1use std::env;
7use std::sync::{OnceLock, RwLock};
8
9use serde::{Deserialize, Serialize};
10use url::Url;
11
12use crate::config::ConfigManager;
13use crate::error::{Error, Result};
14
15const RC_HOST_PREFIX: &str = "RC_HOST_";
16const CUSTOM_HEADER_PREFIX: &str = "x-amz-";
17
18static GLOBAL_REQUEST_HEADERS: OnceLock<RwLock<Vec<RequestHeader>>> = OnceLock::new();
19
20#[derive(Debug, Clone, PartialEq, Eq)]
22pub struct RequestHeader {
23 pub name: String,
24 pub value: String,
25}
26
27impl RequestHeader {
28 pub fn parse(value: &str) -> Result<Self> {
29 let (name, header_value) = value.split_once(':').ok_or_else(|| {
30 Error::Config(
31 "Header must use NAME:VALUE format, for example x-amz-meta-key:value".into(),
32 )
33 })?;
34
35 let name = name.trim().to_ascii_lowercase();
36 let header_value = header_value.trim().to_string();
37
38 if name.is_empty() {
39 return Err(Error::Config("Header name must not be empty".into()));
40 }
41
42 if header_value.is_empty() {
43 return Err(Error::Config("Header value must not be empty".into()));
44 }
45
46 if !name.starts_with(CUSTOM_HEADER_PREFIX) {
47 return Err(Error::Config(
48 "Only x-amz-* custom request headers are supported".into(),
49 ));
50 }
51
52 if !name
53 .bytes()
54 .all(|b| b.is_ascii_alphanumeric() || matches!(b, b'-' | b'_'))
55 {
56 return Err(Error::Config(format!("Invalid header name '{name}'")));
57 }
58
59 if !header_value.is_ascii() || header_value.bytes().any(|b| matches!(b, b'\r' | b'\n')) {
60 return Err(Error::Config(format!("Invalid value for header '{name}'")));
61 }
62
63 Ok(Self {
64 name,
65 value: header_value,
66 })
67 }
68}
69
70pub fn set_global_request_headers(headers: Vec<RequestHeader>) {
72 let storage = GLOBAL_REQUEST_HEADERS.get_or_init(|| RwLock::new(Vec::new()));
73 let mut guard = storage
74 .write()
75 .expect("global request header lock should not be poisoned");
76 *guard = headers;
77}
78
79pub fn global_request_headers() -> Vec<RequestHeader> {
81 let Some(storage) = GLOBAL_REQUEST_HEADERS.get() else {
82 return Vec::new();
83 };
84
85 storage
86 .read()
87 .expect("global request header lock should not be poisoned")
88 .clone()
89}
90
91#[derive(Debug, Clone, Serialize, Deserialize)]
93pub struct RetryConfig {
94 #[serde(default = "default_max_attempts")]
96 pub max_attempts: u32,
97
98 #[serde(default = "default_initial_backoff")]
100 pub initial_backoff_ms: u64,
101
102 #[serde(default = "default_max_backoff")]
104 pub max_backoff_ms: u64,
105}
106
107fn default_max_attempts() -> u32 {
108 3
109}
110
111fn default_initial_backoff() -> u64 {
112 100
113}
114
115fn default_max_backoff() -> u64 {
116 10000
117}
118
119impl Default for RetryConfig {
120 fn default() -> Self {
121 Self {
122 max_attempts: default_max_attempts(),
123 initial_backoff_ms: default_initial_backoff(),
124 max_backoff_ms: default_max_backoff(),
125 }
126 }
127}
128
129#[derive(Debug, Clone, Serialize, Deserialize)]
131pub struct TimeoutConfig {
132 #[serde(default = "default_connect_timeout")]
134 pub connect_ms: u64,
135
136 #[serde(default = "default_read_timeout")]
138 pub read_ms: u64,
139}
140
141fn default_connect_timeout() -> u64 {
142 5000
143}
144
145fn default_read_timeout() -> u64 {
146 30000
147}
148
149impl Default for TimeoutConfig {
150 fn default() -> Self {
151 Self {
152 connect_ms: default_connect_timeout(),
153 read_ms: default_read_timeout(),
154 }
