aboutsummaryrefslogblamecommitdiff
path: root/src/garage/tests/s3/website.rs
blob: f61838e466ca6797adb3a9177cb1fc6123a57705 (plain) (tree) 
8df1e186


4962b88f



8df1e186


1eb7fdb0

8df1e186

78650033

8df1e186




4962b88f

05eb7992

8df1e186

























5768bf36

8df1e186







78650033

8df1e186





4962b88f



004bb5b4





4962b88f











9c354f0a

4962b88f





8df1e186







78650033

8df1e186





4962b88f



004bb5b4





4962b88f








9c354f0a

4962b88f


8df1e186







78650033

8df1e186




4962b88f




004bb5b4





4962b88f











9c354f0a

4962b88f




8df1e186





























































































5768bf36

8df1e186







78650033

8df1e186
















5768bf36

8df1e186







78650033

8df1e186










5768bf36

8df1e186








78650033

8df1e186














5768bf36

8df1e186








78650033

8df1e186































5768bf36

8df1e186








78650033

8df1e186


















5768bf36

8df1e186






78650033

8df1e186










4962b88f






















004bb5b4

4962b88f








004bb5b4




























4962b88f




















004bb5b4




4962b88f





004bb5b4

4962b88f




004bb5b4


4962b88f





1
2

3
4
5

6
7

8

9

10

11
12
13
14

15

16

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

42

43
44
45
46
47
48
49

50

51
52
53
54
55

56
57
58

59
60
61
62
63

64
65
66
67
68
69
70
71
72
73
74

75

76
77
78
79
80

81
82
83
84
85
86
87

88

89
90
91
92
93

94
95
96

97
98
99
100
101

102
103
104
105
106
107
108
109

110

111
112

113
114
115
116
117
118
119

120

121
122
123
124

125
126
127
128

129
130
131
132
133

134
135
136
137
138
139
140
141
142
143
144

145

146
147
148
149

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242

243

244
245
246
247
248
249
250

251

252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267

268

269
270
271
272
273
274
275

276

277
278
279
280
281
282
283
284
285
286

287

288
289
290
291
292
293
294
295

296

297
298
299
300
301
302
303
304
305
306
307
308
309
310

311

312
313
314
315
316
317
318
319

320

321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351

352

353
354
355
356
357
358
359
360

361

362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

380

381
382
383
384
385
386

387

388
389
390
391
392
393
394
395
396
397

398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419

420

421
422
423
424
425
426
427
428

429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456

457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476

477
478
479
480

481
482
483
484
485

486

487
488
489
490

491
492

493
494
495
496
497


                          


                                     

                                                                                                 
                          
  
                                



                               
                     
 
























                                                  
                                                                                  






                                                                            
                                                         




                                                                  


                                      




                                                                        










                                                                    
                                                                                                            




                                                      






                                                                            
                                                  




                                                                  


                                      




                                                                        







                                                                        
                                                                                            

          






                                                                           
                                                         



                                                                  



                                      




                                                                        










                                                                    
                                                                                                            



                                                      




























































































                                                                                       
                                                                                       






                                                                            
                                                          















                                                                                   
                                                   






                                                                            
                                                                 









                                                                          
                                                                                       







                                                                            
                                                          













                                                                                   
                                                                                       







                                                                            
                                                                 






























                                                                                                      
                                                                                       







                                                                            
                                                                 

















                                                                          
                                                                                       





                                                                            
                                                                 









                                                                          





















                                                                                         
                                                                               







                                                      



























                                                                          



















                                                                    



                                                                             




                                                                    
                                                               



                                                   

                                                           




                                                      
use crate::common;
use crate::common::ext::*;
use crate::k2v::json_body;

use assert_json_diff::assert_json_eq;
use aws_sdk_s3::{
	model::{CorsConfiguration, CorsRule, ErrorDocument, IndexDocument, WebsiteConfiguration},
	types::ByteStream,
};
use http::{Request, StatusCode};
use hyper::{
	body::{to_bytes, Body},
	Client,
};
use serde_json::json;

const BODY: &[u8; 16] = b"<h1>bonjour</h1>";
const BODY_ERR: &[u8; 6] = b"erreur";

