feat(s3s/host): add S3Host (#178)

Author: Nugine

crates/s3s-fs/src/main.rs

@@ -5,6 +5,7 @@ use s3s_fs::FileSystem;
 use s3s_fs::Result;
 
 use s3s::auth::SimpleAuth;
+use s3s::host::SingleDomain;
 use s3s::service::S3ServiceBuilder;
 
 use std::io::IsTerminal;
@@ -103,7 +104,7 @@ async fn run(opt: Opt) -> Result {
 
         // Enable parsing virtual-hosted-style requests
         if let Some(domain_name) = opt.domain_name {
-            b.set_base_domain(domain_name);
+            b.set_host(SingleDomain::new(domain_name));
             info!("virtual-hosted-style requests are enabled");
         }
 

crates/s3s-fs/tests/it_aws.rs

@@ -5,6 +5,7 @@
 )]
 
 use s3s::auth::SimpleAuth;
+use s3s::host::SingleDomain;
 use s3s::service::S3ServiceBuilder;
 use s3s_fs::FileSystem;
 
@@ -64,7 +65,7 @@ fn config() -> &'static SdkConfig {
         let service = {
             let mut b = S3ServiceBuilder::new(fs);
             b.set_auth(SimpleAuth::from_single(cred.access_key_id(), cred.secret_access_key()));
-            b.set_base_domain(DOMAIN_NAME);
+            b.set_host(SingleDomain::new(DOMAIN_NAME));
             b.build()
         };
 

crates/s3s-proxy/src/main.rs

@@ -2,6 +2,7 @@
 #![deny(clippy::all, clippy::pedantic)]
 
 use s3s::auth::SimpleAuth;
+use s3s::host::SingleDomain;
 use s3s::service::S3ServiceBuilder;
 use tokio::net::TcpListener;
 
@@ -66,7 +67,7 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync + 'static>> {
 
         // Enable parsing virtual-hosted-style requests
         if let Some(domain_name) = opt.domain_name {
-            b.set_base_domain(domain_name);
+            b.set_host(SingleDomain::new(domain_name));
         }
 
         b.build()

crates/s3s/src/host.rs

@@ -0,0 +1,76 @@
+use crate::error::S3Result;
+
+use std::borrow::Cow;
+
+#[derive(Debug, Clone)]
+pub struct VirtualHost<'a> {
+    domain: Cow<'a, str>,
+    bucket: Option<Cow<'a, str>>,
+    // pub(crate) region: Option<Cow<'a, str>>,
+}
+
+impl<'a> VirtualHost<'a> {
+    pub fn new(domain: impl Into<Cow<'a, str>>) -> Self {
+        Self {
+            domain: domain.into(),
+            bucket: None,
+        }
+    }
+
+    pub fn with_bucket(domain: impl Into<Cow<'a, str>>, bucket: impl Into<Cow<'a, str>>) -> Self {
+        Self {
+            domain: domain.into(),
+            bucket: Some(bucket.into()),
+        }
+    }
+
+    #[inline]
+    #[must_use]
+    pub fn domain(&self) -> &str {
+        self.domain.as_ref()
+    }
+
+    #[inline]
+    #[must_use]
+    pub fn bucket(&self) -> Option<&str> {
+        self.bucket.as_deref()
+    }
+}
+
+pub trait S3Host: Send + Sync + 'static {
+    /// Parses the `Host` header of the HTTP request.
+    ///
+    /// # Errors
+    /// Returns an error if the `Host` is invalid for this service.
+    fn parse_host_header<'a>(&'a self, host: &'a str) -> S3Result<VirtualHost<'a>>;
+}
+
+pub struct SingleDomain {
+    base_domain: String,
+}
+
+impl SingleDomain {
+    #[must_use]
+    pub fn new(base_domain: impl Into<String>) -> Self {
+        Self {
+            base_domain: base_domain.into(),
+        }
+    }
+}
+
+impl S3Host for SingleDomain {
+    fn parse_host_header<'a>(&'a self, host: &'a str) -> S3Result<VirtualHost<'a>> {
+        let base_domain = self.base_domain.as_str();
+
+        if host == base_domain {
+            return Ok(VirtualHost::new(base_domain));
+        }
+
+        if let Some(bucket) = host.strip_suffix(&self.base_domain).and_then(|h| h.strip_suffix('.')) {
+            return Ok(VirtualHost::with_bucket(base_domain, bucket));
+        };
+
+        let bucket = host.to_ascii_lowercase();
+        Ok(VirtualHost::with_bucket(host, bucket))
+    }
+}

crates/s3s/src/lib.rs

@@ -35,16 +35,15 @@ mod sig_v2;
 mod sig_v4;
 mod xml;
 