155 }
156}
157
158#[derive(Debug, Clone, Serialize, Deserialize)]
160pub struct Alias {
161 pub name: String,
163
164 pub endpoint: String,
166
167 pub access_key: String,
169
170 pub secret_key: String,
172
173 #[serde(default)]
175 pub anonymous: bool,
176
177 #[serde(default, skip_serializing_if = "Option::is_none")]
179 pub client_cert: Option<String>,
180
181 #[serde(default, skip_serializing_if = "Option::is_none")]
183 pub client_key: Option<String>,
184
185 #[serde(default = "default_region")]
187 pub region: String,
188
189 #[serde(default = "default_signature")]
191 pub signature: String,
192
193 #[serde(default = "default_bucket_lookup")]
195 pub bucket_lookup: String,
196
197 #[serde(default)]
199 pub insecure: bool,
200
201 #[serde(default, skip_serializing_if = "Option::is_none")]
203 pub ca_bundle: Option<String>,
204
205 #[serde(default, skip_serializing_if = "Option::is_none")]
207 pub retry: Option<RetryConfig>,
208
209 #[serde(default, skip_serializing_if = "Option::is_none")]
211 pub timeout: Option<TimeoutConfig>,
212}
213
214pub fn validate_alias_endpoint(value: &str) -> Result<()> {
216 if value.contains('{') || value.contains('}') {
217 return Err(Error::Config(
218 "Endpoint must be a single S3 service URL; RustFS volume expansion patterns are not supported".into(),
219 ));
220 }
221
222 let url = Url::parse(value)
223 .map_err(|e| Error::Config(format!("Endpoint must be a valid URL: {e}")))?;
224
225 if !url.username().is_empty() || url.password().is_some() {
226 return Err(Error::Config(
227 "Endpoint must not include credentials; pass access key and secret key as separate arguments".into(),
228 ));
229 }
230
231 validate_http_endpoint_url(&url, "Endpoint")
232}
233
234fn default_region() -> String {
235 "us-east-1".to_string()
236}
237
238fn default_signature() -> String {
239 "v4".to_string()
240}
241
242fn default_bucket_lookup() -> String {
243 "auto".to_string()
244}
245
246impl Alias {
247 pub fn new(
249 name: impl Into<String>,
250 endpoint: impl Into<String>,
251 access_key: impl Into<String>,
252 secret_key: impl Into<String>,
253 ) -> Self {
254 Self {
255 name: name.into(),
256 endpoint: endpoint.into(),
257 access_key: access_key.into(),
258 secret_key: secret_key.into(),
259 anonymous: false,
260 client_cert: None,
261 client_key: None,
262 region: default_region(),
263 signature: default_signature(),
264 bucket_lookup: default_bucket_lookup(),
265 insecure: false,
266 ca_bundle: None,
267 retry: None,
268 timeout: None,
269 }
270 }
271
272 pub fn retry_config(&self) -> RetryConfig {
274 self.retry.clone().unwrap_or_default()
275 }
276
277 pub fn timeout_config(&self) -> TimeoutConfig {
279 self.timeout.clone().unwrap_or_default()
280 }
281}
282
283fn env_alias_var_name(name: &str) -> String {
284 format!("{RC_HOST_PREFIX}{name}")
285}
286
287fn env_alias(name: &str) -> Result<Option<Alias>> {
288 let var_name = env_alias_var_name(name);
289 let Some(value) = env::var_os(&var_name) else {
290 return Ok(None);
291 };
292
293 let value = value
294 .into_string()
295 .map_err(|_| Error::Config(format!("{var_name} must be valid UTF-8")))?;
296 parse_env_alias(name, &value).map(Some)
297}
298
299fn env_aliases() -> Result<Vec<Alias>> {
300 let mut vars = Vec::new();
301
302 for (key, value) in env::vars_os() {
303 let Ok(key) = key.into_string() else {
304 continue;
305 };
306
307 if !key.starts_with(RC_HOST_PREFIX) {
