sdgoij/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-01-16 17:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix:correct RemoteAddr extension type to enable IP-based policy evaluation (#1356)

Browse Source
This commit is contained in:
LeonWang0735
2026-01-04 10:13:27 +08:00
committed by GitHub
parent 4d0045ff18
commit de4a3fa766
14 changed files with 60 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rustfs/src/admin/handlers.rs
View File

@@ -211,7 +211,7 @@ impl Operation for AccountInfoHandler {
let claims = cred.claims.as_ref().unwrap_or(&default_claims);
let cred_clone = cred.clone();
let remote_addr = req.extensions.get::<RemoteAddr>().map(|a| a.0);
let remote_addr = req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0));
let conditions = get_condition_values(&req.headers, &cred_clone, None, None, remote_addr);
let cred_clone = Arc::new(cred_clone);
let conditions = Arc::new(conditions);
@@ -407,7 +407,7 @@ impl Operation for ServerInfoHandler {
let (cred, owner) =
check_key_valid(get_session_token(&req.uri, &req.headers).unwrap_or_default(), &input_cred.access_key).await?;
let remote_addr = req.extensions.get::<RemoteAddr>().map(|a| a.0);
let remote_addr = req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0));
validate_admin_request(
&req.headers,
&cred,
@@ -455,7 +455,7 @@ impl Operation for StorageInfoHandler {
let (cred, owner) =
check_key_valid(get_session_token(&req.uri, &req.headers).unwrap_or_default(), &input_cred.access_key).await?;
let remote_addr = req.extensions.get::<RemoteAddr>().map(|a| a.0);
let remote_addr = req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0));
validate_admin_request(
&req.headers,
&cred,
@@ -498,7 +498,7 @@ impl Operation for DataUsageInfoHandler {
let (cred, owner) =
check_key_valid(get_session_token(&req.uri, &req.headers).unwrap_or_default(), &input_cred.access_key).await?;
let remote_addr = req.extensions.get::<RemoteAddr>().map(|a| a.0);
let remote_addr = req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0));
validate_admin_request(
&req.headers,
&cred,

4
rustfs/src/admin/handlers/bucket_meta.rs
View File

@@ -98,7 +98,7 @@ impl Operation for ExportBucketMetadata {
owner,
false,
vec![Action::AdminAction(AdminAction::ExportBucketMetadataAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -391,7 +391,7 @@ impl Operation for ImportBucketMetadata {
owner,
false,
vec![Action::AdminAction(AdminAction::ImportBucketMetadataAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

8
rustfs/src/admin/handlers/group.rs
View File

@@ -58,7 +58,7 @@ impl Operation for ListGroups {
owner,
false,
vec![Action::AdminAction(AdminAction::ListGroupsAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -97,7 +97,7 @@ impl Operation for GetGroup {
owner,
false,
vec![Action::AdminAction(AdminAction::GetGroupAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -145,7 +145,7 @@ impl Operation for SetGroupStatus {
owner,
false,
vec![Action::AdminAction(AdminAction::EnableGroupAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -213,7 +213,7 @@ impl Operation for UpdateGroupMembers {
owner,
false,
vec![Action::AdminAction(AdminAction::AddUserToGroupAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

14
rustfs/src/admin/handlers/kms.rs
View File

@@ -128,7 +128,7 @@ impl Operation for CreateKeyHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)], // TODO: Add specific KMS action
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -207,7 +207,7 @@ impl Operation for DescribeKeyHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -263,7 +263,7 @@ impl Operation for ListKeysHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -325,7 +325,7 @@ impl Operation for GenerateDataKeyHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -391,7 +391,7 @@ impl Operation for KmsStatusHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -449,7 +449,7 @@ impl Operation for KmsConfigHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -494,7 +494,7 @@ impl Operation for KmsClearCacheHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

10
rustfs/src/admin/handlers/kms_dynamic.rs
View File

@@ -99,7 +99,7 @@ impl Operation for ConfigureKmsHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -198,7 +198,7 @@ impl Operation for StartKmsHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -332,7 +332,7 @@ impl Operation for StopKmsHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -398,7 +398,7 @@ impl Operation for GetKmsStatusHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -470,7 +470,7 @@ impl Operation for ReconfigureKmsHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

10
rustfs/src/admin/handlers/kms_keys.rs
View File

@@ -80,7 +80,7 @@ impl Operation for CreateKmsKeyHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -214,7 +214,7 @@ impl Operation for DeleteKmsKeyHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -363,7 +363,7 @@ impl Operation for CancelKmsKeyDeletionHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -492,7 +492,7 @@ impl Operation for ListKmsKeysHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -604,7 +604,7 @@ impl Operation for DescribeKmsKeyHandler {
owner,
false,
vec![Action::AdminAction(AdminAction::ServerInfoAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

10
rustfs/src/admin/handlers/policies.rs
View File

@@ -61,7 +61,7 @@ impl Operation for ListCannedPolicies {
owner,
false,
vec![Action::AdminAction(AdminAction::ListUserPoliciesAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -120,7 +120,7 @@ impl Operation for AddCannedPolicy {
owner,
false,
vec![Action::AdminAction(AdminAction::CreatePolicyAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -193,7 +193,7 @@ impl Operation for InfoCannedPolicy {
owner,
false,
vec![Action::AdminAction(AdminAction::GetPolicyAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -251,7 +251,7 @@ impl Operation for RemoveCannedPolicy {
owner,
false,
vec![Action::AdminAction(AdminAction::DeletePolicyAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -312,7 +312,7 @@ impl Operation for SetPolicyForUserOrGroup {
owner,
false,
vec![Action::AdminAction(AdminAction::AttachPolicyAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

