s3-orchestrator

s3api

import "github.com/afreidah/s3-orchestrator/internal/transport/s3api"

Package server implements the S3-compatible HTTP API, routing requests to the storage backend manager with authentication, rate limiting, and tracing.

Index

func ExtractClientIP

func ExtractClientIP(r *http.Request, trustedProxies []*net.IPNet) string

ExtractClientIP delegates to httputil.ExtractClientIP.

func ParseTrustedProxies

func ParseTrustedProxies(cidrs []string) []*net.IPNet

ParseTrustedProxies delegates to httputil.ParseTrustedProxies.

func WriteS3Error

func WriteS3Error(w http.ResponseWriter, code int, errCode, message string)

WriteS3Error is the exported form of writeS3Error so other transport packages (notably the panic-recovery middleware in httputil) can emit a route-appropriate S3-XML 500 without re-implementing the envelope. Matches the httputil.ErrorWriter signature exactly so it slots in as a direct argument.

type AdmissionController

AdmissionController limits the number of concurrent in-flight requests. When readSem and writeSem are set, reads and writes are tracked in separate pools; otherwise the global sem is used for all requests.

type AdmissionController struct {
    // contains filtered or unexported fields
}

func NewAdmissionController

func NewAdmissionController(maxConcurrent int) *AdmissionController

NewAdmissionController creates an admission controller with a single global concurrency limit. The limit must be positive.

func NewAdmissionControllerFromSem

func NewAdmissionControllerFromSem(sem chan struct{}) *AdmissionController

NewAdmissionControllerFromSem creates an admission controller backed by an externally owned semaphore. Use this when background services should share the same concurrency budget as HTTP requests.

func NewSplitAdmissionController

func NewSplitAdmissionController(maxReads, maxWrites int) *AdmissionController

NewSplitAdmissionController creates an admission controller with separate concurrency limits for reads and writes. Both limits must be positive.

func NewSplitAdmissionControllerFromSem

func NewSplitAdmissionControllerFromSem(readSem, writeSem chan struct{}) *AdmissionController

NewSplitAdmissionControllerFromSem creates an admission controller backed by externally owned read and write semaphores.

func (*AdmissionController) Middleware

func (ac *AdmissionController) Middleware(next http.Handler) http.Handler

Middleware wraps an http.Handler with admission control. Requests that exceed the concurrency limit receive 503 SlowDown with Retry-After. When a shed threshold is configured, requests may be probabilistically rejected before the hard limit based on current pool pressure.

func (*AdmissionController) SetAdmissionWait

func (ac *AdmissionController) SetAdmissionWait(d time.Duration)

SetAdmissionWait configures a brief wait duration before rejecting when the semaphore is full. Zero means instant rejection (default).

func (*AdmissionController) SetShedThreshold

func (ac *AdmissionController) SetShedThreshold(t float64)

SetShedThreshold configures the pressure threshold at which active load shedding begins. Value is a fraction of pool capacity (0.0-1.0). Zero disables shedding (default).

type RateLimiter

RateLimiter provides per-IP token-bucket rate limiting.

type RateLimiter struct {
    // contains filtered or unexported fields
}

func NewRateLimiter

func NewRateLimiter(cfg config.RateLimitConfig) *RateLimiter

NewRateLimiter creates a rate limiter with the given configuration.

func (*RateLimiter) Allow

func (rl *RateLimiter) Allow(ip string) bool

Allow checks whether a request from the given IP is allowed.

func (*RateLimiter) Close

func (rl *RateLimiter) Close()

Close stops the background cleanup goroutine. Safe to call multiple times.

func (*RateLimiter) Middleware

func (rl *RateLimiter) Middleware(next http.Handler) http.Handler

Middleware wraps an http.Handler with per-IP rate limiting.

func (*RateLimiter) UpdateLimits

func (rl *RateLimiter) UpdateLimits(requestsPerSec float64, burst int)

UpdateLimits changes the rate and burst and resets all existing per-IP limiters so the new limits take effect immediately.

type Server

Server handles HTTP requests and routes them to the backend manager.

type Server struct {
    Manager *proxy.BackendManager

    MaxObjectSize int64 // Max upload body size in bytes
    // contains filtered or unexported fields
}

func NewServer

func NewServer(manager *proxy.BackendManager, maxObjectSize int64) *Server

NewServer creates a Server with a stable start timestamp.

func (*Server) GetBucketAuth

func (s *Server) GetBucketAuth() *auth.BucketRegistry

GetBucketAuth returns the current bucket authentication registry.

func (*Server) ServeHTTP

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP implements http.Handler.

func (*Server) SetBucketAuth

func (s *Server) SetBucketAuth(br *auth.BucketRegistry)

SetBucketAuth atomically replaces the bucket authentication registry. Safe to call concurrently with request handling.

Generated by gomarkdoc