#[tokio::test]
async fn test_website() {
	const BCKT_NAME: &str = "my-website";
	let ctx = common::context();
	let bucket = ctx.create_bucket(BCKT_NAME);

	let data = ByteStream::from_static(BODY);

	ctx.client
		.put_object()
		.bucket(&bucket)
		.key("index.html")
		.body(data)
		.send()
		.await
		.unwrap();

	let client = Client::new();

	let req = || {
		Request::builder()
			.method("GET")
			.uri(format!("http://127.0.0.1:{}/", ctx.garage.web_port))
			.header("Host", format!("{}.web.garage", BCKT_NAME))
			.body(Body::empty())
			.unwrap()
	};

	let mut resp = client.request(req()).await.unwrap();

	assert_eq!(resp.status(), StatusCode::NOT_FOUND);
	assert_ne!(
		to_bytes(resp.body_mut()).await.unwrap().as_ref(),
		BODY.as_ref()
	); /* check that we do not leak body */

	let admin_req = || {
		Request::builder()
			.method("GET")
			.uri(format!(
				"http://127.0.0.1:{0}/check?domain={1}",
				ctx.garage.admin_port,
				BCKT_NAME.to_string()
			))
			.body(Body::empty())
			.unwrap()
	};

	let admin_resp = client.request(admin_req()).await.unwrap();
	assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST);
	let res_body = json_body(admin_resp).await;
	assert_json_eq!(
		res_body,
		json!({
			"code": "InvalidRequest",
			"message": "Bad request: Bucket 'my-website' is not authorized for website hosting",
			"region": "garage-integ-test",
			"path": "/check",
		})
	);

	ctx.garage
		.command()
		.args(["bucket", "website", "--allow", BCKT_NAME])
		.quiet()
		.expect_success_status("Could not allow website on bucket");

	resp = client.request(req()).await.unwrap();
	assert_eq!(resp.status(), StatusCode::OK);
	assert_eq!(
		to_bytes(resp.body_mut()).await.unwrap().as_ref(),
		BODY.as_ref()
	);

	let admin_req = || {
		Request::builder()
			.method("GET")
			.uri(format!(
				"http://127.0.0.1:{0}/check?domain={1}",
				ctx.garage.admin_port,
				BCKT_NAME.to_string()
			))
			.body(Body::empty())
			.unwrap()
	};

	let mut admin_resp = client.request(admin_req()).await.unwrap();
	assert_eq!(admin_resp.status(), StatusCode::OK);
	assert_eq!(
		to_bytes(admin_resp.body_mut()).await.unwrap().as_ref(),
		format!("Bucket '{BCKT_NAME}' is authorized for website hosting").as_bytes()
	);

	ctx.garage
		.command()
		.args(["bucket", "website", "--deny", BCKT_NAME])
		.quiet()
		.expect_success_status("Could not deny website on bucket");

	resp = client.request(req()).await.unwrap();
	assert_eq!(resp.status(), StatusCode::NOT_FOUND);
	assert_ne!(
		to_bytes(resp.body_mut()).await.unwrap().as_ref(),
		BODY.as_ref()
	); /* check that we do not leak body */

	let admin_req = || {
		Request::builder()
			.method("GET")
			.uri(format!(
				"http://127.0.0.1:{0}/check?domain={1}",
				ctx.garage.admin_port,
				BCKT_NAME.to_string()
			))
			.body(Body::empty())
			.unwrap()
	};

	let admin_resp = client.request(admin_req()).await.unwrap();
	assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST);
	let res_body = json_body(admin_resp).await;
	assert_json_eq!(
		res_body,
		json!({
			"code": "InvalidRequest",
			"message": "Bad request: Bucket 'my-website' is not authorized for website hosting",
			"region": "garage-integ-test",
			"path": "/check",
		})
	);
}

#[tokio::test]
async fn test_website_s3_api() {
	const BCKT_NAME: &str = "my-cors";
	let ctx = common::context();
	let bucket = ctx.create_bucket(BCKT_NAME);

	let data = ByteStream::from_static(BODY);

	ctx.client
		.put_object()
		.bucket(&bucket)
		.key("site/home.html")
		.body(data)
		.send()
		.await
		.unwrap();

	ctx.client
		.put_object()
		.bucket(&bucket)
		.key("err/error.html")
		.body(ByteStream::from_static(BODY_ERR))
		.send()
		.await
		.unwrap();

	let conf = WebsiteConfiguration::builder()
		.index_document(IndexDocument::builder().suffix("home.html").build())
		.error_document(ErrorDocument::builder().key("err/error.html").build())
		.build();

	ctx.client
		.put_bucket_website()
		.bucket(&bucket)
		.website_configuration(conf)
		.send()
		.await
		.unwrap();

	let cors = CorsConfiguration::builder()
		.cors_rules(
			CorsRule::builder()
				.id("main-rule")
				.allowed_headers("*")
				.allowed_methods("GET")
				.allowed_methods("PUT")
				.allowed_origins("*")
				.build(),
		)
		.build();

	ctx.client
		.put_bucket_cors()
		.bucket(&bucket)
		.cors_configuration(cors)
		.send()
		.await
		.unwrap();

