// Copyright 2023 Versity Software // This file is licensed under the Apache License, Version 2.0 // (the "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package utils import ( "bytes" "errors" "fmt" "io" "net/http" "net/url" "regexp" "strconv" "strings" "time" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/encoding/httpbinding" "github.com/gofiber/fiber/v2" "github.com/valyala/fasthttp" "github.com/versity/versitygw/s3err" "github.com/versity/versitygw/s3response" ) var ( bucketNameRegexp = regexp.MustCompile(`^[a-z0-9][a-z0-9.-]+[a-z0-9]$`) bucketNameIpRegexp = regexp.MustCompile(`^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$`) ) func GetUserMetaData(headers *fasthttp.RequestHeader) (metadata map[string]string) { metadata = make(map[string]string) headers.DisableNormalizing() headers.VisitAllInOrder(func(key, value []byte) { hKey := string(key) if strings.HasPrefix(strings.ToLower(hKey), "x-amz-meta-") { trimmedKey := hKey[11:] headerValue := string(value) metadata[trimmedKey] = headerValue } }) headers.EnableNormalizing() return } func createHttpRequestFromCtx(ctx *fiber.Ctx, signedHdrs []string, contentLength int64) (*http.Request, error) { req := ctx.Request() var body io.Reader if IsBigDataAction(ctx) { body = req.BodyStream() } else { body = bytes.NewReader(req.Body()) } httpReq, err := http.NewRequest(string(req.Header.Method()), string(ctx.Context().RequestURI()), body) if err != nil { return nil, errors.New("error in creating an http request") } // Set the request headers req.Header.VisitAll(func(key, value []byte) { keyStr := string(key) if includeHeader(keyStr, signedHdrs) { httpReq.Header.Add(keyStr, string(value)) } }) // make sure all headers in the signed headers are present for _, header := range signedHdrs { if httpReq.Header.Get(header) == "" { httpReq.Header.Set(header, "") } } // Check if Content-Length in signed headers // If content length is non 0, then the header will be included if !includeHeader("Content-Length", signedHdrs) { httpReq.ContentLength = 0 } else { httpReq.ContentLength = contentLength } // Set the Host header httpReq.Host = string(req.Header.Host()) return httpReq, nil } var ( signedQueryArgs = map[string]bool{ "X-Amz-Algorithm": true, "X-Amz-Credential": true, "X-Amz-Date": true, "X-Amz-SignedHeaders": true, "X-Amz-Signature": true, } ) func createPresignedHttpRequestFromCtx(ctx *fiber.Ctx, signedHdrs []string, contentLength int64) (*http.Request, error) { req := ctx.Request() var body io.Reader if IsBigDataAction(ctx) { body = req.BodyStream() } else { body = bytes.NewReader(req.Body()) } uri := string(ctx.Request().URI().Path()) uri = httpbinding.EscapePath(uri, false) isFirst := true ctx.Request().URI().QueryArgs().VisitAll(func(key, value []byte) { _, ok := signedQueryArgs[string(key)] if !ok { escapeValue := url.QueryEscape(string(value)) if isFirst { uri += fmt.Sprintf("?%s=%s", key, escapeValue) isFirst = false } else { uri += fmt.Sprintf("&%s=%s", key, escapeValue) } } }) httpReq, err := http.NewRequest(string(req.Header.Method()), uri, body) if err != nil { return nil, errors.New("error in creating an http request") } // Set the request headers req.Header.VisitAll(func(key, value []byte) { keyStr := string(key) if includeHeader(keyStr, signedHdrs) { httpReq.Header.Add(keyStr, string(value)) } }) // Check if Content-Length in signed headers // If content length is non 0, then the header will be included if !includeHeader("Content-Length", signedHdrs) { httpReq.ContentLength = 0 } else { httpReq.ContentLength = contentLength } // Set the Host header httpReq.Host = string(req.Header.Host()) return httpReq, nil } func SetMetaHeaders(ctx *fiber.Ctx, meta map[string]string) { ctx.Response().Header.DisableNormalizing() for key, val := range meta { ctx.Response().Header.Set(fmt.Sprintf("X-Amz-Meta-%s", key), val) } ctx.Response().Header.EnableNormalizing() } func ParseUint(str string) (int32, error) { if str == "" { return 1000, nil } num, err := strconv.ParseUint(str, 10, 16) if err != nil { return 1000, s3err.GetAPIError(s3err.ErrInvalidMaxKeys) } return int32(num), nil } type CustomHeader struct { Key string