minio/signature-v4-postpolicyform.go

/*
 * Minio Cloud Storage, (C) 2015 Minio, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package main

import (
	"encoding/base64"
	"encoding/json"
	"fmt"
	"reflect"
	"strings"
	"time"

	"github.com/minio/minio/pkg/probe"
)

// toString - Safely convert interface to string without causing panic.
func toString(val interface{}) string {
	switch v := val.(type) {
	case string:
		return v
	}
	return ""
}

// toInteger _ Safely convert interface to integer without causing panic.
func toInteger(val interface{}) int {
	switch v := val.(type) {
	case int:
		return v
	}
	return 0
}

// isString - Safely check if val is of type string without causing panic.
func isString(val interface{}) bool {
	switch val.(type) {
	case string:
		return true
	}
	return false
}

// PostPolicyForm provides strict static type conversion and validation for Amazon S3's POST policy JSON string.
type PostPolicyForm struct {
	Expiration time.Time // Expiration date and time of the POST policy.
	Conditions struct {  // Conditional policy structure.
		Policies map[string]struct {
			Operator string
			Value    string
		}
		ContentLengthRange struct {
			Min int
			Max int
		}
	}
}

// parsePostPolicyFormV4 - Parse JSON policy string into typed POostPolicyForm structure.
func parsePostPolicyFormV4(policy string) (PostPolicyForm, *probe.Error) {
	// Convert po into interfaces and
	// perform strict type conversion using reflection.
	var rawPolicy struct {
		Expiration string        `json:"expiration"`
		Conditions []interface{} `json:"conditions"`
	}

	e := json.Unmarshal([]byte(policy), &rawPolicy)
	if e != nil {
		return PostPolicyForm{}, probe.NewError(e)
	}

	parsedPolicy := PostPolicyForm{}

	// Parse expiry time.
	parsedPolicy.Expiration, e = time.Parse(time.RFC3339Nano, rawPolicy.Expiration)
	if e != nil {
		return PostPolicyForm{}, probe.NewError(e)
	}
	parsedPolicy.Conditions.Policies = make(map[string]struct {
		Operator string
		Value    string
	})

	// Parse conditions.
	for _, val := range rawPolicy.Conditions {
		switch condt := val.(type) {
		case map[string]interface{}: // Handle key:value map types.
			for k, v := range condt {
				if !isString(v) { // Pre-check value type.
					// All values must be of type string.
					return parsedPolicy, probe.NewError(fmt.Errorf("Unknown type %s of conditional field value %s found in POST policy form.",
						reflect.TypeOf(condt).String(), condt))
				}
				// {"acl": "public-read" } is an alternate way to indicate - [ "eq", "$acl", "public-read" ]
				// In this case we will just collapse this into "eq" for all use cases.
				parsedPolicy.Conditions.Policies["$"+k] = struct {
					Operator string
					Value    string
				}{
					Operator: "eq",
					Value:    toString(v),
				}
			}
		case []interface{}: // Handle array types.
			if len(condt) != 3 { // Return error if we have insufficient elements.
				return parsedPolicy, probe.NewError(fmt.Errorf("Malformed conditional fields %s of type %s found in POST policy form.",
					condt, reflect.TypeOf(condt).String()))
			}
			switch toString(condt[0]) {
			case "eq", "starts-with":
				for _, v := range condt { // Pre-check all values for type.
					if !isString(v) {
						// All values must be of type string.
						return parsedPolicy, probe.NewError(fmt.Errorf("Unknown type %s of conditional field value %s found in POST policy form.",
							reflect.TypeOf(condt).String(), condt))
					}
				}
				operator, matchType, value := toString(condt[0]), toString(condt[1]), toString(condt[2])
				parsedPolicy.Conditions.Policies[matchType] = struct {
					Operator string
					Value    string
				}{
					Operator: operator,
					Value:    value,
				}
			case "content-length-range":
				parsedPolicy.Conditions.ContentLengthRange = struct {
					Min int
					Max int
				}{
					Min: toInteger(condt[1]),
					Max: toInteger(condt[2]),
				}
			default:
				// Condition should be valid.
				return parsedPolicy, probe.NewError(fmt.Errorf("Unknown type %s of conditional field value %s found in POST policy form.",
					reflect.TypeOf(condt).String(), condt))
			}
		default:
			return parsedPolicy, probe.NewError(fmt.Errorf("Unknown field %s of type %s found in POST policy form.",
				condt, reflect.TypeOf(condt).String()))
		}
	}
	return parsedPolicy, nil
}

