OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 4b8da7b892
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4b8da7b892'
${ noResults }
aiforge/vendor/github.com/minio/minio-go/utils.go

273 lines
8.3 kB
Raw Blame History 

  1. /*

  2.  * Minio Go Library for Amazon S3 Compatible Cloud Storage

  3.  * Copyright 2015-2017 Minio, Inc.

  4.  *

  5.  * Licensed under the Apache License, Version 2.0 (the "License");

  6.  * you may not use this file except in compliance with the License.

  7.  * You may obtain a copy of the License at

  8.  *

  9.  *     http://www.apache.org/licenses/LICENSE-2.0

  10.  *

  11.  * Unless required by applicable law or agreed to in writing, software

  12.  * distributed under the License is distributed on an "AS IS" BASIS,

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.  * See the License for the specific language governing permissions and

  15.  * limitations under the License.

  16.  */

  17. 

  18. package minio

  19. 

  20. import (

  21. 	"crypto/md5"

  22. 	"crypto/sha256"

  23. 	"encoding/base64"

  24. 	"encoding/hex"

  25. 	"encoding/xml"

  26. 	"io"

  27. 	"io/ioutil"

  28. 	"net"

  29. 	"net/http"

  30. 	"net/url"

  31. 	"regexp"

  32. 	"strings"

  33. 	"time"

  34. 

  35. 	"github.com/minio/minio-go/pkg/s3utils"

  36. )

  37. 

  38. // xmlDecoder provide decoded value in xml.

  39. func xmlDecoder(body io.Reader, v interface{}) error {

  40. 	d := xml.NewDecoder(body)

  41. 	return d.Decode(v)

  42. }

  43. 

  44. // sum256 calculate sha256sum for an input byte array, returns hex encoded.

  45. func sum256Hex(data []byte) string {

  46. 	hash := sha256.New()

  47. 	hash.Write(data)

  48. 	return hex.EncodeToString(hash.Sum(nil))

  49. }

  50. 

  51. // sumMD5Base64 calculate md5sum for an input byte array, returns base64 encoded.

  52. func sumMD5Base64(data []byte) string {

  53. 	hash := md5.New()

  54. 	hash.Write(data)

  55. 	return base64.StdEncoding.EncodeToString(hash.Sum(nil))

  56. }

  57. 

  58. // getEndpointURL - construct a new endpoint.

  59. func getEndpointURL(endpoint string, secure bool) (*url.URL, error) {

  60. 	if strings.Contains(endpoint, ":") {

  61. 		host, _, err := net.SplitHostPort(endpoint)

  62. 		if err != nil {

  63. 			return nil, err

  64. 		}

  65. 		if !s3utils.IsValidIP(host) && !s3utils.IsValidDomain(host) {

  66. 			msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."

  67. 			return nil, ErrInvalidArgument(msg)

  68. 		}

  69. 	} else {

  70. 		if !s3utils.IsValidIP(endpoint) && !s3utils.IsValidDomain(endpoint) {

  71. 			msg := "Endpoint: " + endpoint + " does not follow ip address or domain name standards."

  72. 			return nil, ErrInvalidArgument(msg)

  73. 		}

  74. 	}

  75. 	// If secure is false, use 'http' scheme.

  76. 	scheme := "https"

  77. 	if !secure {

  78. 		scheme = "http"

  79. 	}

  80. 

  81. 	// Construct a secured endpoint URL.

  82. 	endpointURLStr := scheme + "://" + endpoint

  83. 	endpointURL, err := url.Parse(endpointURLStr)

  84. 	if err != nil {

  85. 		return nil, err

  86. 	}

  87. 

  88. 	// Validate incoming endpoint URL.

  89. 	if err := isValidEndpointURL(*endpointURL); err != nil {

  90. 		return nil, err

  91. 	}

  92. 	return endpointURL, nil

  93. }

  94. 

  95. // closeResponse close non nil response with any response Body.

  96. // convenient wrapper to drain any remaining data on response body.

  97. //

  98. // Subsequently this allows golang http RoundTripper

  99. // to re-use the same connection for future requests.

  100. func closeResponse(resp *http.Response) {

  101. 	// Callers should close resp.Body when done reading from it.

  102. 	// If resp.Body is not closed, the Client's underlying RoundTripper

  103. 	// (typically Transport) may not be able to re-use a persistent TCP

  104. 	// connection to the server for a subsequent "keep-alive" request.

  105. 	if resp != nil && resp.Body != nil {

  106. 		// Drain any remaining Body and then close the connection.

  107. 		// Without this closing connection would disallow re-using

  108. 		// the same connection for future uses.

  109. 		//  - http://stackoverflow.com/a/17961593/4465767

  110. 		io.Copy(ioutil.Discard, resp.Body)

  111. 		resp.Body.Close()

  112. 	}

  113. }

  114. 

  115. var (

  116. 	// Hex encoded string of nil sha256sum bytes.

  117. 	emptySHA256Hex = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

  118. 

  119. 	// Sentinel URL is the default url value which is invalid.

  120. 	sentinelURL = url.URL{}

  121. )

  122. 

  123. // Verify if input endpoint URL is valid.

  124. func isValidEndpointURL(endpointURL url.URL) error {

  125. 	if endpointURL == sentinelURL {

  126. 		return ErrInvalidArgument("Endpoint url cannot be empty.")

  127. 	}

  128. 	if endpointURL.Path != "/" && endpointURL.Path != "" {

  129. 		return ErrInvalidArgument("Endpoint url cannot have fully qualified paths.")

  130. 	}

  131. 	if strings.Contains(endpointURL.Host, ".s3.amazonaws.com") {

  132. 		if !s3utils.IsAmazonEndpoint(endpointURL) {

  133. 			return ErrInvalidArgument("Amazon S3 endpoint should be 's3.amazonaws.com'.")

  134. 		}

  135. 	}

  136. 	if strings.Contains(endpointURL.Host, ".googleapis.com") {

  137. 		if !s3utils.IsGoogleEndpoint(endpointURL) {

  138. 			return ErrInvalidArgument("Google Cloud Storage endpoint should be 'storage.googleapis.com'.")

  139. 		}

  140. 	}

  141. 	return nil

  142. }

  143. 

  144. // Verify if input expires value is valid.

  145. func isValidExpiry(expires time.Duration) error {

  146. 	expireSeconds := int64(expires / time.Second)

  147. 	if expireSeconds < 1 {

  148. 		return ErrInvalidArgument("Expires cannot be lesser than 1 second.")

  149. 	}

  150. 	if expireSeconds > 604800 {

  151. 		return ErrInvalidArgument("Expires cannot be greater than 7 days.")

  152. 	}

  153. 	return nil

  154. }

  155. 

  156. // make a copy of http.Header

  157. func cloneHeader(h http.Header) http.Header {

  158. 	h2 := make(http.Header, len(h))

  159. 	for k, vv := range h {

  160. 		vv2 := make([]string, len(vv))

  161. 		copy(vv2, vv)

  162. 		h2[k] = vv2

  163. 	}

  164. 	return h2

  165. }

  166. 

  167. // Filter relevant response headers from

  168. // the HEAD, GET http response. The function takes

  169. // a list of headers which are filtered out and

  170. // returned as a new http header.

  171. func filterHeader(header http.Header, filterKeys []string) (filteredHeader http.Header) {

  172. 	filteredHeader = cloneHeader(header)

  173. 	for _, key := range filterKeys {

  174. 		filteredHeader.Del(key)

  175. 	}

  176. 	return filteredHeader

  177. }

  178. 

  179. // regCred matches credential string in HTTP header

  180. var regCred = regexp.MustCompile("Credential=([A-Z0-9]+)/")

  181. 

  182. // regCred matches signature string in HTTP header

  183. var regSign = regexp.MustCompile("Signature=([[0-9a-f]+)")

  184. 

  185. // Redact out signature value from authorization string.

  186. func redactSignature(origAuth string) string {

  187. 	if !strings.HasPrefix(origAuth, signV4Algorithm) {

  188. 		// Set a temporary redacted auth

  189. 		return "AWS **REDACTED**:**REDACTED**"

  190. 	}

  191. 

  192. 	/// Signature V4 authorization header.

  193. 

  194. 	// Strip out accessKeyID from:

  195. 	// Credential=<access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request

  196. 	newAuth := regCred.ReplaceAllString(origAuth, "Credential=**REDACTED**/")

  197. 

  198. 	// Strip out 256-bit signature from: Signature=<256-bit signature>

  199. 	return regSign.ReplaceAllString(newAuth, "Signature=**REDACTED**")

  200. }

  201. 

  202. // Get default location returns the location based on the input

  203. // URL `u`, if region override is provided then all location

  204. // defaults to regionOverride.

  205. //

  206. // If no other cases match then the location is set to `us-east-1`

  207. // as a last resort.

  208. func getDefaultLocation(u url.URL, regionOverride string) (location string) {

  209. 	if regionOverride != "" {

  210. 		return regionOverride

  211. 	}

  212. 	region := s3utils.GetRegionFromURL(u)

  213. 	if region == "" {

  214. 		region = "us-east-1"

  215. 	}

  216. 	return region

  217. }

  218. 

  219. var supportedHeaders = []string{

  220. 	"content-type",

  221. 	"cache-control",

  222. 	"content-encoding",

  223. 	"content-disposition",

  224. 	"content-language",

  225. 	"x-amz-website-redirect-location",

  226. 	"expires",

  227. 	// Add more supported headers here.

  228. }

  229. 

  230. // isStorageClassHeader returns true if the header is a supported storage class header

  231. func isStorageClassHeader(headerKey string) bool {

  232. 	return strings.ToLower(amzStorageClass) == strings.ToLower(headerKey)

  233. }

  234. 

  235. // isStandardHeader returns true if header is a supported header and not a custom header

  236. func isStandardHeader(headerKey string) bool {

  237. 	key := strings.ToLower(headerKey)

  238. 	for _, header := range supportedHeaders {

  239. 		if strings.ToLower(header) == key {

  240. 			return true

  241. 		}

  242. 	}

  243. 	return false

  244. }

  245. 

  246. // sseHeaders is list of server side encryption headers

  247. var sseHeaders = []string{

  248. 	"x-amz-server-side-encryption",

  249. 	"x-amz-server-side-encryption-aws-kms-key-id",

  250. 	"x-amz-server-side-encryption-context",

  251. 	"x-amz-server-side-encryption-customer-algorithm",

  252. 	"x-amz-server-side-encryption-customer-key",

  253. 	"x-amz-server-side-encryption-customer-key-MD5",

  254. }

  255. 

  256. // isSSEHeader returns true if header is a server side encryption header.

  257. func isSSEHeader(headerKey string) bool {

  258. 	key := strings.ToLower(headerKey)

  259. 	for _, h := range sseHeaders {

  260. 		if strings.ToLower(h) == key {

  261. 			return true

  262. 		}

  263. 	}

  264. 	return false

  265. }

  266. 

  267. // isAmzHeader returns true if header is a x-amz-meta-* or x-amz-acl header.

  268. func isAmzHeader(headerKey string) bool {

  269. 	key := strings.ToLower(headerKey)

  270. 

  271. 	return strings.HasPrefix(key, "x-amz-meta-") || strings.HasPrefix(key, "x-amz-grant-") || key == "x-amz-acl" || isSSEHeader(headerKey)

  272. }