Home Explore Help
Sign In
SMusatov
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Files Wiki
Tree: 4f15a52044
Branches Tags
seaweedfs
/
weed
/
s3api
/
s3api_server.go

s3api_server.go 12 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255 
  1. package s3api
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"fmt"
    6. 

  6. 	"github.com/seaweedfs/seaweedfs/weed/filer"
    7. 

  7. 	"github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
    8. 

  8. 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
    9. 

  9. 	"net"
    10. 

  10. 	"net/http"
    11. 

  11. 	"strings"
    12. 

  12. 	"time"
    13. 

  13. 

  14. 	"github.com/gorilla/mux"
    15. 

  15. 	"github.com/seaweedfs/seaweedfs/weed/pb"
    16. 

  16. 	. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
    17. 

  17. 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
    18. 

  18. 	"github.com/seaweedfs/seaweedfs/weed/security"
    19. 

  19. 	"github.com/seaweedfs/seaweedfs/weed/util"
    20. 

  20. 	"google.golang.org/grpc"
    21. 

  21. )
    22. 

  22. 

  23. type S3ApiServerOption struct {
    24. 

  24. 	Filer                     pb.ServerAddress
    25. 

  25. 	Port                      int
    26. 

  26. 	Config                    string
    27. 

  27. 	DomainName                string
    28. 

  28. 	BucketsPath               string
    29. 

  29. 	GrpcDialOption            grpc.DialOption
    30. 

  30. 	AllowEmptyFolder          bool
    31. 

  31. 	AllowDeleteBucketNotEmpty bool
    32. 

  32. 	LocalFilerSocket          string
    33. 

  33. 	DataCenter                string
    34. 

  34. }
    35. 

  35. 

  36. type S3ApiServer struct {
    37. 

  37. 	s3_pb.UnimplementedSeaweedS3Server
    38. 

  38. 	option         *S3ApiServerOption
    39. 

  39. 	iam            *IdentityAccessManagement
    40. 

  40. 	cb             *CircuitBreaker
    41. 

  41. 	randomClientId int32
    42. 

  42. 	filerGuard     *security.Guard
    43. 

  43. 	client         *http.Client
    44. 

  44. 	accountManager *s3account.AccountManager
    45. 

  45. 	bucketRegistry *BucketRegistry
    46. 

  46. }
    47. 

  47. 

  48. func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) {
    49. 

  49. 	v := util.GetViper()
    50. 

  50. 	signingKey := v.GetString("jwt.filer_signing.key")
    51. 

  51. 	v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
    52. 

  52. 	expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
    53. 

  53. 

  54. 	readSigningKey := v.GetString("jwt.filer_signing.read.key")
    55. 

  55. 	v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
    56. 

  56. 	readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
    57. 

  57. 

  58. 	s3ApiServer = &S3ApiServer{
    59. 

  59. 		option:         option,
    60. 

  60. 		iam:            NewIdentityAccessManagement(option),
    61. 

  61. 		randomClientId: util.RandomInt32(),
    62. 

  62. 		filerGuard:     security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
    63. 

  63. 		cb:             NewCircuitBreaker(option),
    64. 

  64. 	}
    65. 

  65. 	s3ApiServer.accountManager = s3account.NewAccountManager(s3ApiServer)
    66. 

  66. 	s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer)
    67. 

  67. 	if option.LocalFilerSocket == "" {
    68. 

  68. 		s3ApiServer.client = &http.Client{Transport: &http.Transport{
    69. 

  69. 			MaxIdleConns:        1024,
    70. 

  70. 			MaxIdleConnsPerHost: 1024,
    71. 

  71. 		}}
    72. 

  72. 	} else {
    73. 

  73. 		s3ApiServer.client = &http.Client{
    74. 

  74. 			Transport: &http.Transport{
    75. 

  75. 				DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
    76. 

  76. 					return net.Dial("unix", option.LocalFilerSocket)
    77. 

  77. 				},
    78. 

  78. 			},
    79. 

  79. 		}
    80. 

  80. 	}
    81. 

  81. 

  82. 	s3ApiServer.registerRouter(router)
    83. 

  83. 

  84. 	go s3ApiServer.subscribeMetaEvents("s3", time.Now().UnixNano(), filer.DirectoryEtcRoot, []string{option.BucketsPath})
    85. 

  85. 	return s3ApiServer, nil
    86. 

  86. }
    87. 

  87. 

  88. func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
    89. 

  89. 	// API Router
    90. 

  90. 	apiRouter := router.PathPrefix("/").Subrouter()
    91. 

  91. 

  92. 	// Readiness Probe
    93. 

  93. 	apiRouter.Methods("GET").Path("/status").HandlerFunc(s3a.StatusHandler)
    94. 

