func PreAuthRequest(ctx context.Context) { id := ctx.PathValue("id") if p, err := preauth.Load(id); err != nil { err_msg := "err:@preAuth load: " + err.Error() logger.Error(err_msg) responder.RespondWithError(ctx, 500, err_msg) return } else { if n, err := node.LoadUnauth(p.NodeId); err == nil { switch p.Type { case "download": filename := n.Id if fn, has := p.Options["filename"]; has { filename = fn } streamDownload(ctx, n, filename) preauth.Delete(id) return default: responder.RespondWithError(ctx, 500, "Preauthorization type not supported: "+p.Type) } } else { err_msg := "err:@preAuth loadnode: " + err.Error() logger.Error(err_msg) responder.RespondWithError(ctx, 500, err_msg) } } return }
// GET, POST, PUT, DELETE: /node/{nid}/acl/ // GET is the only action implemented here. func AclRequest(ctx context.Context) { nid := ctx.PathValue("nid") rmeth := ctx.HttpRequest().Method u, err := request.Authenticate(ctx.HttpRequest()) if err != nil && err.Error() != e.NoAuth { request.AuthError(err, ctx) return } // public user (no auth) can perform a GET operation with the proper node permissions if u == nil { if rmeth == "GET" && conf.ANON_READ { u = &user.User{Uuid: "public"} } else { responder.RespondWithError(ctx, http.StatusUnauthorized, e.NoAuth) return } } // Load node by id n, err := node.Load(nid) if err != nil { if err == mgo.ErrNotFound { responder.RespondWithError(ctx, http.StatusNotFound, e.NodeNotFound) return } else { // In theory the db connection could be lost between // checking user and load but seems unlikely. err_msg := "Err@node_Acl:LoadNode: " + nid + err.Error() logger.Error(err_msg) responder.RespondWithError(ctx, http.StatusInternalServerError, err_msg) return } } // Only the owner, an admin, or someone with read access can view acl's. // // NOTE: If the node is publicly owned, then anyone can view all acl's. The owner can only // be "public" when anonymous node creation (ANON_WRITE) is enabled in Shock config. rights := n.Acl.Check(u.Uuid) if n.Acl.Owner != u.Uuid && u.Admin == false && n.Acl.Owner != "public" && rights["read"] == false { responder.RespondWithError(ctx, http.StatusUnauthorized, e.UnAuth) return } if rmeth == "GET" { query := ctx.HttpRequest().URL.Query() verbosity := "" if _, ok := query["verbosity"]; ok { verbosity = query.Get("verbosity") } responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) } else { responder.RespondWithError(ctx, http.StatusNotImplemented, "This request type is not implemented.") } return }
// GET, POST, PUT, DELETE: /node/{nid}/acl/{type} func AclTypedRequest(ctx context.Context) { nid := ctx.PathValue("nid") rtype := ctx.PathValue("type") rmeth := ctx.HttpRequest().Method query := ctx.HttpRequest().URL.Query() verbosity := "" if _, ok := query["verbosity"]; ok { verbosity = query.Get("verbosity") } u, err := request.Authenticate(ctx.HttpRequest()) if err != nil && err.Error() != e.NoAuth { request.AuthError(err, ctx) return } if !validAclTypes[rtype] { responder.RespondWithError(ctx, http.StatusBadRequest, "Invalid acl type") return } // Load node by id n, err := node.Load(nid) if err != nil { if err == mgo.ErrNotFound { responder.RespondWithError(ctx, http.StatusNotFound, e.NodeNotFound) return } else { // In theory the db connection could be lost between // checking user and load but seems unlikely. err_msg := "Err@node_Acl:LoadNode: " + nid + err.Error() logger.Error(err_msg) responder.RespondWithError(ctx, http.StatusInternalServerError, err_msg) return } } // public user (no auth) can perform a GET operation given the proper node permissions if u == nil { rights := n.Acl.Check("public") if rmeth == "GET" && conf.ANON_READ && (rights["read"] || n.Acl.Owner == "public") { responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) return } else { responder.RespondWithError(ctx, http.StatusUnauthorized, e.NoAuth) return } } // Users that are not an admin or the node owner can only delete themselves from an ACL. if n.Acl.Owner != u.Uuid && u.Admin == false { // Users that are not