	{
		let cors_res = ctx
			.client
			.get_bucket_cors()
			.bucket(&bucket)
			.send()
			.await
			.unwrap();

		let main_rule = cors_res.cors_rules().unwrap().iter().next().unwrap();

		assert_eq!(main_rule.id.as_ref().unwrap(), "main-rule");
		assert_eq!(
			main_rule.allowed_headers.as_ref().unwrap(),
			&vec!["*".to_string()]
		);
		assert_eq!(
			main_rule.allowed_origins.as_ref().unwrap(),
			&vec!["*".to_string()]
		);
		assert_eq!(
			main_rule.allowed_methods.as_ref().unwrap(),
			&vec!["GET".to_string(), "PUT".to_string()]
		);
	}

	let client = Client::new();

	// Test direct requests with CORS
	{
		let req = Request::builder()
			.method("GET")
			.uri(format!("http://127.0.0.1:{}/site/", ctx.garage.web_port))
			.header("Host", format!("{}.web.garage", BCKT_NAME))
			.header("Origin", "https://example.com")
			.body(Body::empty())
			.unwrap();

		let mut resp = client.request(req).await.unwrap();

		assert_eq!(resp.status(), StatusCode::OK);
		assert_eq!(
			resp.headers().get("access-control-allow-origin").unwrap(),
			"*"
		);
		assert_eq!(
			to_bytes(resp.body_mut()).await.unwrap().as_ref(),
			BODY.as_ref()
		);
	}

	// Test ErrorDocument on 404
	{
		let req = Request::builder()
			.method("GET")
			.uri(format!(
				"http://127.0.0.1:{}/wrong.html",
				ctx.garage.web_port
			))
			.header("Host", format!("{}.web.garage", BCKT_NAME))
			.body(Body::empty())
			.unwrap();

		let mut resp = client.request(req).await.unwrap();

		assert_eq!(resp.status(), StatusCode::NOT_FOUND);
		assert_eq!(
			to_bytes(resp.body_mut()).await.unwrap().as_ref(),
			BODY_ERR.as_ref()
		);
	}

	// Test CORS with an allowed preflight request
	{
		let req = Request::builder()
			.method("OPTIONS")
			.uri(format!("http://127.0.0.1:{}/site/", ctx.garage.web_port))
			.header("Host", format!("{}.web.garage", BCKT_NAME))
			.header("Origin", "https://example.com")
			.header("Access-Control-Request-Method", "PUT")
			.body(Body::empty())
			.unwrap();

		let mut resp = client.request(req).await.unwrap();

		assert_eq!(resp.status(), StatusCode::OK);
		assert_eq!(
			resp.headers().get("access-control-allow-origin").unwrap(),
			"*"
		);
		assert_ne!(
			to_bytes(resp.body_mut()).await.unwrap().as_ref(),
			BODY.as_ref()
		);
	}

	// Test CORS with a forbidden preflight request
	{
		let req = Request::builder()
			.method("OPTIONS")
			.uri(format!("http://127.0.0.1:{}/site/", ctx.garage.web_port))
			.header("Host", format!("{}.web.garage", BCKT_NAME))
			.header("Origin", "https://example.com")
			.header("Access-Control-Request-Method", "DELETE")
			.body(Body::empty())
			.unwrap();

		let mut resp = client.request(req).await.unwrap();

		assert_eq!(resp.status(), StatusCode::FORBIDDEN);
		assert_ne!(
			to_bytes(resp.body_mut()).await.unwrap().as_ref(),
			BODY.as_ref()
		);
	}

	//@TODO test CORS on the S3 endpoint. We need to handle auth manually to check it.

