OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
19689 Commits
197 Branches
392 MB
2916 Download
Branch: V20230215
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'V20230215'
${ noResults }
aiforge/modules/minio_ext/util.go

util.go 5.7 kB
Raw Permalink Normal View History

chunk init
5 years ago
fmt code, improve some issue
4 years ago
chunk init
5 years ago
fmt code, improve some issue
4 years ago
chunk init
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185 
  1. package minio_ext

  2. 

  3. import (

  4. 	"crypto/sha256"

  5. 	"encoding/hex"

  6. 	"encoding/xml"

  7. 	"io"

  8. 	"io/ioutil"

  9. 	"net"

  10. 	"net/http"

  11. 	"net/url"

  12. 	"regexp"

  13. 	"strings"

  14. 

  15. 	"github.com/minio/minio-go/v6/pkg/s3utils"

  16. )

  17. 

  18. // regCred matches credential string in HTTP header

  19. var regCred = regexp.MustCompile("Credential=([A-Z0-9]+)/")

  20. 

  21. // regCred matches signature string in HTTP header

  22. var regSign = regexp.MustCompile("Signature=([[0-9a-f]+)")

  23. 

  24. // xmlDecoder provide decoded value in xml.

  25. func xmlDecoder(body io.Reader, v interface{}) error {

  26. 	d := xml.NewDecoder(body)

  27. 	return d.Decode(v)

  28. }

  29. 

  30. // Redact out signature value from authorization string.

  31. func redactSignature(origAuth string) string {

  32. 	if !strings.HasPrefix(origAuth, signV4Algorithm) {

  33. 		// Set a temporary redacted auth

  34. 		return "AWS **REDACTED**:**REDACTED**"

  35. 	}

  36. 

  37. 	/// Signature V4 authorization header.

  38. 

  39. 	// Strip out accessKeyID from:

  40. 	// Credential=<access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request

  41. 	newAuth := regCred.ReplaceAllString(origAuth, "Credential=**REDACTED**/")

  42. 

  43. 	// Strip out 256-bit signature from: Signature=<256-bit signature>

  44. 	return regSign.ReplaceAllString(newAuth, "Signature=**REDACTED**")

  45. }

  46. 

  47. // closeResponse close non nil response with any response Body.

  48. // convenient wrapper to drain any remaining data on response body.

  49. //

  50. // Subsequently this allows golang http RoundTripper

  51. // to re-use the same connection for future requests.

  52. func closeResponse(resp *http.Response) {

  53. 	// Callers should close resp.Body when done reading from it.

  54. 	// If resp.Body is not closed, the Client's underlying RoundTripper

  55. 	// (typically Transport) may not be able to re-use a persistent TCP

  56. 	// connection to the server for a subsequent "keep-alive" request.

  57. 	if resp != nil && resp.Body != nil {

  58. 		// Drain any remaining Body and then close the connection.

  59. 		// Without this closing connection would disallow re-using

  60. 		// the same connection for future uses.

  61. 		//  - http://stackoverflow.com/a/17961593/4465767

  62. 		io.Copy(ioutil.Discard, resp.Body)

  63. 		resp.Body.Close()

  64. 	}

  65. }

  66. 

  67. // Verify if input endpoint URL is valid.

  68. func isValidEndpointURL(endpointURL url.URL) error {

  69. 	if endpointURL == sentinelURL {

  70. 		return ErrInvalidArgument("Endpoint url cannot be empty.")

  71. 	}

  72. 	if endpointURL.Path != "/" && endpointURL.Path != "" {

  73. 		return ErrInvalidArgument("Endpoint url cannot have fully qualified paths.")

  74. 	}

  75. 	if strings.Contains(endpointURL.Host, ".s3.amazonaws.com") {

  76. 		if !s3utils.IsAmazonEndpoint(endpointURL) {

  77. 			return ErrInvalidArgument("Amazon S3 endpoint should be 's3.amazonaws.com'.")

  78. 		}

  79. 	}

  80. 	if strings.Contains(endpointURL.Host, ".googleapis.com") {

  81. 		if !s3utils.IsGoogleEndpoint(endpointURL) {

  82. 			return ErrInvalidArgument("Google Cloud Storage endpoint should be 'storage.googleapis.com'.")

