPolicy
The fifth parameter of request() is useAdminEndpoint (boolean), but
putBucketPolicy was passing a Content-Type header object instead.
This caused useAdminEndpoint to be truthy and contentType to default
to 'application/xml' instead of 'application/json'.

Fixed by passing false for useAdminEndpoint and 'application/json'
as the contentType argument.

Fixes #1928
2026-03-04 10:32:52 -08:00
maxlerebourg 3d5663655f fix: make webui sidebar responsive on mobile
On small screens the sidebar now collapses out of view by default,
replaced by a visible toggle button that slides it back in. Without
this, the sidebar occupied the full screen width on phones and tablets,
leaving no room for page content.

Co-authored-by: Ben McClelland <ben.mcclelland@versity.com>
2026-02-23 12:11:53 -08:00
niksis02 fd0c9dfbfa feat: add favicon to all pages in webui
Adds versity favicon to all web pages in webui.
2026-02-11 19:46:01 +04:00
Ben McClelland 9343860321 fix: webui md5 missing error when enabling directory object lock
The PutBucketObjectLockConfiguration now requires Content-MD5
header to match AWS behavior. This broke the GUI from being able
to set object lock configuration for a bucket.

This fix adds the Content-MD5 header to this request.
2026-02-09 12:27:02 -08:00
Ben McClelland 68d7924afa feat: add web-based UI for S3 object management and admin operations
Implements a web interface for VersityGW with role-based access:
- Object explorer for all users to browse, upload, and download S3 objects
- Admin dashboard showing system overview and gateway status
- Admin-only user management for IAM user administration
- Admin-only bucket management for creating and configuring S3 buckets
- User authentication with automatic role-based page access

The web UI is disabled by default and only enabled with the --webui or
VGW_WEBUI_PORT env options that specify the listening address/port for
the web UI server. This preserves previous version behavior to not enable
any new ports/services unless opted in.

Login to the web UI login page with accesskey/secretkey credentials as
either user or admin account. UI functionality will auto detect login
role.

Regular users have access to the object explorer for managing files within
their accessible buckets. Admins additionally have access to user and bucket
management interfaces. The web UI is served on a separate port from the S3
server and integrates with existing S3 and Admin API endpoints.

All requests to the S3 and Admin services are signed by the browser and sent
directly to the S3/Admin service handlers. The login credentials are never
sent over the network for security purposes. This requires the S3/Admin
service to configure CORS Access-Control-Allow-Origin headers for these
requests.
2026-01-19 14:22:12 -08:00