308 continue;
309 }
310
311 let value = value
312 .into_string()
313 .map_err(|_| Error::Config(format!("{key} must be valid UTF-8")))?;
314 vars.push((key, value));
315 }
316
317 env_aliases_from_vars(vars)
318}
319
320fn env_aliases_from_vars<I, K, V>(vars: I) -> Result<Vec<Alias>>
321where
322 I: IntoIterator<Item = (K, V)>,
323 K: AsRef<str>,
324 V: AsRef<str>,
325{
326 let mut aliases = Vec::new();
327
328 for (key, value) in vars {
329 let key = key.as_ref();
330 let Some(alias_name) = key.strip_prefix(RC_HOST_PREFIX) else {
331 continue;
332 };
333
334 if alias_name.is_empty() {
335 return Err(Error::Config("RC_HOST_ must include an alias name".into()));
336 }
337
338 aliases.push(parse_env_alias(alias_name, value.as_ref())?);
339 }
340
341 aliases.sort_by(|a, b| a.name.cmp(&b.name));
342 Ok(aliases)
343}
344
345fn parse_env_alias(name: &str, value: &str) -> Result<Alias> {
346 let var_name = env_alias_var_name(name);
347 let mut url = Url::parse(value)
348 .map_err(|e| Error::Config(format!("{var_name} must be a valid URL: {e}")))?;
349
350 validate_http_endpoint_url(&url, &var_name)?;
351
352 let access_key = url.username();
353 let Some(secret_key) = url.password() else {
354 return Err(Error::Config(format!(
355 "{var_name} must include access key and secret key credentials"
356 )));
357 };
358
359 if access_key.is_empty() || secret_key.is_empty() {
360 return Err(Error::Config(format!(
361 "{var_name} must include non-empty access key and secret key credentials"
362 )));
363 }
364
365 let access_key = decode_env_alias_credential(access_key, &var_name, "access key")?;
366 let secret_key = decode_env_alias_credential(secret_key, &var_name, "secret key")?;
367
368 url.set_username("").map_err(|()| {
369 Error::Config(format!("{var_name} credentials cannot be removed from URL"))
370 })?;
371 url.set_password(None).map_err(|()| {
372 Error::Config(format!("{var_name} credentials cannot be removed from URL"))
373 })?;
374
375 let endpoint = url.as_str().trim_end_matches('/').to_string();
376 Ok(Alias::new(name, endpoint, access_key, secret_key))
377}
378
379fn validate_http_endpoint_url(url: &Url, label: &str) -> Result<()> {
380 if !matches!(url.scheme(), "http" | "https") {
381 return Err(Error::Config(format!(
382 "{label} must use an http or https URL"
383 )));
384 }
385
386 if url.host_str().is_none() {
387 return Err(Error::Config(format!("{label} must include a host")));
388 }
389
390 if !matches!(url.path(), "" | "/") || url.query().is_some() || url.fragment().is_some() {
391 return Err(Error::Config(format!(
392 "{label} must not include a non-root path, query, or fragment"
393 )));
394 }
395
396 Ok(())
397}
398
399fn decode_env_alias_credential(value: &str, var_name: &str, field: &str) -> Result<String> {
400 if has_invalid_percent_encoding(value) {
401 return Err(Error::Config(format!(
402 "{var_name} contains invalid percent-encoding in {field}"
403 )));
404 }
405
406 urlencoding::decode(value)
407 .map(|decoded| decoded.into_owned())
408 .map_err(|e| {
409 Error::Config(format!(
410 "{var_name} contains invalid percent-encoding in {field}: {e}"
411 ))
412 })
413}
414
415fn has_invalid_percent_encoding(value: &str) -> bool {
416 let bytes = value.as_bytes();
417 let mut index = 0;
418
419 while index < bytes.len() {
420 if bytes[index] != b'%' {
421 index += 1;
422 continue;
423 }
424
