Home Explore Help
Sign In
SMusatov
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Files Wiki
Branch: sub
Branches Tags
seaweedfs
/
weed
/
s3api
/
s3api_server.go

s3api_server.go 12 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256 
  1. package s3api
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"fmt"
    6. 

  6. 	"github.com/seaweedfs/seaweedfs/weed/filer"
    7. 

  7. 	"github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
    8. 

  8. 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
    9. 

  9. 	"net"
    10. 

  10. 	"net/http"
    11. 

  11. 	"strings"
    12. 

  12. 	"time"
    13. 

  13. 

  14. 	"github.com/gorilla/mux"
    15. 

  15. 	"github.com/seaweedfs/seaweedfs/weed/pb"
    16. 

  16. 	. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
    17. 

  17. 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
    18. 

  18. 	"github.com/seaweedfs/seaweedfs/weed/security"
    19. 

  19. 	"github.com/seaweedfs/seaweedfs/weed/util"
    20. 

  20. 	"google.golang.org/grpc"
    21. 

  21. )
    22. 

  22. 

  23. type S3ApiServerOption struct {
    24. 

  24. 	Filer                     pb.ServerAddress
    25. 

  25. 	Port                      int
    26. 

  26. 	Config                    string
    27. 

  27. 	DomainName                string
    28. 

  28. 	BucketsPath               string
    29. 

  29. 	GrpcDialOption            grpc.DialOption
    30. 

  30. 	AllowEmptyFolder          bool
    31. 

  31. 	AllowDeleteBucketNotEmpty bool
    32. 

  32. 	LocalFilerSocket          string
    33. 

  33. 	DataCenter                string
    34. 

  34. 	FilerGroup                string
    35. 

  35. }
    36. 

  36. 

  37. type S3ApiServer struct {
    38. 

  38. 	s3_pb.UnimplementedSeaweedS3Server
    39. 

  39. 	option         *S3ApiServerOption
    40. 

  40. 	iam            *IdentityAccessManagement
    41. 

  41. 	cb             *CircuitBreaker
    42. 

  42. 	randomClientId int32
    43. 

  43. 	filerGuard     *security.Guard
    44. 

  44. 	client         *http.Client
    45. 

  45. 	accountManager *s3account.AccountManager
    46. 

  46. 	bucketRegistry *BucketRegistry
    47. 

  47. }
    48. 

  48. 

  49. func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) {
    50. 

  50. 	v := util.GetViper()
    51. 

  51. 	signingKey := v.GetString("jwt.filer_signing.key")
    52. 

  52. 	v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
    53. 

  53. 	expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
    54. 

  54. 

  55. 	readSigningKey := v.GetString("jwt.filer_signing.read.key")
    56. 

  56. 	v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
    57. 

  57. 	readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
    58. 

  58. 

  59. 	s3ApiServer = &S3ApiServer{
    60. 

  60. 		option:         option,
    61. 

  61. 		iam:            NewIdentityAccessManagement(option),
    62. 

  62. 		randomClientId: util.RandomInt32(),
    63. 

  63. 		filerGuard:     security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
    64. 

  64. 		cb:             NewCircuitBreaker(option),
    65. 

  65. 	}
    66. 

  66. 	s3ApiServer.accountManager = s3account.NewAccountManager(s3ApiServer)
    67. 

  67. 	s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer)
    68. 

  68. 	if option.LocalFilerSocket == "" {
    69. 

  69. 		s3ApiServer.client = &http.Client{Transport: &http.Transport{
    70. 

  70. 			MaxIdleConns:        1024,
    71. 

  71. 			MaxIdleConnsPerHost: 1024,
    72. 

  72. 		}}
    73. 

  73. 	} else {
    74. 

  74. 		s3ApiServer.client = &http.Client{
    75. 

  75. 			Transport: &http.Transport{
    76. 

  76. 				DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
    77. 

  77. 					return net.Dial("unix", option.LocalFilerSocket)
    78. 

  78. 				},
    79. 

  79. 			},
    80. 

  80. 		}
    81. 

  81. 	}
    82. 

  82. 

  83. 	s3ApiServer.registerRouter(router)
    84. 

  84. 

  85. 	go s3ApiServer.subscribeMetaEvents("s3", time.Now().UnixNano(), filer.DirectoryEtcRoot, []string{option.BucketsPath})
    86. 

  86. 	return s3ApiServer, nil
    87. 

  87. }
    88. 

  88. 

  89. func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
    90. 

  90. 	// API Router
    91. 

  91. 	apiRouter := router.PathPrefix("/").Subrouter()
    92. 

  92. 

  93. 	// Readiness Probe
    94. 

  94. 	apiRouter.Methods("GET").Path("/status").HandlerFunc(s3a.StatusHandler)
    95. 