// checkPostPolicy - apply policy conditions and validate input values.
func checkPostPolicy(formValues map[string]string) APIErrorCode {
	if formValues["X-Amz-Algorithm"] != signV4Algorithm {
		return ErrSignatureVersionNotSupported
	}
	/// Decoding policy
	policyBytes, e := base64.StdEncoding.DecodeString(formValues["Policy"])
	if e != nil {
		return ErrMalformedPOSTRequest
	}
	postPolicyForm, err := parsePostPolicyFormV4(string(policyBytes))
	if err != nil {
		return ErrMalformedPOSTRequest
	}
	if !postPolicyForm.Expiration.After(time.Now().UTC()) {
		return ErrPolicyAlreadyExpired
	}
	if postPolicyForm.Conditions.Policies["$bucket"].Operator == "eq" {
		if formValues["Bucket"] != postPolicyForm.Conditions.Policies["$bucket"].Value {
			return ErrMissingFields
		}
	}
	if postPolicyForm.Conditions.Policies["$x-amz-date"].Operator == "eq" {
		if formValues["X-Amz-Date"] != postPolicyForm.Conditions.Policies["$x-amz-date"].Value {
			return ErrMissingFields
		}
	}
	if postPolicyForm.Conditions.Policies["$Content-Type"].Operator == "starts-with" {
		if !strings.HasPrefix(formValues["Content-Type"], postPolicyForm.Conditions.Policies["$Content-Type"].Value) {
			return ErrMissingFields
		}
	}
	if postPolicyForm.Conditions.Policies["$Content-Type"].Operator == "eq" {
		if formValues["Content-Type"] != postPolicyForm.Conditions.Policies["$Content-Type"].Value {
			return ErrMissingFields
		}
	}
	if postPolicyForm.Conditions.Policies["$key"].Operator == "starts-with" {
		if !strings.HasPrefix(formValues["Key"], postPolicyForm.Conditions.Policies["$key"].Value) {
			return ErrMissingFields
		}
	}
	if postPolicyForm.Conditions.Policies["$key"].Operator == "eq" {
		if formValues["Key"] != postPolicyForm.Conditions.Policies["$key"].Value {
			return ErrMissingFields
		}
	}
	return ErrNone
}
First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 2015-10-05 07:31:07 +08:00			`/*`
			`* Minio Cloud Storage, (C) 2015 Minio, Inc.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

signature: Use a layered approach for signature verification. Signature calculation has now moved out from being a package to top-level as a layered mechanism. In case of payload calculation with body, go-routines are initiated to simultaneously write and calculate shasum. Errors are sent over the writer so that the lower layer removes the temporary files properly. 2016-03-13 08:08:15 +08:00			`package main`
Implement presigned policy 2015-10-02 14:51:17 +08:00
			`import (`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`"encoding/base64"`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`"encoding/json"`
			`"fmt"`
			`"reflect"`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`"strings"`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`"time"`

xl: Moved to minio/minio - fixes #1112 2016-02-11 08:40:09 +08:00			`"github.com/minio/minio/pkg/probe"`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`)`

			`// toString - Safely convert interface to string without causing panic.`
			`func toString(val interface{}) string {`
			`switch v := val.(type) {`
			`case string:`
			`return v`
			`}`
			`return ""`
			`}`

