JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8850fde9f5
storj/satellite/metainfo/validation.go

495 lines
16 KiB
Go
Raw Normal View History

Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package metainfo
import (
"bytes"
"context"
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
"crypto/subtle"
Bucket name validation (#2244)
2019-06-24 10:52:25 +01:00
"regexp"
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
"strconv"
satellite/metainfo: bring back validation while committing segment During metainfo refactor we disabled some validation as it was designed to validate pointer. Now part of this validation is restored. This is first part. Change-Id: I6132f922fe23d60118bbccfdb77fd93c3c81afed
2021-04-07 15:20:05 +01:00
"time"
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
satellite: use evenkit instead of evenstat/top endpoint We had multiple experiment so far to collect high cardinality data (mainly in aggregated form). 1. we have a `/top` endpoint which aggregates events with upper bound 2. we use same api (eventstat) to publish S3 gateway-mt agents to influxdb This patch starts to replace theses api with jtolio/eventkit. Instead of aggregation all events can be sent to a collector host where we can do aggregation and/or persisting data. Change-Id: Id6df4882b51d2dbd2be9401ee4199d14f3ff7186
2022-10-24 10:43:47 +01:00
"github.com/jtolio/eventkit"
Add timestamp and piece size to piece hash (#2198)
2019-07-03 17:14:37 +01:00
"github.com/zeebo/errs"
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
"go.uber.org/zap"
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
"golang.org/x/time/rate"
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
satellite/metainfo: bring back validation while committing segment During metainfo refactor we disabled some validation as it was designed to validate pointer. Now part of this validation is restored. This is first part. Change-Id: I6132f922fe23d60118bbccfdb77fd93c3c81afed
2021-04-07 15:20:05 +01:00
"storj.io/common/encryption"
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
"storj.io/common/errs2"
common: separate repository Change-Id: Ibb89c42060450e3839481a7e495bbe3ad940610a
2019-12-27 11:48:47 +00:00
"storj.io/common/macaroon"
satellite/metainfo: add missing metadata validation We are missing metadata validation for UpdateObjectMetadata and FinishCopyOject requests. Change-Id: Idca6a4d1fe108e1593405fd3913442f5b69d09e7
2022-04-21 15:25:16 +01:00
"storj.io/common/memory"
common: separate repository Change-Id: Ibb89c42060450e3839481a7e495bbe3ad940610a
2019-12-27 11:48:47 +00:00
"storj.io/common/pb"
"storj.io/common/rpc/rpcstatus"
"storj.io/common/storj"
all: switch to storj.io/common/uuid Change-Id: I178a0a8dac691e57bce317b91411292fb3c40c9f
2020-03-30 10:08:50 +01:00
"storj.io/common/uuid"
satellite/metainfo: usage limits for copy Previously there was no realtime administration of the storage usage during copies. Now there is. Closes https://github.com/storj/storj/issues/4719 Change-Id: I0d536bf551d16208116c3aceac89ed590ec473bf
2022-06-22 12:33:03 +01:00
"storj.io/storj/satellite/accounting"
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
"storj.io/storj/satellite/console"
pkg/auth: move package to consoleauth To avoid further name collisions, the very broad named package gets moved into the consoleauth package where its also mainly being used. Change-Id: Ie563c9700adbf0553baca2b7b8ba4a1d9c29d144
2020-10-06 11:40:31 +01:00
"storj.io/storj/satellite/console/consoleauth"
satellite/metabase: move package one level higher metabase has become a central concept and it's more suitable for it to be directly nested under satellite rather than being part of metainfo. metainfo is going to be the "endpoint" logic for handling requests. Change-Id: I53770d6761ac1e9a1283b5aa68f471b21e784198
2021-04-21 13:42:57 +01:00
"storj.io/storj/satellite/metabase"
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
)
satellite/metainfo: add missing metadata validation We are missing metadata validation for UpdateObjectMetadata and FinishCopyOject requests. Change-Id: Idca6a4d1fe108e1593405fd3913442f5b69d09e7
2022-04-21 15:25:16 +01:00
const encryptedKeySize = 48
var (
ipRegexp = regexp.MustCompile(`^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$`)
)
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
satellite: use evenkit instead of evenstat/top endpoint We had multiple experiment so far to collect high cardinality data (mainly in aggregated form). 1. we have a `/top` endpoint which aggregates events with upper bound 2. we use same api (eventstat) to publish S3 gateway-mt agents to influxdb This patch starts to replace theses api with jtolio/eventkit. Instead of aggregation all events can be sent to a collector host where we can do aggregation and/or persisting data. Change-Id: Id6df4882b51d2dbd2be9401ee4199d14f3ff7186
2022-10-24 10:43:47 +01:00
var ek = eventkit.Package()
metainfo: move api keys to part of the request (#3069) What: we move api keys out of the grpc connection-level metadata on the client side and into the request protobufs directly. the server side still supports both mechanisms for backwards compatibility. Why: dRPC won't support connection-level metadata. the only thing we currently use connection-level metadata for is api keys. we need to move all information needed by a request into the request protobuf itself for drpc support. check out the .proto changes for the main details. One fun side-fact: Did you know that protobuf fields 1-15 are special and only use one byte for both the field number and type? Additionally did you know we don't use field 15 anywhere yet? So the new request header will use field 15, and should use field 15 on all protobufs going forward. Please describe the tests: all existing tests should pass Please describe the performance impact: none
2019-09-19 17:19:29 +01:00
func getAPIKey(ctx context.Context, header *pb.RequestHeader) (key *macaroon.APIKey, err error) {
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
defer mon.Task()(&ctx)(&err)
