minio/cmd/routers.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package cmd

import (
	"net/http"

	"github.com/minio/mux"
)

// Composed function registering routers for only distributed Erasure setup.
func registerDistErasureRouters(router *mux.Router, endpointServerPools EndpointServerPools) {
	// Register storage REST router only if its a distributed setup.
	registerStorageRESTHandlers(router, endpointServerPools)

	// Register peer REST router only if its a distributed setup.
	registerPeerRESTHandlers(router)

	// Register peer S3 router only if its a distributed setup.
	registerPeerS3Handlers(router)

	// Register bootstrap REST router for distributed setups.
	registerBootstrapRESTHandlers(router)

	// Register distributed namespace lock routers.
	registerLockRESTHandlers(router)
}

// List of some generic handlers which are applied for all incoming requests.
var globalHandlers = []mux.MiddlewareFunc{
	// The generic tracer needs to be the first handler
	// to catch all requests returned early by any other handler
	httpTracer,
	// Auth handler verifies incoming authorization headers and
	// routes them accordingly. Client receives a HTTP error for
	// invalid/unsupported signatures.
	//
	// Validates all incoming requests to have a valid date header.
	setAuthHandler,
	// Redirect some pre-defined browser request paths to a static location prefix.
	setBrowserRedirectHandler,
	// Adds 'crossdomain.xml' policy handler to serve legacy flash clients.
	setCrossDomainPolicy,
	// Limits all body and header sizes to a maximum fixed limit
	setRequestLimitHandler,
	// Network statistics
	setHTTPStatsHandler,
	// Validate all the incoming requests.
	setRequestValidityHandler,
	// set x-amz-request-id header.
	addCustomHeaders,
	// Add upload forwarding handler for site replication
	setUploadForwardingHandler,
	// Add bucket forwarding handler
	setBucketForwardingHandler,
	// Add new handlers here.
}

// configureServer handler returns final handler for the http server.
func configureServerHandler(endpointServerPools EndpointServerPools) (http.Handler, error) {
	// Initialize router. `SkipClean(true)` stops minio/mux from
	// normalizing URL path minio/minio#3256
	router := mux.NewRouter().SkipClean(true).UseEncodedPath()

	// Initialize distributed NS lock.
	if globalIsDistErasure {
		registerDistErasureRouters(router, endpointServerPools)
	}

	// Add Admin router, all APIs are enabled in server mode.
	registerAdminRouter(router, true)

	// Add healthcheck router
	registerHealthCheckRouter(router)

	// Add server metrics router
	registerMetricsRouter(router)

	// Add STS router always.
	registerSTSRouter(router)

	// Add KMS router
	registerKMSRouter(router)

	// Add API router
	registerAPIRouter(router)

	router.Use(globalHandlers...)

	return router, nil
}
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-18 19:41:13 +00:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
			`//`
			`// This file is part of MinIO Object Storage stack`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
Restructure API handlers, add JSON RPC simple HelloService right now. 2015-07-01 03:15:48 +00:00
server: Move all the top level files into cmd folder. (#2490) This change brings a change which was done for the 'mc' package to allow for clean repo and have a cleaner github drop in experience. 2016-08-18 23:23:42 +00:00			`package cmd`
Restructure API handlers, add JSON RPC simple HelloService right now. 2015-07-01 03:15:48 +00:00
			`import (`
			`"net/http"`

migrate to minio/mux from gorilla/mux (#16456) 2023-01-23 11:12:47 +00:00			`"github.com/minio/mux"`
Restructure API handlers, add JSON RPC simple HelloService right now. 2015-07-01 03:15:48 +00:00			`)`

Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111 2020-06-13 03:04:01 +00:00			`// Composed function registering routers for only distributed Erasure setup.`
rename server sets to server pools 2020-12-01 21:50:33 +00:00			`func registerDistErasureRouters(router *mux.Router, endpointServerPools EndpointServerPools) {`
Add bootstrap REST handler for verifying server config (#8550) 2019-11-22 20:45:13 +00:00			`// Register storage REST router only if its a distributed setup.`
rename server sets to server pools 2020-12-01 21:50:33 +00:00			`registerStorageRESTHandlers(router, endpointServerPools)`
env: Bring back MINIO_BROWSER env. (#3423) Set MINIO_BROWSER=off to disable web browser completely. Fixes #3422 2016-12-10 08:42:22 +00:00
Use REST api for inter node communication (#7205) 2019-03-14 23:27:31 +00:00			`// Register peer REST router only if its a distributed setup.`
			`registerPeerRESTHandlers(router)`

vectorize cluster-wide calls such as bucket operations (#16313) 2023-01-03 16:16:39 +00:00			`// Register peer S3 router only if its a distributed setup.`
			`registerPeerS3Handlers(router)`

Add bootstrap REST handler for verifying server config (#8550) 2019-11-22 20:45:13 +00:00			`// Register bootstrap REST router for distributed setups.`
			`registerBootstrapRESTHandlers(router)`
env: Bring back MINIO_BROWSER env. (#3423) Set MINIO_BROWSER=off to disable web browser completely. Fixes #3422 2016-12-10 08:42:22 +00:00
Add bootstrap REST handler for verifying server config (#8550) 2019-11-22 20:45:13 +00:00			`// Register distributed namespace lock routers.`
fix: refactor locks to apply them uniquely per node (#11052) This refactor is done for few reasons below - to avoid deadlocks in scenarios when number of nodes are smaller < actual erasure stripe count where in N participating local lockers can lead to deadlocks across systems. - avoids expiry routines to run 1000 of separate network operations and routes per disk where as each of them are still accessing one single local entity. - it is ideal to have since globalLockServer per instance. - In a 32node deployment however, each server group is still concentrated towards the same set of lockers that partipicate during the write/read phase, unlike previous minio/dsync implementation - this potentially avoids send 32 requests instead we will still send at max requests of unique nodes participating in a write/read phase. - reduces overall chattiness on smaller setups. 2020-12-10 15:28:37 +00:00			`registerLockRESTHandlers(router)`
env: Bring back MINIO_BROWSER env. (#3423) Set MINIO_BROWSER=off to disable web browser completely. Fixes #3422 2016-12-10 08:42:22 +00:00			`}`

