CLDSRV-750: replace repeated logic with standardMetadataValidateBucket

Author: leif-scality

lib/api/bucketDeleteCors.js

@@ -1,14 +1,11 @@
-const { errors } = require('arsenal');
-
-const bucketShield = require('./apiUtils/bucket/bucketShield');
 const collectCorsHeaders = require('../utilities/collectCorsHeaders');
-const { isBucketAuthorized } =
-    require('./apiUtils/authorization/permissionChecks');
 const metadata = require('../metadata/wrapper');
+const { standardMetadataValidateBucket } = require('../metadata/metadataUtils');
 const { pushMetric } = require('../utapi/utilities');
 const monitoring = require('../utilities/monitoringHandler');
 
-const requestType = 'bucketDeleteCors';
+const REQUEST_TYPE = 'bucketDeleteCors';
+const METRICS_ACTION = 'deleteBucketCors';
 
 /**
  * Bucket Delete CORS - Delete bucket cors configuration
@@ -20,62 +17,40 @@ const requestType = 'bucketDeleteCors';
  */
 function bucketDeleteCors(authInfo, request, log, callback) {
     const bucketName = request.bucketName;
-    const canonicalID = authInfo.getCanonicalID();
-
-    return metadata.getBucket(bucketName, log, (err, bucket) => {
-        const corsHeaders = collectCorsHeaders(request.headers.origin,
-            request.method, bucket);
+    const metadataValParams = {
+        authInfo,
+        bucketName,
+        requestType: REQUEST_TYPE,
+        request,
+    };
+
+    return standardMetadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => {
+        const corsHeaders = collectCorsHeaders(request.headers.origin, request.method, bucket);
         if (err) {
-            log.debug('metadata getbucket failed', { error: err });
-            monitoring.promMetrics('DELETE', bucketName, 400,
-                'deleteBucketCors');
+            monitoring.promMetrics('DELETE', bucketName, err.code, METRICS_ACTION);
+            if (err?.is?.AccessDenied) {
+                return callback(err, corsHeaders);
+            }
             return callback(err);
         }
-        if (bucketShield(bucket, requestType)) {
-            monitoring.promMetrics('DELETE', bucketName, 400,
-                'deleteBucketCors');
-            return callback(errors.NoSuchBucket);
-        }
-        log.trace('found bucket in metadata');
-
-        if (!isBucketAuthorized(bucket, request.apiMethods || requestType, canonicalID,
-            authInfo, log, request, request.actionImplicitDenies)) {
-            log.debug('access denied for user on bucket', {
-                requestType,
-                method: 'bucketDeleteCors',
-            });
-            monitoring.promMetrics('DELETE', bucketName, 403,
-                'deleteBucketCors');
-            return callback(errors.AccessDenied, corsHeaders);
-        }
 
         const cors = bucket.getCors();
         if (!cors) {
-            log.trace('no existing cors configuration', {
-                method: 'bucketDeleteCors',
-            });
-            pushMetric('deleteBucketCors', log, {
-                authInfo,
-                bucket: bucketName,
-            });
+            log.trace('no existing cors configuration', { method: REQUEST_TYPE });
+            pushMetric(METRICS_ACTION, log, { authInfo, bucket: bucketName });
             return callback(null, corsHeaders);
         }
 
         log.trace('deleting cors configuration in metadata');
         bucket.setCors(null);
         return metadata.updateBucket(bucketName, bucket, log, err => {
             if (err) {
-                monitoring.promMetrics('DELETE', bucketName, 400,
-                    'deleteBucketCors');
+                monitoring.promMetrics('DELETE', bucketName, err.code, METRICS_ACTION);
                 return callback(err, corsHeaders);
             }
-            pushMetric('deleteBucketCors', log, {
-                authInfo,
-                bucket: bucketName,
-            });
-            monitoring.promMetrics(
-                'DELETE', bucketName, '204', 'deleteBucketCors');
-            return callback(err, corsHeaders);
+            pushMetric(METRICS_ACTION, log, { authInfo, bucket: bucketName });
+            monitoring.promMetrics('DELETE', bucketName, '204', METRICS_ACTION);
+            return callback(null , corsHeaders);
         });
     });
 }