metainfo: move api keys to part of the request (#3069) What: we move api keys out of the grpc connection-level metadata on the client side and into the request protobufs directly. the server side still supports both mechanisms for backwards compatibility. Why: dRPC won't support connection-level metadata. the only thing we currently use connection-level metadata for is api keys. we need to move all information needed by a request into the request protobuf itself for drpc support. check out the .proto changes for the main details. One fun side-fact: Did you know that protobuf fields 1-15 are special and only use one byte for both the field number and type? Additionally did you know we don't use field 15 anywhere yet? So the new request header will use field 15, and should use field 15 on all protobufs going forward. Please describe the tests: all existing tests should pass Please describe the performance impact: none
2019-09-19 17:19:29 +01:00
if header != nil {
return macaroon.ParseRawAPIKey(header.ApiKey)
}
pkg/auth: move package to consoleauth To avoid further name collisions, the very broad named package gets moved into the consoleauth package where its also mainly being used. Change-Id: Ie563c9700adbf0553baca2b7b8ba4a1d9c29d144
2020-10-06 11:40:31 +01:00
keyData, ok := consoleauth.GetAPIKey(ctx)
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
if !ok {
metainfo: move api keys to part of the request (#3069) What: we move api keys out of the grpc connection-level metadata on the client side and into the request protobufs directly. the server side still supports both mechanisms for backwards compatibility. Why: dRPC won't support connection-level metadata. the only thing we currently use connection-level metadata for is api keys. we need to move all information needed by a request into the request protobuf itself for drpc support. check out the .proto changes for the main details. One fun side-fact: Did you know that protobuf fields 1-15 are special and only use one byte for both the field number and type? Additionally did you know we don't use field 15 anywhere yet? So the new request header will use field 15, and should use field 15 on all protobufs going forward. Please describe the tests: all existing tests should pass Please describe the performance impact: none
2019-09-19 17:19:29 +01:00
return nil, errs.New("missing credentials")
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
}
metainfo: move api keys to part of the request (#3069) What: we move api keys out of the grpc connection-level metadata on the client side and into the request protobufs directly. the server side still supports both mechanisms for backwards compatibility. Why: dRPC won't support connection-level metadata. the only thing we currently use connection-level metadata for is api keys. we need to move all information needed by a request into the request protobuf itself for drpc support. check out the .proto changes for the main details. One fun side-fact: Did you know that protobuf fields 1-15 are special and only use one byte for both the field number and type? Additionally did you know we don't use field 15 anywhere yet? So the new request header will use field 15, and should use field 15 on all protobufs going forward. Please describe the tests: all existing tests should pass Please describe the performance impact: none
2019-09-19 17:19:29 +01:00
return macaroon.ParseAPIKey(string(keyData))
}
satellite/metainfo: stops hiding real validateAuth Metainfo method validateAuth checks things like API key, user permission and rate limit but at the end all errors were returned as rpcstatus.Unauthenticated. Old Metainfo is not touched to avoid backward compatibility issues. Change-Id: I78eb276210fc50151da58a5c84e13ecd0961da29
2020-03-10 09:58:14 +00:00
// validateAuth validates things like API key, user permissions and rate limit and always returns valid rpc error.
metainfo: move api keys to part of the request (#3069) What: we move api keys out of the grpc connection-level metadata on the client side and into the request protobufs directly. the server side still supports both mechanisms for backwards compatibility. Why: dRPC won't support connection-level metadata. the only thing we currently use connection-level metadata for is api keys. we need to move all information needed by a request into the request protobuf itself for drpc support. check out the .proto changes for the main details. One fun side-fact: Did you know that protobuf fields 1-15 are special and only use one byte for both the field number and type? Additionally did you know we don't use field 15 anywhere yet? So the new request header will use field 15, and should use field 15 on all protobufs going forward. Please describe the tests: all existing tests should pass Please describe the performance impact: none
2019-09-19 17:19:29 +01:00
func (endpoint *Endpoint) validateAuth(ctx context.Context, header *pb.RequestHeader, action macaroon.Action) (_ *console.APIKeyInfo, err error) {
defer mon.Task()(&ctx)(&err)
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
key, keyInfo, err := endpoint.validateBasic(ctx, header)
if err != nil {
return nil, err
}
err = key.Check(ctx, keyInfo.Secret, action, endpoint.revocations)
if err != nil {
endpoint.log.Debug("unauthorized request", zap.Error(err))
return nil, rpcstatus.Error(rpcstatus.PermissionDenied, "Unauthorized API credentials")
}
return keyInfo, nil
}
satellite/metainfo: make subsequent auth validations not perform rate-limiting Currently, requests that were successfully passed through the metainfo endpoints rate-limiter might still fail in the middle of the corresponding response. The problem is that we perform rate-limiting a second time, which means other requests would influence whether the current (already rate-checked) request will fail. This also has other unintended effects, like responding with rpcstatus.PermissionDenied for requests that were successfully rate-checked and did not lack permissions but were rate-checked again in the middle of (*Endpoint).BeginObject. This situation has been happening on the gateway side and might affect other uplink clients. This change, where appropriate, swaps subsequent validateAuth with validateAuthN that performs rate-limiting once. Change-Id: I6fc26dedb8c442dd20acaab5942f751279020b08
2021-08-31 17:15:43 +01:00
type verifyPermission struct {
action macaroon.Action
actionPermitted *bool
optional bool
}
// validateAuthN validates things like API keys, rate limit and user permissions
// for each permission from permissions. It returns an error for the first
// required (not optional) permission that the check fails for. There must be at
// least one required (not optional) permission. In case all permissions are
// optional, it will return an error. It always returns valid RPC errors.
