4 files changed, 59 insertions, 25 deletions

diff --git a/src/api/admin/api_server.rs b/src/api/admin/api_server.rs
index 58dd38d8..50c79120 100644
--- a/src/api/admin/api_server.rs
+++ b/src/api/admin/api_server.rs
@@ -26,6 +26,7 @@ use crate::admin::cluster::*;
 use crate::admin::error::*;
 use crate::admin::key::*;
 use crate::admin::router::{Authorization, Endpoint};
+use crate::helpers::host_to_bucket;
 
 pub struct AdminApiServer {
 	garage: Arc<Garage>,
@@ -78,10 +79,7 @@ impl AdminApiServer {
 			.body(Body::empty())?)
 	}
 
-	async fn handle_check_website_enabled(
-		&self,
-		req: Request<Body>,
-	) -> Result<Response<Body>, Error> {
+	async fn handle_check_domain(&self, req: Request<Body>) -> Result<Response<Body>, Error> {
 		let query_params: HashMap<String, String> = req
 			.uri()
 			.query()
@@ -102,12 +100,56 @@ impl AdminApiServer {
 			.get("domain")
 			.ok_or_internal_error("Could not parse domain query string")?;
 
-		let bucket_id = self
+		if self.check_domain(domain).await? {
+			Ok(Response::builder()
+				.status(StatusCode::OK)
+				.body(Body::from(format!(
+					"Domain '{domain}' is managed by Garage"
+				)))?)
+		} else {
+			Err(Error::bad_request(format!(
+				"Domain '{domain}' is not managed by Garage"
+			)))
+		}
+	}
+
+	async fn check_domain(&self, domain: &str) -> Result<bool, Error> {
+		// Resolve bucket from domain name, inferring if the website must be activated for the
+		// domain to be valid.
+		let (bucket_name, must_check_website) = if let Some(bname) = self
+			.garage
+			.config
+			.s3_api
+			.root_domain
+			.as_ref()
+			.and_then(|rd| host_to_bucket(domain, rd))
+		{
+			(bname.to_string(), false)
+		} else if let Some(bname) = self
+			.garage
+			.config
+			.s3_web
+			.as_ref()
+			.and_then(|sw| host_to_bucket(domain, sw.root_domain.as_str()))
+		{
+			(bname.to_string(), true)
+		} else {
+			(domain.to_string(), true)
+		};
+
+		let bucket_id = match self
 			.garage
 			.bucket_helper()
-			.resolve_global_bucket_name(&domain)
+			.resolve_global_bucket_name(&bucket_name)
 			.await?
-			.ok_or(HelperError::NoSuchBucket(domain.to_string()))?;
+		{
+			Some(bucket_id) => bucket_id,
+			None => return Ok(false),
+		};
+
+		if !must_check_website {
+			return Ok(true);
+		}
 
 		let bucket = self
 			.garage
@@ -119,16 +161,8 @@ impl AdminApiServer {
 		let bucket_website_config = bucket_state.website_config.get();
 
 		match bucket_website_config {
-			Some(_v) => {
-				Ok(Response::builder()
-					.status(StatusCode::OK)
-					.body(Body::from(format!(
-						"Bucket '{domain}' is authorized for website hosting"
-					)))?)
-			}
-			None => Err(Error::bad_request(format!(
-				"Bucket '{domain}' is not authorized for website hosting"
-			))),
+			Some(_v) => Ok(true),
+			None => Ok(false),
 		}
 	}
 
@@ -229,7 +263,7 @@ impl ApiHandler for AdminApiServer {
 
 		match endpoint {
 			Endpoint::Options => self.handle_options(&req),
-			Endpoint::CheckWebsiteEnabled => self.handle_check_website_enabled(req).await,
+			Endpoint::CheckDomain => self.handle_check_domain(req).await,
 			Endpoint::Health => self.handle_health(),
 			Endpoint::Metrics => self.handle_metrics(),
 			Endpoint::GetClusterStatus => handle_get_cluster_status(&self.garage).await,
diff --git a/src/api/admin/bucket.rs b/src/api/admin/bucket.rs
index e60f07ca..f0a4a9e7 100644
--- a/src/api/admin/bucket.rs
+++ b/src/api/admin/bucket.rs
@@ -183,8 +183,8 @@ async fn bucket_info_results(
 				}
 			}),
 			keys: relevant_keys
-				.into_iter()
-				.map(|(_, key)| {
+				.into_values()
+				.map(|key| {
 					let p = key.state.as_option().unwrap();
 					GetBucketInfoKey {
 						access_key_id: key.key_id,
diff --git a/src/api/admin/key.rs b/src/api/admin/key.rs
index 2bbabb7b..d74ca361 100644
--- a/src/api/admin/key.rs
+++ b/src/api/admin/key.rs
@@ -183,8 +183,8 @@ async fn key_info_results(garage: &Arc<Garage>, key: Key) -> Result<Response<Bod
 			create_bucket: *key_state.allow_create_bucket.get(),
 		},
 		buckets: relevant_buckets
-			.into_iter()
-			.map(|(_, bucket)| {
+			.into_values()
+			.map(|bucket| {
 				let state = bucket.state.as_option().unwrap();
 				KeyInfoBucketResult {
 					id: hex::encode(bucket.id),
diff --git a/src/api/admin/router.rs b/src/api/admin/router.rs
index 0dcb1546..0225f18b 100644
--- a/src/api/admin/router.rs
+++ b/src/api/admin/router.rs
@@ -17,7 +17,7 @@ router_match! {@func
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum Endpoint {
 	Options,
-	CheckWebsiteEnabled,
+	CheckDomain,
 	Health,
 	Metrics,
 	GetClusterStatus,
@@ -92,7 +92,7 @@ impl Endpoint {
 
 		let res = router_match!(@gen_path_parser (req.method(), path, query) [
 			OPTIONS _ => Options,
-			GET "/check" => CheckWebsiteEnabled,
+			GET "/check" => CheckDomain,
 			GET "/health" => Health,
 			GET "/metrics" => Metrics,
 			GET "/v0/status" => GetClusterStatus,
@@ -138,7 +138,7 @@ impl Endpoint {
 	pub fn authorization_type(&self) -> Authorization {
 		match self {
 			Self::Health => Authorization::None,
-			Self::CheckWebsiteEnabled => Authorization::None,
+			Self::CheckDomain => Authorization::None,
 			Self::Metrics => Authorization::MetricsToken,
 			_ => Authorization::AdminToken,
 		}