lib/api/bucketDeleteWebsite.js

@@ -1,72 +1,47 @@
-const { errors } = require('arsenal');
-
-const bucketShield = require('./apiUtils/bucket/bucketShield');
 const collectCorsHeaders = require('../utilities/collectCorsHeaders');
-const { isBucketAuthorized } =
-    require('./apiUtils/authorization/permissionChecks');
 const metadata = require('../metadata/wrapper');
+const { standardMetadataValidateBucket } = require('../metadata/metadataUtils');
 const { pushMetric } = require('../utapi/utilities');
 const monitoring = require('../utilities/monitoringHandler');
 
-const requestType = 'bucketDeleteWebsite';
+const REQUEST_TYPE = 'bucketDeleteWebsite';
+const METRICS_ACTION = 'deleteBucketWebsite';
 
 function bucketDeleteWebsite(authInfo, request, log, callback) {
     const bucketName = request.bucketName;
-    const canonicalID = authInfo.getCanonicalID();
-
-    return metadata.getBucket(bucketName, log, (err, bucket) => {
-        const corsHeaders = collectCorsHeaders(request.headers.origin,
-            request.method, bucket);
+    const metadataValParams = {
+        authInfo,
+        bucketName,
+        requestType: REQUEST_TYPE,
+        request,
+    };
+
+    return standardMetadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => {
+        const corsHeaders = collectCorsHeaders(request.headers.origin, request.method, bucket);
         if (err) {
-            log.debug('metadata getbucket failed', { error: err });
-            monitoring.promMetrics(
-                'DELETE', bucketName, err.code, 'deleteBucketWebsite');
+            monitoring.promMetrics('DELETE', bucketName, err.code, REQUEST_TYPE);
+            if (err?.is?.AccessDenied) {
+                return callback(err, corsHeaders);
+            }
             return callback(err);
         }
-        if (bucketShield(bucket, requestType)) {
-            monitoring.promMetrics(
-                'DELETE', bucketName, 404, 'deleteBucketWebsite');
-            return callback(errors.NoSuchBucket);
-        }
-        log.trace('found bucket in metadata');
-
-        if (!isBucketAuthorized(bucket, request.apiMethods || requestType, canonicalID,
-            authInfo, log, request, request.actionImplicitDenies)) {
-            log.debug('access denied for user on bucket', {
-                requestType,
-                method: 'bucketDeleteWebsite',
-            });
-            monitoring.promMetrics(
-                'DELETE', bucketName, 403, 'deleteBucketWebsite');
-            return callback(errors.AccessDenied, corsHeaders);
-        }
 
         const websiteConfig = bucket.getWebsiteConfiguration();
         if (!websiteConfig) {
-            log.trace('no existing website configuration', {
-                method: 'bucketDeleteWebsite',
-            });
-            pushMetric('deleteBucketWebsite', log, {
-                authInfo,
-                bucket: bucketName,
-            });
+            log.trace('no existing website configuration', { method: REQUEST_TYPE });
+            pushMetric(METRICS_ACTION, log, { authInfo, bucket: bucketName });
             return callback(null, corsHeaders);
         }
 
         log.trace('deleting website configuration in metadata');
         bucket.setWebsiteConfiguration(null);
         return metadata.updateBucket(bucketName, bucket, log, err => {
             if (err) {
-                monitoring.promMetrics(
-                    'DELETE', bucketName, err.code, 'deleteBucketWebsite');
+                monitoring.promMetrics('DELETE', bucketName, err.code, METRICS_ACTION);
                 return callback(err, corsHeaders);
             }
-            pushMetric('deleteBucketWebsite', log, {
-                authInfo,
-                bucket: bucketName,
-            });
-            monitoring.promMetrics(
-                'DELETE', bucketName, '200', 'deleteBucketWebsite');
+            pushMetric(METRICS_ACTION, log, { authInfo, bucket: bucketName });
+            monitoring.promMetrics('DELETE', bucketName, '200', METRICS_ACTION);
             return callback(null, corsHeaders);
         });
     });

