docs/fix tus#223 - added startup message about disabled downloads

chore/fix tus#333:
- s3store - lowercase metadata keys, so client can send them in any case
- fix possible errors for empty Basepath ("/")
sec/fix tus#450 - allow accepting credentials (for example, Cookie, so forwarding in hooks will work as described in docs)

Author: Akkarine

cmd/tusd/cli/composer.go

@@ -58,7 +58,11 @@ func CreateComposer() {
 		}
 
 		if Flags.AllowCustomFilepath {
-			stdout.Printf("Saving objects with custom path and filename enabled. Use CustomFilepath metadata.")
+			stdout.Printf("Saving objects with custom path and filename enabled. Use CustomFilepath metadata.\n")
+		}
+
+		if Flags.DisableDownload {
+			stdout.Printf("Downloads disabled.\n")
 		}
 
 		// Derive credentials from default credential chain (env, shared, ec2 instance role)

pkg/handler/unrouted_handler.go

@@ -24,8 +24,12 @@ var (
 )
 
 // Regexp tests: https://regex101.com/r/dEqVSE/1
+// TODO: cut off query part
 func getCustomFilepathIdRegexp(basepath string) *regexp.Regexp {
 	basepath = strings.Replace(basepath, "/", "", -1)
+	if basepath == "" {
+		return regexp.MustCompile(`\/?(.+)\/$|\/?(.+)\/?$|([^\n\/]+)\/?$`)
+	}
 	return regexp.MustCompile(`\/?` + basepath + `\/(.+)\/$|\/?` + basepath + `\/(.+)\/?$|([^\/]+)\/?$`)
 }
 
@@ -228,7 +232,8 @@ func (handler *UnroutedHandler) Middleware(h http.Handler) http.Handler {
 			if r.Method == "OPTIONS" {
 				// Preflight request
 				header.Add("Access-Control-Allow-Methods", "POST, GET, HEAD, PATCH, DELETE, OPTIONS")
-				header.Add("Access-Control-Allow-Headers", "Authorization, Origin, X-Requested-With, X-Request-ID, X-HTTP-Method-Override, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat")
+				// TODO: add headers from Flags.HttpHooksForwardHeaders and others
+				header.Add("Access-Control-Allow-Headers", "Authorization, Cookie, Origin, X-Requested-With, X-Request-ID, X-HTTP-Method-Override, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat")
 				header.Set("Access-Control-Max-Age", "86400")
 
 			} else {
@@ -243,6 +248,9 @@ func (handler *UnroutedHandler) Middleware(h http.Handler) http.Handler {
 		// Add nosniff to all responses https://golang.org/src/net/http/server.go#L1429
 		header.Set("X-Content-Type-Options", "nosniff")
 
+		// https://github.com/tus/tusd/issues/450#issuecomment-765392832
+		header.Set("Access-Control-Allow-Credentials", "true")
+
 		// Set appropriated headers in case of OPTIONS method allowing protocol
 		// discovery and end with an 204 No Content
 		if r.Method == "OPTIONS" {

pkg/s3store/s3store.go

@@ -226,12 +226,12 @@ func (store S3Store) NewUpload(ctx context.Context, info handler.FileInfo) (hand
 		// Copying the value is required in order to prevent it from being
 		// overwritten by the next iteration.
 		v := nonPrintableRegexp.ReplaceAllString(value, "?")
-		metadata[key] = &v
+		metadata[strings.ToLower(key)] = &v
 	}
 
 	var uploadId string
 	if info.ID == "" {
-		if filepath, keyExist := metadata["CustomFilepath"]; store.AllowCustomObjectPath && keyExist {
+		if filepath, keyExist := metadata["customfilepath"]; store.AllowCustomObjectPath && keyExist {
 			filepath := strings.Trim(*filepath, "/")
 			if len(filepath) < 1 {
 				return nil, fmt.Errorf("s3store: malformed CustomFilepath")