scality · KazToozs · May 6, 2024
diff --git a/lib/api/api.js b/lib/api/api.js
@@ -52,6 +52,7 @@
 const objectGetTagging = require('./objectGetTagging');
 const objectHead = require('./objectHead');
 const objectPut = require('./objectPut');
+const objectPost = require('./objectPost');
 const objectPutACL = require('./objectPutACL');
 const objectPutLegalHold = require('./objectPutLegalHold');
 const objectPutTagging = require('./objectPutTagging');
@@ -68,11 +69,55 @@
 const parseCopySource = require('./apiUtils/object/parseCopySource');
 const { tagConditionKeyAuth } = require('./apiUtils/authorization/tagConditionKeys');
 const checkHttpHeadersSize = require('./apiUtils/object/checkHttpHeadersSize');
+const { decryptToken } = require('./apiUtils/object/continueToken');
+
 
 const monitoringMap = policies.actionMaps.actionMonitoringMapS3;
 
 auth.setHandler(vault);
 
+
+
+function parseMultipartFormData(data, contentType) {
+    // Extract the boundary from the content type
+    const boundary = contentType.split('boundary=')[1];
+
+    // Split the content by the boundary
+    // remove the first and last element (empty or close boundary strings)
+    const parts = data.split(`--${boundary}`).slice(1, -1);
+    // Create an object to hold the parsed data
+    const formData = {};
+
+    // Process each part to extract the content
+    parts.forEach(part => {
+        // Split the header from the content
+        const [header, ...content] = part.split('\r\n\r\n');
+        const contentBody = content.join('\r\n\r\n').trim(); // join and trim in case of split errors
+
+        // Get the name of the field from the header
+        const nameMatch = header.match(/name="([^"]+)"/);
+        if (!nameMatch) return; // if no name is found, skip this part
+
+        const name = nameMatch[1];
+
+        // Optional: Check if it has a filename to handle as file input
+        const filenameMatch = header.match(/filename="([^"]+)"/);
+        const filename = filenameMatch ? filenameMatch[1] : undefined;
+
+        // Assign value to the object; handle files differently if needed
+        if (filename) {
+            // If filename is present, structure as a file object (mock example)
+            formData[name] = { filename, content: contentBody, type: part.match(/Content-Type: ([^\r\n]+)/)[1] };
+        } else {
+            // Else, just save the content
+            formData[name] = contentBody;
+        }
+    });
+
+    return formData;
+}
+
+
 /* eslint-disable no-param-reassign */
 const api = {
     callApiMethod(apiMethod, request, response, log, callback) {
@@ -186,22 +231,11 @@
         }
 
         return async.waterfall([
-            next => auth.server.doAuth(
-                request, log, (err, userInfo, authorizationResults, streamingV4Params) => {
-                    if (err) {
-                        log.trace('authentication error', { error: err });
-                        return next(err);
-                    }
-                    return next(null, userInfo, authorizationResults, streamingV4Params);
-                }, 's3', requestContexts),
-            (userInfo, authorizationResults, streamingV4Params, next) => {
-                const authNames = { accountName: userInfo.getAccountDisplayName() };
-                if (userInfo.isRequesterAnIAMUser()) {
-                    authNames.userName = userInfo.getIAMdisplayName();
-                }
-                log.addDefaultFields(authNames);
+            next => { // this never completes until the POST information
+                // is received and is of the length specified in the headers
+
                 if (apiMethod === 'objectPut' || apiMethod === 'objectPutPart') {
-                    return next(null, userInfo, authorizationResults, streamingV4Params);
+                    return next(null);
                 }
                 // issue 100 Continue to the client
                 writeContinue(request, response);
@@ -232,10 +266,34 @@
                     }
                     // Convert array of post buffers into one string
                     request.post = Buffer.concat(post, postLength).toString();
-                    return next(null, userInfo, authorizationResults, streamingV4Params);
+                    if (request.method === 'POST') {
+                        const formData = parseMultipartFormData(request.post, request.headers['content-type']);
+                        // request.query = formData;
+                        // TODO is policy decryption needed?
+                        request.parsedFormData = formData;
+                        const decryptedPolicy = JSON.parse(decryptToken(formData.Policy));
+                    }
+                    return next(null);
                 });
                 return undefined;
             },
+            next => auth.server.doAuth(
+                request, log, (err, userInfo, authorizationResults, streamingV4Params) => {
+                    if (err) {
+                        log.trace('authentication error', { error: err });
+                        return next(err);
+                    }
+                    return next(null, userInfo, authorizationResults, streamingV4Params);
+                }, 's3', requestContexts),
+            (userInfo, authorizationResults, streamingV4Params, next) => { // this never completes until the POST information
+                // is received and is of the length specified in the headers
+                const authNames = { accountName: userInfo.getAccountDisplayName() };
+                if (userInfo.isRequesterAnIAMUser()) {
+                    authNames.userName = userInfo.getIAMdisplayName();
+                }
+                log.addDefaultFields(authNames);
+                return next(null, userInfo, authorizationResults, streamingV4Params);
+            },
             // Tag condition keys require information from CloudServer for evaluation
             (userInfo, authorizationResults, streamingV4Params, next) => tagConditionKeyAuth(
                 authorizationResults,
@@ -271,7 +329,8 @@
                     return acc;
                 }, {});
             }
-            if (apiMethod === 'objectPut' || apiMethod === 'objectPutPart') {
+            if (apiMethod === 'objectPut' || apiMethod === 'objectPutPart'
+                || apiMethod === 'objectPost') {
                 request._response = response;
                 return this[apiMethod](userInfo, request, streamingV4Params,
                     log, callback, authorizationResults);
@@ -337,6 +396,7 @@
     objectCopy,
     objectHead,
     objectPut,
+    objectPost,
     objectPutACL,
     objectPutLegalHold,
     objectPutTagging,