Add missing healthcheck router for gateway (#5764) 2018-04-05 02:07:54 +00:00			`// List of some generic handlers which are applied for all incoming requests.`
handlers: Avoid initializing a struct in each handler call (#11217) 2021-01-04 17:54:22 +00:00			`var globalHandlers = []mux.MiddlewareFunc{`
Trace all http requests (#15064) Add a generic handler that adds a new tracing context to the request if tracing is enabled. Other handlers are free to modify the tracing context to update information on the fly, such as, func name, enable body logging etc.. With this commit, requests like this ``` curl -H "Host: ::1:3000" http://localhost:9000/ ``` will be traced as well. 2022-06-24 06:19:24 +00:00			`// The generic tracer needs to be the first handler`
			`// to catch all requests returned early by any other handler`
			`httpTracer,`
Add missing healthcheck router for gateway (#5764) 2018-04-05 02:07:54 +00:00			`// Auth handler verifies incoming authorization headers and`
			`// routes them accordingly. Client receives a HTTP error for`
			`// invalid/unsupported signatures.`
reduce number of middleware handlers (#13546) - combine similar looking functionalities into single handlers, and remove unnecessary proxying of the requests at handler layer. - remove bucket forwarding handler as part of default setup add it only if bucket federation is enabled. Improvements observed for 1kiB object reads. ``` ------------------- Operation: GET Operations: 4538555 -> 4595804 * Average: +1.26% (+0.2 MiB/s) throughput, +1.26% (+190.2) obj/s * Fastest: +4.67% (+0.7 MiB/s) throughput, +4.67% (+739.8) obj/s * 50% Median: +1.15% (+0.2 MiB/s) throughput, +1.15% (+173.9) obj/s ``` 2021-11-01 15:04:03 +00:00			`//`
handlers: Avoid initializing a struct in each handler call (#11217) 2021-01-04 17:54:22 +00:00			`// Validates all incoming requests to have a valid date header.`
reduce number of middleware handlers (#13546) - combine similar looking functionalities into single handlers, and remove unnecessary proxying of the requests at handler layer. - remove bucket forwarding handler as part of default setup add it only if bucket federation is enabled. Improvements observed for 1kiB object reads. ``` ------------------- Operation: GET Operations: 4538555 -> 4595804 * Average: +1.26% (+0.2 MiB/s) throughput, +1.26% (+190.2) obj/s * Fastest: +4.67% (+0.7 MiB/s) throughput, +4.67% (+739.8) obj/s * 50% Median: +1.15% (+0.2 MiB/s) throughput, +1.15% (+173.9) obj/s ``` 2021-11-01 15:04:03 +00:00			`setAuthHandler,`
Revert "deprecate embedded browser (#12163)" This reverts commit 736d8cbac483d8bf56c3422ca9a9c4c3e043c6cf. Bring contrib files for older contributions 2021-04-30 02:01:43 +00:00			`// Redirect some pre-defined browser request paths to a static location prefix.`
			`setBrowserRedirectHandler,`
handlers: Avoid initializing a struct in each handler call (#11217) 2021-01-04 17:54:22 +00:00			`// Adds 'crossdomain.xml' policy handler to serve legacy flash clients.`
			`setCrossDomainPolicy,`
reduce number of middleware handlers (#13546) - combine similar looking functionalities into single handlers, and remove unnecessary proxying of the requests at handler layer. - remove bucket forwarding handler as part of default setup add it only if bucket federation is enabled. Improvements observed for 1kiB object reads. ``` ------------------- Operation: GET Operations: 4538555 -> 4595804 * Average: +1.26% (+0.2 MiB/s) throughput, +1.26% (+190.2) obj/s * Fastest: +4.67% (+0.7 MiB/s) throughput, +4.67% (+739.8) obj/s * 50% Median: +1.15% (+0.2 MiB/s) throughput, +1.15% (+173.9) obj/s ``` 2021-11-01 15:04:03 +00:00			`// Limits all body and header sizes to a maximum fixed limit`
			`setRequestLimitHandler,`
handlers: Avoid initializing a struct in each handler call (#11217) 2021-01-04 17:54:22 +00:00			`// Network statistics`
			`setHTTPStatsHandler,`
			`// Validate all the incoming requests.`
			`setRequestValidityHandler,`
			`// set x-amz-request-id header.`
			`addCustomHeaders,`
proxy multipart to peers via multipart uploadID (#15926) 2022-10-25 17:52:29 +00:00			`// Add upload forwarding handler for site replication`
			`setUploadForwardingHandler,`
Fix adding bucket forwarder handler in server mode (#14288) MinIO configuration is loaded after the initialization of the server handlers, which will miss the initialization of the bucket forwarder handler. Though the federation is deprecated, let's fix this for the time being. 2022-02-10 16:49:36 +00:00			`// Add bucket forwarding handler`
			`setBucketForwardingHandler,`
Add missing healthcheck router for gateway (#5764) 2018-04-05 02:07:54 +00:00			`// Add new handlers here.`
			`}`

