From aefdf427426a5ed1717e91b97466e41ae9593a98 Mon Sep 17 00:00:00 2001 From: Evgenii Baidakov Date: Mon, 17 Jun 2024 13:02:10 +0400 Subject: [PATCH] handler: Process Options before auth Closes #899. Signed-off-by: Evgenii Baidakov --- api/handler/cors.go | 5 +++++ api/router.go | 17 +++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/api/handler/cors.go b/api/handler/cors.go index dffd9e11..39796154 100644 --- a/api/handler/cors.go +++ b/api/handler/cors.go @@ -136,6 +136,10 @@ func (h *handler) AppendCORSHeaders(w http.ResponseWriter, r *http.Request) { } func (h *handler) Preflight(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodOptions { + return + } + reqInfo := api.GetReqInfo(r.Context()) bktInfo, err := h.obj.GetBucketInfo(r.Context(), reqInfo.BucketName) if err != nil { @@ -146,6 +150,7 @@ func (h *handler) Preflight(w http.ResponseWriter, r *http.Request) { origin := r.Header.Get(api.Origin) if origin == "" { h.logAndSendError(w, "origin request header needed", reqInfo, s3errors.GetAPIError(s3errors.ErrBadRequest)) + return } method := r.Header.Get(api.AccessControlRequestMethod) diff --git a/api/router.go b/api/router.go index 7b82867d..1659f2a0 100644 --- a/api/router.go +++ b/api/router.go @@ -150,6 +150,21 @@ func appendCORS(handler Handler) mux.MiddlewareFunc { } } +func appendPreflight(handler Handler) mux.MiddlewareFunc { + return func(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + handler.Preflight(w, r) + if www, ok := w.(*logResponseWriter); ok { + if www.statusCode != 0 { + return + } + } + + h.ServeHTTP(w, r) + }) + } +} + func logErrorResponse(l *zap.Logger) mux.MiddlewareFunc { return func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -199,6 +214,8 @@ func Attach(r *mux.Router, domains []string, m MaxClients, h Handler, center aut // -- logging error requests logErrorResponse(log), + + appendPreflight(h), ) // Attach user authentication for all S3 routes.