Vérifier server.documents.buckets dans CRUD #47

Merged
vlbeaudoin merged 1 commit from fix/documents-allowed-buckets into main 2023-04-26 15:01:12 -04:00

View file

@ -257,6 +257,7 @@ func handleV1BucketList(c echo.Context) error {
} }
func handleV1BucketRead(c echo.Context) error { func handleV1BucketRead(c echo.Context) error {
documents_buckets := viper.GetStringSlice("server.documents.buckets")
documents_endpoint := viper.GetString("server.documents.endpoint") documents_endpoint := viper.GetString("server.documents.endpoint")
documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_access_key_id := viper.GetString("server.documents.access_key_id")
documents_secret_access_key := viper.GetString("server.documents.secret_access_key") documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -264,6 +265,22 @@ func handleV1BucketRead(c echo.Context) error {
bucket := c.Param("bucket") bucket := c.Param("bucket")
allowed := false
for _, bucket_allowed := range documents_buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
/*
return c.JSON(http.StatusBadRequest, map[string]string{
"message": "Bucket is not allowed in server.documents.buckets",
})
*/
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
defer cancel() defer cancel()
@ -306,6 +323,7 @@ func handleV1BucketRead(c echo.Context) error {
// handleV1DocumentCreate permet d'ajouter un object dans un bucket, par multipart/form-data // handleV1DocumentCreate permet d'ajouter un object dans un bucket, par multipart/form-data
func handleV1DocumentCreate(c echo.Context) error { func handleV1DocumentCreate(c echo.Context) error {
documents_buckets := viper.GetStringSlice("server.documents.buckets")
documents_endpoint := viper.GetString("server.documents.endpoint") documents_endpoint := viper.GetString("server.documents.endpoint")
documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_access_key_id := viper.GetString("server.documents.access_key_id")
documents_secret_access_key := viper.GetString("server.documents.secret_access_key") documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -318,6 +336,22 @@ func handleV1DocumentCreate(c echo.Context) error {
return err return err
} }
allowed := false
for _, bucket_allowed := range documents_buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
/*
return c.JSON(http.StatusBadRequest, map[string]string{
"message": "Bucket is not allowed in server.documents.buckets",
})
*/
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
defer cancel() defer cancel()
@ -360,6 +394,7 @@ func handleV1DocumentCreate(c echo.Context) error {
// handleV1DocumentRead permet de lire le contenu d'un fichier et protentiellement de le télécharger // handleV1DocumentRead permet de lire le contenu d'un fichier et protentiellement de le télécharger
func handleV1DocumentRead(c echo.Context) error { func handleV1DocumentRead(c echo.Context) error {
documents_buckets := viper.GetStringSlice("server.documents.buckets")
documents_endpoint := viper.GetString("server.documents.endpoint") documents_endpoint := viper.GetString("server.documents.endpoint")
documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_access_key_id := viper.GetString("server.documents.access_key_id")
documents_secret_access_key := viper.GetString("server.documents.secret_access_key") documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -368,6 +403,22 @@ func handleV1DocumentRead(c echo.Context) error {
bucket := c.Param("bucket") bucket := c.Param("bucket")
document := c.Param("document") document := c.Param("document")
allowed := false
for _, bucket_allowed := range documents_buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
/*
return c.JSON(http.StatusBadRequest, map[string]string{
"message": "Bucket is not allowed in server.documents.buckets",
})
*/
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
defer cancel() defer cancel()
@ -393,8 +444,14 @@ func handleV1DocumentRead(c echo.Context) error {
} }
document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{}) document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{})
if err != nil { if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{ if err.Error() == "The specified key does not exist." {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
return c.JSON(http.StatusInternalServerError, map[string]interface{}{
"message": "Error during minio#StatObject", "message": "Error during minio#StatObject",
}) })
} }
@ -422,6 +479,7 @@ func handleV1DocumentUpdate(c echo.Context) error {
// handleV1DocumentDelete permet de supprimer un object // handleV1DocumentDelete permet de supprimer un object
func handleV1DocumentDelete(c echo.Context) error { func handleV1DocumentDelete(c echo.Context) error {
documents_buckets := viper.GetStringSlice("server.documents.buckets")
documents_endpoint := viper.GetString("server.documents.endpoint") documents_endpoint := viper.GetString("server.documents.endpoint")
documents_access_key_id := viper.GetString("server.documents.access_key_id") documents_access_key_id := viper.GetString("server.documents.access_key_id")
documents_secret_access_key := viper.GetString("server.documents.secret_access_key") documents_secret_access_key := viper.GetString("server.documents.secret_access_key")
@ -430,6 +488,22 @@ func handleV1DocumentDelete(c echo.Context) error {
bucket := c.Param("bucket") bucket := c.Param("bucket")
document := c.Param("document") document := c.Param("document")
allowed := false
for _, bucket_allowed := range documents_buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
/*
return c.JSON(http.StatusBadRequest, map[string]string{
"message": "Bucket is not allowed in server.documents.buckets",
})
*/
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
defer cancel() defer cancel()
@ -456,7 +530,12 @@ func handleV1DocumentDelete(c echo.Context) error {
document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{}) document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{})
if err != nil { if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{ if err.Error() == "The specified key does not exist." {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
return c.JSON(http.StatusInternalServerError, map[string]interface{}{
"message": "Error during minio#StatObject", "message": "Error during minio#StatObject",
}) })
} }