gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,699 Commits 1 Branch 0 Tags
e862888d2da85d83324d018aa334f078619e4e47
Commit Graph

12699 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Lu
e862888d2d s3tables: add request body size limiting 
Add request body size limiting (10MB) to readRequestBody method:
- Define maxRequestBodySize constant to prevent unbounded reads
- Use io.LimitReader to enforce size limit
- Add explicit error handling for oversized requests
- Prevents potential DoS attacks via large request bodies
 2026-01-28 14:54:45 -08:00
Chris Lu
b142689232 follow aws spec 2026-01-28 14:52:05 -08:00
Chris Lu
473e699368 s3tables: add table policy test coverage 
Add comprehensive test coverage for table policy operations:
- Added PutTablePolicy, GetTablePolicy, DeleteTablePolicy methods to test client
- Implemented testTablePolicy lifecycle test validating Put/Get/Delete operations
- Verified error handling for missing policies
 2026-01-28 14:44:28 -08:00
Chris Lu
0115e60919 s3tables: update bucket name validation message 
Remove "underscores" from error message to accurately reflect that
bucket names only allow lowercase letters, numbers, and hyphens.
 2026-01-28 14:41:15 -08:00
Chris Lu
a6c3e96f7b s3tables: fix double-write issue in handleListTables 
Remove premature HTTP error writes from within WithFilerClient closure
to prevent duplicate status code responses. Error handling is now
consistently performed at the top level using isAuthError.
 2026-01-28 14:41:14 -08:00
Chris Lu
dffe038efa go fmt 2026-01-28 14:34:07 -08:00
Chris Lu
4d4af0589b s3tables: standardize access denied errors using ErrAccessDenied constant 2026-01-28 14:33:01 -08:00
Chris Lu
d98e104dc5 s3tables: align ARN regex patterns with S3 standards and refactor to constants 2026-01-28 14:28:12 -08:00
Chris Lu
f5d71008d7 s3tables: refactor handleDeleteTableBucket to use strongly typed AuthError 2026-01-28 14:28:12 -08:00
Chris Lu
0d65daad4c s3tables: improve pagination robustness and error handling in table listing handlers 2026-01-28 14:04:09 -08:00
Chris Lu
612eae9ae8 s3tables: fix inconsistent permission check in handleCreateTableBucket 2026-01-28 14:04:08 -08:00
Chris Lu
a689c1e052 s3tables: align getPrincipalFromRequest with account ID for IAM compatibility 2026-01-28 14:04:08 -08:00
Chris Lu
d4ebafbacd s3tables: enforce strict resource ownership and implement result filtering for tables 2026-01-28 13:59:28 -08:00
Chris Lu
43aebc10da s3tables: enforce strict resource ownership and implement result filtering for namespaces 2026-01-28 13:59:24 -08:00
Chris Lu
9d54f4d160 s3tables: enforce strict resource ownership and implement result filtering for buckets 2026-01-28 13:59:21 -08:00
Chris Lu
c8cfbaa069 s3tables: implement strict AWS-aligned name validation for buckets, namespaces, and tables 2026-01-28 13:59:16 -08:00
Chris Lu
1697ec862f ownerAccountID 2026-01-28 13:54:49 -08:00
Chris Lu
1fdd9c3372 s3tables: refactor permission checks to use resource owner in policy and tagging handlers 2026-01-28 13:50:24 -08:00
Chris Lu
78a007d42b s3tables: refactor permission checks to use resource owner in table handlers 2026-01-28 13:50:19 -08:00
Chris Lu
ef0bae45e3 s3tables: refactor permission checks to use resource owner in namespace handlers 2026-01-28 13:50:16 -08:00
Chris Lu
32fade010a s3tables: refactor permission checks to use resource owner in bucket handlers 2026-01-28 13:50:13 -08:00
Chris Lu
2f4cee9538 s3tables: add isAuthError helper to handler.go 2026-01-28 13:50:10 -08:00
Chris Lu
090d473822 s3tables: allow hyphens in namespace and table names 
Relaxed regex validation in utils.go to support hyphens in S3 Tables
namespaces and table names, improving consistency with S3 bucket naming
and allowing derived names from services like S3 Storage Lens.
 2026-01-28 13:38:41 -08:00
Chris Lu
d6f6bf4ce7 s3tables: remove unused ExtractPrincipalFromContext function 
Removed the unused ExtractPrincipalFromContext utility and its
accompanying iam/utils import to keep the new s3tables codebase clean.
 2026-01-28 13:31:53 -08:00
Chris Lu
e4e4dea140 s3tables: remove legacy principal fallback header 
Removed the fallback to X-Amz-Principal in getPrincipalFromRequest as
S3 Tables is a new feature and does not require legacy header support.
 2026-01-28 13:28:42 -08:00
Chris Lu
dfdace9a13 s3tables: enhance test robustness and resilience 
Updated random string generation to use crypto/rand in s3tables tests.