  95. 

  96. 	apiRouter.Methods("OPTIONS").HandlerFunc(
    97. 

  97. 		func(w http.ResponseWriter, r *http.Request) {
    98. 

  98. 			w.Header().Set("Access-Control-Allow-Origin", "*")
    99. 

  99. 			w.Header().Set("Access-Control-Expose-Headers", "*")
    100. 

  100. 			w.Header().Set("Access-Control-Allow-Methods", "*")
    101. 

  101. 			w.Header().Set("Access-Control-Allow-Headers", "*")
    102. 

  102. 			writeSuccessResponseEmpty(w, r)
    103. 

  103. 		})
    104. 

  104. 

  105. 	var routers []*mux.Router
    106. 

  106. 	if s3a.option.DomainName != "" {
    107. 

  107. 		domainNames := strings.Split(s3a.option.DomainName, ",")
    108. 

  108. 		for _, domainName := range domainNames {
    109. 

  109. 			routers = append(routers, apiRouter.Host(
    110. 

  110. 				fmt.Sprintf("%s.%s:%d", "{bucket:.+}", domainName, s3a.option.Port)).Subrouter())
    111. 

  111. 			routers = append(routers, apiRouter.Host(
    112. 

  112. 				fmt.Sprintf("%s.%s", "{bucket:.+}", domainName)).Subrouter())
    113. 

  113. 		}
    114. 

  114. 	}
    115. 

  115. 	routers = append(routers, apiRouter.PathPrefix("/{bucket}").Subrouter())
    116. 

  116. 

  117. 	for _, bucket := range routers {
    118. 

  118. 

  119. 		// each case should follow the next rule:
    120. 

  120. 		// - requesting object with query must precede any other methods
    121. 

  121. 		// - requesting object must precede any methods with buckets
    122. 

  122. 		// - requesting bucket with query must precede raw methods with buckets
    123. 

  123. 		// - requesting bucket must be processed in the end
    124. 

  124. 

  125. 		// objects with query
    126. 

  126. 

  127. 		// CopyObjectPart
    128. 

  128. 		bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
    129. 

  129. 		// PutObjectPart
    130. 

  130. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
    131. 

  131. 		// CompleteMultipartUpload
    132. 

  132. 		bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CompleteMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploadId", "{uploadId:.*}")
    133. 

  133. 		// NewMultipartUpload
    134. 

  134. 		bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.NewMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploads", "")
    135. 

  135. 		// AbortMultipartUpload
    136. 

  136. 		bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.AbortMultipartUploadHandler, ACTION_WRITE)), "DELETE")).Queries("uploadId", "{uploadId:.*}")
    137. 

  137. 		// ListObjectParts
    138. 

  138. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectPartsHandler, ACTION_READ)), "GET")).Queries("uploadId", "{uploadId:.*}")
    139. 

  139. 		// ListMultipartUploads
    140. 

  140. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListMultipartUploadsHandler, ACTION_READ)), "GET")).Queries("uploads", "")
    141. 

  141. 

  142. 		// GetObjectTagging
    143. 

  143. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectTaggingHandler, ACTION_READ)), "GET")).Queries("tagging", "")
    144. 

  144. 		// PutObjectTagging
    145. 

  145. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectTaggingHandler, ACTION_TAGGING)), "PUT")).Queries("tagging", "")
    146. 

  146. 		// DeleteObjectTagging
    147. 

  147. 		bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING)), "DELETE")).Queries("tagging", "")
    148. 

  148. 

  149. 		// PutObjectACL
    150. 

  150. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectAclHandler, ACTION_WRITE_ACP)), "PUT")).Queries("acl", "")
    151. 

  151. 		// PutObjectRetention
    152. 

  152. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectRetentionHandler, ACTION_WRITE)), "PUT")).Queries("retention", "")
    153. 

  153. 		// PutObjectLegalHold
    154. 

  154. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLegalHoldHandler, ACTION_WRITE)), "PUT")).Queries("legal-hold", "")
    155. 

  155. 		// PutObjectLockConfiguration
    156. 

  156. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("object-lock", "")
    157. 

  157. 

  158. 		// GetObjectACL
    159. 

  159. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectAclHandler, ACTION_READ_ACP)), "GET")).Queries("acl", "")
    160. 

  160. 

  161. 		// objects with query
    162. 

  162. 

  163. 		// raw objects
    164. 

  164. 

  165. 		// HeadObject
    166. 

  166. 		bucket.Methods("HEAD").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadObjectHandler, ACTION_READ)), "GET"))
    167. 

  167. 

  168. 		// GetObject, but directory listing is not supported
    169. 

  169. 		bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectHandler, ACTION_READ)), "GET"))
    170. 

  170. 

