mirror of
https://github.com/rustfs/rustfs.git
synced 2026-01-17 01:30:33 +00:00
Merge branch 'main' into feat/scan
This commit is contained in:
weisd
@@ -89,6 +89,14 @@ pub mod tier;
|
||||
pub mod trace;
|
||||
pub mod user;
|
||||
|
||||
#[derive(Debug, Serialize)]
|
||||
#[serde(rename_all = "PascalCase")]
|
||||
pub struct IsAdminResponse {
|
||||
pub is_admin: bool,
|
||||
pub access_key: String,
|
||||
pub message: String,
|
||||
}
|
||||
|
||||
#[allow(dead_code)]
|
||||
#[derive(Debug, Serialize, Default)]
|
||||
#[serde(rename_all = "PascalCase", default)]
|
||||
@@ -143,6 +151,42 @@ impl Operation for HealthCheckHandler {
|
||||
}
|
||||
}
|
||||
|
||||
pub struct IsAdminHandler {}
|
||||
#[async_trait::async_trait]
|
||||
impl Operation for IsAdminHandler {
|
||||
async fn call(&self, req: S3Request<Body>, _params: Params<'_, '_>) -> S3Result<S3Response<(StatusCode, Body)>> {
|
||||
let Some(input_cred) = req.credentials else {
|
||||
return Err(s3_error!(InvalidRequest, "get cred failed"));
|
||||
};
|
||||
|
||||
let (_cred, _owner) =
|
||||
check_key_valid(get_session_token(&req.uri, &req.headers).unwrap_or_default(), &input_cred.access_key).await?;
|
||||
|
||||
let access_key_to_check = input_cred.access_key.clone();
|
||||
|
||||
// Check if the user is admin by comparing with global credentials
|
||||
let is_admin = if let Some(sys_cred) = get_global_action_cred() {
|
||||
sys_cred.access_key == access_key_to_check
|
||||
} else {
|
||||
false
|
||||
};
|
||||
|
||||
let response = IsAdminResponse {
|
||||
is_admin,
|
||||
access_key: access_key_to_check,
|
||||
message: format!("User is {} an administrator", if is_admin { "" } else { "not" }),
|
||||
};
|
||||
|
||||
let data = serde_json::to_vec(&response)
|
||||
.map_err(|_e| S3Error::with_message(S3ErrorCode::InternalError, "parse IsAdminResponse failed"))?;
|
||||
|
||||
let mut header = HeaderMap::new();
|
||||
header.insert(CONTENT_TYPE, HeaderValue::from_static("application/json"));
|
||||
|
||||
Ok(S3Response::with_headers((StatusCode::OK, Body::from(data)), header))
|
||||
}
|
||||
}
|
||||
|
||||
pub struct AccountInfoHandler {}
|
||||
#[async_trait::async_trait]
|
||||
impl Operation for AccountInfoHandler {
|
||||
|
||||
@@ -23,8 +23,8 @@ pub mod utils;
|
||||
mod console_test;
|
||||
|
||||
use handlers::{
|
||||
GetReplicationMetricsHandler, HealthCheckHandler, ListRemoteTargetHandler, RemoveRemoteTargetHandler, SetRemoteTargetHandler,
|
||||
bucket_meta,
|
||||
GetReplicationMetricsHandler, HealthCheckHandler, IsAdminHandler, ListRemoteTargetHandler, RemoveRemoteTargetHandler,
|
||||
SetRemoteTargetHandler, bucket_meta,
|
||||
event::{ListNotificationTargets, ListTargetsArns, NotificationTarget, RemoveNotificationTarget},
|
||||
group, kms, kms_dynamic, kms_keys, policies, pools,
|
||||
profile::{TriggerProfileCPU, TriggerProfileMemory},
|
||||
@@ -52,6 +52,12 @@ pub fn make_admin_route(console_enabled: bool) -> std::io::Result<impl S3Route>
|
||||
// 1
|
||||
r.insert(Method::POST, "/", AdminOperation(&sts::AssumeRoleHandle {}))?;
|
||||
|
||||
r.insert(
|
||||
Method::GET,
|
||||
format!("{}{}", ADMIN_PREFIX, "/v3/is-admin").as_str(),
|
||||
AdminOperation(&IsAdminHandler {}),
|
||||
)?;
|
||||
|
||||
register_rpc_route(&mut r)?;
|
||||
register_user_route(&mut r)?;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user