lib/api/bucketGetCors.js

@@ -1,15 +1,12 @@
 const { errors } = require('arsenal');
-
-const bucketShield = require('./apiUtils/bucket/bucketShield');
 const collectCorsHeaders = require('../utilities/collectCorsHeaders');
 const { convertToXml } = require('./apiUtils/bucket/bucketCors');
-const { isBucketAuthorized } =
-    require('./apiUtils/authorization/permissionChecks');
-const metadata = require('../metadata/wrapper');
+const { standardMetadataValidateBucket } = require('../metadata/metadataUtils');
 const { pushMetric } = require('../utapi/utilities');
 const monitoring = require('../utilities/monitoringHandler');
 
-const requestType = 'bucketGetCors';
+const REQUEST_TYPE = 'bucketGetCors';
+const METRICS_ACTION = 'getBucketCors';
 
 /**
  * Bucket Get CORS - Get bucket cors configuration
@@ -21,52 +18,34 @@ const requestType = 'bucketGetCors';
  */
 function bucketGetCors(authInfo, request, log, callback) {
     const bucketName = request.bucketName;
-    const canonicalID = authInfo.getCanonicalID();
-
-    metadata.getBucket(bucketName, log, (err, bucket) => {
+    const metadataValParams = {
+        authInfo,
+        bucketName,
+        requestType: REQUEST_TYPE,
+        request,
+    };
+
+    return standardMetadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => {
+        const corsHeaders = collectCorsHeaders(request.headers.origin, request.method, bucket);
         if (err) {
-            log.debug('metadata getbucket failed', { error: err });
-            monitoring.promMetrics(
-                'GET', bucketName, err.code, 'getBucketCors');
+            monitoring.promMetrics('GET', bucketName, err.code, METRICS_ACTION);
+            if (err?.is?.AccessDenied) {
+                return callback(err, corsHeaders);
+            }
             return callback(err);
         }
-        if (bucketShield(bucket, requestType)) {
-            monitoring.promMetrics(
-                'GET', bucketName, 404, 'getBucketCors');
-            return callback(errors.NoSuchBucket);
-        }
-        log.trace('found bucket in metadata');
-        const corsHeaders = collectCorsHeaders(request.headers.origin,
-            request.method, bucket);
-
-        if (!isBucketAuthorized(bucket, request.apiMethods || requestType, canonicalID,
-            authInfo, log, request, request.actionImplicitDenies)) {
-            log.debug('access denied for user on bucket', {
-                requestType,
-                method: 'bucketGetCors',
-            });
-            monitoring.promMetrics(
-                'GET', bucketName, 403, 'getBucketCors');
-            return callback(errors.AccessDenied, null, corsHeaders);
-        }
 
         const cors = bucket.getCors();
         if (!cors) {
-            log.debug('cors configuration does not exist', {
-                method: 'bucketGetCors',
-            });
-            monitoring.promMetrics(
-                'GET', bucketName, 404, 'getBucketCors');
+            log.debug('cors configuration does not exist', { method: REQUEST_TYPE });
+            monitoring.promMetrics('GET', bucketName, 404, METRICS_ACTION);
             return callback(errors.NoSuchCORSConfiguration, null, corsHeaders);
         }
         log.trace('converting cors configuration to xml');
         const xml = convertToXml(cors);
 