  94. 

  95. 	apiRouter.Methods("OPTIONS").HandlerFunc(
    96. 

  96. 		func(w http.ResponseWriter, r *http.Request) {
    97. 

  97. 			w.Header().Set("Access-Control-Allow-Origin", "*")
    98. 

  98. 			w.Header().Set("Access-Control-Expose-Headers", "*")
    99. 

  99. 			w.Header().Set("Access-Control-Allow-Methods", "*")
    100. 

  100. 			w.Header().Set("Access-Control-Allow-Headers", "*")
    101. 

  101. 			writeSuccessResponseEmpty(w, r)
    102. 

  102. 		})
    103. 

  103. 

  104. 	var routers []*mux.Router
    105. 

  105. 	if s3a.option.DomainName != "" {
    106. 

  106. 		domainNames := strings.Split(s3a.option.DomainName, ",")
    107. 

  107. 		for _, domainName := range domainNames {
    108. 

  108. 			routers = append(routers, apiRouter.Host(
    109. 

  109. 				fmt.Sprintf("%s.%s:%d", "{bucket:.+}", domainName, s3a.option.Port)).Subrouter())
    110. 

  110. 			routers = append(routers, apiRouter.Host(
    111. 

  111. 				fmt.Sprintf("%s.%s", "{bucket:.+}", domainName)).Subrouter())
    112. 

  112. 		}
    113. 

  113. 	}
    114. 

  114. 	routers = append(routers, apiRouter.PathPrefix("/{bucket}").Subrouter())
    115. 

  115. 

  116. 	for _, bucket := range routers {
    117. 

  117. 

  118. 		// each case should follow the next rule:
    119. 

  119. 		// - requesting object with query must precede any other methods
    120. 

  120. 		// - requesting object must precede any methods with buckets
    121. 

  121. 		// - requesting bucket with query must precede raw methods with buckets
    122. 

  122. 		// - requesting bucket must be processed in the end
    123. 

  123. 

  124. 		// objects with query
    125. 

  125. 

  126. 		// CopyObjectPart
    127. 

  127. 		bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
    128. 

  128. 		// PutObjectPart
    129. 

  129. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
    130. 

  130. 		// CompleteMultipartUpload
    131. 

  131. 		bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CompleteMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploadId", "{uploadId:.*}")
    132. 

  132. 		// NewMultipartUpload
    133. 

  133. 		bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.NewMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploads", "")
    134. 

  134. 		// AbortMultipartUpload
    135. 

  135. 		bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.AbortMultipartUploadHandler, ACTION_WRITE)), "DELETE")).Queries("uploadId", "{uploadId:.*}")
    136. 

  136. 		// ListObjectParts
    137. 

  137. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectPartsHandler, ACTION_READ)), "GET")).Queries("uploadId", "{uploadId:.*}")
    138. 

  138. 		// ListMultipartUploads
    139. 

  139. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListMultipartUploadsHandler, ACTION_READ)), "GET")).Queries("uploads", "")
    140. 

  140. 

  141. 		// GetObjectTagging
    142. 

  142. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectTaggingHandler, ACTION_READ)), "GET")).Queries("tagging", "")
    143. 

  143. 		// PutObjectTagging
    144. 

  144. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectTaggingHandler, ACTION_TAGGING)), "PUT")).Queries("tagging", "")
    145. 

  145. 		// DeleteObjectTagging
    146. 

  146. 		bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING)), "DELETE")).Queries("tagging", "")
    147. 

  147. 

  148. 		// PutObjectACL
    149. 

  149. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectAclHandler, ACTION_WRITE)), "PUT")).Queries("acl", "")
    150. 

  150. 		// PutObjectRetention
    151. 

  151. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectRetentionHandler, ACTION_WRITE)), "PUT")).Queries("retention", "")
    152. 

  152. 		// PutObjectLegalHold
    153. 

  153. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLegalHoldHandler, ACTION_WRITE)), "PUT")).Queries("legal-hold", "")
    154. 

  154. 		// PutObjectLockConfiguration
    155. 

  155. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("object-lock", "")
    156. 

  156. 

  157. 		// GetObjectACL
    158. 

  158. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectAclHandler, ACTION_READ)), "GET")).Queries("acl", "")
    159. 

  159. 

  160. 		// objects with query
    161. 

  161. 

  162. 		// raw objects
    163. 

  163. 

  164. 		// HeadObject
    165. 

  165. 		bucket.Methods("HEAD").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadObjectHandler, ACTION_READ)), "GET"))
    166. 

  166. 

  167. 		// GetObject, but directory listing is not supported
    168. 

  168. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectHandler, ACTION_READ)), "GET"))
    169. 