  171. 		// CopyObject
    172. 

  172. 		bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectHandler, ACTION_WRITE)), "COPY"))
    173. 

  173. 		// PutObject
    174. 

  174. 		bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectHandler, ACTION_WRITE)), "PUT"))
    175. 

  175. 		// DeleteObject
    176. 

  176. 		bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectHandler, ACTION_WRITE)), "DELETE"))
    177. 

  177. 

  178. 		// raw objects
    179. 

  179. 

  180. 		// buckets with query
    181. 

  181. 

  182. 		// DeleteMultipleObjects
    183. 

  183. 		bucket.Methods("POST").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE)), "DELETE")).Queries("delete", "")
    184. 

  184. 

  185. 		// GetBucketACL
    186. 

  186. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketAclHandler, ACTION_READ_ACP)), "GET")).Queries("acl", "")
    187. 

  187. 		// PutBucketACL
    188. 

  188. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketAclHandler, ACTION_WRITE_ACP)), "PUT")).Queries("acl", "")
    189. 

  189. 

  190. 		// GetBucketPolicy
    191. 

  191. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketPolicyHandler, ACTION_READ)), "GET")).Queries("policy", "")
    192. 

  192. 		// PutBucketPolicy
    193. 

  193. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketPolicyHandler, ACTION_WRITE)), "PUT")).Queries("policy", "")
    194. 

  194. 		// DeleteBucketPolicy
    195. 

  195. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketPolicyHandler, ACTION_WRITE)), "DELETE")).Queries("policy", "")
    196. 

  196. 

  197. 		// GetBucketCors
    198. 

  198. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketCorsHandler, ACTION_READ)), "GET")).Queries("cors", "")
    199. 

  199. 		// PutBucketCors
    200. 

  200. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketCorsHandler, ACTION_WRITE)), "PUT")).Queries("cors", "")
    201. 

  201. 		// DeleteBucketCors
    202. 

  202. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketCorsHandler, ACTION_WRITE)), "DELETE")).Queries("cors", "")
    203. 

  203. 

  204. 		// GetBucketLifecycleConfiguration
    205. 

  205. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ)), "GET")).Queries("lifecycle", "")
    206. 

  206. 		// PutBucketLifecycleConfiguration
    207. 

  207. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("lifecycle", "")
    208. 

  208. 		// DeleteBucketLifecycleConfiguration
    209. 

  209. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE)), "DELETE")).Queries("lifecycle", "")
    210. 

  210. 

  211. 		// GetBucketLocation
    212. 

  212. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLocationHandler, ACTION_READ)), "GET")).Queries("location", "")
    213. 

  213. 

  214. 		// GetBucketRequestPayment
    215. 

  215. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketRequestPaymentHandler, ACTION_READ)), "GET")).Queries("requestPayment", "")
    216. 

  216. 

  217. 		// ListObjectsV2
    218. 

  218. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV2Handler, ACTION_LIST)), "LIST")).Queries("list-type", "2")
    219. 

  219. 

  220. 		// buckets with query
    221. 

  221. 		// PutBucketOwnershipControls
    222. 

  222. 		bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketOwnershipControls, ACTION_ADMIN), "PUT")).Queries("ownershipControls", "")
    223. 

  223. 

  224. 		//GetBucketOwnershipControls
    225. 

  225. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketOwnershipControls, ACTION_READ), "GET")).Queries("ownershipControls", "")
    226. 

  226. 

  227. 		//DeleteBucketOwnershipControls
    228. 

  228. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketOwnershipControls, ACTION_ADMIN), "DELETE")).Queries("ownershipControls", "")
    229. 

  229. 

  230. 		// raw buckets
    231. 

  231. 

  232. 		// PostPolicy
    233. 

  233. 		bucket.Methods("POST").HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PostPolicyBucketHandler, ACTION_WRITE)), "POST"))
    234. 

  234. 

  235. 		// HeadBucket
    236. 

  236. 		bucket.Methods("HEAD").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadBucketHandler, ACTION_READ)), "GET"))
    237. 

  237. 

  238. 		// PutBucket
    239. 

  239. 		bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT"))
    240. 

  240. 		// DeleteBucket
    241. 

  241. 		bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_WRITE)), "DELETE"))
    242. 

  242. 

  243. 		// ListObjectsV1 (Legacy)
    244. 

  244. 		bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))
    245. 

  245. 

  246. 		// raw buckets
    247. 

  247. 

  248. 	}
    249. 

  249. 

  250. 	// ListBuckets
    251. 

  251. 	apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.ListBucketsHandler, "LIST"))
    252. 

  252. 

  253. 	// NotFound
    254. 

  254. 	apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
    255. 

  255. 

  256. }
    257.