Increased resilience of IAM distributed tests by adding "connection refused"
to retryable errors.
 2026-01-28 13:25:32 -08:00
Chris Lu
2b2ff008cd s3tables: improve resource resolution and error mapping for policies and tagging 
Refactored resolveResourcePath to return resource type, enabling accurate
NoSuchBucket vs NoSuchTable error codes. Added existence checks before
deleting policies.
 2026-01-28 13:25:32 -08:00
Chris Lu
f17ec59d46 s3tables: implement optimistic concurrency for table deletion 
Added VersionToken validation to handleDeleteTable. Refactored table
listing to use request context for accurate ARN generation and fixed
cross-namespace pagination issues.
 2026-01-28 13:25:32 -08:00
Chris Lu
12c1190a5c s3tables: update namespace handlers for multi-account support 
Updated namespace creation to use authenticated account ID for ownership
and unified permission checks across all namespace operations to use the
correct account principal.
 2026-01-28 13:25:27 -08:00
Chris Lu
922b0c3171 s3tables: update bucket handlers for multi-account support 
Ensured bucket ownership is correctly attributed to the authenticated
account ID and updated ARNs to use the request-derived account ID. Added
standard S3 existence checks for bucket deletion.
 2026-01-28 13:25:27 -08:00
Chris Lu
31867b6f75 s3tables: improve account ID handling and define missing error codes 
Updated getPrincipalFromRequest to prioritize X-Amz-Account-ID header and
added getAccountID helper. Defined ErrVersionTokenMismatch and ErrCodeConflict
for better optimistic concurrency support.
 2026-01-28 13:25:22 -08:00
Chris Lu
e381b81b47 s3tables: use crypto/rand for secure version token generation 
Replaced math/rand with crypto/rand to ensure version tokens are
cryptographically secure and unpredictable for optimistic concurrency control.
 2026-01-28 13:25:19 -08:00
Chris Lu
89b85bfd5e s3tables test: update integration tests for new client API 2026-01-28 12:46:21 -08:00
Chris Lu
783fe25eac s3tables test: expose pagination parameters in client list methods 2026-01-28 12:46:21 -08:00
Chris Lu
5c43f1e6a4 s3tables: fix cross-namespace pagination in listTablesInAllNamespaces 2026-01-28 12:46:21 -08:00
Chris Lu
5eed1874a9 s3tables: return 404 in handleDeleteNamespace if namespace not found 2026-01-28 12:46:20 -08:00
Chris Lu
ae7743304c s3tables: refine permission helpers to align with operation names 2026-01-28 12:46:20 -08:00
Chris Lu
babf1b06ac s3tables: implement token-based pagination for namespace listing 2026-01-28 12:30:33 -08:00
Chris Lu
6ff683a627 s3tables: implement token-based pagination for table buckets listing 2026-01-28 12:30:33 -08:00
Chris Lu
1fb3aefa95 s3tables: ensure root tables directory exists before bucket creation 2026-01-28 12:30:32 -08:00
Chris Lu
47ef8c3cce s3tables: add table name validation and cleanup duplicated logic in table handlers 2026-01-28 12:30:32 -08:00
Chris Lu
f83cef1259 s3tables: add table name validation and 404 propagation to policy handlers 2026-01-28 12:30:31 -08:00
Chris Lu
ab6351e1c9 s3tables: implement validateTableName helper 2026-01-28 12:30:31 -08:00
Chris Lu
9f1dd57939 s3tables test: improve error reporting on decoding failure 2026-01-28 12:30:30 -08:00
Chris Lu
1f70d82170 s3tables: remove duplicate comment in permissions.go 2026-01-28 12:30:30 -08:00
Chris Lu
6d01e42cef s3tables: improve principal extraction using identity context 2026-01-28 12:30:29 -08:00
Chris Lu
5cea00ff07 S3 Tables: use os.ModeDir constant in filer_ops.go 
- Replace magic number 1<<31 with os.ModeDir for better readability.
- Added necessary os import.
 2026-01-28 12:13:35 -08:00
Chris Lu
d8c7c16aad S3 Tables: fix gRPC stream loop handling in namespace handlers 
- Correctly handle io.EOF in handleListNamespaces and handleDeleteNamespace.
- Propagate other errors to prevent silent failures or accidental data loss.
- Added necessary io import.
 2026-01-28 12:13:29 -08:00
Chris Lu
b7c1eba0a1 S3 Tables: secure API router with IAM authentication 
- Wrap S3 Tables handler with authenticateS3Tables.
- Use AuthSignatureOnly to enforce valid credentials while delegating granular authorization to handlers.
- Prevent anonymous access to all S3 Tables endpoints.
 2026-01-28 12:09:15 -08:00
Chris Lu
ae19621230 S3 Tables: validate ARN namespace to prevent path traversal 
- Enforce validation on decoded namespace in parseTableFromARN.
- Ensures path components are safe after URL unescaping.
 2026-01-28 12:09:09 -08:00