Value string } func SetResponseHeaders(ctx *fiber.Ctx, headers []CustomHeader) { for _, header := range headers { ctx.Set(header.Key, header.Value) } } func IsValidBucketName(bucket string) bool { if len(bucket) < 3 || len(bucket) > 63 { return false } // Checks to contain only digits, lowercase letters, dot, hyphen. // Checks to start and end with only digits and lowercase letters. if !bucketNameRegexp.MatchString(bucket) { return false } // Checks not to be a valid IP address if bucketNameIpRegexp.MatchString(bucket) { return false } return true } func includeHeader(hdr string, signedHdrs []string) bool { for _, shdr := range signedHdrs { if strings.EqualFold(hdr, shdr) { return true } } return false } func IsBigDataAction(ctx *fiber.Ctx) bool { if ctx.Method() == http.MethodPut && len(strings.Split(ctx.Path(), "/")) >= 3 { if !ctx.Request().URI().QueryArgs().Has("tagging") && ctx.Get("X-Amz-Copy-Source") == "" && !ctx.Request().URI().QueryArgs().Has("acl") { return true } } return false } // expiration time window // https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html#RESTAuthenticationTimeStamp const timeExpirationSec = 15 * 60 func ValidateDate(date time.Time) error { now := time.Now().UTC() diff := date.Unix() - now.Unix() // Checks the dates difference to be within allotted window if diff > timeExpirationSec || diff < -timeExpirationSec { return s3err.GetAPIError(s3err.ErrRequestTimeTooSkewed) } return nil } func ParseDeleteObjects(objs []types.ObjectIdentifier) (result []string) { for _, obj := range objs { result = append(result, *obj.Key) } return } func FilterObjectAttributes(attrs map[types.ObjectAttributes]struct{}, output s3response.GetObjectAttributesResult) s3response.GetObjectAttributesResult { if _, ok := attrs[types.ObjectAttributesEtag]; !ok { output.ETag = nil } if _, ok := attrs[types.ObjectAttributesObjectParts]; !ok { output.ObjectParts = nil } if _, ok := attrs[types.ObjectAttributesObjectSize]; !ok { output.ObjectSize = nil } if _, ok := attrs[types.ObjectAttributesStorageClass]; !ok { output.StorageClass = "" } return output } func ParseObjectAttributes(ctx *fiber.Ctx) map[types.ObjectAttributes]struct{} { attrs := map[types.ObjectAttributes]struct{}{} ctx.Request().Header.VisitAll(func(key, value []byte) { if string(key) == "X-Amz-Object-Attributes" { oattrs := strings.Split(string(value), ",") for _, a := range oattrs { attrs[types.ObjectAttributes(a)] = struct{}{} } } }) return attrs } type objLockCfg struct { RetainUntilDate time.Time ObjectLockMode types.ObjectLockMode LegalHoldStatus types.ObjectLockLegalHoldStatus } func ParsObjectLockHdrs(ctx *fiber.Ctx) (*objLockCfg, error) { legalHoldHdr := ctx.Get("X-Amz-Object-Lock-Legal-Hold") objLockModeHdr := ctx.Get("X-Amz-Object-Lock-Mode") objLockDate := ctx.Get("X-Amz-Object-Lock-Retain-Until-Date") if (objLockDate != "" && objLockModeHdr == "") || (objLockDate == "" && objLockModeHdr != "") { return nil, s3err.GetAPIError(s3err.ErrObjectLockInvalidHeaders) } var retainUntilDate time.Time if objLockDate != "" { rDate, err := time.Parse(time.RFC3339, objLockDate) if err != nil { return nil, s3err.GetAPIError(s3err.ErrInvalidRequest) } if rDate.Before(time.Now()) { return nil, s3err.GetAPIError(s3err.ErrPastObjectLockRetainDate) } retainUntilDate = rDate } objLockMode := types.ObjectLockMode(objLockModeHdr) if objLockMode != "" && objLockMode != types.ObjectLockModeCompliance && objLockMode != types.ObjectLockModeGovernance { return nil, s3err.GetAPIError(s3err.ErrInvalidRequest) } legalHold := types.ObjectLockLegalHoldStatus(legalHoldHdr) if legalHold != "" && legalHold != types.ObjectLockLegalHoldStatusOff && legalHold != types.ObjectLockLegalHoldStatusOn { return nil, s3err.GetAPIError(s3err.ErrInvalidRequest) } return &objLockCfg{ RetainUntilDate: retainUntilDate, ObjectLockMode: objLockMode, LegalHoldStatus: legalHold, }, nil } func IsValidOwnership(val types.ObjectOwnership) bool { switch val { case types.ObjectOwnershipBucketOwnerEnforced: return true case types.ObjectOwnershipBucketOwnerPreferred: return true case types.ObjectOwnershipObjectWriter: return true default: return false } }