			`// toInteger _ Safely convert interface to integer without causing panic.`
			`func toInteger(val interface{}) int {`
			`switch v := val.(type) {`
			`case int:`
			`return v`
			`}`
			`return 0`
			`}`

			`// isString - Safely check if val is of type string without causing panic.`
			`func isString(val interface{}) bool {`
			`switch val.(type) {`
			`case string:`
			`return true`
			`}`
			`return false`
			`}`

			`// PostPolicyForm provides strict static type conversion and validation for Amazon S3's POST policy JSON string.`
			`type PostPolicyForm struct {`
			`Expiration time.Time // Expiration date and time of the POST policy.`
			`Conditions struct { // Conditional policy structure.`
			`Policies map[string]struct {`
			`Operator string`
			`Value string`
			`}`
			`ContentLengthRange struct {`
			`Min int`
			`Max int`
			`}`
			`}`
			`}`

signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`// parsePostPolicyFormV4 - Parse JSON policy string into typed POostPolicyForm structure.`
			`func parsePostPolicyFormV4(policy string) (PostPolicyForm, *probe.Error) {`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`// Convert po into interfaces and`
			`// perform strict type conversion using reflection.`
			`var rawPolicy struct {`
			Expiration string `json:"expiration"`
			Conditions []interface{} `json:"conditions"`
			`}`

			`e := json.Unmarshal([]byte(policy), &rawPolicy)`
			`if e != nil {`
			`return PostPolicyForm{}, probe.NewError(e)`
			`}`

			`parsedPolicy := PostPolicyForm{}`

			`// Parse expiry time.`
			`parsedPolicy.Expiration, e = time.Parse(time.RFC3339Nano, rawPolicy.Expiration)`
			`if e != nil {`
			`return PostPolicyForm{}, probe.NewError(e)`
			`}`
			`parsedPolicy.Conditions.Policies = make(map[string]struct {`
			`Operator string`
			`Value string`
			`})`

