The object listing now fetches pages from S3 directly using ListObjectsV2
continuation tokens rather than loading all objects at once. Users can
navigate forward and back with first/prev/next buttons and choose how many
rows to show per page (10/20/50/100/1000, defaulting to 10), which keeps
the listing fast and responsive even in buckets with thousands of objects.
Pagination resets automatically when navigating into a folder, running a
search, or changing page size. While a search is active, forward navigation
is disabled since search filters within the current page only, and the item
count shows "(filtered)" to make that clear. When versioning is enabled,
delete-marker rows are scoped to the current page's key range so they don't
bleed in from adjacent pages.
Fixes#2055
Users may have access to buckets that don't appear in their owned-bucket
list. Previously there was no way to reach those buckets from the explorer
without knowing and manually editing the URL.
This adds a "go to bucket by name" input to the buckets view. Typing a
name and pressing Enter (or clicking Open) navigates to the bucket if
the user has permissions to allow it.
To avoid re-typing bucket names on every visit, users can now save buckets
to a favorites panel that persists in localStorage. Favorites are keyed by
access key so different users sharing the same browser each see only their
own list. Any bucket in the owned list can be starred directly from its row.
Favorites chips are clickable with the same access check, and a hover ×
removes them. The panel hides itself automatically when the list is empty.
Replace `encodeURIComponent()` with a custom `awsUriEncode()` that also
percent-encodes characters not in the SigV4 unreserved set.
This fixes invalid signatures for object keys or query values containing
those characters.
Fixes#2060.
Add a modal dialog to the object explorer that generates presigned GET
URLs for S3 objects. Supports configurable expiration in minutes, hours,
or days, and includes a copy-to-clipboard button for the result.
Reuses the existing `api.presignUrl()` function; adds only the UI layer.
encodeURIComponent encodes the trailing slash as %2F, producing a path
like /bucket/folder%2F. S3 servers (e.g. Ceph) reject this with a
SignatureDoesNotMatch error because the canonical URI used for signing
differs from what the server reconstructs.
encodeS3Key encodes each path segment individually, leaving slashes as
literal /, which is consistent with all other object-key operations in
the API client.
Fixes#2029
Refactor webui so that we have a template,
webui/web/js/config.js.tmpl, instead of the /api/gateways to
retrieve the gateways listing. This also restructures the
css theme into separate common files for easier maintenance.
The fifth parameter of request() is useAdminEndpoint (boolean), but
putBucketPolicy was passing a Content-Type header object instead.
This caused useAdminEndpoint to be truthy and contentType to default
to 'application/xml' instead of 'application/json'.
Fixed by passing false for useAdminEndpoint and 'application/json'
as the contentType argument.
Fixes#1928
On small screens the sidebar now collapses out of view by default,
replaced by a visible toggle button that slides it back in. Without
this, the sidebar occupied the full screen width on phones and tablets,
leaving no room for page content.
Co-authored-by: Ben McClelland <ben.mcclelland@versity.com>
The PutBucketObjectLockConfiguration now requires Content-MD5
header to match AWS behavior. This broke the GUI from being able
to set object lock configuration for a bucket.
This fix adds the Content-MD5 header to this request.
Implements a web interface for VersityGW with role-based access:
- Object explorer for all users to browse, upload, and download S3 objects
- Admin dashboard showing system overview and gateway status
- Admin-only user management for IAM user administration
- Admin-only bucket management for creating and configuring S3 buckets
- User authentication with automatic role-based page access
The web UI is disabled by default and only enabled with the --webui or
VGW_WEBUI_PORT env options that specify the listening address/port for
the web UI server. This preserves previous version behavior to not enable
any new ports/services unless opted in.
Login to the web UI login page with accesskey/secretkey credentials as
either user or admin account. UI functionality will auto detect login
role.
Regular users have access to the object explorer for managing files within
their accessible buckets. Admins additionally have access to user and bucket
management interfaces. The web UI is served on a separate port from the S3
server and integrates with existing S3 and Admin API endpoints.
All requests to the S3 and Admin services are signed by the browser and sent
directly to the S3/Admin service handlers. The login credentials are never
sent over the network for security purposes. This requires the S3/Admin
service to configure CORS Access-Control-Allow-Origin headers for these
requests.