425 if index + 2 >= bytes.len()
426 || !bytes[index + 1].is_ascii_hexdigit()
427 || !bytes[index + 2].is_ascii_hexdigit()
428 {
429 return true;
430 }
431
432 index += 3;
433 }
434
435 false
436}
437
438fn merge_env_aliases(mut aliases: Vec<Alias>, env_aliases: Vec<Alias>) -> Vec<Alias> {
439 for env_alias in env_aliases {
440 aliases.retain(|alias| alias.name != env_alias.name);
441 aliases.push(env_alias);
442 }
443
444 aliases
445}
446
447pub struct AliasManager {
449 config_manager: ConfigManager,
450}
451
452impl AliasManager {
453 pub fn with_config_manager(config_manager: ConfigManager) -> Self {
455 Self { config_manager }
456 }
457
458 pub fn new() -> Result<Self> {
460 let config_manager = ConfigManager::new()?;
461 Ok(Self { config_manager })
462 }
463
464 pub fn list(&self) -> Result<Vec<Alias>> {
466 let config = self.config_manager.load()?;
467 let env_aliases = env_aliases()?;
468 Ok(merge_env_aliases(config.aliases, env_aliases))
469 }
470
471 pub fn get(&self, name: &str) -> Result<Alias> {
473 if let Some(alias) = env_alias(name)? {
474 return Ok(alias);
475 }
476
477 let config = self.config_manager.load()?;
478 config
479 .aliases
480 .into_iter()
481 .find(|a| a.name == name)
482 .ok_or_else(|| Error::AliasNotFound(name.to_string()))
483 }
484
485 pub fn set(&self, alias: Alias) -> Result<()> {
487 let mut config = self.config_manager.load()?;
488
489 config.aliases.retain(|a| a.name != alias.name);
491 config.aliases.push(alias);
492
493 self.config_manager.save(&config)
494 }
495
496 pub fn remove(&self, name: &str) -> Result<()> {
498 let mut config = self.config_manager.load()?;
499 let original_len = config.aliases.len();
500
501 config.aliases.retain(|a| a.name != name);
502
503 if config.aliases.len() == original_len {
504 return Err(Error::AliasNotFound(name.to_string()));
505 }
506
507 self.config_manager.save(&config)
508 }
509
510 pub fn exists(&self, name: &str) -> Result<bool> {
512 if env_alias(name)?.is_some() {
513 return Ok(true);
514 }
515
516 let config = self.config_manager.load()?;
517 Ok(config.aliases.iter().any(|a| a.name == name))
518 }
519}
520
521#[cfg(test)]
522mod tests {
523 use super::*;
524 use tempfile::TempDir;
525
526 fn temp_alias_manager() -> (AliasManager, TempDir) {
527 let temp_dir = TempDir::new().unwrap();
528 let config_path = temp_dir.path().join("config.toml");
529 let config_manager = ConfigManager::with_path(config_path);
530 let alias_manager = AliasManager::with_config_manager(config_manager);
531 (alias_manager, temp_dir)
532 }
533
534 #[test]
535 fn test_alias_new() {
536 let alias = Alias::new("test", "http://localhost:9000", "access", "secret");
537 assert_eq!(alias.name, "test");
538 assert_eq!(alias.endpoint, "http://localhost:9000");
539 assert_eq!(alias.region, "us-east-1");
540 assert_eq!(alias.signature, "v4");
541 assert_eq!(alias.bucket_lookup, "auto");
542 assert!(!alias.insecure);
543 }
544
545 #[test]
546 fn test_alias_manager_set_and_get() {
547 let (manager, _temp_dir) = temp_alias_manager();
548
549 let alias = Alias::new("local", "http://localhost:9000", "accesskey", "secretkey");
550 manager.set(alias).unwrap();
551
552 let retrieved = manager.get("local").unwrap();
553 assert_eq!(retrieved.name, "local");
554 assert_eq!(retrieved.endpoint, "http://localhost:9000");
555 }
556
557 #[test]
558 fn test_alias_manager_list() {
559 let (manager, _temp_dir) = temp_alias_manager();