			`// Parse conditions.`
			`for _, val := range rawPolicy.Conditions {`
			`switch condt := val.(type) {`
			`case map[string]interface{}: // Handle key:value map types.`
			`for k, v := range condt {`
			`if !isString(v) { // Pre-check value type.`
			`// All values must be of type string.`
setBucketMetadata: Fix a deadlock. 2016-02-06 07:38:09 +08:00			`return parsedPolicy, probe.NewError(fmt.Errorf("Unknown type %s of conditional field value %s found in POST policy form.",`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`reflect.TypeOf(condt).String(), condt))`
			`}`
			`// {"acl": "public-read" } is an alternate way to indicate - [ "eq", "$acl", "public-read" ]`
			`// In this case we will just collapse this into "eq" for all use cases.`
			`parsedPolicy.Conditions.Policies["$"+k] = struct {`
			`Operator string`
			`Value string`
			`}{`
			`Operator: "eq",`
			`Value: toString(v),`
			`}`
			`}`
			`case []interface{}: // Handle array types.`
			`if len(condt) != 3 { // Return error if we have insufficient elements.`
setBucketMetadata: Fix a deadlock. 2016-02-06 07:38:09 +08:00			`return parsedPolicy, probe.NewError(fmt.Errorf("Malformed conditional fields %s of type %s found in POST policy form.",`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`condt, reflect.TypeOf(condt).String()))`
			`}`
			`switch toString(condt[0]) {`
			`case "eq", "starts-with":`
			`for _, v := range condt { // Pre-check all values for type.`
			`if !isString(v) {`
			`// All values must be of type string.`
setBucketMetadata: Fix a deadlock. 2016-02-06 07:38:09 +08:00			`return parsedPolicy, probe.NewError(fmt.Errorf("Unknown type %s of conditional field value %s found in POST policy form.",`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`reflect.TypeOf(condt).String(), condt))`
			`}`
			`}`
			`operator, matchType, value := toString(condt[0]), toString(condt[1]), toString(condt[2])`
			`parsedPolicy.Conditions.Policies[matchType] = struct {`
			`Operator string`
			`Value string`
			`}{`
			`Operator: operator,`
			`Value: value,`
			`}`
			`case "content-length-range":`
			`parsedPolicy.Conditions.ContentLengthRange = struct {`
			`Min int`
			`Max int`
			`}{`
			`Min: toInteger(condt[1]),`
			`Max: toInteger(condt[2]),`
			`}`
			`default:`
			`// Condition should be valid.`
setBucketMetadata: Fix a deadlock. 2016-02-06 07:38:09 +08:00			`return parsedPolicy, probe.NewError(fmt.Errorf("Unknown type %s of conditional field value %s found in POST policy form.",`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`reflect.TypeOf(condt).String(), condt))`
			`}`
			`default:`
setBucketMetadata: Fix a deadlock. 2016-02-06 07:38:09 +08:00			`return parsedPolicy, probe.NewError(fmt.Errorf("Unknown field %s of type %s found in POST policy form.",`
Implement presigned policy 2015-10-02 14:51:17 +08:00			`condt, reflect.TypeOf(condt).String()))`
			`}`
			`}`
			`return parsedPolicy, nil`
			`}`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00
signature: Use a layered approach for signature verification. Signature calculation has now moved out from being a package to top-level as a layered mechanism. In case of payload calculation with body, go-routines are initiated to simultaneously write and calculate shasum. Errors are sent over the writer so that the lower layer removes the temporary files properly. 2016-03-13 08:08:15 +08:00			`// checkPostPolicy - apply policy conditions and validate input values.`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`func checkPostPolicy(formValues map[string]string) APIErrorCode {`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`if formValues["X-Amz-Algorithm"] != signV4Algorithm {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrSignatureVersionNotSupported`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`/// Decoding policy`
			`policyBytes, e := base64.StdEncoding.DecodeString(formValues["Policy"])`
			`if e != nil {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMalformedPOSTRequest`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`postPolicyForm, err := parsePostPolicyFormV4(string(policyBytes))`
			`if err != nil {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMalformedPOSTRequest`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`if !postPolicyForm.Expiration.After(time.Now().UTC()) {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrPolicyAlreadyExpired`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`if postPolicyForm.Conditions.Policies["$bucket"].Operator == "eq" {`
			`if formValues["Bucket"] != postPolicyForm.Conditions.Policies["$bucket"].Value {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMissingFields`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`}`
			`if postPolicyForm.Conditions.Policies["$x-amz-date"].Operator == "eq" {`
			`if formValues["X-Amz-Date"] != postPolicyForm.Conditions.Policies["$x-amz-date"].Value {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMissingFields`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`}`
			`if postPolicyForm.Conditions.Policies["$Content-Type"].Operator == "starts-with" {`
			`if !strings.HasPrefix(formValues["Content-Type"], postPolicyForm.Conditions.Policies["$Content-Type"].Value) {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMissingFields`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`}`
			`if postPolicyForm.Conditions.Policies["$Content-Type"].Operator == "eq" {`
			`if formValues["Content-Type"] != postPolicyForm.Conditions.Policies["$Content-Type"].Value {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMissingFields`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`}`
			`if postPolicyForm.Conditions.Policies["$key"].Operator == "starts-with" {`
			`if !strings.HasPrefix(formValues["Key"], postPolicyForm.Conditions.Policies["$key"].Value) {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMissingFields`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`}`
			`if postPolicyForm.Conditions.Policies["$key"].Operator == "eq" {`
			`if formValues["Key"] != postPolicyForm.Conditions.Policies["$key"].Value {`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrMissingFields`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`
			`}`
error: Signature errors should be returned with APIErrorCode. The reasoning is that we can reply back with wide range of S3 error responses, which would provide more richer context to S3 client. Fixes #1267 2016-03-31 11:04:51 +08:00			`return ErrNone`
signature: Rewrite signature handling and move it into a library. 2016-02-16 09:42:39 +08:00			`}`