pkg/server: map anonymous gateway requests to minio error

this ensures we don't throw internal server errors if a user accesses the gateway endpoint without any access key given. Closes #103 Change-Id: I91d31d5a708e9912ed97b69153473e2cdceb69a3
storj · Nov 10, 2021 · c58fbf0 · c58fbf0
1 parent 3abe652
commit c58fbf0
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/pkg/server/multi_tenant.go b/pkg/server/multi_tenant.go
@@ -37,6 +37,13 @@ var (
 	// ErrAccessGrant occurs when failing to parse the access grant from the
 	// request.
 	ErrAccessGrant = errs.Class("access grant")
+
+	// ErrAccessKeyEmpty occurs when no access key could be found in the request.
+	ErrAccessKeyEmpty = miniogo.ErrorResponse{
+		Code:       "XStorjAccessKeyEmpty",
+		StatusCode: http.StatusUnauthorized,
+		Message:    "Access key is empty.",
+	}
 )
 
 type multiTenantGateway struct {
@@ -465,7 +472,7 @@ func (l *multiTenancyLayer) openProject(ctx context.Context, accessKey string) (
 	// this happens when an anonymous request hits the gateway endpoint, e.g.
 	// accessing http://localhost:7777 directly.
 	if accessKey == "" {
-		return nil, ErrAccessGrant.New("empty")
+		return nil, ErrAccessKeyEmpty
 	}
 
 	access, err := uplink.ParseAccess(accessKey)

diff --git a/pkg/server/multi_tenant_test.go b/pkg/server/multi_tenant_test.go
@@ -6,6 +6,7 @@ package server
 import (
 	"context"
 	"errors"
+	"net/http"
 	"testing"
 
 	miniogo "github.com/minio/minio-go/v7"
@@ -86,3 +87,11 @@ func TestLogAllErrors(t *testing.T) {
 		require.Equal(t, tc.expected, log.TagValue("error"), i)
 	}
 }
+
+func TestInvalidAccessGrant(t *testing.T) {
+	layer := &multiTenancyLayer{minio.GatewayUnsupported{}, nil, nil, uplink.Config{}, true}
+	_, err := layer.ListBuckets(context.Background())
+	require.Error(t, err)
+	require.IsType(t, miniogo.ErrorResponse{}, err)
+	require.Equal(t, http.StatusUnauthorized, miniogo.ToErrorResponse(err).StatusCode)
+}