From 4a676c40dca0077b123a59dac74143d0088b808d Mon Sep 17 00:00:00 2001 From: Victor Lacasse-Beaudoin Date: Wed, 26 Apr 2023 15:00:17 -0400 Subject: [PATCH] =?UTF-8?q?V=C3=A9rifier=20server.documents.buckets=20dans?= =?UTF-8?q?=20CRUD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cmd/server.go | 83 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 2 deletions(-) diff --git a/cmd/server.go b/cmd/server.go index 9dd3a7b..db3bb32 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -257,6 +257,7 @@ func handleV1BucketList(c echo.Context) error { } func handleV1BucketRead(c echo.Context) error { + documents_buckets := viper.GetStringSlice("server.documents.buckets") documents_endpoint := viper.GetString("server.documents.endpoint") documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_secret_access_key := viper.GetString("server.documents.secret_access_key") @@ -264,6 +265,22 @@ func handleV1BucketRead(c echo.Context) error { bucket := c.Param("bucket") + allowed := false + for _, bucket_allowed := range documents_buckets { + if bucket == bucket_allowed { + allowed = true + } + } + + if !allowed { + /* + return c.JSON(http.StatusBadRequest, map[string]string{ + "message": "Bucket is not allowed in server.documents.buckets", + }) + */ + return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) + } + ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -306,6 +323,7 @@ func handleV1BucketRead(c echo.Context) error { // handleV1DocumentCreate permet d'ajouter un object dans un bucket, par multipart/form-data func handleV1DocumentCreate(c echo.Context) error { + documents_buckets := viper.GetStringSlice("server.documents.buckets") documents_endpoint := viper.GetString("server.documents.endpoint") documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_secret_access_key := viper.GetString("server.documents.secret_access_key") @@ -318,6 +336,22 @@ func handleV1DocumentCreate(c echo.Context) error { return err } + allowed := false + for _, bucket_allowed := range documents_buckets { + if bucket == bucket_allowed { + allowed = true + } + } + + if !allowed { + /* + return c.JSON(http.StatusBadRequest, map[string]string{ + "message": "Bucket is not allowed in server.documents.buckets", + }) + */ + return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) + } + ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -360,6 +394,7 @@ func handleV1DocumentCreate(c echo.Context) error { // handleV1DocumentRead permet de lire le contenu d'un fichier et protentiellement de le télécharger func handleV1DocumentRead(c echo.Context) error { + documents_buckets := viper.GetStringSlice("server.documents.buckets") documents_endpoint := viper.GetString("server.documents.endpoint") documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_secret_access_key := viper.GetString("server.documents.secret_access_key") @@ -368,6 +403,22 @@ func handleV1DocumentRead(c echo.Context) error { bucket := c.Param("bucket") document := c.Param("document") + allowed := false + for _, bucket_allowed := range documents_buckets { + if bucket == bucket_allowed { + allowed = true + } + } + + if !allowed { + /* + return c.JSON(http.StatusBadRequest, map[string]string{ + "message": "Bucket is not allowed in server.documents.buckets", + }) + */ + return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) + } + ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -393,8 +444,14 @@ func handleV1DocumentRead(c echo.Context) error { } document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{}) + if err != nil { - return c.JSON(http.StatusInternalServerError, map[string]string{ + if err.Error() == "The specified key does not exist." { + + return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) + } + + return c.JSON(http.StatusInternalServerError, map[string]interface{}{ "message": "Error during minio#StatObject", }) } @@ -422,6 +479,7 @@ func handleV1DocumentUpdate(c echo.Context) error { // handleV1DocumentDelete permet de supprimer un object func handleV1DocumentDelete(c echo.Context) error { + documents_buckets := viper.GetStringSlice("server.documents.buckets") documents_endpoint := viper.GetString("server.documents.endpoint") documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_secret_access_key := viper.GetString("server.documents.secret_access_key") @@ -430,6 +488,22 @@ func handleV1DocumentDelete(c echo.Context) error { bucket := c.Param("bucket") document := c.Param("document") + allowed := false + for _, bucket_allowed := range documents_buckets { + if bucket == bucket_allowed { + allowed = true + } + } + + if !allowed { + /* + return c.JSON(http.StatusBadRequest, map[string]string{ + "message": "Bucket is not allowed in server.documents.buckets", + }) + */ + return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) + } + ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -456,7 +530,12 @@ func handleV1DocumentDelete(c echo.Context) error { document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{}) if err != nil { - return c.JSON(http.StatusInternalServerError, map[string]string{ + if err.Error() == "The specified key does not exist." { + + return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) + } + + return c.JSON(http.StatusInternalServerError, map[string]interface{}{ "message": "Error during minio#StatObject", }) } -- 2.45.2