Merge pull request 'Garage v1.0' (#683) from next-0.10 into main

Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/683
author: Alex <alex@adnab.me> 2024-04-10 15:23:12 +0000
committer: Alex <alex@adnab.me> 2024-04-10 15:23:12 +0000
commit: 1779fd40c0fe676bedda0d40f647d7fe8b0f1e7e (patch)
tree: 47e42c4e6ae47590fbb5c8f94e90a23bf04c1674 /src/api/s3/post_object.rs
parent: b47706809cc9d28d1328bafdf9756e96388cca24 (diff)
parent: ff093ddbb8485409f389abe7b5e569cb38d222d2 (diff)
download: garage-1779fd40c0fe676bedda0d40f647d7fe8b0f1e7e.tar.gz
garage-1779fd40c0fe676bedda0d40f647d7fe8b0f1e7e.zip
1 files changed, 42 insertions, 18 deletions
diff --git a/src/api/s3/post_object.rs b/src/api/s3/post_object.rs
index 66f8174c..2c106b3b 100644
--- a/src/api/s3/post_object.rs
+++ b/src/api/s3/post_object.rs
@@ -14,12 +14,15 @@ use multer::{Constraints, Multipart, SizeLimit};
 use serde::Deserialize;
 
 use garage_model::garage::Garage;
+use garage_model::s3::object_table::*;
 
 use crate::helpers::*;
 use crate::s3::api_server::ResBody;
+use crate::s3::checksum::*;
 use crate::s3::cors::*;
+use crate::s3::encryption::EncryptionParams;
 use crate::s3::error::*;
-use crate::s3::put::{get_headers, save_stream};
+use crate::s3::put::{get_headers, save_stream, ChecksumMode};
 use crate::s3::xml as s3_xml;
 use crate::signature::payload::{verify_v4, Authorization};
 
@@ -48,13 +51,17 @@ pub async fn handle_post_object(
 	let mut multipart = Multipart::with_constraints(stream, boundary, constraints);
 
 	let mut params = HeaderMap::new();
-	let field = loop {
+	let file_field = loop {
 		let field = if let Some(field) = multipart.next_field().await? {
 			field
 		} else {
 			return Err(Error::bad_request("Request did not contain a file"));
 		};
-		let name: HeaderName = if let Some(Ok(name)) = field.name().map(TryInto::try_into) {
+		let name: HeaderName = if let Some(Ok(name)) = field
+			.name()
+			.map(str::to_ascii_lowercase)
+			.map(TryInto::try_into)
+		{
 			name
 		} else {
 			continue;
@@ -96,7 +103,7 @@ pub async fn handle_post_object(
 
 	let key = if key.contains("${filename}") {
 		// if no filename is provided, don't replace. This matches the behavior of AWS.
-		if let Some(filename) = field.file_name() {
+		if let Some(filename) = file_field.file_name() {
 			key.replace("${filename}", filename)
 		} else {
 			key.to_owned()
@@ -143,9 +150,8 @@ pub async fn handle_post_object(
 	let mut conditions = decoded_policy.into_conditions()?;
 
 	for (param_key, value) in params.iter() {
-		let mut param_key = param_key.to_string();
-		param_key.make_ascii_lowercase();
-		match param_key.as_str() {
+		let param_key = param_key.as_str();
+		match param_key {
 			"policy" | "x-amz-signature" => (), // this is always accepted, as it's required to validate other fields
 			"content-type" => {
 				let conds = conditions.params.remove("content-type").ok_or_else(|| {
@@ -190,7 +196,7 @@ pub async fn handle_post_object(
 					// how aws seems to behave.
 					continue;
 				}
-				let conds = conditions.params.remove(&param_key).ok_or_else(|| {
+				let conds = conditions.params.remove(param_key).ok_or_else(|| {
 					Error::bad_request(format!("Key '{}' is not allowed in policy", param_key))
 				})?;
 				for cond in conds {
@@ -218,8 +224,24 @@ pub async fn handle_post_object(
 
 	let headers = get_headers(&params)?;
 
-	let stream = field.map(|r| r.map_err(Into::into));
+	let expected_checksums = ExpectedChecksums {
+		md5: params
+			.get("content-md5")
+			.map(HeaderValue::to_str)
+			.transpose()?
+			.map(str::to_string),
+		sha256: None,
+		extra: request_checksum_algorithm_value(&params)?,
+	};
+
+	let meta = ObjectVersionMetaInner {
+		headers,
+		checksum: expected_checksums.extra,
+	};
+
+	let encryption = EncryptionParams::new_from_headers(&garage, &params)?;
 
+	let stream = file_field.map(|r| r.map_err(Into::into));
 	let ctx = ReqCtx {
 		garage,
 		bucket_id,
@@ -228,17 +250,17 @@ pub async fn handle_post_object(
 		api_key,
 	};
 
-	let (_, md5) = save_stream(
+	let res = save_stream(
 		&ctx,
-		headers,
+		meta,
+		encryption,
 		StreamLimiter::new(stream, conditions.content_length),
 		&key,
-		None,
-		None,
+		ChecksumMode::Verify(&expected_checksums),
 	)
 	.await?;
 
-	let etag = format!("\"{}\"", md5);
+	let etag = format!("\"{}\"", res.etag);
 
 	let mut resp = if let Some(mut target) = params
 		.get("success_action_redirect")
@@ -252,11 +274,12 @@ pub async fn handle_post_object(
 			.append_pair("key", &key)
 			.append_pair("etag", &etag);
 		let target = target.to_string();
-		Response::builder()
+		let mut resp = Response::builder()
 			.status(StatusCode::SEE_OTHER)
 			.header(header::LOCATION, target.clone())
-			.header(header::ETAG, etag)
-			.body(string_body(target))?
+			.header(header::ETAG, etag);
+		encryption.add_response_headers(&mut resp);
+		resp.body(string_body(target))?
 	} else {
 		let path = head
 			.uri
@@ -283,9 +306,10 @@ pub async fn handle_post_object(
 			.get("success_action_status")
 			.and_then(|h| h.to_str().ok())
 			.unwrap_or("204");
-		let builder = Response::builder()
+		let mut builder = Response::builder()
 			.header(header::LOCATION, location.clone())
 			.header(header::ETAG, etag.clone());
+		encryption.add_response_headers(&mut builder);
 		match action {
 			"200" => builder.status(StatusCode::OK).body(empty_body())?,
 			"201" => {
author	Alex <alex@adnab.me>	2024-04-10 15:23:12 +0000
committer	Alex <alex@adnab.me>	2024-04-10 15:23:12 +0000
commit	1779fd40c0fe676bedda0d40f647d7fe8b0f1e7e (patch)
tree	47e42c4e6ae47590fbb5c8f94e90a23bf04c1674 /src/api/s3/post_object.rs
parent	b47706809cc9d28d1328bafdf9756e96388cca24 (diff)
parent	ff093ddbb8485409f389abe7b5e569cb38d222d2 (diff)
download	garage-1779fd40c0fe676bedda0d40f647d7fe8b0f1e7e.tar.gz garage-1779fd40c0fe676bedda0d40f647d7fe8b0f1e7e.zip