an admin or the node owner cannot remove public from ACL's. if rtype == "public_read" || rtype == "public_write" || rtype == "public_delete" || rtype == "public_all" { responder.RespondWithError(ctx, http.StatusBadRequest, "Users that are not node owners can only delete themselves from ACLs.") return } // Parse user list ids, err := parseAclRequestTyped(ctx) if err != nil { responder.RespondWithError(ctx, http.StatusBadRequest, err.Error()) return } if rmeth == "DELETE" { if len(ids) != 1 || (len(ids) == 1 && ids[0] != u.Uuid) { responder.RespondWithError(ctx, http.StatusBadRequest, "Users that are not node owners can delete only themselves from ACLs.") return } if rtype == "owner" { responder.RespondWithError(ctx, http.StatusBadRequest, "Deleting node ownership is not a supported request type.") return } if rtype == "all" { n.Acl.UnSet(ids[0], map[string]bool{"read": true, "write": true, "delete": true}) } else { n.Acl.UnSet(ids[0], map[string]bool{rtype: true}) } n.Save() responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) return } responder.RespondWithError(ctx, http.StatusBadRequest, "Users that are not node owners can only delete themselves from ACLs.") return } // At this point we know we're dealing with an admin or the node owner. // Admins and node owners can view/edit/delete ACLs if rmeth == "GET" { responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) return } else if rmeth == "POST" || rmeth == "PUT" { if rtype == "public_read" || rtype == "public_write" || rtype == "public_delete" || rtype == "public_all" { if rtype == "public_read" { n.Acl.Set("public", map[string]bool{"read": true}) } else if rtype == "public_write" { n.Acl.Set("public", map[string]bool{"write": true}) } else if rtype == "public_delete" { n.Acl.Set("public", map[string]bool{"delete": true}) } else if rtype == "public_all" { n.Acl.Set("public", map[string]bool{"read": true, "write": true, "delete": true}) } n.Save() responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) return } // Parse user list ids, err := parseAclRequestTyped(ctx) if err != nil { responder.RespondWithError(ctx, http.StatusBadRequest, err.Error()) return } if rtype == "owner" { if len(ids) == 1 { n.Acl.SetOwner(ids[0]) } else { responder.RespondWithError(ctx, http.StatusBadRequest, "Too many users. Nodes may have only one owner.") return } } else if rtype == "all" { for _, i := range ids { n.Acl.Set(i, map[string]bool{"read": true, "write": true, "delete": true}) } } else { for _, i := range ids { n.Acl.Set(i, map[string]bool{rtype: true}) } } n.Save() responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) return } else if rmeth == "DELETE" { if rtype == "public_read" || rtype == "public_write" || rtype == "public_delete" || rtype == "public_all" { if rtype == "public_read" { n.Acl.UnSet("public", map[string]bool{"read": true}) } else if rtype == "public_write" { n.Acl.UnSet("public", map[string]bool{"write": true}) } else if rtype == "public_delete" { n.Acl.UnSet("public", map[string]bool{"delete": true}) } else if rtype == "public_all" { n.Acl.UnSet("public", map[string]bool{"read": true, "write": true, "delete": true}) } n.Save() responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) return } // Parse user list ids, err := parseAclRequestTyped(ctx) if err != nil { responder.RespondWithError(ctx, http.StatusBadRequest, err.Error()) return } if rtype == "owner" { responder.RespondWithError(ctx, http.StatusBadRequest, "Deleting ownership is not a supported request type.") return } else if rtype == "all" { for _, i := range ids { n.Acl.UnSet(i, map[string]bool{"read": true, "write": true, "delete": true}) } } else { for _, i := range ids { n.Acl.UnSet(i, map[string]bool{rtype: true}) } } n.Save() responder.RespondWithData(ctx, n.Acl.FormatDisplayAcl(verbosity)) return } else { responder.RespondWithError(ctx, http.StatusNotImplemented, "This request type is not implemented.") return } }