  169. 

  170. 		// CopyObject
    171. 

  171. 		bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectHandler, ACTION_WRITE)), "COPY"))
    172. 

  172. 		// PutObject
    173. 

  173. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectHandler, ACTION_WRITE)), "PUT"))
    174. 

  174. 		// DeleteObject
    175. 

  175. 		bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectHandler, ACTION_WRITE)), "DELETE"))
    176. 

  176. 

  177. 		// raw objects
    178. 

  178. 

  179. 		// buckets with query
    180. 

  180. 

  181. 		// DeleteMultipleObjects
    182. 

  182. 		bucket.Methods("POST").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE)), "DELETE")).Queries("delete", "")
    183. 

  183. 

  184. 		// GetBucketACL
    185. 

  185. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketAclHandler, ACTION_READ)), "GET")).Queries("acl", "")
    186. 

  186. 		// PutBucketACL
    187. 

  187. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketAclHandler, ACTION_WRITE)), "PUT")).Queries("acl", "")
    188. 

  188. 

  189. 		// GetBucketPolicy
    190. 

  190. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketPolicyHandler, ACTION_READ)), "GET")).Queries("policy", "")
    191. 

  191. 		// PutBucketPolicy
    192. 

  192. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketPolicyHandler, ACTION_WRITE)), "PUT")).Queries("policy", "")
    193. 

  193. 		// DeleteBucketPolicy
    194. 

  194. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketPolicyHandler, ACTION_WRITE)), "DELETE")).Queries("policy", "")
    195. 

  195. 

  196. 		// GetBucketCors
    197. 

  197. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketCorsHandler, ACTION_READ)), "GET")).Queries("cors", "")
    198. 

  198. 		// PutBucketCors
    199. 

  199. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketCorsHandler, ACTION_WRITE)), "PUT")).Queries("cors", "")
    200. 

  200. 		// DeleteBucketCors
    201. 

  201. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketCorsHandler, ACTION_WRITE)), "DELETE")).Queries("cors", "")
    202. 

  202. 

  203. 		// GetBucketLifecycleConfiguration
    204. 

  204. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ)), "GET")).Queries("lifecycle", "")
    205. 

  205. 		// PutBucketLifecycleConfiguration
    206. 

  206. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("lifecycle", "")
    207. 

  207. 		// DeleteBucketLifecycleConfiguration
    208. 

  208. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE)), "DELETE")).Queries("lifecycle", "")
    209. 

  209. 

  210. 		// GetBucketLocation
    211. 

  211. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLocationHandler, ACTION_READ)), "GET")).Queries("location", "")
    212. 

  212. 

  213. 		// GetBucketRequestPayment
    214. 

  214. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketRequestPaymentHandler, ACTION_READ)), "GET")).Queries("requestPayment", "")
    215. 

  215. 

  216. 		// ListObjectsV2
    217. 

  217. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV2Handler, ACTION_LIST)), "LIST")).Queries("list-type", "2")
    218. 

  218. 

  219. 		// buckets with query
    220. 

  220. 		// PutBucketOwnershipControls
    221. 

  221. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketOwnershipControls, ACTION_ADMIN), "PUT")).Queries("ownershipControls", "")
    222. 

  222. 

  223. 		//GetBucketOwnershipControls
    224. 

  224. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketOwnershipControls, ACTION_READ), "GET")).Queries("ownershipControls", "")
    225. 

  225. 

  226. 		//DeleteBucketOwnershipControls
    227. 

  227. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketOwnershipControls, ACTION_ADMIN), "DELETE")).Queries("ownershipControls", "")
    228. 

  228. 

  229. 		// raw buckets
    230. 

  230. 

  231. 		// PostPolicy
    232. 

  232. 		bucket.Methods("POST").HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PostPolicyBucketHandler, ACTION_WRITE)), "POST"))
    233. 

  233. 

  234. 		// HeadBucket
    235. 

  235. 		bucket.Methods("HEAD").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadBucketHandler, ACTION_READ)), "GET"))
    236. 

  236. 

  237. 		// PutBucket
    238. 

  238. 		bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT"))
    239. 

  239. 		// DeleteBucket
    240. 

  240. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_WRITE)), "DELETE"))
    241. 

  241. 

  242. 		// ListObjectsV1 (Legacy)
    243. 

  243. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))
    244. 

  244. 

  245. 		// raw buckets
    246. 

  246. 

  247. 	}
    248. 

  248. 

  249. 	// ListBuckets
    250. 

  250. 	apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.ListBucketsHandler, "LIST"))
    251. 

  251. 

  252. 	// NotFound
    253. 

  253. 	apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
    254. 

  254. 

  255. }
    256.