func (endpoint *Endpoint) validateAuthN(ctx context.Context, header *pb.RequestHeader, permissions ...verifyPermission) (_ *console.APIKeyInfo, err error) {
defer mon.Task()(&ctx)(&err)
allOptional := true
for _, p := range permissions {
if !p.optional {
allOptional = false
break
}
}
if allOptional {
return nil, rpcstatus.Error(rpcstatus.Internal, "All permissions are optional")
}
key, keyInfo, err := endpoint.validateBasic(ctx, header)
if err != nil {
return nil, err
}
for _, p := range permissions {
err = key.Check(ctx, keyInfo.Secret, p.action, endpoint.revocations)
if p.actionPermitted != nil {
*p.actionPermitted = err == nil
}
if err != nil && !p.optional {
endpoint.log.Debug("unauthorized request", zap.Error(err))
return nil, rpcstatus.Error(rpcstatus.PermissionDenied, "Unauthorized API credentials")
}
}
return keyInfo, nil
}
satellite/metainfo: allow list permission for GetObject and GetObjectIPs GetObject and GetObjectIPs are invoked by the Linksharing service to display the shared object and its map. These two endpoint currently require read permission. There is a use case where an object can be shared with an access grant that has only list permission. In such a case, the expectation is that the linksharing service would still display the metadata of the shared object (name, size, map), but the content would be still inaccessible. See https://github.com/storj/gateway-mt/issues/209 for details. This change allows GetObject and GetObjectIPs to require either read or list permission to support the described use case. Change-Id: I3477edc7bf8990e9848482890da047094c875d09
2022-11-02 15:19:45 +00:00
// validateAuthAny validates things like API keys, rate limit and user permissions.
// At least one of the action from actions must be permitted to return successfully.
// It always returns valid RPC errors.
func (endpoint *Endpoint) validateAuthAny(ctx context.Context, header *pb.RequestHeader, actions ...macaroon.Action) (_ *console.APIKeyInfo, err error) {
defer mon.Task()(&ctx)(&err)
key, keyInfo, err := endpoint.validateBasic(ctx, header)
if err != nil {
return nil, err
}
if len(actions) == 0 {
return nil, rpcstatus.Error(rpcstatus.Internal, "No action to validate")
}
var combinedErrs error
for _, action := range actions {
err = key.Check(ctx, keyInfo.Secret, action, endpoint.revocations)
if err == nil {
return keyInfo, nil
}
combinedErrs = errs.Combine(combinedErrs, err)
}
endpoint.log.Debug("unauthorized request", zap.Error(combinedErrs))
return nil, rpcstatus.Error(rpcstatus.PermissionDenied, "Unauthorized API credentials")
}
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
func (endpoint *Endpoint) validateBasic(ctx context.Context, header *pb.RequestHeader) (_ *macaroon.APIKey, _ *console.APIKeyInfo, err error) {
defer mon.Task()(&ctx)(&err)
metainfo: move api keys to part of the request (#3069) What: we move api keys out of the grpc connection-level metadata on the client side and into the request protobufs directly. the server side still supports both mechanisms for backwards compatibility. Why: dRPC won't support connection-level metadata. the only thing we currently use connection-level metadata for is api keys. we need to move all information needed by a request into the request protobuf itself for drpc support. check out the .proto changes for the main details. One fun side-fact: Did you know that protobuf fields 1-15 are special and only use one byte for both the field number and type? Additionally did you know we don't use field 15 anywhere yet? So the new request header will use field 15, and should use field 15 on all protobufs going forward. Please describe the tests: all existing tests should pass Please describe the performance impact: none
2019-09-19 17:19:29 +01:00
key, err := getAPIKey(ctx, header)
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
if err != nil {
satellite/metainfo: use status.Error and fix error codes (#2827)
2019-08-20 14:16:51 +01:00
endpoint.log.Debug("invalid request", zap.Error(err))
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
return nil, nil, rpcstatus.Error(rpcstatus.InvalidArgument, "Invalid API credentials")
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
}
keyInfo, err := endpoint.apiKeys.GetByHead(ctx, key.Head())
if err != nil {
satellite/metainfo: use status.Error and fix error codes (#2827)
2019-08-20 14:16:51 +01:00
endpoint.log.Debug("unauthorized request", zap.Error(err))
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
return nil, nil, rpcstatus.Error(rpcstatus.PermissionDenied, "Unauthorized API credentials")
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
}
satellite: use evenkit instead of evenstat/top endpoint We had multiple experiment so far to collect high cardinality data (mainly in aggregated form). 1. we have a `/top` endpoint which aggregates events with upper bound 2. we use same api (eventstat) to publish S3 gateway-mt agents to influxdb This patch starts to replace theses api with jtolio/eventkit. Instead of aggregation all events can be sent to a collector host where we can do aggregation and/or persisting data. Change-Id: Id6df4882b51d2dbd2be9401ee4199d14f3ff7186
