router

package

v2.20.0 Latest Latest Go to latest Published: Dec 3, 2024 License: AGPL-3.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/constellation

Links

Open Source Insights

Documentation ¶

Overview ¶

Package router implements the main interception logic of s3proxy. It decides which packages to forward and which to intercept.

The routing logic in this file is taken from this blog post: https://benhoyt.com/writings/go-routing/#regex-switch. We should be able to replace this once this is part of the stdlib: https://github.com/golang/go/issues/61410.

If the router intercepts a PutObject request it will encrypt the body before forwarding it to the S3 API. The stored object will have a tag that holds an encrypted data encryption key (DEK). That DEK is used to encrypt the object's body. The DEK is generated randomly for each PutObject request. The DEK is encrypted with a key encryption key (KEK) fetched from Constellation's keyservice.

Index ¶

type ContentSHA256MismatchError
- func NewContentSHA256MismatchError(clientComputedContentSHA256, s3ComputedContentSHA256 string) ContentSHA256MismatchError
type Router
- func New(region, endpoint string, forwardMultipartReqs bool, log *slog.Logger) (Router, error)
- func (r Router) Serve(w http.ResponseWriter, req *http.Request)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ContentSHA256MismatchError ¶

type ContentSHA256MismatchError struct {
	XMLName                     xml.Name `xml:"Error"`
	Code                        string   `xml:"Code"`
	Message                     string   `xml:"Message"`
	ClientComputedContentSHA256 string   `xml:"ClientComputedContentSHA256"`
	S3ComputedContentSHA256     string   `xml:"S3ComputedContentSHA256"`
}

ContentSHA256MismatchError is a helper struct to create an XML formatted error message. s3 clients might try to parse error messages, so we need to serve correctly formatted messages.

func NewContentSHA256MismatchError ¶

func NewContentSHA256MismatchError(clientComputedContentSHA256, s3ComputedContentSHA256 string) ContentSHA256MismatchError

NewContentSHA256MismatchError creates a new ContentSHA256MismatchError.

type Router ¶

type Router struct {
	// contains filtered or unexported fields
}

Router implements the interception logic for the s3proxy.

func New ¶

func New(region, endpoint string, forwardMultipartReqs bool, log *slog.Logger) (Router, error)

New creates a new Router.

func (Router) Serve ¶

func (r Router) Serve(w http.ResponseWriter, req *http.Request)

Serve implements the routing logic for the s3 proxy. It intercepts GetObject and PutObject requests, encrypting/decrypting their bodies if necessary. All other requests are forwarded to the S3 API. Ideally we could separate routing logic, request handling and s3 interactions. Currently routing logic and request handling are integrated.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL