CLDSRV-755: Update API handlers

Author: anurag4DSB

lib/api/bucketDeleteRateLimit.js

@@ -1,7 +1,6 @@
 const { errors } = require('arsenal');
 
 const metadata = require('../metadata/wrapper');
-const { standardMetadataValidateBucket } = require('../metadata/metadataUtils');
 const collectCorsHeaders = require('../utilities/collectCorsHeaders');
 const { isRateLimitServiceUser } = require('./apiUtils/authorization/serviceUser');
 
@@ -16,7 +15,7 @@ const { isRateLimitServiceUser } = require('./apiUtils/authorization/serviceUser
 function bucketDeleteRateLimit(authInfo, request, log, callback) {
     log.debug('processing request', { method: 'bucketDeleteRateLimit' });
 
-    if (!isRateLimitServiceUser(authInfo)) {
+    if (!isRateLimitServiceUser(authInfo, log)) {
         return callback(errors.AccessDenied);
     }
 
@@ -36,15 +35,15 @@ function bucketDeleteRateLimit(authInfo, request, log, callback) {
             });
             return callback(err, corsHeaders);
         }
-        if (!bucket.getRateLimitConfig()) {
+        if (!bucket.getRateLimitConfiguration()) {
             log.trace('no existing bucket rate limit configuration', {
                 method: 'bucketDeleteRateLimit',
             });
             // TODO: implement Utapi metric support
             return callback(null, corsHeaders);
         }
         log.trace('deleting bucket rate limit configuration in metadata');
-        bucket.setRateLimitConfig(null);
+        bucket.setRateLimitConfiguration(null);
         return metadata.updateBucket(bucketName, bucket, log, err => {
             if (err) {
                 return callback(err, corsHeaders);

lib/api/bucketGetRateLimit.js

@@ -15,17 +15,11 @@ const { isRateLimitServiceUser } = require('./apiUtils/authorization/serviceUser
 function bucketGetRateLimit(authInfo, request, log, callback) {
     log.debug('processing request', { method: 'bucketGetRateLimit' });
 
-    if (!isRateLimitServiceUser(authInfo)) {
+    if (!isRateLimitServiceUser(authInfo, log)) {
         return callback(errors.AccessDenied);
     }
 
     const { bucketName, headers, method } = request;
-    const metadataValParams = {
-        authInfo,
-        bucketName,
-        requestType: request.apiMethods || 'bucketGetRateLimit',
-        request,
-    };
 
     return standardMetadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => {
         const corsHeaders = collectCorsHeaders(headers.origin, method, bucket);
@@ -37,17 +31,24 @@ function bucketGetRateLimit(authInfo, request, log, callback) {
             return callback(err, null, corsHeaders);
         }
 
-        const rateLimitConfig = bucket.getRateLimitConfig();
-        if (!rateLimitConfig) {
+        const rateLimitConfig = bucket.getRateLimitConfiguration();
+        const limit = rateLimitConfig?.getRequestsPerSecondLimit();
+
+        if (!rateLimitConfig || limit === undefined) {
             log.debug('error processing request', {
-                error: errors.NoSuchBucketRateLimit,
+                error: errors.NoSuchRateLimitConfiguration,
                 method: 'bucketGetRateLimit',
             });
-            return callback(errors.NoSuchBucketRateLimit, null,
+            return callback(errors.NoSuchRateLimitConfiguration, null,
                 corsHeaders);
         }
 
-        return callback(null, JSON.stringify(rateLimitConfig), corsHeaders);
+        // Return flattened structure matching API spec: {"RequestsPerSecond": 1000}
+        const response = {
+            RequestsPerSecond: limit,
+        };
+
+        return callback(null, JSON.stringify(response), corsHeaders);
     });
 }
 

lib/api/bucketPutRateLimit.js

@@ -1,21 +1,27 @@
 const async = require('async');
 const { parseString } = require('xml2js');
-const { errorInstances, errors } = require('arsenal');
+const { errorInstances, errors, models } = require('arsenal');
 
 const collectCorsHeaders = require('../utilities/collectCorsHeaders');
 const metadata = require('../metadata/wrapper');
-const { standardMetadataValidateBucket } = require('../metadata/metadataUtils');
 const { isRateLimitServiceUser } = require('./apiUtils/authorization/serviceUser');
+const { config } = require('../Config');
+
+const RateLimitConfiguration = models.RateLimitConfiguration;
 
 function parseRequestBody(requestBody, callback) {
+    // Try JSON first
+    let jsonData;
     try {
-        const jsonData = JSON.parse(requestBody);
+        jsonData = JSON.parse(requestBody);
         if (typeof jsonData !== 'object') {
-            throw new Error('Invalid JSON');
+            throw new Error('Invalid JSON - not an object');
         }
+        // JSON succeeded - return immediately, do NOT try XML
         return callback(null, jsonData);
-    } catch {
-        return parseString(requestBody, (xmlError, xmlData) => {
+    } catch (jsonError) {
+        // JSON failed - try XML
+        parseString(requestBody, (xmlError, xmlData) => {
             if (xmlError) {
                 return callback(errorInstances.InvalidArgument
                     .customizeDescription('Request body must be a JSON object'));
@@ -25,15 +31,30 @@ function parseRequestBody(requestBody, callback) {
     }
 }
 
-function validateRateLimitConfig(config, callback) {
-    const limit = parseInt(config.RequestsPerSecond, 10);
+function validateRateLimitConfig(requestConfig, callback) {
+    const limit = parseInt(requestConfig.RequestsPerSecond, 10);
+
+    // Validate positive integer
     if (Number.isNaN(limit) || !Number.isInteger(limit) || limit <= 0) {
         return callback(errorInstances.InvalidArgument
             .customizeDescription('RequestsPerSecond must be a positive integer'));
     }
-    return callback(null, {
-            RequestsPerSecond: limit,
+
+    // Validate minimum rate limit (must be >= number of nodes)
+    const nodeCount = config.rateLimiting?.nodeCount || 1;
+    if (limit < nodeCount) {
+        return callback(errorInstances.InvalidArgument
+            .customizeDescription(
+                `RequestsPerSecond must be >= ${nodeCount} (number of CloudServer nodes)`
+            ));
+    }
+
+    // Create RateLimitConfiguration model with flattened structure
+    const rateLimitConfig = new RateLimitConfiguration({
+        RequestsPerSecond: limit,
     });
+
+    return callback(null, rateLimitConfig);
 }
 
 /**
@@ -47,7 +68,16 @@ function validateRateLimitConfig(config, callback) {
 function bucketPutRateLimit(authInfo, request, log, callback) {
     log.debug('processing request', { method: 'bucketPutRateLimit' });
 
-    if (!isRateLimitServiceUser(authInfo)) {
+    const requestArn = authInfo.getArn();
+    const configArn = config.rateLimiting?.serviceUserArn;
+    log.debug('ARN comparison for rate limit authorization', {
+        requestArn,
+        configArn,
+        match: requestArn === configArn,
+    });
+
+    if (!isRateLimitServiceUser(authInfo, log)) {
+        log.warn('Access denied - ARN mismatch', { requestArn, configArn });
         return callback(errors.AccessDenied);
     }
 
@@ -69,11 +99,9 @@ function bucketPutRateLimit(authInfo, request, log, callback) {
                 }
                 return next(null, bucket, limitConfig);
             }),
-        (bucket, limitConfig, next) => {
-            bucket.setRateLimitConfig(limitConfig);
-            metadata.updateBucket(bucket.getName(), bucket, log,
-                err => next(err, bucket));
-        },
+        (bucket, limitConfig, next) => bucket.setRateLimitConfiguration(limitConfig)
+            .then(() => metadata.updateBucket(bucket.getName(), bucket, log,
+                err => next(err, bucket))),
     ], (err, bucket) => {
         const corsHeaders = collectCorsHeaders(request.headers.origin,
             request.method, bucket);