gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,789 Commits 1 Branch 0 Tags
bd4e7ff14e063cce985d7ebc2a4afcfb6f228b44
Commit Graph

7 Commits

Author SHA1 Message Date
Chris Lu
b2b0a38e71 s3api: allow empty region and account id in s3tables ARN (#8171) 
* s3api: allow empty region and account id in s3tables ARN

* s3api: refactor S3 Tables ARN regex into a constant
 2026-01-30 13:15:39 -08:00
Chris Lu
f1e27b8f30 s3: change s3 tables to use RESTful API (#8169) 
* s3: refactor s3 tables to use RESTful API

* test/s3tables: guard empty namespaces

* s3api: document tag parsing and validate get-table

* s3api: limit S3Tables REST body size

* Update weed/s3api/s3api_tables.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update weed/s3api/s3tables/handler.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* s3api: accept encoded table bucket ARNs

* s3api: validate namespaces and close body

* s3api: match encoded table bucket ARNs

* s3api: scope table bucket ARN routes

* s3api: dedupe table bucket request builders

* test/s3tables: allow list tables without namespace

* s3api: validate table params and tag ARN

* s3api: tighten tag handling and get-table params

* s3api: loosen tag ARN route matching

* Fix S3 Tables REST routing and tests

* Adjust S3 Tables request parsing

* Gate S3 Tables target routing

* Avoid double decoding namespaces

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-30 10:37:34 -08:00
Chris Lu
b7c1eba0a1 S3 Tables: secure API router with IAM authentication 
- Wrap S3 Tables handler with authenticateS3Tables.
- Use AuthSignatureOnly to enforce valid credentials while delegating granular authorization to handlers.
- Prevent anonymous access to all S3 Tables endpoints.
 2026-01-28 12:09:15 -08:00
Chris Lu
04514071a7 s3tables: implement granular authorization and refine error responses 
- Remove mandatory ACTION_ADMIN at the router level
- Enforce granular permissions in bucket and namespace handlers
- Prioritize AccountID in ExtractPrincipalFromContext for ARN matching
- Distinguish between 404 (NoSuchBucket) and 500 (InternalError) in metadata lookups
- Clean up unused imports in s3api_tables.go
 2026-01-28 11:31:38 -08:00
Chris Lu
08ee4e37d8 s3tables: clean up unused code and improve error response formatting 2026-01-28 09:38:10 -08:00
Chris Lu
1b9c8b8614 s3api_tables: optimize action validation with map lookup 
- Replace O(n) slice iteration with O(1) map lookup
- Move s3TablesActionsMap to package level
- Avoid recreating the map on every function call
- Improves performance for request validation
 2026-01-28 01:14:31 -08:00
Chris Lu
b1b922d757 s3api: add S3 Tables integration layer 
- Create s3api_tables.go to integrate S3 Tables with S3 API server
- Implement S3 Tables route matcher for X-Amz-Target header
- Register S3 Tables routes with API router
- Provide gRPC filer client interface for S3 Tables handlers
- All S3 Tables operations accessible via S3 API endpoint
 2026-01-28 00:55:34 -08:00