	// Delete cors
	ctx.client
		.delete_bucket_cors()
		.bucket(&bucket)
		.send()
		.await
		.unwrap();

	// Check CORS are deleted from the API
	// @FIXME check what is the expected behavior when GetBucketCors is called on a bucket without
	// any CORS.
	assert!(ctx
		.client
		.get_bucket_cors()
		.bucket(&bucket)
		.send()
		.await
		.is_err());

	// Test CORS are not sent anymore on a previously allowed request
	{
		let req = Request::builder()
			.method("OPTIONS")
			.uri(format!("http://127.0.0.1:{}/site/", ctx.garage.web_port))
			.header("Host", format!("{}.web.garage", BCKT_NAME))
			.header("Origin", "https://example.com")
			.header("Access-Control-Request-Method", "PUT")
			.body(Body::empty())
			.unwrap();

		let mut resp = client.request(req).await.unwrap();

		assert_eq!(resp.status(), StatusCode::FORBIDDEN);
		assert_ne!(
			to_bytes(resp.body_mut()).await.unwrap().as_ref(),
			BODY.as_ref()
		);
	}

	// Disallow website from the API
	ctx.client
		.delete_bucket_website()
		.bucket(&bucket)
		.send()
		.await
		.unwrap();

	// Check that the website is not served anymore
	{
		let req = Request::builder()
			.method("GET")
			.uri(format!("http://127.0.0.1:{}/site/", ctx.garage.web_port))
			.header("Host", format!("{}.web.garage", BCKT_NAME))
			.body(Body::empty())
			.unwrap();

		let mut resp = client.request(req).await.unwrap();

		assert_eq!(resp.status(), StatusCode::NOT_FOUND);
		assert_ne!(
			to_bytes(resp.body_mut()).await.unwrap().as_ref(),
			BODY_ERR.as_ref()
		);
		assert_ne!(
			to_bytes(resp.body_mut()).await.unwrap().as_ref(),
			BODY.as_ref()
		);
	}
}

#[tokio::test]
async fn test_website_check_website_enabled() {
	let ctx = common::context();

	let client = Client::new();

	let admin_req = || {
		Request::builder()
			.method("GET")
			.uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port))
			.body(Body::empty())
			.unwrap()
	};

	let admin_resp = client.request(admin_req()).await.unwrap();
	assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST);
	let res_body = json_body(admin_resp).await;
	assert_json_eq!(
		res_body,
		json!({
			"code": "InvalidRequest",
			"message": "Bad request: No domain query string found",
			"region": "garage-integ-test",
			"path": "/check",
		})
	);

	let admin_req = || {
		Request::builder()
			.method("GET")
			.uri(format!(
				"http://127.0.0.1:{}/check?domain=",
				ctx.garage.admin_port
			))
			.body(Body::empty())
			.unwrap()
	};

	let admin_resp = client.request(admin_req()).await.unwrap();
	assert_eq!(admin_resp.status(), StatusCode::NOT_FOUND);
	let res_body = json_body(admin_resp).await;
	assert_json_eq!(
		res_body,
		json!({
			"code": "NoSuchBucket",
			"message": "Bucket not found: ",
			"region": "garage-integ-test",
			"path": "/check",
		})
	);

	let admin_req = || {
		Request::builder()
			.method("GET")
			.uri(format!(
				"http://127.0.0.1:{}/check?domain=foobar",
				ctx.garage.admin_port
			))
			.body(Body::empty())
			.unwrap()
	};

	let admin_resp = client.request(admin_req()).await.unwrap();
	assert_eq!(admin_resp.status(), StatusCode::NOT_FOUND);
	let res_body = json_body(admin_resp).await;
	assert_json_eq!(
		res_body,
		json!({
			"code": "NoSuchBucket",
			"message": "Bucket not found: foobar",
			"region": "garage-integ-test",
			"path": "/check",
		})
	);

	let admin_req = || {
		Request::builder()
			.method("GET")
			.uri(format!(
				"http://127.0.0.1:{}/check?domain=%E2%98%B9",
				ctx.garage.admin_port
			))
			.body(Body::empty())
			.unwrap()
	};

	let admin_resp = client.request(admin_req()).await.unwrap();
	assert_eq!(admin_resp.status(), StatusCode::NOT_FOUND);
	let res_body = json_body(admin_resp).await;
	assert_json_eq!(
		res_body,
		json!({
			"code": "NoSuchBucket",
			"message": "Bucket not found: ☹",
			"region": "garage-integ-test",
			"path": "/check",
		})
	);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 09:37:55 +0000