Synnefo » Pithos

# Copyright 2011 GRNET S.A. All rights reserved.

# 

# Redistribution and use in source and binary forms, with or

# without modification, are permitted provided that the following

# conditions are met:

# 

#   1. Redistributions of source code must retain the above

#      copyright notice, this list of conditions and the following

#      disclaimer.

# 

#   2. Redistributions in binary form must reproduce the above

#      copyright notice, this list of conditions and the following

#      disclaimer in the documentation and/or other materials

#      provided with the distribution.

# 

# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS

# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR

# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN

# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

# POSSIBILITY OF SUCH DAMAGE.

# 

# The views and conclusions contained in the software and

# documentation are those of the authors and should not be

# interpreted as representing official policies, either expressed

# or implied, of GRNET S.A.

import logging

import hashlib

from django.conf import settings

from django.http import HttpResponse

from django.template.loader import render_to_string

from django.utils import simplejson as json

from django.utils.http import parse_etags

from xml.dom import minidom

from pithos.api.faults import (Fault, NotModified, BadRequest, Unauthorized, ItemNotFound, Conflict,

    LengthRequired, PreconditionFailed, RangeNotSatisfiable, UnprocessableEntity)

from pithos.api.util import (rename_meta_key, format_header_key, printable_header_dict, get_account_headers,

    put_account_headers, get_container_headers, put_container_headers, get_object_headers, put_object_headers,

    update_manifest_meta, update_sharing_meta, update_public_meta, validate_modification_preconditions,

    validate_matching_preconditions, split_container_object_string, copy_or_move_object,

    get_int_parameter, get_content_length, get_content_range, socket_read_iterator,

    object_data_response, put_object_block, hashmap_hash, api_method)

from pithos.backends import backend

from pithos.backends.base import NotAllowedError

logger = logging.getLogger(__name__)

def top_demux(request):

    if request.method == 'GET':

        if request.user:

            return account_list(request)

        return authenticate(request)

    else:

        return method_not_allowed(request)

def account_demux(request, v_account):

    if request.method == 'HEAD':

        return account_meta(request, v_account)

    elif request.method == 'POST':

        return account_update(request, v_account)

    elif request.method == 'GET':

        return container_list(request, v_account)

    else:

        return method_not_allowed(request)

def container_demux(request, v_account, v_container):

    if request.method == 'HEAD':

        return container_meta(request, v_account, v_container)

    elif request.method == 'PUT':

        return container_create(request, v_account, v_container)

    elif request.method == 'POST':

        return container_update(request, v_account, v_container)

    elif request.method == 'DELETE':

        return container_delete(request, v_account, v_container)

    elif request.method == 'GET':

        return object_list(request, v_account, v_container)

    else:

        return method_not_allowed(request)

def object_demux(request, v_account, v_container, v_object):

    if request.method == 'HEAD':

        return object_meta(request, v_account, v_container, v_object)

    elif request.method == 'GET':

        return object_read(request, v_account, v_container, v_object)

    elif request.method == 'PUT':

        return object_write(request, v_account, v_container, v_object)

    elif request.method == 'COPY':

        return object_copy(request, v_account, v_container, v_object)

    elif request.method == 'MOVE':

        return object_move(request, v_account, v_container, v_object)

    elif request.method == 'POST':

        if request.META.get('CONTENT_TYPE', '').startswith('multipart/form-data'):

            return object_write_form(request, v_account, v_container, v_object)

        return object_update(request, v_account, v_container, v_object)

    elif request.method == 'DELETE':

        return object_delete(request, v_account, v_container, v_object)

    else:

        return method_not_allowed(request)

@api_method('GET')

def authenticate(request):

    # Normal Response Codes: 204

    # Error Response Codes: serviceUnavailable (503),

    #                       unauthorized (401),

    #                       badRequest (400)

    x_auth_user = request.META.get('HTTP_X_AUTH_USER')

    x_auth_key = request.META.get('HTTP_X_AUTH_KEY')

    if not x_auth_user or not x_auth_key:

        raise BadRequest('Missing X-Auth-User or X-Auth-Key header')

    response = HttpResponse(status=204)

    inv_auth_tokens = dict((v, k) for k, v in settings.AUTH_TOKENS.items())

    uri = request.build_absolute_uri()

    if '?' in uri:

        uri = uri[:uri.find('?')]