2022-10-24 10:43:47 +01:00
userAgent := ""
satellite: in-memory 'top'-like counter for project/partner As a reminder * This counters are for data with high-cardinality * We have strong upper bound for memory limits * They can be accessed from /top monitoring interface Example: ``` curl 172.20.0.10:11111/top since ~ 2022-08-09T07:45:58Z auth_request_count project=9094cff8-104e-4956-a367-97ea134b7e06 11.000000 auth_request_buckets 1.000000 auth_request_discarded 0.000000 auth_request_count partner=00000000-0000-0000-0000-000000000000 11.000000 auth_request_buckets 1.000000 auth_request_discarded 0.000000 ``` Note: discarded 0 --> we didn't hit the memory limit. Change-Id: I8db09b4aa61bade55cb324b84b7fbcb8f068c179
2022-08-09 11:39:43 +01:00
if keyInfo.UserAgent != nil {
satellite: use evenkit instead of evenstat/top endpoint We had multiple experiment so far to collect high cardinality data (mainly in aggregated form). 1. we have a `/top` endpoint which aggregates events with upper bound 2. we use same api (eventstat) to publish S3 gateway-mt agents to influxdb This patch starts to replace theses api with jtolio/eventkit. Instead of aggregation all events can be sent to a collector host where we can do aggregation and/or persisting data. Change-Id: Id6df4882b51d2dbd2be9401ee4199d14f3ff7186
2022-10-24 10:43:47 +01:00
userAgent = string(keyInfo.UserAgent)
satellite: in-memory 'top'-like counter for project/partner As a reminder * This counters are for data with high-cardinality * We have strong upper bound for memory limits * They can be accessed from /top monitoring interface Example: ``` curl 172.20.0.10:11111/top since ~ 2022-08-09T07:45:58Z auth_request_count project=9094cff8-104e-4956-a367-97ea134b7e06 11.000000 auth_request_buckets 1.000000 auth_request_discarded 0.000000 auth_request_count partner=00000000-0000-0000-0000-000000000000 11.000000 auth_request_buckets 1.000000 auth_request_discarded 0.000000 ``` Note: discarded 0 --> we didn't hit the memory limit. Change-Id: I8db09b4aa61bade55cb324b84b7fbcb8f068c179
2022-08-09 11:39:43 +01:00
}
satellite: use evenkit instead of evenstat/top endpoint We had multiple experiment so far to collect high cardinality data (mainly in aggregated form). 1. we have a `/top` endpoint which aggregates events with upper bound 2. we use same api (eventstat) to publish S3 gateway-mt agents to influxdb This patch starts to replace theses api with jtolio/eventkit. Instead of aggregation all events can be sent to a collector host where we can do aggregation and/or persisting data. Change-Id: Id6df4882b51d2dbd2be9401ee4199d14f3ff7186
2022-10-24 10:43:47 +01:00
ek.Event("auth",
eventkit.String("user-agent", userAgent),
eventkit.String("project", keyInfo.ProjectID.String()),
eventkit.String("partner", keyInfo.PartnerID.String()),
)
satellite: in-memory 'top'-like counter for project/partner As a reminder * This counters are for data with high-cardinality * We have strong upper bound for memory limits * They can be accessed from /top monitoring interface Example: ``` curl 172.20.0.10:11111/top since ~ 2022-08-09T07:45:58Z auth_request_count project=9094cff8-104e-4956-a367-97ea134b7e06 11.000000 auth_request_buckets 1.000000 auth_request_discarded 0.000000 auth_request_count partner=00000000-0000-0000-0000-000000000000 11.000000 auth_request_buckets 1.000000 auth_request_discarded 0.000000 ``` Note: discarded 0 --> we didn't hit the memory limit. Change-Id: I8db09b4aa61bade55cb324b84b7fbcb8f068c179
2022-08-09 11:39:43 +01:00
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
if err = endpoint.checkRate(ctx, keyInfo.ProjectID); err != nil {
endpoint.log.Debug("rate check failed", zap.Error(err))
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
return nil, nil, err
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
}
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
return key, keyInfo, nil
}
func (endpoint *Endpoint) validateRevoke(ctx context.Context, header *pb.RequestHeader, macToRevoke *macaroon.Macaroon) (_ *console.APIKeyInfo, err error) {
defer mon.Task()(&ctx)(&err)
key, keyInfo, err := endpoint.validateBasic(ctx, header)
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
if err != nil {
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
return nil, err
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
}
satellite/metainfo: Handle revocation request Logic to handle a request to revoke a macaroon. Change-Id: I5d5c93fcc2e026b0aaf82bfdfacc822185b10f9f
2020-06-10 15:10:44 +01:00
// The macaroon to revoke must be valid with the same secret as the key.
if !macToRevoke.Validate(keyInfo.Secret) {
return nil, rpcstatus.Error(rpcstatus.InvalidArgument, "Macaroon to revoke invalid")
}
keyTail := key.Tail()
tails := macToRevoke.Tails(keyInfo.Secret)
// A macaroon cannot revoke itself. So we only check len(tails-1), skipping
// the final tail. To be valid, the final tail of the auth key must be
// contained within the checked tails of the macaroon we want to revoke.
