(request, response, requestContexts, log)
| 1640 | } |
| 1641 | |
| 1642 | function routeBackbeatAPIProxy(request, response, requestContexts, log) { |
| 1643 | const path = request.url.replace('/_/backbeat/api/', '/_/'); |
| 1644 | const { host, port } = config.backbeat; |
| 1645 | const target = `http://${host}:${port}${path}`; |
| 1646 | |
| 1647 | auth.server.doAuth( |
| 1648 | request, |
| 1649 | log, |
| 1650 | (err, userInfo, authorizationResults, streamingV4Params, infos) => { |
| 1651 | if (err) { |
| 1652 | log.debug('authentication error', { |
| 1653 | error: err, |
| 1654 | method: request.method, |
| 1655 | bucketName: request.bucketName, |
| 1656 | objectKey: request.objectKey, |
| 1657 | }); |
| 1658 | return responseJSONBody(err, null, response, log); |
| 1659 | } |
| 1660 | // We don't use the authorization results for now |
| 1661 | // as the UI uses the external Cloudserver instance |
| 1662 | // as a proxy to access the Backbeat API service. |
| 1663 | |
| 1664 | // eslint-disable-next-line no-param-reassign |
| 1665 | request.accountQuotas = infos?.accountQuota; |
| 1666 | // FIXME for now, any authenticated user can access API |
| 1667 | // routes. We should introduce admin accounts or accounts |
| 1668 | // with admin privileges, and restrict access to those |
| 1669 | // only. |
| 1670 | if (userInfo.getCanonicalID() === constants.publicId) { |
| 1671 | log.debug('unauthenticated access to API routes', { |
| 1672 | method: request.method, |
| 1673 | bucketName: request.bucketName, |
| 1674 | objectKey: request.objectKey, |
| 1675 | }); |
| 1676 | return responseJSONBody(errors.AccessDenied, null, response, log); |
| 1677 | } |
| 1678 | return backbeatProxy.web(request, response, { target }, err => { |
| 1679 | log.error('error proxying request to api server', { error: err.message }); |
| 1680 | return responseJSONBody(errors.ServiceUnavailable, null, response, log); |
| 1681 | }); |
| 1682 | }, |
| 1683 | 's3', |
| 1684 | requestContexts, |
| 1685 | ); |
| 1686 | } |
| 1687 | |
| 1688 | function routeNonObjectRequest(request, response, userInfo, log, callback) { |
| 1689 | if (userInfo.getCanonicalID() === constants.publicId) { |
no test coverage detected