-pub mod header;
-
 pub mod auth;
+pub mod checksum;
 pub mod dto;
+pub mod header;
+pub mod host;
 pub mod path;
 pub mod service;
 pub mod stream;
 
-pub mod checksum;
-
 pub use self::error::*;
 pub use self::http::Body;
 pub use self::request::S3Request;

crates/s3s/src/ops/mod.rs

@@ -13,6 +13,7 @@ use crate::auth::S3Auth;
 use crate::auth::S3AuthContext;
 use crate::error::*;
 use crate::header;
+use crate::host::S3Host;
 use crate::http;
 use crate::http::Body;
 use crate::http::{OrderedHeaders, OrderedQs};
@@ -85,27 +86,16 @@ fn extract_host(req: &Request) -> S3Result<Option<String>> {
     Ok(Some(host.into()))
 }
 
-fn is_socket_addr(host: &str) -> bool {
+fn is_socket_addr_or_ip_addr(host: &str) -> bool {
     host.parse::<SocketAddr>().is_ok() || host.parse::<IpAddr>().is_ok()
 }
 
-fn extract_s3_path(host: Option<&str>, uri_path: &str, base_domain: Option<&str>) -> S3Result<S3Path> {
-    let result = match (base_domain, host) {
-        (Some(base_domain), Some(host)) if base_domain != host && !is_socket_addr(host) => {
-            debug!(?base_domain, ?host, ?uri_path, "parsing virtual-hosted-style request");
-            crate::path::parse_virtual_hosted_style(base_domain, host, uri_path)
-        }
-        _ => {
-            debug!(?uri_path, "parsing path-style request");
-            crate::path::parse_path_style(uri_path)
-        }
-    };
-
-    result.map_err(|err| match err {
+fn convert_parse_s3_path_error(err: &ParseS3PathError) -> S3Error {
+    match err {
         ParseS3PathError::InvalidPath => s3_error!(InvalidURI),
         ParseS3PathError::InvalidBucketName => s3_error!(InvalidBucketName),
         ParseS3PathError::KeyTooLong => s3_error!(KeyTooLongError),
-    })
+    }
 }
 
 fn extract_qs(req_uri: &Uri) -> S3Result<Option<OrderedQs>> {
@@ -183,9 +173,9 @@ pub async fn call(
     req: &mut Request,
     s3: &Arc<dyn S3>,
     auth: Option<&dyn S3Auth>,
-    base_domain: Option<&str>,
+    host: Option<&dyn S3Host>,
 ) -> S3Result<Response> {
-    let op = match prepare(req, auth, base_domain).await {
+    let op = match prepare(req, auth, host).await {
         Ok(op) => op,
         Err(err) => {
             debug!(?err, "failed to prepare");
@@ -204,18 +194,40 @@ pub async fn call(
     Ok(resp)
 }
 
-async fn prepare(req: &mut Request, auth: Option<&dyn S3Auth>, base_domain: Option<&str>) -> S3Result<&'static dyn Operation> {
+#[allow(clippy::too_many_lines)]
+async fn prepare(req: &mut Request, auth: Option<&dyn S3Auth>, s3_host: Option<&dyn S3Host>) -> S3Result<&'static dyn Operation> {
     let s3_path;
     let mut content_length;
     {
         let decoded_uri_path = urlencoding::decode(req.uri.path())
             .map_err(|_| S3ErrorCode::InvalidURI)?
             .into_owned();
 
-        let host = extract_host(req)?;
+        let host_header = extract_host(req)?;
+        let vh;
+        let vh_bucket;
+        {
+            let result = 'parse: {
+                if let (Some(host_header), Some(s3_host)) = (host_header.as_deref(), s3_host) {
+                    if !is_socket_addr_or_ip_addr(host_header) {
+                        debug!(?host_header, ?decoded_uri_path, "parsing virtual-hosted-style request");
+
+                        vh = s3_host.parse_host_header(host_header)?;
+                        debug!(?vh);
 
