standardMetadataValidateBucketAndObj - retrieve bucket and object md from metadata * and check if user is authorized to access them. * @param {object} params - function parameters * @param {AuthInfo} params.authInfo - AuthInfo class instance, requester's info * @param {string} params.bucketName
(params, actionImplicitDenies, log, callback)
| 332 | * @return {undefined} - and call callback with params err, bucket md |
| 333 | */ |
| 334 | function standardMetadataValidateBucketAndObj(params, actionImplicitDenies, log, callback) { |
| 335 | const { authInfo, bucketName, objectKey, versionId, getDeleteMarker, request, withVersionId } = params; |
| 336 | let requestType = params.requestType; |
| 337 | if (!Array.isArray(requestType)) { |
| 338 | requestType = [requestType]; |
| 339 | } |
| 340 | if (params.serverAccessLogOptions?.copySource) { |
| 341 | // eslint-disable-next-line no-param-reassign |
| 342 | params.serverAccessLogOptions.savedAclRequired = request?.serverAccessLog?.aclRequired; |
| 343 | } |
| 344 | async.waterfall([ |
| 345 | next => { |
| 346 | // versionId may be 'null', which asks metadata to fetch the null key specifically |
| 347 | const getOptions = { versionId }; |
| 348 | if (getDeleteMarker) { |
| 349 | getOptions.getDeleteMarker = true; |
| 350 | } |
| 351 | return metadata.getBucketAndObjectMD(bucketName, objectKey, getOptions, log, |
| 352 | (err, getResult, raftSessionId) => { |
| 353 | if (err) { |
| 354 | // if some implicit iamAuthzResults, return AccessDenied |
| 355 | // before leaking any state information |
| 356 | if (actionImplicitDenies && Object.values(actionImplicitDenies).some(v => v === true)) { |
| 357 | return next(errors.AccessDenied); |
| 358 | } |
| 359 | return next(err); |
| 360 | } |
| 361 | return next(null, getResult, raftSessionId); |
| 362 | }); |
| 363 | }, |
| 364 | (getResult, raftSessionId, next) => { |
| 365 | const bucket = getResult.bucket ? |
| 366 | BucketInfo.deSerialize(getResult.bucket) : undefined; |
| 367 | if (!bucket) { |
| 368 | log.debug('bucketAttrs is undefined', { |
| 369 | bucket: bucketName, |
| 370 | method: 'metadataValidateBucketAndObj', |
| 371 | }); |
| 372 | return next(errors.NoSuchBucket, raftSessionId); |
| 373 | } |
| 374 | const validationError = validateBucket(bucket, params, log, actionImplicitDenies); |
| 375 | if (validationError) { |
| 376 | return next(validationError, bucket, raftSessionId); |
| 377 | } |
| 378 | |
| 379 | // Rate limiting check if not already done in api.js |
| 380 | return checkRateLimitIfNeeded(request, authInfo, bucket, log, err => { |
| 381 | if (err) { |
| 382 | return next(err, bucket); |
| 383 | } |
| 384 | |
| 385 | // Continue with object metadata processing |
| 386 | const objMD = getResult.obj ? JSON.parse(getResult.obj) : undefined; |
| 387 | if (!objMD && versionId === 'null') { |
| 388 | return getNullVersionFromMaster(bucketName, objectKey, log, |
| 389 | (err, nullVer) => next(err, bucket, nullVer, raftSessionId)); |
| 390 | } |
| 391 | return next(null, bucket, objMD, raftSessionId); |
no test coverage detected