for i := 0; i < len(tails)-1; i++ {
if subtle.ConstantTimeCompare(tails[i], keyTail) == 1 {
return keyInfo, nil
}
}
return nil, rpcstatus.Error(rpcstatus.PermissionDenied, "Unauthorized attempt to revoke macaroon")
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
}
Add metrics to track rate limit. Add monkit metric for the rate-limit when the rate limit is hit Logs warning with projectID https://storjlabs.atlassian.net/browse/SM-165 Change-Id: I352dc40006021990d1bc66a999f62bbf8deb54db
2020-01-30 17:43:37 +00:00
func (endpoint *Endpoint) checkRate(ctx context.Context, projectID uuid.UUID) (err error) {
defer mon.Task()(&ctx)(&err)
satellite/metainfo: add max segment size and max inline size to BeginObject response We want to control inline segment size and segment size on satellite side. We need to return such information to uplink like with redundancy scheme. Change-Id: If04b0a45a2757a01c0cc046432c115f475e9323c
2020-04-01 10:15:24 +01:00
if !endpoint.config.RateLimiter.Enabled {
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
return nil
}
limiter, err := endpoint.limiterCache.Get(projectID.String(), func() (interface{}, error) {
satellite/metainfo: separate burst limit from rate limit config This PR utilize the new burst limit column from projects table to allow control on the limit for request per seconds and token bucket size When no burst limit is explicitly set, rate limit is applied to both so we don't limit how quickly request can be made in a second. Change-Id: I883235c60c5d6416aeadd1c80ed2ebd193aa4d9f
2021-08-23 22:47:58 +01:00
rateLimit := rate.Limit(endpoint.config.RateLimiter.Rate)
burstLimit := int(endpoint.config.RateLimiter.Rate)
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
project, err := endpoint.projects.Get(ctx, projectID)
if err != nil {
return false, err
}
satellite/metainfo: allow per-project rate limit of zero Change-Id: I237c67dfa3d24ed4837175556f72b9c761644435
2021-08-10 16:00:37 +01:00
if project.RateLimit != nil {
satellite/metainfo: separate burst limit from rate limit config This PR utilize the new burst limit column from projects table to allow control on the limit for request per seconds and token bucket size When no burst limit is explicitly set, rate limit is applied to both so we don't limit how quickly request can be made in a second. Change-Id: I883235c60c5d6416aeadd1c80ed2ebd193aa4d9f
2021-08-23 22:47:58 +01:00
rateLimit = rate.Limit(*project.RateLimit)
burstLimit = *project.RateLimit
}
// use the explicitly set burst value if it's defined
if project.BurstLimit != nil {
burstLimit = *project.BurstLimit
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
}
satellite/metainfo: separate burst limit from rate limit config This PR utilize the new burst limit column from projects table to allow control on the limit for request per seconds and token bucket size When no burst limit is explicitly set, rate limit is applied to both so we don't limit how quickly request can be made in a second. Change-Id: I883235c60c5d6416aeadd1c80ed2ebd193aa4d9f
2021-08-23 22:47:58 +01:00
return rate.NewLimiter(rateLimit, burstLimit), nil
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
})
if err != nil {
return rpcstatus.Error(rpcstatus.Unavailable, err.Error())
}
if !limiter.(*rate.Limiter).Allow() {
Add metrics to track rate limit. Add monkit metric for the rate-limit when the rate limit is hit Logs warning with projectID https://storjlabs.atlassian.net/browse/SM-165 Change-Id: I352dc40006021990d1bc66a999f62bbf8deb54db
2020-01-30 17:43:37 +00:00
endpoint.log.Warn("too many requests for project",
zap.Stringer("projectID", projectID),
satellite/metainfo: separate burst limit from rate limit config This PR utilize the new burst limit column from projects table to allow control on the limit for request per seconds and token bucket size When no burst limit is explicitly set, rate limit is applied to both so we don't limit how quickly request can be made in a second. Change-Id: I883235c60c5d6416aeadd1c80ed2ebd193aa4d9f
2021-08-23 22:47:58 +01:00
zap.Float64("rate limit", float64(limiter.(*rate.Limiter).Limit())),
zap.Float64("burst limit", float64(limiter.(*rate.Limiter).Burst())))
Add metrics to track rate limit. Add monkit metric for the rate-limit when the rate limit is hit Logs warning with projectID https://storjlabs.atlassian.net/browse/SM-165 Change-Id: I352dc40006021990d1bc66a999f62bbf8deb54db
2020-01-30 17:43:37 +00:00
all: use keyed special comment Change-Id: I57f6af053382c638026b64c5ff77b169bd3c6c8b
2020-10-13 13:13:41 +01:00
mon.Event("metainfo_rate_limit_exceeded") //mon:locked
Add metrics to track rate limit. Add monkit metric for the rate-limit when the rate limit is hit Logs warning with projectID https://storjlabs.atlassian.net/browse/SM-165 Change-Id: I352dc40006021990d1bc66a999f62bbf8deb54db
2020-01-30 17:43:37 +00:00
satellite/metainfo: Too many requests should have RPC status ResourceExhaused This is necessary to for the client to know that it can retry with a delay. Change-Id: Ie0ed95f6ae1c072896285d0714f879611ab0cdb3
2020-01-29 14:12:19 +00:00
return rpcstatus.Error(rpcstatus.ResourceExhausted, "Too Many Requests")
satellite/metainfo: Rate limiting - API requests Limits how many times metainfo APIs can be called per second by project ID. If limit is exceeded, the API will return Unauthorized/Too Many requests. Limit per second and the size of the limiter cache per project are configurable, as well as whether the limiter is enabled. Tests added/updated for the new rate_limit field in projects table. Tests added for exceeding limits and disableing limiter. Change-Id: Ic8ad102de3b690a475809d4f684156d5715f20fa
2020-01-17 15:01:36 +00:00
}
return nil
}
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
func (endpoint *Endpoint) validateBucket(ctx context.Context, bucket []byte) (err error) {
defer mon.Task()(&ctx)(&err)
if len(bucket) == 0 {
satellite/metainfo: check bucket existence on upload and listing Initial change for checking bucket existence on satellite side for requests like BeginObject and ListObjects. This is simple implementation that is just checking bucket in DB but should be improved in future to avoid DB calls as much as possible. Part of https://storjlabs.atlassian.net/browse/USR-365 Change-Id: I9076acddc44d7dbfa7612a1c24a007de01621583
2020-03-16 08:55:52 +00:00
return Error.Wrap(storj.ErrNoBucket.New(""))
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
}
Bucket name validation (#2244)
2019-06-24 10:52:25 +01:00
if len(bucket) < 3 || len(bucket) > 63 {
return Error.New("bucket name must be at least 3 and no more than 63 characters long")
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
}
Bucket name validation (#2244)
2019-06-24 10:52:25 +01:00
// Regexp not used because benchmark shows it will be slower for valid bucket names
// https://gist.github.com/mniewrzal/49de3af95f36e63e88fac24f565e444c
labels := bytes.Split(bucket, []byte("."))