// GET, PUT, DELETE: /node/{nid}/index/{idxType} func IndexTypedRequest(ctx context.Context) { nid := ctx.PathValue("nid") idxType := ctx.PathValue("idxType") u, err := request.Authenticate(ctx.HttpRequest()) if err != nil && err.Error() != e.NoAuth { request.AuthError(err, ctx) return } // Fake public user if u == nil { u = &user.User{Uuid: ""} } // Load node and handle user unauthorized n, err := node.Load(nid, u.Uuid) if err != nil { if err.Error() == e.UnAuth { responder.RespondWithError(ctx, http.StatusUnauthorized, e.UnAuth) return } else if err.Error() == e.MongoDocNotFound { responder.RespondWithError(ctx, http.StatusNotFound, "Node not found.") return } else { // In theory the db connection could be lost between // checking user and load but seems unlikely. err_msg := "Err@index:LoadNode: " + err.Error() logger.Error(err_msg) responder.RespondWithError(ctx, http.StatusInternalServerError, err_msg) return } } switch ctx.HttpRequest().Method { case "DELETE": rights := n.Acl.Check(u.Uuid) if !rights["write"] { responder.RespondWithError(ctx, http.StatusUnauthorized, e.UnAuth) return } if _, has := n.Indexes[idxType]; has { if err := n.DeleteIndex(idxType); err != nil { err_msg := err.Error() logger.Error(err_msg) responder.RespondWithError(ctx, http.StatusInternalServerError, err_msg) } responder.RespondOK(ctx) } else { responder.RespondWithError(ctx, http.StatusBadRequest, fmt.Sprintf("Node %s does not have index of type %s.", n.Id, idxType)) } case "GET": if v, has := n.Indexes[idxType]; has { responder.RespondWithData(ctx, map[string]interface{}{idxType: v}) } else { responder.RespondWithError(ctx, http.StatusBadRequest, fmt.Sprintf("Node %s does not have index of type %s.", n.Id, idxType)) } case "PUT": rights := n.Acl.Check(u.Uuid) if !rights["write"] { responder.RespondWithError(ctx, http.StatusUnauthorized, e.UnAuth) return } // Gather query params query := ctx.HttpRequest().URL.Query() _, forceRebuild := query["force_rebuild"] if _, has := n.Indexes[idxType]; has { if idxType == "size" { responder.RespondOK(ctx) return } else if !forceRebuild { responder.RespondWithError(ctx, http.StatusBadRequest, "This index already exists, please add the parameter 'force_rebuild=1' to force a rebuild of the existing index.") return } } if !n.HasFile() { responder.RespondWithError(ctx, http.StatusBadRequest, "Node has no file.") return } else if idxType == "" { responder.RespondWithError(ctx, http.StatusBadRequest, "Index create requires type.") return } if _, ok := index.Indexers[idxType]; !ok && idxType != "bai" && idxType != "subset" && idxType != "column" { responder.RespondWithError(ctx, http.StatusBadRequest, fmt.Sprintf("Index type %s unavailable.", idxType)) return } if idxType == "size" { responder.RespondWithError(ctx, http.StatusBadRequest, fmt.Sprintf("Index type size is a virtual index and does not require index building.")) return } if conf.Bool(conf.Conf["perf-log"]) { logger.Perf("START indexing: " + nid) } if idxType == "bai" { //bam index is created by the command-line tool samtools if n.Type == "subset" { responder.RespondWithError(ctx, http.StatusBadRequest, "Shock does not support bam index creation on subset nodes.") return } if ext := n.FileExt(); ext == ".bam" { if err := index.CreateBamIndex(n.FilePath()); err != nil { responder.RespondWithError(ctx, http.StatusInternalServerError, "Error while creating bam index.") return } responder.RespondOK(ctx) return } else { responder.RespondWithError(ctx, http.StatusBadRequest, "Index type bai requires .bam file.") return } } subsetSize := int64(0) count := int64(0) indexFormat := "" subsetName := "" if idxType == "subset" { // Utilizing the multipart form parser since we need to upload a file. params, files, err := request.ParseMultipartForm(ctx.HttpRequest()) if err != nil { responder.RespondWithError(ctx, http.StatusBadRequest, err.Error()) return } parentIndex, hasParent := params["parent_index"] if !hasParent { responder.RespondWithError(ctx, http.StatusBadRequest, "Index type subset requires parent_index param.") return } else if _, has := n.Indexes[parentIndex]; !has { responder.RespondWithError(ctx, http.StatusBadRequest, fmt.Sprintf("Node %s does not have index of type %s.", n.Id, parentIndex)) return } newIndex, hasName := params["index_name"] if !hasName { responder.RespondWithError(ctx, http.StatusBadRequest, "Index type subset requires index_name param.") return } else if _, reservedName := index.Indexers[newIndex]; reservedName || newIndex == "bai" { responder.RespondWithError(ctx, http.StatusBadRequest, fmt.Sprintf("%s is a reserved index name and cannot be used to create a custom subset index.", newIndex)) return } subsetName = newIndex subsetIndices, hasFile := files["subset_indices"] if !hasFile { responder.RespondWithError(ctx, http.StatusBadRequest, "Index type subset requires subset_indices file.") return } f, _ := os.Open(subsetIndices.Path) defer f.Close() idxer := index.NewSubsetIndexer(f) // we default to "array" index format for backwards compatibility indexFormat = "array" if n.Indexes[parentIndex].Format == "array" || n.Indexes[parentIndex].Format == "matrix" { indexFormat = n.Indexes[parentIndex].Format } count, subsetSize, err = index.CreateSubsetIndex(&idxer, n.IndexPath()+"/"+newIndex+".idx", n.IndexPath()+"/"+parentIndex+".idx", indexFormat, n.Indexes[parentIndex].TotalUnits) if err != nil { logger.Error("err " + err.Error()) responder.RespondWithError(ctx, http.StatusBadRequest, err.Error()) return } } else if idxType == "column" { // Gather query params query := ctx.HttpRequest().URL.Query() if n.Type == "subset" { responder.RespondWithError(ctx, http.StatusBadRequest, "Shock does not support column index creation on subset nodes.") return } if _, exists := query["number"]; !exists { err_msg := "Index type column requires a number parameter in the url." logger.Error(err_msg) responder.RespondWithError(ctx, http.StatusBadRequest, err_msg) return } num_str := query.Get("number") idxType = idxType + num_str num, err := strconv.Atoi(num_str) if err != nil || num < 1 { err_msg := "Index type column requires a number parameter in the url of an integer greater than zero." logger.Error(err_msg) responder.RespondWithError(ctx, http.StatusBadRequest, err_msg) return } f, _ := os.Open(n.FilePath()) defer f.Close() idxer := index.NewColumnIndexer(f) count, indexFormat, err = index.CreateColumnIndex(&idxer, num, n.IndexPath()+"/"+idxType+".idx") if err != nil { logger.Error("err " + err.Error()) responder.RespondWithError(ctx, http.StatusBadRequest, err.Error()) return } } else { if n.Type == "subset" && (idxType != "chunkrecord" || n.Subset.Parent.IndexName != "record") { responder.RespondWithError(ctx, http.StatusBadRequest, "For subset nodes, Shock currently only supports subset and chunkrecord indexes. Also, for a chunkrecord index, the subset node must have been generated from a record index.") return } newIndexer := index.Indexers[idxType] f, _ := os.Open(n.FilePath()) defer f.Close() var idxer index.Indexer if n.Type == "subset" { idxer = newIndexer(f, n.Type, n.Subset.Index.Format, n.IndexPath()+"/"+n.Subset.Parent.IndexName+".idx") } else { idxer = newIndexer(f, n.Type, "", "") } count, indexFormat, err = idxer.Create(n.IndexPath() + "/" + idxType + ".idx") if err != nil { logger.Error("err " + err.Error()) responder.RespondWithError(ctx, http.StatusBadRequest, err.Error()) return } } if count == 0 { responder.RespondWithError(ctx, http.StatusBadRequest, "Index empty.") return } idxInfo := node.IdxInfo{ Type: idxType, TotalUnits: count, AvgUnitSize: n.File.Size / count, Format: indexFormat, } //if idxType == "chunkrecord" { // idxInfo.AvgUnitSize = conf.CHUNK_SIZE //} if idxType == "subset" { idxType = subsetName idxInfo.AvgUnitSize = subsetSize / count } if err := n.SetIndexInfo(idxType, idxInfo); err != nil { logger.Error("[email protected]: " + err.Error()) } if conf.Bool(conf.Conf["perf-log"]) { logger.Perf("END indexing: " + nid) } responder.RespondOK(ctx) return default: responder.RespondWithError(ctx, http.StatusNotImplemented, "This request type is not implemented.") } return }