Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvement/arsn 422 support post object #2248

Open
wants to merge 7 commits into
base: development/7.70
Choose a base branch
from
Open

Improvement/arsn 422 support post object #2248

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e98903b
ARSN-422: add support for POST object
Jul 16, 2024
1244a1d
ARSN-422: update error messages
Jul 16, 2024
61984fb
ARSN-422: add unit tests for formAuthCheck
Jul 16, 2024
5cd2814
fixup: post review
Jul 17, 2024
e109d2d
ARSN-422: add error for query string on post
Jul 17, 2024
9e824e2
fixup: post review
Jul 17, 2024
4ef5748
fixup: conditions in routesPOST
Jul 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 108 additions & 0 deletions lib/auth/v4/formAuthCheck.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
import { Logger } from 'werelogs';
import * as constants from '../../constants';
import errors from '../../errors';
import { convertAmzTimeToMs } from './timeUtils';
import { validateCredentials } from './validateInputs';

/**
* V4 query auth check
* @param request - HTTP request object
* @param log - logging object
* @param data - Contain authentification params (GET or POST data)
*/
export function check(request: any, log: Logger, data: { [key: string]: string }) {
let signatureFromRequest;
let timestamp;
let expiration;
let credential;

if (data['x-amz-algorithm'] !== 'AWS4-HMAC-SHA256') {
log.debug('algorithm param incorrect', { algo: data['X-Amz-Algorithm'] });
return { err: errors.InvalidArgument };
}

signatureFromRequest = data['x-amz-signature'];
if (!signatureFromRequest) {
log.debug('missing signature');
return { err: errors.InvalidArgument };
}

timestamp = data['x-amz-date'];
if (!timestamp || timestamp.length !== 16) {
log.debug('missing or invalid timestamp', { timestamp: data['x-amz-date'] });
return { err: errors.InvalidArgument };
}

const policy = data['policy'];
if (policy && policy.length > 0) {
const decryptedPolicy = Buffer.from(policy, 'base64').toString('utf8');
const policyObj = JSON.parse(decryptedPolicy);
expiration = policyObj.expiration;
} else {
log.debug('missing or invalid policy', { policy: data['policy'] });
return { err: errors.InvalidArgument };
}

credential = data['x-amz-credential'];
if (credential && credential.length > 28 && credential.indexOf('/') > -1) {
// @ts-ignore
credential = credential.split('/');
const validationResult = validateCredentials(credential, timestamp,
log);
if (validationResult instanceof Error) {
log.debug('credentials in improper format', { credential,
timestamp, validationResult });
return { err: validationResult };
}
} else {
log.debug('invalid credential param', { credential: data['X-Amz-Credential'] });
return { err: errors.InvalidArgument };
}

const token = data['x-amz-security-token'];
if (token && !constants.iamSecurityToken.pattern.test(token)) {
log.debug('invalid security token', { token });
return { err: errors.InvalidToken };
}

// check if the expiration date is past the current time
if (Date.parse(expiration) < Date.now()) {
return { err: errors.AccessDenied.customizeDescription('Invalid according to Policy: Policy expired.') };
}

const validationResult = validateCredentials(credential, timestamp,
log);
if (validationResult instanceof Error) {
log.debug('credentials in improper format', { credential,
timestamp, validationResult });
return { err: validationResult };
}
const accessKey = credential[0];
const scopeDate = credential[1];
const region = credential[2];
const service = credential[3];

// string to sign is the policy for form requests
const stringToSign = data['policy'];

log.trace('constructed stringToSign', { stringToSign });
return {
err: null,
params: {
version: 4,
data: {
accessKey,
signatureFromRequest,
region,
scopeDate,
stringToSign,
service,
authType: 'REST-FORM-DATA',
signatureVersion: 'AWS4-HMAC-SHA256',
signatureAge: Date.now() - convertAmzTimeToMs(timestamp),
timestamp,
securityToken: token,
},
},
};
}
6 changes: 3 additions & 3 deletions lib/errors/arsenalErrors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ export const InvalidURI: ErrorFormat = {
description: "Couldn't parse the specified URI.",
};

export const KeyTooLong: ErrorFormat = {
export const KeyTooLongError: ErrorFormat = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is breaking change https://github.com/search?q=org%3Ascality+KeyTooLong+path%3A*.js+OR+path%3A*.ts+OR+path%3A*.rst+OR+path%3A*.json&type=code