for _, label := range labels {
err = validateBucketLabel(label)
if err != nil {
return err
}
}
if ipRegexp.MatchString(string(bucket)) {
return Error.New("bucket name cannot be formatted as an IP address")
}
Better metainfo Create/Commit request validation (#2088)
2019-06-05 17:41:02 +01:00
return nil
}
Bucket name validation (#2244)
2019-06-24 10:52:25 +01:00
func validateBucketLabel(label []byte) error {
if len(label) == 0 {
return Error.New("bucket label cannot be empty")
}
if !isLowerLetter(label[0]) && !isDigit(label[0]) {
return Error.New("bucket label must start with a lowercase letter or number")
}
if label[0] == '-' || label[len(label)-1] == '-' {
return Error.New("bucket label cannot start or end with a hyphen")
}
for i := 1; i < len(label)-1; i++ {
if !isLowerLetter(label[i]) && !isDigit(label[i]) && (label[i] != '-') && (label[i] != '.') {
return Error.New("bucket name must contain only lowercase letters, numbers or hyphens")
}
}
return nil
}
func isLowerLetter(r byte) bool {
return r >= 'a' && r <= 'z'
}
func isDigit(r byte) bool {
return r >= '0' && r <= '9'
}
satellite/metainfo: bring back validation while committing segment During metainfo refactor we disabled some validation as it was designed to validate pointer. Now part of this validation is restored. This is first part. Change-Id: I6132f922fe23d60118bbccfdb77fd93c3c81afed
2021-04-07 15:20:05 +01:00
func (endpoint *Endpoint) validateRemoteSegment(ctx context.Context, commitRequest metabase.CommitSegment, originalLimits []*pb.OrderLimit) (err error) {
defer mon.Task()(&ctx)(&err)
if len(originalLimits) == 0 {
return Error.New("no order limits")
}
if len(originalLimits) != int(commitRequest.Redundancy.TotalShares) {
return Error.New("invalid no order limit for piece")
}
maxAllowed, err := encryption.CalcEncryptedSize(endpoint.config.MaxSegmentSize.Int64(), storj.EncryptionParameters{
CipherSuite: storj.EncAESGCM,
BlockSize: 128, // intentionally low block size to allow maximum possible encryption overhead
})
if err != nil {
return err
}
if int64(commitRequest.EncryptedSize) > maxAllowed || commitRequest.EncryptedSize < 0 {
return Error.New("encrypted segment size %v is out of range, maximum allowed is %v", commitRequest.EncryptedSize, maxAllowed)
}
// TODO more validation for plain size and plain offset
if commitRequest.PlainSize > commitRequest.EncryptedSize {
return Error.New("plain segment size %v is out of range, maximum allowed is %v", commitRequest.PlainSize, commitRequest.EncryptedSize)
}
pieceNums := make(map[uint16]struct{})
nodeIds := make(map[storj.NodeID]struct{})
satellite: use PieceIDDeriver for derivation We can use PieceIDDeriver in all places where we are deriving id from the same id multiple times. We have serveral such places: gc, segment deletion, segment validation, order limit creation. Using it should save some resources. Change-Id: I24668d516c0f7cea4aec6470614067734149501d
2022-05-18 10:32:38 +01:00
deriver := commitRequest.RootPieceID.Deriver()
satellite/metainfo: bring back validation while committing segment During metainfo refactor we disabled some validation as it was designed to validate pointer. Now part of this validation is restored. This is first part. Change-Id: I6132f922fe23d60118bbccfdb77fd93c3c81afed
2021-04-07 15:20:05 +01:00
for _, piece := range commitRequest.Pieces {
if int(piece.Number) >= len(originalLimits) {
return Error.New("invalid piece number")
}
limit := originalLimits[piece.Number]
if limit == nil {
return Error.New("empty order limit for piece")
}
err := endpoint.orders.VerifyOrderLimitSignature(ctx, limit)
if err != nil {
return err
}
// expect that too much time has not passed between order limit creation and now
if time.Since(limit.OrderCreation) > endpoint.config.MaxCommitInterval {
return Error.New("Segment not committed before max commit interval of %f minutes.", endpoint.config.MaxCommitInterval.Minutes())
}
satellite: use PieceIDDeriver for derivation We can use PieceIDDeriver in all places where we are deriving id from the same id multiple times. We have serveral such places: gc, segment deletion, segment validation, order limit creation. Using it should save some resources. Change-Id: I24668d516c0f7cea4aec6470614067734149501d
2022-05-18 10:32:38 +01:00
derivedPieceID := deriver.Derive(piece.StorageNode, int32(piece.Number))
satellite/metainfo: bring back validation while committing segment During metainfo refactor we disabled some validation as it was designed to validate pointer. Now part of this validation is restored. This is first part. Change-Id: I6132f922fe23d60118bbccfdb77fd93c3c81afed
2021-04-07 15:20:05 +01:00
if limit.PieceId.IsZero() || limit.PieceId != derivedPieceID {
return Error.New("invalid order limit piece id")
}
if piece.StorageNode != limit.StorageNodeId {
return Error.New("piece NodeID != order limit NodeID")
}
if _, ok := pieceNums[piece.Number]; ok {
return Error.New("piece num %d is duplicated", piece.Number)
}
if _, ok := nodeIds[piece.StorageNode]; ok {
return Error.New("node id %s for piece num %d is duplicated", piece.StorageNode.String(), piece.Number)
}
pieceNums[piece.Number] = struct{}{}
nodeIds[piece.StorageNode] = struct{}{}
}
return nil
}
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
func (endpoint *Endpoint) checkUploadLimits(ctx context.Context, projectID uuid.UUID) error {