560
561 manager
562 .set(Alias::new("a", "http://a:9000", "a", "a"))
563 .unwrap();
564 manager
565 .set(Alias::new("b", "http://b:9000", "b", "b"))
566 .unwrap();
567
568 let aliases = manager.list().unwrap();
569 assert_eq!(aliases.len(), 2);
570 }
571
572 #[test]
573 fn test_alias_manager_remove() {
574 let (manager, _temp_dir) = temp_alias_manager();
575
576 manager
577 .set(Alias::new("test", "http://localhost:9000", "a", "b"))
578 .unwrap();
579 assert!(manager.exists("test").unwrap());
580
581 manager.remove("test").unwrap();
582 assert!(!manager.exists("test").unwrap());
583 }
584
585 #[test]
586 fn test_alias_manager_remove_not_found() {
587 let (manager, _temp_dir) = temp_alias_manager();
588
589 let result = manager.remove("nonexistent");
590 assert!(result.is_err());
591 assert!(matches!(result.unwrap_err(), Error::AliasNotFound(_)));
592 }
593
594 #[test]
595 fn test_alias_manager_get_not_found() {
596 let (manager, _temp_dir) = temp_alias_manager();
597
598 let result = manager.get("nonexistent");
599 assert!(result.is_err());
600 assert!(matches!(result.unwrap_err(), Error::AliasNotFound(_)));
601 }
602
603 #[test]
604 fn test_alias_update_existing() {
605 let (manager, _temp_dir) = temp_alias_manager();
606
607 manager
608 .set(Alias::new("test", "http://old:9000", "a", "b"))
609 .unwrap();
610 manager
611 .set(Alias::new("test", "http://new:9000", "c", "d"))
612 .unwrap();
613
614 let aliases = manager.list().unwrap();
615 assert_eq!(aliases.len(), 1);
616 assert_eq!(aliases[0].endpoint, "http://new:9000");
617 }
618
619 #[test]
620 fn test_parse_rc_host_alias() {
621 let alias =
622 parse_env_alias("myalias", "https://ACCESS_KEY:SECRET_KEY@rustfs.local:9000").unwrap();
623
624 assert_eq!(alias.name, "myalias");
625 assert_eq!(alias.endpoint, "https://rustfs.local:9000");
626 assert_eq!(alias.access_key, "ACCESS_KEY");
627 assert_eq!(alias.secret_key, "SECRET_KEY");
628 assert_eq!(alias.region, "us-east-1");
629 assert_eq!(alias.bucket_lookup, "auto");
630 }
631
632 #[test]
633 fn test_validate_alias_endpoint_rejects_volume_expansion_endpoint() {
634 let result = validate_alias_endpoint("http://rustfs-node{1...32}:9000");
635
636 assert!(result.is_err());
637 assert!(
638 result
639 .unwrap_err()
640 .to_string()
641 .contains("RustFS volume expansion patterns are not supported")
642 );
643 }
644
645 #[test]
646 fn test_validate_alias_endpoint_rejects_missing_scheme() {
647 let result = validate_alias_endpoint("localhost:9000");
648
649 assert!(result.is_err());
650 assert!(
651 result
652 .unwrap_err()
653 .to_string()
654 .contains("Endpoint must use an http or https URL")
655 );
656 }
657
658 #[test]
659 fn test_validate_alias_endpoint_rejects_non_http_scheme() {
660 let result = validate_alias_endpoint("ftp://localhost:9000");
661
662 assert!(result.is_err());
663 assert!(
664 result
665 .unwrap_err()
666 .to_string()
667 .contains("Endpoint must use an http or https URL")
668 );
669 }
670
671 #[test]
672 fn test_validate_alias_endpoint_rejects_embedded_credentials() {
673 let result = validate_alias_endpoint("http://access:secret@localhost:9000");
674
675 assert!(result.is_err());
676 assert!(
677 result
678 .unwrap_err()
679 .to_string()
680 .contains("Endpoint must not include credentials")
681 );
682 }
683
684 #[test]
685 fn test_validate_alias_endpoint_rejects_path_query_and_fragment() {