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll work with the old version for CS Post Object then

code: 400,
description: 'Your key is too long.',
};
Expand Down Expand Up @@ -281,10 +281,10 @@ export const MaxMessageLengthExceeded: ErrorFormat = {
description: 'Your request was too big.',
};

export const MaxPostPreDataLengthExceededError: ErrorFormat = {
export const MaxPostPreDataLengthExceeded: ErrorFormat = {
code: 400,
description:
'Your POST request fields preceding the upload file were too large.',
'Your POST request fields preceeding the upload file was too large.',
};

export const MetadataTooLarge: ErrorFormat = {
Expand Down
1 change: 1 addition & 0 deletions lib/policyEvaluator/utils/actionMaps.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ const actionMonitoringMapS3 = {
objectGetTagging: 'GetObjectTagging',
objectHead: 'HeadObject',
objectPut: 'PutObject',
objectPost: 'PostObject',
objectPutACL: 'PutObjectAcl',
objectPutCopyPart: 'UploadPartCopy',
objectPutLegalHold: 'PutObjectLegalHold',
Expand Down
2 changes: 1 addition & 1 deletion lib/s3routes/routes/routeDELETE.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import * as http from 'http';
export default function routeDELETE(
request: http.IncomingMessage,
response: http.ServerResponse,
api: { callApiMethod: routesUtils.CallApiMethod },
api: routesUtils.ApiMethods,
log: RequestLogger,
statsClient?: StatsClient,
) {
Expand Down
2 changes: 1 addition & 1 deletion lib/s3routes/routes/routeGET.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import StatsClient from '../../metrics/StatsClient';
export default function routerGET(
request: http.IncomingMessage,
response: http.ServerResponse,
api: { callApiMethod: routesUtils.CallApiMethod },
api: routesUtils.ApiMethods,
log: RequestLogger,
statsClient?: StatsClient,
dataRetrievalParams?: any,
Expand Down
2 changes: 1 addition & 1 deletion lib/s3routes/routes/routeHEAD.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import * as http from 'http';
export default function routeHEAD(
request: http.IncomingMessage,
response: http.ServerResponse,
api: { callApiMethod: routesUtils.CallApiMethod },
api: routesUtils.ApiMethods,
log: RequestLogger,
statsClient?: StatsClient,
) {
Expand Down
2 changes: 1 addition & 1 deletion lib/s3routes/routes/routeOPTIONS.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import StatsClient from '../../metrics/StatsClient';
export default function routeOPTIONS(
request: http.IncomingMessage,
response: http.ServerResponse,
api: { callApiMethod: routesUtils.CallApiMethod },
api: routesUtils.ApiMethods,
log: RequestLogger,
statsClient?: StatsClient,
) {
Expand Down
6 changes: 5 additions & 1 deletion lib/s3routes/routes/routePOST.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import * as http from 'http';
export default function routePOST(
request: http.IncomingMessage,
response: http.ServerResponse,
api: { callApiMethod: routesUtils.CallApiMethod },
api: routesUtils.ApiMethods,
log: RequestLogger,
) {
log.debug('routing request', { method: 'routePOST' });
Expand Down Expand Up @@ -58,6 +58,10 @@ export default function routePOST(
corsHeaders));
}

if (objectKey === undefined && Object.keys(query).length === 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also on post object aws returns a 400 instead of a 501 Not Implemented for query string

    <Code>InvalidArgument</Code>
    <Message>Query String Parameters not allowed on POST requests.</Message>

Copy link
Author

@KazToozs KazToozs Jul 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e109d2d
Tested here
scality/cloudserver@0d40c42

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also before that if there is an objectKey and no query string match the previous conditions, aws returns 405 Method Not Allowed instead of 501 Not Implemented

    <Code>MethodNotAllowed</Code>
    <Message>The specified method is not allowed against this resource.</Message>
    <Method>POST</Method>
    <ResourceType>OBJECT</ResourceType>

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like this?
4ef5748

Tested
scality/cloudserver@29ebf3f

return api.callPostObject!(request, response, log, (err, resHeaders) => routesUtils.responseNoBody(err, resHeaders, response, 204, log));
}

return routesUtils.responseNoBody(errors.NotImplemented, null, response,
200, log);
}
2 changes: 1 addition & 1 deletion lib/s3routes/routes/routePUT.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import StatsClient from '../../metrics/StatsClient';
export default function routePUT(
request: http.IncomingMessage,
response: http.ServerResponse,
api: { callApiMethod: routesUtils.CallApiMethod },
api: routesUtils.ApiMethods,
log: RequestLogger,
statsClient?: StatsClient,
) {
Expand Down
13 changes: 13 additions & 0 deletions lib/s3routes/routesUtils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ import * as constants from '../constants';
import DataWrapper from '../storage/data/DataWrapper';
import StatsClient from '../metrics/StatsClient';

export type ApiMethods = {
callApiMethod: CallApiMethod;
callPostObject?: CallPostObject;
BourgoisMickael marked this conversation as resolved.
Show resolved Hide resolved
};

export type CallApiMethod = (
methodName: string,
request: http.IncomingMessage,
Expand All @@ -18,6 +23,14 @@ export type CallApiMethod = (
callback: (err: ArsenalError | null, ...data: any[]) => void,
) => void;

export type CallPostObject = (
request: http.IncomingMessage,
response: http.ServerResponse,
log: RequestLogger,
callback: (err: ArsenalError | null, ...data: any[]) => void,
) => void;


BourgoisMickael marked this conversation as resolved.
Show resolved Hide resolved
/**
* setCommonResponseHeaders - Set HTTP response headers
* @param headers - key and value of new headers to add
Expand Down
Loading
Loading