8
rustfs/src/admin/handlers/pools.rs
View File

@@ -54,7 +54,7 @@ impl Operation for ListPools {
Action::AdminAction(AdminAction::ServerInfoAdminAction),
Action::AdminAction(AdminAction::DecommissionAdminAction),
],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -121,7 +121,7 @@ impl Operation for StatusPool {
Action::AdminAction(AdminAction::ServerInfoAdminAction),
Action::AdminAction(AdminAction::DecommissionAdminAction),
],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -197,7 +197,7 @@ impl Operation for StartDecommission {
owner,
false,
vec![Action::AdminAction(AdminAction::DecommissionAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -296,7 +296,7 @@ impl Operation for CancelDecommission {
owner,
false,
vec![Action::AdminAction(AdminAction::DecommissionAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

6
rustfs/src/admin/handlers/rebalance.rs
View File

@@ -104,7 +104,7 @@ impl Operation for RebalanceStart {
owner,
false,
vec![Action::AdminAction(AdminAction::RebalanceAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -182,7 +182,7 @@ impl Operation for RebalanceStatus {
owner,
false,
vec![Action::AdminAction(AdminAction::RebalanceAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -300,7 +300,7 @@ impl Operation for RebalanceStop {
owner,
false,
vec![Action::AdminAction(AdminAction::RebalanceAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

10
rustfs/src/admin/handlers/service_account.rs
View File

@@ -125,7 +125,7 @@ impl Operation for AddServiceAccount {
&cred,
None,
None,
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
),
is_owner: owner,
object: "",
@@ -282,7 +282,7 @@ impl Operation for UpdateServiceAccount {
&cred,
None,
None,
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
),
is_owner: owner,
object: "",
@@ -381,7 +381,7 @@ impl Operation for InfoServiceAccount {
&cred,
None,
None,
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
),
is_owner: owner,
object: "",
@@ -515,7 +515,7 @@ impl Operation for ListServiceAccount {
&cred,
None,
None,
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
),
is_owner: owner,
object: "",
@@ -619,7 +619,7 @@ impl Operation for DeleteServiceAccount {
&cred,
None,
None,
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
),
is_owner: owner,
object: "",

14
rustfs/src/admin/handlers/tier.rs
View File

@@ -97,7 +97,7 @@ impl Operation for AddTier {
owner,
false,
vec![Action::AdminAction(AdminAction::SetTierAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -233,7 +233,7 @@ impl Operation for EditTier {
owner,
false,
vec![Action::AdminAction(AdminAction::SetTierAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -316,7 +316,7 @@ impl Operation for ListTiers {
owner,
false,
vec![Action::AdminAction(AdminAction::ListTierAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -360,7 +360,7 @@ impl Operation for RemoveTier {
owner,
false,
vec![Action::AdminAction(AdminAction::SetTierAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -431,7 +431,7 @@ impl Operation for VerifyTier {
owner,
false,
vec![Action::AdminAction(AdminAction::ListTierAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -462,7 +462,7 @@ impl Operation for GetTierInfo {
owner,
false,
vec![Action::AdminAction(AdminAction::ListTierAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -522,7 +522,7 @@ impl Operation for ClearTier {
owner,
false,
vec![Action::AdminAction(AdminAction::SetTierAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

14
rustfs/src/admin/handlers/user.rs
View File

@@ -125,7 +125,7 @@ impl Operation for AddUser {
owner,
deny_only,
vec![Action::AdminAction(AdminAction::CreateUserAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -178,7 +178,7 @@ impl Operation for SetUserStatus {
owner,
false,
vec![Action::AdminAction(AdminAction::EnableUserAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -223,7 +223,7 @@ impl Operation for ListUsers {
owner,
false,
vec![Action::AdminAction(AdminAction::ListUsersAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -282,7 +282,7 @@ impl Operation for RemoveUser {
owner,
false,
vec![Action::AdminAction(AdminAction::DeleteUserAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -382,7 +382,7 @@ impl Operation for GetUserInfo {
owner,
deny_only,
vec![Action::AdminAction(AdminAction::GetUserAdminAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -438,7 +438,7 @@ impl Operation for ExportIam {
owner,
false,
vec![Action::AdminAction(AdminAction::ExportIAMAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;
@@ -652,7 +652,7 @@ impl Operation for ImportIam {
owner,
false,
vec![Action::AdminAction(AdminAction::ExportIAMAction)],
req.extensions.get::<RemoteAddr>().map(|a| a.0),
req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0)),
)
.await?;

2
rustfs/src/storage/access.rs
View File

@@ -37,7 +37,7 @@ pub(crate) struct ReqInfo {
/// Authorizes the request based on the action and credentials.
pub async fn authorize_request<T>(req: &mut S3Request<T>, action: Action) -> S3Result<()> {
let remote_addr = req.extensions.get::<RemoteAddr>().map(|a| a.0);
let remote_addr = req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0));
let req_info = req.extensions.get_mut::<ReqInfo>().expect("ReqInfo not found");

2
rustfs/src/storage/ecfs.rs
View File

@@ -4693,7 +4693,7 @@ impl S3 for FS {
.await
.map_err(ApiError::from)?;
let remote_addr = req.extensions.get::<RemoteAddr>().map(|a| a.0);
let remote_addr = req.extensions.get::<Option<RemoteAddr>>().and_then(|opt| opt.map(|a| a.0));
let conditions = get_condition_values(&req.headers, &rustfs_credentials::Credentials::default(), None, None, remote_addr);
let read_only = PolicySys::is_allowed(&BucketPolicyArgs {