-        req.s3ext.s3_path = Some(extract_s3_path(host.as_deref(), &decoded_uri_path, base_domain)?);
-        s3_path = req.s3ext.s3_path.as_ref().unwrap();
+                        vh_bucket = vh.bucket();
+                        break 'parse crate::path::parse_virtual_hosted_style(vh_bucket, &decoded_uri_path);
+                    }
+                }
+
+                debug!(?decoded_uri_path, "parsing path-style request");
+                vh_bucket = None;
+                crate::path::parse_path_style(&decoded_uri_path)
+            };
+
+            req.s3ext.s3_path = Some(result.map_err(|err| convert_parse_s3_path_error(&err))?);
+            s3_path = req.s3ext.s3_path.as_ref().unwrap();
+        }
 
         req.s3ext.qs = extract_qs(&req.uri)?;
         content_length = extract_content_length(req);
@@ -229,7 +241,6 @@ async fn prepare(req: &mut Request, auth: Option<&dyn S3Auth>, base_domain: Opti
         {
             let mut scx = SignatureContext {
                 auth,
-                base_domain,
 
                 req_method: &req.method,
                 req_uri: &req.uri,
@@ -239,9 +250,8 @@ async fn prepare(req: &mut Request, auth: Option<&dyn S3Auth>, base_domain: Opti
                 hs,
 
                 decoded_uri_path,
-                s3_path,
+                vh_bucket,
 
-                host: host.as_deref(),
                 content_length,
                 decoded_content_length,
                 mime,

crates/s3s/src/ops/signature.rs

@@ -4,7 +4,6 @@ use crate::error::*;
 use crate::http;
 use crate::http::{AwsChunkedStream, Body, Multipart};
 use crate::http::{OrderedHeaders, OrderedQs};
-use crate::path::S3Path;
 use crate::sig_v2;
 use crate::sig_v2::{AuthorizationV2, PresignedUrlV2};
 use crate::sig_v4;
@@ -54,7 +53,6 @@ fn extract_amz_date(hs: &'_ OrderedHeaders<'_>) -> S3Result<Option<AmzDate>> {
 
 pub struct SignatureContext<'a> {
     pub auth: Option<&'a dyn S3Auth>,
-    pub base_domain: Option<&'a str>,
 
     pub req_method: &'a Method,
     pub req_uri: &'a Uri,
@@ -64,9 +62,8 @@ pub struct SignatureContext<'a> {
     pub hs: OrderedHeaders<'a>,
 
     pub decoded_uri_path: String,
-    pub s3_path: &'a S3Path,
+    pub vh_bucket: Option<&'a str>,
 
-    pub host: Option<&'a str>,
     pub content_length: Option<u64>,
     pub mime: Option<Mime>,
     pub decoded_content_length: Option<usize>,
@@ -354,13 +351,6 @@ impl SignatureContext<'_> {
         None
     }
 
-    fn v2_virtual_hosted_bucket(&self) -> Option<&str> {
-        match (self.base_domain, self.host) {
-            (Some(base_domain), Some(host)) if base_domain != host => self.s3_path.get_bucket_name(),
-            _ => None,
-        }
-    }
-
     pub async fn v2_check_header_auth(&mut self, auth_v2: AuthorizationV2<'_>) -> S3Result<Credentials> {
         let method = &self.req_method;
 
@@ -373,10 +363,14 @@ impl SignatureContext<'_> {
         let access_key = auth_v2.access_key;
         let secret_key = auth.get_secret_key(access_key).await?;
 
-        let vh_bucket = self.v2_virtual_hosted_bucket();
-
-        let string_to_sign =
-            sig_v2::create_string_to_sign(sig_v2::Mode::HeaderAuth, method, self.req_uri.path(), self.qs, &self.hs, vh_bucket);
+        let string_to_sign = sig_v2::create_string_to_sign(
+            sig_v2::Mode::HeaderAuth,
+            method,
+            self.req_uri.path(),
+            self.qs,
+            &self.hs,
+            self.vh_bucket,
+        );
         let signature = sig_v2::calculate_signature(&secret_key, &string_to_sign);
 
         debug!(?string_to_sign, "sig_v2 header_auth");
@@ -405,15 +399,13 @@ impl SignatureContext<'_> {
         let access_key = presigned_url.access_key;
         let secret_key = auth.get_secret_key(access_key).await?;
 
-        let vh_bucket = self.v2_virtual_hosted_bucket();
-
         let string_to_sign = sig_v2::create_string_to_sign(
             sig_v2::Mode::PresignedUrl,
             self.req_method,
             self.req_uri.path(),
             self.qs,
             &self.hs,
-            vh_bucket,
+            self.vh_bucket,
         );
         let signature = sig_v2::calculate_signature(&secret_key, &string_to_sign);