686 for endpoint in [
687 "http://localhost:9000/api",
688 "http://localhost:9000?region=us-east-1",
689 "http://localhost:9000#alias",
690 ] {
691 let result = validate_alias_endpoint(endpoint);
692
693 assert!(result.is_err(), "endpoint should be rejected: {endpoint}");
694 assert!(
695 result
696 .unwrap_err()
697 .to_string()
698 .contains("Endpoint must not include a non-root path, query, or fragment")
699 );
700 }
701 }
702
703 #[test]
704 fn test_validate_alias_endpoint_accepts_http_url_with_host() {
705 validate_alias_endpoint("http://localhost:9000").unwrap();
706 validate_alias_endpoint("https://s3.amazonaws.com").unwrap();
707 }
708
709 #[test]
710 fn test_parse_rc_host_alias_decodes_credentials() {
711 let alias =
712 parse_env_alias("encoded", "https://ACCESS%2FKEY:SECRET%40KEY@rustfs.local").unwrap();
713
714 assert_eq!(alias.access_key, "ACCESS/KEY");
715 assert_eq!(alias.secret_key, "SECRET@KEY");
716 }
717
718 #[test]
719 fn test_parse_rc_host_alias_requires_credentials() {
720 let result = parse_env_alias("missing", "https://rustfs.local");
721
722 assert!(result.is_err());
723 assert!(matches!(result.unwrap_err(), Error::Config(_)));
724 }
725
726 #[test]
727 fn test_parse_rc_host_alias_rejects_invalid_percent_encoding() {
728 let result = parse_env_alias("invalid", "https://ACCESS_KEY:SECRET%ZZ@rustfs.local");
729
730 assert!(result.is_err());
731 let error = result.unwrap_err().to_string();
732 assert!(error.contains("invalid percent-encoding in secret key"));
733 assert!(!error.contains("SECRET"));
734 }
735
736 #[test]
737 fn test_parse_rc_host_alias_rejects_non_utf8_percent_encoded_secret_key() {
738 let result = parse_env_alias("invalid", "https://ACCESS_KEY:SECRET%FF@rustfs.local");
739
740 assert!(result.is_err());
741 let error = result.unwrap_err().to_string();
742 assert!(error.contains("invalid percent-encoding in secret key"));
743 assert!(!error.contains("ACCESS_KEY"));
744 assert!(!error.contains("SECRET"));
745 }
746
747 #[test]
748 fn test_parse_rc_host_alias_rejects_invalid_access_key_percent_encoding() {
749 let result = parse_env_alias("invalid", "https://ACCESS%ZZKEY:SECRET_KEY@rustfs.local");
750
751 assert!(result.is_err());
752 let error = result.unwrap_err().to_string();
753 assert!(error.contains("invalid percent-encoding in access key"));
754 assert!(!error.contains("ACCESS"));
755 assert!(!error.contains("SECRET_KEY"));
756 }
757
758 #[test]
759 fn test_env_aliases_from_vars_filters_rc_host_prefix() {
760 let aliases = env_aliases_from_vars(vec![
761 (
762 "RC_HOST_second".to_string(),
763 "https://key2:secret2@second.local".to_string(),
764 ),
765 ("UNRELATED".to_string(), "ignored".to_string()),
766 (
767 "RC_HOST_first".to_string(),
768 "https://key1:secret1@first.local".to_string(),
769 ),
770 ])
771 .unwrap();
772
773 assert_eq!(aliases.len(), 2);
774 assert_eq!(aliases[0].name, "first");
775 assert_eq!(aliases[1].name, "second");
776 }
777
778 #[test]
779 fn test_merge_env_aliases_overrides_config_alias() {
780 let config_alias = Alias::new("local", "http://old:9000", "old", "old");
781 let env_alias = parse_env_alias("local", "https://new:secret@new.local").unwrap();
782
783 let aliases = merge_env_aliases(vec![config_alias], vec![env_alias]);
784
785 assert_eq!(aliases.len(), 1);
786 assert_eq!(aliases[0].endpoint, "https://new.local");
787 assert_eq!(aliases[0].access_key, "new");
788 }
789}