s3: add support for PostPolicy

fix https://github.com/chrislusf/seaweedfs/issues/1426
2020-09-19 20:14:19 -07:00
parent 41d508edfd
commit 29abe980df
11 changed files with 1482 additions and 3 deletions
--- a/weed/s3api/s3err/s3-error.go
+++ b/weed/s3api/s3err/s3-error.go
@@ -0,0 +1,61 @@
+package s3err
+
+/*
+ * MinIO Go Library for Amazon S3 Compatible Cloud Storage
+ * Copyright 2015-2017 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Non exhaustive list of AWS S3 standard error responses -
+// http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
+var s3ErrorResponseMap = map[string]string{
+	"AccessDenied":                      "Access Denied.",
+	"BadDigest":                         "The Content-Md5 you specified did not match what we received.",
+	"EntityTooSmall":                    "Your proposed upload is smaller than the minimum allowed object size.",
+	"EntityTooLarge":                    "Your proposed upload exceeds the maximum allowed object size.",
+	"IncompleteBody":                    "You did not provide the number of bytes specified by the Content-Length HTTP header.",
+	"InternalError":                     "We encountered an internal error, please try again.",
+	"InvalidAccessKeyId":                "The access key ID you provided does not exist in our records.",
+	"InvalidBucketName":                 "The specified bucket is not valid.",
+	"InvalidDigest":                     "The Content-Md5 you specified is not valid.",
+	"InvalidRange":                      "The requested range is not satisfiable",
+	"MalformedXML":                      "The XML you provided was not well-formed or did not validate against our published schema.",
+	"MissingContentLength":              "You must provide the Content-Length HTTP header.",
+	"MissingContentMD5":                 "Missing required header for this request: Content-Md5.",
+	"MissingRequestBodyError":           "Request body is empty.",
+	"NoSuchBucket":                      "The specified bucket does not exist.",
+	"NoSuchBucketPolicy":                "The bucket policy does not exist",
+	"NoSuchKey":                         "The specified key does not exist.",
+	"NoSuchUpload":                      "The specified multipart upload does not exist. The upload ID may be invalid, or the upload may have been aborted or completed.",
+	"NotImplemented":                    "A header you provided implies functionality that is not implemented",
+	"PreconditionFailed":                "At least one of the pre-conditions you specified did not hold",
+	"RequestTimeTooSkewed":              "The difference between the request time and the server's time is too large.",
+	"SignatureDoesNotMatch":             "The request signature we calculated does not match the signature you provided. Check your key and signing method.",
+	"MethodNotAllowed":                  "The specified method is not allowed against this resource.",
+	"InvalidPart":                       "One or more of the specified parts could not be found.",
+	"InvalidPartOrder":                  "The list of parts was not in ascending order. The parts list must be specified in order by part number.",
+	"InvalidObjectState":                "The operation is not valid for the current state of the object.",
+	"AuthorizationHeaderMalformed":      "The authorization header is malformed; the region is wrong.",
+	"MalformedPOSTRequest":              "The body of your POST request is not well-formed multipart/form-data.",
+	"BucketNotEmpty":                    "The bucket you tried to delete is not empty",
+	"AllAccessDisabled":                 "All access to this bucket has been disabled.",
+	"MalformedPolicy":                   "Policy has invalid resource.",
+	"MissingFields":                     "Missing fields in request.",
+	"AuthorizationQueryParametersError": "Error parsing the X-Amz-Credential parameter; the Credential is mal-formed; expecting \"<YOUR-AKID>/YYYYMMDD/REGION/SERVICE/aws4_request\".",
+	"MalformedDate":                     "Invalid date format header, expected to be in ISO8601, RFC1123 or RFC1123Z time format.",
+	"BucketAlreadyOwnedByYou":           "Your previous request to create the named bucket succeeded and you already own it.",
+	"InvalidDuration":                   "Duration provided in the request is invalid.",
+	"XAmzContentSHA256Mismatch":         "The provided 'x-amz-content-sha256' header does not match what was computed.",
+	// Add new API errors here.
+}
--- a/weed/s3api/s3err/s3api_errors.go
+++ b/weed/s3api/s3err/s3api_errors.go
@@ -2,6 +2,7 @@ package s3err

 import (
 	"encoding/xml"
+	"fmt"
 	"net/http"
 )

@@ -19,6 +20,21 @@ type RESTErrorResponse struct {
 	Message   string   `xml:"Message" json:"Message"`
 	Resource  string   `xml:"Resource" json:"Resource"`
 	RequestID string   `xml:"RequestId" json:"RequestId"`
+
+	// Underlying HTTP status code for the returned error
+	StatusCode int `xml:"-" json:"-"`
+}
+
+// Error - Returns S3 error string.
+func (e RESTErrorResponse) Error() string {
+	if e.Message == "" {
+		msg, ok := s3ErrorResponseMap[e.Code]
+		if !ok {
+			msg = fmt.Sprintf("Error response code %s.", e.Code)
+		}
+		return msg
+	}
+	return e.Message
 }

 // ErrorCode type of error status.
@@ -47,6 +63,11 @@ const (
 	ErrInvalidCopySource
 	ErrAuthHeaderEmpty
 	ErrSignatureVersionNotSupported
+	ErrMalformedPOSTRequest
+	ErrPOSTFileRequired
+	ErrPostPolicyConditionInvalidFormat
+	ErrEntityTooSmall
+	ErrEntityTooLarge
 	ErrMissingFields
 	ErrMissingCredTag
 	ErrCredMalformed
@@ -167,13 +188,11 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "Copy Source must mention the source bucket and key: sourcebucket/sourcekey.",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
-
 	ErrMalformedXML: {
 		Code:           "MalformedXML",
 		Description:    "The XML you provided was not well-formed or did not validate against our published schema.",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
-
 	ErrAuthHeaderEmpty: {
 		Code:           "InvalidArgument",
 		Description:    "Authorization header is invalid -- one and only one ' ' (space) required.",
@@ -184,6 +203,31 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrMalformedPOSTRequest: {
+		Code:           "MalformedPOSTRequest",
+		Description:    "The body of your POST request is not well-formed multipart/form-data.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrPOSTFileRequired: {
+		Code:           "InvalidArgument",
+		Description:    "POST requires exactly one file upload per request.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrPostPolicyConditionInvalidFormat: {
+		Code:           "PostPolicyInvalidKeyName",
+		Description:    "Invalid according to Policy: Policy Condition failed",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrEntityTooSmall: {
+		Code:           "EntityTooSmall",
+		Description:    "Your proposed upload is smaller than the minimum allowed object size.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrEntityTooLarge: {
+		Code:           "EntityTooLarge",
+		Description:    "Your proposed upload exceeds the maximum allowed object size.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	ErrMissingFields: {
 		Code:           "MissingFields",
 		Description:    "Missing fields in request.",