2023-04-26 15:01:12 -04:00
1 changed files with 81 additions and 2 deletions
--- a/cmd/server.go
+++ b/cmd/server.go
@ -257,6 +257,7 @@ func handleV1BucketList(c echo.Context) error {
 }

 func handleV1BucketRead(c echo.Context) error {
+	documents_buckets := viper.GetStringSlice("server.documents.buckets")
 	documents_endpoint := viper.GetString("server.documents.endpoint")
 	documents_access_key_id := viper.GetString("server.documents.access_key_id")
 	documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -264,6 +265,22 @@ func handleV1BucketRead(c echo.Context) error {

 	bucket := c.Param("bucket")

+	allowed := false
+	for _, bucket_allowed := range documents_buckets {
+		if bucket == bucket_allowed {
+			allowed = true
+		}
+	}
+
+	if !allowed {
+		/*
+			return c.JSON(http.StatusBadRequest, map[string]string{
+				"message": "Bucket is not allowed in server.documents.buckets",
+			})
+		*/
+		return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
+	}
+
 	ctx, cancel := context.WithCancel(context.Background())

 	defer cancel()
@ -306,6 +323,7 @@ func handleV1BucketRead(c echo.Context) error {

 // handleV1DocumentCreate permet d'ajouter un object dans un bucket, par multipart/form-data
 func handleV1DocumentCreate(c echo.Context) error {
+	documents_buckets := viper.GetStringSlice("server.documents.buckets")
 	documents_endpoint := viper.GetString("server.documents.endpoint")
 	documents_access_key_id := viper.GetString("server.documents.access_key_id")
 	documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -318,6 +336,22 @@ func handleV1DocumentCreate(c echo.Context) error {
 		return err
 	}

+	allowed := false
+	for _, bucket_allowed := range documents_buckets {
+		if bucket == bucket_allowed {
+			allowed = true
+		}
+	}
+
+	if !allowed {
+		/*
+			return c.JSON(http.StatusBadRequest, map[string]string{
+				"message": "Bucket is not allowed in server.documents.buckets",
+			})
+		*/
+		return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
+	}
+
 	ctx, cancel := context.WithCancel(context.Background())

 	defer cancel()
@ -360,6 +394,7 @@ func handleV1DocumentCreate(c echo.Context) error {

 // handleV1DocumentRead permet de lire le contenu d'un fichier et protentiellement de le télécharger
 func handleV1DocumentRead(c echo.Context) error {
+	documents_buckets := viper.GetStringSlice("server.documents.buckets")
 	documents_endpoint := viper.GetString("server.documents.endpoint")
 	documents_access_key_id := viper.GetString("server.documents.access_key_id")
 	documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -368,6 +403,22 @@ func handleV1DocumentRead(c echo.Context) error {
 	bucket := c.Param("bucket")
 	document := c.Param("document")

+	allowed := false
+	for _, bucket_allowed := range documents_buckets {
+		if bucket == bucket_allowed {
+			allowed = true
+		}
+	}
+
+	if !allowed {
+		/*
+			return c.JSON(http.StatusBadRequest, map[string]string{
+				"message": "Bucket is not allowed in server.documents.buckets",
+			})
+		*/
+		return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
+	}
+
 	ctx, cancel := context.WithCancel(context.Background())

 	defer cancel()
@ -393,8 +444,14 @@ func handleV1DocumentRead(c echo.Context) error {
 	}

 	document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{})
+
 	if err != nil {
-		return c.JSON(http.StatusInternalServerError, map[string]string{
+		if err.Error() == "The specified key does not exist." {
+
+			return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
+		}
+
+		return c.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"message": "Error during minio#StatObject",
 		})
 	}
@ -422,6 +479,7 @@ func handleV1DocumentUpdate(c echo.Context) error {

 // handleV1DocumentDelete permet de supprimer un object
 func handleV1DocumentDelete(c echo.Context) error {
+	documents_buckets := viper.GetStringSlice("server.documents.buckets")
 	documents_endpoint := viper.GetString("server.documents.endpoint")
 	documents_access_key_id := viper.GetString("server.documents.access_key_id")
 	documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -430,6 +488,22 @@ func handleV1DocumentDelete(c echo.Context) error {
 	bucket := c.Param("bucket")
 	document := c.Param("document")

+	allowed := false
+	for _, bucket_allowed := range documents_buckets {
+		if bucket == bucket_allowed {
+			allowed = true
+		}
+	}
+
+	if !allowed {
+		/*
+			return c.JSON(http.StatusBadRequest, map[string]string{
+				"message": "Bucket is not allowed in server.documents.buckets",
+			})
+		*/
+		return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
+	}
+
 	ctx, cancel := context.WithCancel(context.Background())

 	defer cancel()
@ -456,7 +530,12 @@ func handleV1DocumentDelete(c echo.Context) error {

 	document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{})
 	if err != nil {
-		return c.JSON(http.StatusInternalServerError, map[string]string{
+		if err.Error() == "The specified key does not exist." {
+
+			return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
+		}
+
+		return c.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"message": "Error during minio#StatObject",
 		})
 	}