routers: Fix a crash while initializing network fs. (#1382) Crash happens when 'minio server filename' a file name is provided instead of a directory on command line argument. ``` panic: runtime error: slice bounds out of range goroutine 1 [running]: panic(0x5eb460, 0xc82000e0b0) /usr/local/opt/go/libexec/src/runtime/panic.go:464 +0x3e6 main.splitNetPath(0x7fff5fbff9bd, 0x7, 0x0, 0x0, 0x0, 0x0) /Users/harsha/mygo/src/github.com/minio/minio/network-fs.go:49 +0xb7 main.newNetworkFS(0x7fff5fbff9bd, 0x7, 0x0, 0x0, 0x0, 0x0) /Users/harsha/mygo/src/github.com/minio/minio/network-fs.go:90 +0x20a main.configureServerHandler(0xc82024e1c8, 0x5, 0xc8200640e0, 0x1, 0x1, 0x0, 0x0) /Users/harsha/mygo/src/github.com/minio/minio/routers.go:43 +0x6ce main.configureServer(0xc82024e1c8, 0x5, 0xc8200640e0, 0x1, 0x1, 0x5) /Users/harsha/mygo/src/github.com/minio/minio/server-main.go:86 +0x67 ``` 2016-04-26 01:10:40 +00:00			`// configureServer handler returns final handler for the http server.`
rename server sets to server pools 2020-12-01 21:50:33 +00:00			`func configureServerHandler(endpointServerPools EndpointServerPools) (http.Handler, error) {`
migrate to minio/mux from gorilla/mux (#16456) 2023-01-23 11:12:47 +00:00			// Initialize router. `SkipClean(true)` stops minio/mux from
Prevent gorilla mux from normalizing path (Fixes #3256) (#3268) Also fix test to not use a bucket name with a leading slash - this causes the bucket name to become empty and go to an unintended API call (listbuckets). 2016-11-17 00:23:22 +00:00			`// normalizing URL path minio/minio#3256`
fix routing issue for esoteric characters in gorilla/mux (#8967) First step is to ensure that Path component is not decoded by gorilla/mux to avoid routing issues while handling certain characters while uploading through PutObject() Delay the decoding and use PathUnescape() to escape the `object` path component. Thanks to @buengese and @ncw for neat test cases for us to test with. Fixes #8950 Fixes #8647 2020-02-12 03:38:02 +00:00			`router := mux.NewRouter().SkipClean(true).UseEncodedPath()`
routers: Move API and Web routers into their own files. This is done to ensure we have a clean way to add new routers such as - diskRouter - configRouter - lockRouter 2016-03-27 19:37:21 +00:00
control: Fix controller CLI handling with distributed server object layer. Object layer initialization is done lazily fix it. 2016-08-18 21:50:50 +00:00			`// Initialize distributed NS lock.`
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111 2020-06-13 03:04:01 +00:00			`if globalIsDistErasure {`
rename server sets to server pools 2020-12-01 21:50:33 +00:00			`registerDistErasureRouters(router, endpointServerPools)`
env: Bring back MINIO_BROWSER env. (#3423) Set MINIO_BROWSER=off to disable web browser completely. Fixes #3422 2016-12-10 08:42:22 +00:00			`}`
rpc: Add RPC client tests. (#2858) 2016-10-06 09:30:54 +00:00
Return proper errors when admin API is not initialized (#6988) Especially in gateway IAM admin APIs are not enabled if etcd is not enabled, we should enable admin API though but only enable IAM and Config APIs with etcd configured. 2018-12-18 21:03:26 +00:00			`// Add Admin router, all APIs are enabled in server mode.`
fix: add IAM dummy store for gateway operations (#12670) with console addition users cannot login with root credentials without etcd persistent layer, allow a dummy store such that such functionalities can be supported when running as non-persistent manner, this enables all calls and operations. 2021-07-10 15:32:52 +00:00			`registerAdminRouter(router, true)`
Move admin APIs to new path and add redesigned heal APIs (#5351) - Changes related to moving admin APIs - admin APIs now have an endpoint under /minio/admin - admin APIs are now versioned - a new API to server the version is added at "GET /minio/admin/version" and all API operations have the path prefix /minio/admin/v1/<operation> - new service stop API added - credentials change API is moved to /minio/admin/v1/config/credential - credentials change API and configuration get/set API now require TLS so that credentials are protected - all API requests now receive JSON - heal APIs are disabled as they will be changed substantially - Heal API changes Heal API is now provided at a single endpoint with the ability for a client to start a heal sequence on all the data in the server, a single bucket, or under a prefix within a bucket. When a heal sequence is started, the server returns a unique token that needs to be used for subsequent 'status' requests to fetch heal results. On each status request from the client, the server returns heal result records that it has accumulated since the previous status request. The server accumulates upto 1000 records and pauses healing further objects until the client requests for status. If the client does not request any further records for a long time, the server aborts the heal sequence automatically. A heal result record is returned for each entity healed on the server, such as system metadata, object metadata, buckets and objects, and has information about the before and after states on each disk. A client may request to force restart a heal sequence - this causes the running heal sequence to be aborted at the next safe spot and starts a new heal sequence. 2018-01-22 22:54:55 +00:00
Add healthcheck endpoints (#5543) This PR adds readiness and liveness endpoints to probe Minio server instance health. Endpoints can only be accessed without authentication and the paths are /minio/health/live and /minio/health/ready for liveness and readiness respectively. The new healthcheck liveness endpoint is used for Docker healthcheck now. Fixes #5357 Fixes #5514 2018-03-12 06:16:53 +00:00			`// Add healthcheck router`
use package name correctly (#5827) 2018-04-22 02:23:54 +00:00			`registerHealthCheckRouter(router)`
Add healthcheck endpoints (#5543) This PR adds readiness and liveness endpoints to probe Minio server instance health. Endpoints can only be accessed without authentication and the paths are /minio/health/live and /minio/health/ready for liveness and readiness respectively. The new healthcheck liveness endpoint is used for Docker healthcheck now. Fixes #5357 Fixes #5514 2018-03-12 06:16:53 +00:00
Introduce new unauthenticated endpoint /metric (#5723) (#5829) /metric exposes Promethus compatible data for scraping metrics Fixes: #5723 2018-04-18 23:01:42 +00:00			`// Add server metrics router`
use package name correctly (#5827) 2018-04-22 02:23:54 +00:00			`registerMetricsRouter(router)`
Introduce new unauthenticated endpoint /metric (#5723) (#5829) /metric exposes Promethus compatible data for scraping metrics Fixes: #5723 2018-04-18 23:01:42 +00:00
fix: re-arrange handlers to handle requests on /minio (#11177) fixes #11175 2020-12-29 01:10:33 +00:00			`// Add STS router always.`
			`registerSTSRouter(router)`
web-browser: disable minio browser when environmental variable MINIO_BROWSER=off (#2315) fixes #2314 2016-07-28 11:00:33 +00:00
Implement KMS handlers (#15737) 2022-10-04 17:05:09 +00:00			`// Add KMS router`
			`registerKMSRouter(router)`