    response['X-Auth-Token'] = inv_auth_tokens.get(x_auth_user, '0000')

    response['X-Storage-Url'] = uri + (uri.endswith('/') and '' or '/') + x_auth_user

    return response

@api_method('GET', format_allowed=True)

def account_list(request):

    # Normal Response Codes: 200, 204

    # Error Response Codes: serviceUnavailable (503),

    #                       badRequest (400)

    response = HttpResponse()

    marker = request.GET.get('marker')

    limit = get_int_parameter(request.GET.get('limit'))

    if not limit:

        limit = 10000

    accounts = backend.list_accounts(request.user, marker, limit)

    if request.serialization == 'text':

        if len(accounts) == 0:

            # The cloudfiles python bindings expect 200 if json/xml.

            response.status_code = 204

            return response

        response.status_code = 200

        response.content = '\n'.join(accounts) + '\n'

        return response

    account_meta = []

    for x in accounts:

        try:

            meta = backend.get_account_meta(request.user, x)

            groups = backend.get_account_groups(request.user, x)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        else:

            rename_meta_key(meta, 'modified', 'last_modified')

            rename_meta_key(meta, 'until_timestamp', 'x_account_until_timestamp')

            for k, v in groups.iteritems():

                meta['X-Container-Group-' + k] = ','.join(v)

            account_meta.append(printable_header_dict(meta))

    if request.serialization == 'xml':

        data = render_to_string('accounts.xml', {'accounts': account_meta})

    elif request.serialization  == 'json':

        data = json.dumps(account_meta)

    response.status_code = 200

    response.content = data

    return response

@api_method('HEAD')

def account_meta(request, v_account):

    # Normal Response Codes: 204

    # Error Response Codes: serviceUnavailable (503),

    #                       unauthorized (401),

    #                       badRequest (400)

    until = get_int_parameter(request.GET.get('until'))

    try:

        meta = backend.get_account_meta(request.user, v_account, until)

        groups = backend.get_account_groups(request.user, v_account)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    validate_modification_preconditions(request, meta)

    response = HttpResponse(status=204)

    put_account_headers(response, meta, groups)

    return response

@api_method('POST')

def account_update(request, v_account):

    # Normal Response Codes: 202

    # Error Response Codes: serviceUnavailable (503),

    #                       unauthorized (401),

    #                       badRequest (400)

    meta, groups = get_account_headers(request)

    replace = True

    if 'update' in request.GET:

        replace = False

    if groups:

        try:

            backend.update_account_groups(request.user, v_account, groups, replace)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except ValueError:

            raise BadRequest('Invalid groups header')

    try:

        backend.update_account_meta(request.user, v_account, meta, replace)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    return HttpResponse(status=202)

@api_method('GET', format_allowed=True)

def container_list(request, v_account):

    # Normal Response Codes: 200, 204

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    until = get_int_parameter(request.GET.get('until'))

    try:

        meta = backend.get_account_meta(request.user, v_account, until)

        groups = backend.get_account_groups(request.user, v_account)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    validate_modification_preconditions(request, meta)

    response = HttpResponse()

    put_account_headers(response, meta, groups)

    marker = request.GET.get('marker')

    limit = get_int_parameter(request.GET.get('limit'))

    if not limit:

        limit = 10000

    shared = False

    if 'shared' in request.GET:

        shared = True

    try:

        containers = backend.list_containers(request.user, v_account, marker, limit, shared, until)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        containers = []

    if request.serialization == 'text':

        if len(containers) == 0:

            # The cloudfiles python bindings expect 200 if json/xml.

            response.status_code = 204

            return response

        response.status_code = 200

        response.content = '\n'.join(containers) + '\n'

        return response

    container_meta = []

    for x in containers:

        try:

            meta = backend.get_container_meta(request.user, v_account, x, until)

            policy = backend.get_container_policy(request.user, v_account, x)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            pass

        else:

            rename_meta_key(meta, 'modified', 'last_modified')

            rename_meta_key(meta, 'until_timestamp', 'x_container_until_timestamp')

            for k, v in policy.iteritems():

                meta['X-Container-Policy-' + k] = v

            container_meta.append(printable_header_dict(meta))

    if request.serialization == 'xml':

        data = render_to_string('containers.xml', {'account': v_account, 'containers': container_meta})

    elif request.serialization  == 'json':

        data = json.dumps(container_meta)

    response.status_code = 200

    response.content = data

    return response

@api_method('HEAD')

def container_meta(request, v_account, v_container):