satellite/metainfo: usage limits for copy Previously there was no realtime administration of the storage usage during copies. Now there is. Closes https://github.com/storj/storj/issues/4719 Change-Id: I0d536bf551d16208116c3aceac89ed590ec473bf
2022-06-22 12:33:03 +01:00
return endpoint.checkUploadLimitsForNewObject(ctx, projectID, 1, 1)
}
func (endpoint *Endpoint) checkUploadLimitsForNewObject(
ctx context.Context, projectID uuid.UUID, newObjectSize int64, newObjectSegmentCount int64,
) error {
{satellite/metainfo, satellite/accounting}: remove ValidateSegmentLimit config value and check removed segment limit validation and checks in metainfo endpoint and accounting/projectusage since feature is live and has always has segment limitation now Resolves: https://github.com/storj/storj/issues/4470 Change-Id: I8cf87cbbc40ac61262f9f05e52573d3ae6410611
2022-07-04 19:44:58 +01:00
if limit, err := endpoint.projectUsage.ExceedsUploadLimits(ctx, projectID, newObjectSize, newObjectSegmentCount); err != nil {
satellite/metainfo: сombine checks for storage and segment limit We need to combine methods from accounting.Service (ExceedsStorageUsage and ExceedsSegmentUsage) to run checks concurrently. Resolves https://github.com/storj/team-metainfo/issues/73 Change-Id: I47831bca92457f16cfda789da89dbd460738ac97
2022-01-14 15:51:40 +00:00
if errs2.IsCanceled(err) {
return rpcstatus.Wrap(rpcstatus.Canceled, err)
}
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
satellite/metainfo: сombine checks for storage and segment limit We need to combine methods from accounting.Service (ExceedsStorageUsage and ExceedsSegmentUsage) to run checks concurrently. Resolves https://github.com/storj/team-metainfo/issues/73 Change-Id: I47831bca92457f16cfda789da89dbd460738ac97
2022-01-14 15:51:40 +00:00
endpoint.log.Error(
"Retrieving project upload limit failed; limit won't be enforced",
zap.Stringer("Project ID", projectID),
zap.Error(err),
)
} else {
{satellite/metainfo, satellite/accounting}: remove ValidateSegmentLimit config value and check removed segment limit validation and checks in metainfo endpoint and accounting/projectusage since feature is live and has always has segment limitation now Resolves: https://github.com/storj/storj/issues/4470 Change-Id: I8cf87cbbc40ac61262f9f05e52573d3ae6410611
2022-07-04 19:44:58 +01:00
if limit.ExceedsSegments {
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
endpoint.log.Warn("Segment limit exceeded",
satellite/metainfo: сombine checks for storage and segment limit We need to combine methods from accounting.Service (ExceedsStorageUsage and ExceedsSegmentUsage) to run checks concurrently. Resolves https://github.com/storj/team-metainfo/issues/73 Change-Id: I47831bca92457f16cfda789da89dbd460738ac97
2022-01-14 15:51:40 +00:00
zap.String("Limit", strconv.Itoa(int(limit.SegmentsLimit))),
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
zap.Stringer("Project ID", projectID),
)
return rpcstatus.Error(rpcstatus.ResourceExhausted, "Exceeded Segments Limit")
}
satellite/metainfo: сombine checks for storage and segment limit We need to combine methods from accounting.Service (ExceedsStorageUsage and ExceedsSegmentUsage) to run checks concurrently. Resolves https://github.com/storj/team-metainfo/issues/73 Change-Id: I47831bca92457f16cfda789da89dbd460738ac97
2022-01-14 15:51:40 +00:00
if limit.ExceedsStorage {
endpoint.log.Warn("Storage limit exceeded",
zap.String("Limit", strconv.Itoa(limit.StorageLimit.Int())),
zap.Stringer("Project ID", projectID),
)
return rpcstatus.Error(rpcstatus.ResourceExhausted, "Exceeded Storage Limit")
}
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
}
return nil
}
satellite/metainfo: usage limits for copy Previously there was no realtime administration of the storage usage during copies. Now there is. Closes https://github.com/storj/storj/issues/4719 Change-Id: I0d536bf551d16208116c3aceac89ed590ec473bf
2022-06-22 12:33:03 +01:00
func (endpoint *Endpoint) addSegmentToUploadLimits(ctx context.Context, projectID uuid.UUID, segmentSize int64) error {
return endpoint.addToUploadLimits(ctx, projectID, segmentSize, 1)
}
func (endpoint *Endpoint) addToUploadLimits(ctx context.Context, projectID uuid.UUID, size int64, segmentCount int64) error {
if err := endpoint.projectUsage.AddProjectStorageUsage(ctx, projectID, size); err != nil {
satellite/metainfo: Don't log error due to ctx cancellation Context cancellation that aborts a non-essential Redis operation must not be logged as an error because the operation is intentionally canceled. We are actually considering them not to be an error in following operation because of the same reason and we return a RPC canceled status code. On the other hand it doesn't make sense to continue if the context is canceled because although this is a non-essential operation if this one is canceled due to the context the next one will be canceled for the same reason, hence, we return earlier. Change-Id: Ib3331975adeb06367d1ea0a578263ef50ae3f079
2022-08-18 19:07:33 +01:00
if errs2.IsCanceled(err) {
return rpcstatus.Wrap(rpcstatus.Canceled, err)
}
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
// log it and continue. it's most likely our own fault that we couldn't
// track it, and the only thing that will be affected is our per-project
// bandwidth and storage limits.