  83. 		}

  84. 	}

  85. 	return nil

  86. }

  87. 

  88. // getEndpointURL - construct a new endpoint.

  89. func getEndpointURL(endpoint string, secure bool) (*url.URL, error) {

  90. 	if strings.Contains(endpoint, ":") {

  91. 		host, _, err := net.SplitHostPort(endpoint)

  92. 		if err != nil {

  93. 			return nil, err

  94. 		}

  95. 		if !s3utils.IsValidIP(host) && !s3utils.IsValidDomain(host) {

  96. 			msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."

  97. 			return nil, ErrInvalidArgument(msg)

  98. 		}

  99. 	} else {

  100. 		if !s3utils.IsValidIP(endpoint) && !s3utils.IsValidDomain(endpoint) {

  101. 			msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."

  102. 			return nil, ErrInvalidArgument(msg)

  103. 		}

  104. 	}

  105. 	// If secure is false, use 'http' scheme.

  106. 	scheme := "https"

  107. 	if !secure {

  108. 		scheme = "http"

  109. 	}

  110. 

  111. 	// Construct a secured endpoint URL.

  112. 	endpointURLStr := scheme + "://" + endpoint

  113. 	endpointURL, err := url.Parse(endpointURLStr)

  114. 	if err != nil {

  115. 		return nil, err

  116. 	}

  117. 

  118. 	// Validate incoming endpoint URL.

  119. 	if err := isValidEndpointURL(*endpointURL); err != nil {

  120. 		return nil, err

  121. 	}

  122. 	return endpointURL, nil

  123. }

  124. 

  125. var supportedHeaders = []string{

  126. 	"content-type",

  127. 	"cache-control",

  128. 	"content-encoding",

  129. 	"content-disposition",

  130. 	"content-language",

  131. 	"x-amz-website-redirect-location",

  132. 	"expires",

  133. 	// Add more supported headers here.

  134. }

  135. 

  136. // isStorageClassHeader returns true if the header is a supported storage class header

  137. func isStorageClassHeader(headerKey string) bool {

  138. 	return strings.EqualFold(amzStorageClass, headerKey)

  139. }

  140. 

  141. // isStandardHeader returns true if header is a supported header and not a custom header

  142. func isStandardHeader(headerKey string) bool {

  143. 	key := strings.ToLower(headerKey)

  144. 	for _, header := range supportedHeaders {

  145. 		if strings.ToLower(header) == key {

  146. 			return true

  147. 		}

  148. 	}

  149. 	return false

  150. }

  151. 

  152. // sseHeaders is list of server side encryption headers

  153. var sseHeaders = []string{

  154. 	"x-amz-server-side-encryption",

  155. 	"x-amz-server-side-encryption-aws-kms-key-id",

  156. 	"x-amz-server-side-encryption-context",

  157. 	"x-amz-server-side-encryption-customer-algorithm",

  158. 	"x-amz-server-side-encryption-customer-key",

  159. 	"x-amz-server-side-encryption-customer-key-MD5",

  160. }

  161. 

  162. // isSSEHeader returns true if header is a server side encryption header.

  163. func isSSEHeader(headerKey string) bool {

  164. 	key := strings.ToLower(headerKey)

  165. 	for _, h := range sseHeaders {

  166. 		if strings.ToLower(h) == key {

  167. 			return true

  168. 		}

  169. 	}

  170. 	return false

  171. }

  172. 

  173. // isAmzHeader returns true if header is a x-amz-meta-* or x-amz-acl header.

  174. func isAmzHeader(headerKey string) bool {

  175. 	key := strings.ToLower(headerKey)

  176. 

  177. 	return strings.HasPrefix(key, "x-amz-meta-") || strings.HasPrefix(key, "x-amz-grant-") || key == "x-amz-acl" || isSSEHeader(headerKey)

  178. }

  179. 

  180. // sum256 calculate sha256sum for an input byte array, returns hex encoded.

  181. func sum256Hex(data []byte) string {

  182. 	hash := sha256.New()

  183. 	hash.Write(data)

  184. 	return hex.EncodeToString(hash.Sum(nil))

  185. }

No Description