-        pushMetric('getBucketCors', log, {
-            authInfo,
-            bucket: bucketName,
-        });
-        monitoring.promMetrics('GET', bucketName, '200', 'getBucketCors');
+        pushMetric(METRICS_ACTION, log, { authInfo, bucket: bucketName });
+        monitoring.promMetrics('GET', bucketName, '200', METRICS_ACTION);
         return callback(null, xml, corsHeaders);
     });
 }

lib/api/bucketGetLocation.js

@@ -1,15 +1,12 @@
-const { errors, s3middleware } = require('arsenal');
-
-const bucketShield = require('./apiUtils/bucket/bucketShield');
-const { isBucketAuthorized } =
-    require('./apiUtils/authorization/permissionChecks');
-const metadata = require('../metadata/wrapper');
+const { s3middleware } = require('arsenal');
+const { standardMetadataValidateBucket } = require('../metadata/metadataUtils');
 const { pushMetric } = require('../utapi/utilities');
 const escapeForXml = s3middleware.escapeForXml;
 const collectCorsHeaders = require('../utilities/collectCorsHeaders');
 const monitoring = require('../utilities/monitoringHandler');
 
-const requestType = 'bucketGetLocation';
+const REQUEST_TYPE = 'bucketGetLocation';
+const METRICS_ACTION = 'getBucketLocation';
 
 /**
  * Bucket Get Location - Get bucket locationConstraint configuration
@@ -19,56 +16,38 @@ const requestType = 'bucketGetLocation';
  * @param {function} callback - callback to server
  * @return {undefined}
  */
-
 function bucketGetLocation(authInfo, request, log, callback) {
     const bucketName = request.bucketName;
-    const canonicalID = authInfo.getCanonicalID();
-
-    return metadata.getBucket(bucketName, log, (err, bucket) => {
+    const metadataValParams = {
+        authInfo,
+        bucketName,
+        requestType: request.apiMethod || REQUEST_TYPE,
+        request,
+    };
+
+    return standardMetadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => {
+        const corsHeaders = collectCorsHeaders(request.headers.origin, request.method, bucket);
         if (err) {
-            log.debug('metadata getbucket failed', { error: err });
-            monitoring.promMetrics(
-                'GET', bucketName, err.code, 'getBucketLocation');
+            monitoring.promMetrics('GET', bucketName, err.code, METRICS_ACTION);
+            if (err?.is?.AccessDenied) {
+                return callback(err, corsHeaders);
+            }
             return callback(err);
         }
-        if (bucketShield(bucket, requestType)) {
-            monitoring.promMetrics(
-                'GET', bucketName, 404, 'getBucketLocation');
-            return callback(errors.NoSuchBucket);
-        }
-        log.trace('found bucket in metadata');
-
-        const corsHeaders = collectCorsHeaders(request.headers.origin,
-            request.method, bucket);
-
-        if (!isBucketAuthorized(bucket, request.apiMethods || requestType, canonicalID,
-            authInfo, log, request, request.actionImplicitDenies)) {
-            log.debug('access denied for account on bucket', {
-                requestType,
-                method: 'bucketGetLocation',
-            });
-            monitoring.promMetrics(
-                'GET', bucketName, 403, 'getBucketLocation');
-            return callback(errors.AccessDenied, null, corsHeaders);
-        }
 
         let locationConstraint = bucket.getLocationConstraint();
         if (!locationConstraint || locationConstraint === 'us-east-1') {
-          // AWS returns empty string if no region has been
-          // provided or for us-east-1
-          // Note: AWS JS SDK sends a request with locationConstraint us-east-1
-          // if no locationConstraint provided.
+            // AWS returns empty string if no region has been
+            // provided or for us-east-1
+            // Note: AWS JS SDK sends a request with locationConstraint us-east-1
+            // if no locationConstraint provided.
             locationConstraint = '';
         }
         const xml = `<?xml version="1.0" encoding="UTF-8"?>
         <LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/">` +
             `${escapeForXml(locationConstraint)}</LocationConstraint>`;
-        pushMetric('getBucketLocation', log, {
-            authInfo,
-            bucket: bucketName,
-        });
-        monitoring.promMetrics(
-            'GET', bucketName, '200', 'getBucketLocation');
+        pushMetric(METRICS_ACTION, log, { authInfo, bucket: bucketName });
+        monitoring.promMetrics('GET', bucketName, '200', METRICS_ACTION);
         return callback(null, xml, corsHeaders);
     });
 }