endpoint.log.Error("Could not track new project's storage usage",
zap.Stringer("Project ID", projectID),
zap.Error(err),
)
}
{satellite/metainfo, satellite/accounting}: remove ValidateSegmentLimit config value and check removed segment limit validation and checks in metainfo endpoint and accounting/projectusage since feature is live and has always has segment limitation now Resolves: https://github.com/storj/storj/issues/4470 Change-Id: I8cf87cbbc40ac61262f9f05e52573d3ae6410611
2022-07-04 19:44:58 +01:00
err := endpoint.projectUsage.UpdateProjectSegmentUsage(ctx, projectID, segmentCount)
if err != nil {
if errs2.IsCanceled(err) {
return rpcstatus.Wrap(rpcstatus.Canceled, err)
satellite/metainfo: usage limits for copy Previously there was no realtime administration of the storage usage during copies. Now there is. Closes https://github.com/storj/storj/issues/4719 Change-Id: I0d536bf551d16208116c3aceac89ed590ec473bf
2022-06-22 12:33:03 +01:00
}
{satellite/metainfo, satellite/accounting}: remove ValidateSegmentLimit config value and check removed segment limit validation and checks in metainfo endpoint and accounting/projectusage since feature is live and has always has segment limitation now Resolves: https://github.com/storj/storj/issues/4470 Change-Id: I8cf87cbbc40ac61262f9f05e52573d3ae6410611
2022-07-04 19:44:58 +01:00
// log it and continue. it's most likely our own fault that we couldn't
// track it, and the only thing that will be affected is our per-project
// segment limits.
endpoint.log.Error(
"Could not track the new project's segment usage when committing",
zap.Stringer("Project ID", projectID),
zap.Error(err),
)
satellite/metainfo: usage limits for copy Previously there was no realtime administration of the storage usage during copies. Now there is. Closes https://github.com/storj/storj/issues/4719 Change-Id: I0d536bf551d16208116c3aceac89ed590ec473bf
2022-06-22 12:33:03 +01:00
}
return nil
}
func (endpoint *Endpoint) addStorageUsageUpToLimit(ctx context.Context, projectID uuid.UUID, storage int64, segments int64) (err error) {
err = endpoint.projectUsage.AddProjectUsageUpToLimit(ctx, projectID, storage, segments)
if err != nil {
if accounting.ErrProjectLimitExceeded.Has(err) {
endpoint.log.Warn("Upload limit exceeded",
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
zap.Stringer("Project ID", projectID),
zap.Error(err),
)
satellite/metainfo: usage limits for copy Previously there was no realtime administration of the storage usage during copies. Now there is. Closes https://github.com/storj/storj/issues/4719 Change-Id: I0d536bf551d16208116c3aceac89ed590ec473bf
2022-06-22 12:33:03 +01:00
return rpcstatus.Error(rpcstatus.ResourceExhausted, err.Error())
}
if errs2.IsCanceled(err) {
return rpcstatus.Wrap(rpcstatus.Canceled, err)
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
}
satellite/metainfo: usage limits for copy Previously there was no realtime administration of the storage usage during copies. Now there is. Closes https://github.com/storj/storj/issues/4719 Change-Id: I0d536bf551d16208116c3aceac89ed590ec473bf
2022-06-22 12:33:03 +01:00
endpoint.log.Error(
"Updating project upload limits failed; limits won't be enforced",
zap.Stringer("Project ID", projectID),
zap.Error(err),
)
satellite/metainfo: cleanup validation Refactoring to do few things: * move simple validation before validations with DB calls * combine validation check/update for storage and segment limits together Change-Id: I6c2431ba236d4e388791d2e2d01ca7e0dd4439fc
2022-01-13 09:57:31 +00:00
}
return nil
}
satellite/metainfo: add missing metadata validation We are missing metadata validation for UpdateObjectMetadata and FinishCopyOject requests. Change-Id: Idca6a4d1fe108e1593405fd3913442f5b69d09e7
2022-04-21 15:25:16 +01:00
// checkEncryptedMetadata checks encrypted metadata and it's encrypted key sizes. Metadata encrypted key nonce
// is serialized to storj.Nonce automatically.
func (endpoint *Endpoint) checkEncryptedMetadataSize(encryptedMetadata, encryptedKey []byte) error {
metadataSize := memory.Size(len(encryptedMetadata))
if metadataSize > endpoint.config.MaxMetadataSize {
return rpcstatus.Errorf(rpcstatus.InvalidArgument, "Encrypted metadata is too large, got %v, maximum allowed is %v", metadataSize, endpoint.config.MaxMetadataSize)
}
// verify key only if any metadata was set
if metadataSize > 0 && len(encryptedKey) != encryptedKeySize {
return rpcstatus.Errorf(rpcstatus.InvalidArgument, "Encrypted metadata key size is invalid, got %v, expected %v", len(encryptedKey), encryptedKeySize)
}
return nil
}
Reference in New Issue Copy Permalink