fix: S3 gateway doesn't support full passthrough for encryption (#10484) The entire encryption layer is dependent on the fact that KMS should be configured for S3 encryption to work properly and we only support passing the headers as is to the backend for encryption only if KMS is configured. Make sure that this predictability is maintained, currently the code was allowing encryption to go through and fail at later to indicate that KMS was not configured. We should simply reply "NotImplemented" if KMS is not configured, this allows clients to simply proceed with their tests. 2020-09-15 20:57:15 +00:00			`// Add API router`
			`registerAPIRouter(router)`
routers: Move API and Web routers into their own files. This is done to ensure we have a clean way to add new routers such as - diskRouter - configRouter - lockRouter 2016-03-27 19:37:21 +00:00
handlers: Avoid initializing a struct in each handler call (#11217) 2021-01-04 17:54:22 +00:00			`router.Use(globalHandlers...)`
fix: cors handling after gorilla mux update (#9980) fixes #9979 2020-07-07 03:55:19 +00:00
Allow idiomatic usage of middlewares in gorilla/mux (#9802) Historically due to lack of support for middlewares we ended up writing wrapped handlers for all middlewares on top of the gorilla/mux, this causes multiple issues when we want to let's say - Overload r.Body with some custom implementation to track the incoming Reads() - Add other sort of top level checks to avoid DDOSing the server with large incoming HTTP bodies. Since 1.7.x release gorilla/mux provides proper use of middlewares, which are honored by the muxer directly. This makes sure that Go can honor its own internal ServeHTTP(w, r) implementation where Go net/http can wrap into its own customer readers. This PR as a side-affect fixes rare issues of client hangs which were reported in the wild but never really understood or fixed in our codebase. Fixes #9759 Fixes #7266 Fixes #6540 Fixes #5455 Fixes #5150 Refer https://github.com/boto/botocore/pull/1328 for one variation of the same issue in #9759 2020-06-11 15:19:55 +00:00			`return router, nil`
Restructure API handlers, add JSON RPC simple HelloService right now. 2015-07-01 03:15:48 +00:00			`}`