    # Normal Response Codes: 204

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    until = get_int_parameter(request.GET.get('until'))

    try:

        meta = backend.get_container_meta(request.user, v_account, v_container, until)

        meta['object_meta'] = backend.list_object_meta(request.user, v_account, v_container, until)

        policy = backend.get_container_policy(request.user, v_account, v_container)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Container does not exist')

    validate_modification_preconditions(request, meta)

    response = HttpResponse(status=204)

    put_container_headers(response, meta, policy)

    return response

@api_method('PUT')

def container_create(request, v_account, v_container):

    # Normal Response Codes: 201, 202

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    meta, policy = get_container_headers(request)

    try:

        backend.put_container(request.user, v_account, v_container, policy)

        ret = 201

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except ValueError:

        raise BadRequest('Invalid policy header')

    except NameError:

        ret = 202

    if len(meta) > 0:

        try:

            backend.update_container_meta(request.user, v_account, v_container, meta, replace=True)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Container does not exist')

    return HttpResponse(status=ret)

@api_method('POST')

def container_update(request, v_account, v_container):

    # Normal Response Codes: 202

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    meta, policy = get_container_headers(request)

    replace = True

    if 'update' in request.GET:

        replace = False

    if policy:

        try:

            backend.update_container_policy(request.user, v_account, v_container, policy, replace)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Container does not exist')

        except ValueError:

            raise BadRequest('Invalid policy header')

    try:

        backend.update_container_meta(request.user, v_account, v_container, meta, replace)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Container does not exist')

    return HttpResponse(status=202)

@api_method('DELETE')

def container_delete(request, v_account, v_container):

    # Normal Response Codes: 204

    # Error Response Codes: serviceUnavailable (503),

    #                       conflict (409),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    until = get_int_parameter(request.GET.get('until'))

    try:

        backend.delete_container(request.user, v_account, v_container, until)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Container does not exist')

    except IndexError:

        raise Conflict('Container is not empty')

    return HttpResponse(status=204)

@api_method('GET', format_allowed=True)

def object_list(request, v_account, v_container):

    # Normal Response Codes: 200, 204

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    until = get_int_parameter(request.GET.get('until'))

    try:

        meta = backend.get_container_meta(request.user, v_account, v_container, until)

        meta['object_meta'] = backend.list_object_meta(request.user, v_account, v_container, until)

        policy = backend.get_container_policy(request.user, v_account, v_container)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Container does not exist')

    validate_modification_preconditions(request, meta)

    response = HttpResponse()

    put_container_headers(response, meta, policy)

    path = request.GET.get('path')

    prefix = request.GET.get('prefix')

    delimiter = request.GET.get('delimiter')

    # Path overrides prefix and delimiter.

    virtual = True

    if path:

        prefix = path

        delimiter = '/'

        virtual = False

    # Naming policy.

    if prefix and delimiter:

        prefix = prefix + delimiter

    if not prefix:

        prefix = ''

    prefix = prefix.lstrip('/')

    marker = request.GET.get('marker')

    limit = get_int_parameter(request.GET.get('limit'))

    if not limit:

        limit = 10000

    keys = request.GET.get('meta')

    if keys:

        keys = keys.split(',')

        keys = [format_header_key('X-Object-Meta-' + x.strip()) for x in keys if x.strip() != '']

    else:

        keys = []

    shared = False

    if 'shared' in request.GET:

        shared = True

    try:

        objects = backend.list_objects(request.user, v_account, v_container, prefix, delimiter, marker, limit, virtual, keys, shared, until)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Container does not exist')

    if request.serialization == 'text':

        if len(objects) == 0:

            # The cloudfiles python bindings expect 200 if json/xml.

            response.status_code = 204

            return response

        response.status_code = 200

        response.content = '\n'.join([x[0] for x in objects]) + '\n'

        return response

    object_meta = []

    for x in objects:

        if x[1] is None:

            # Virtual objects/directories.

            object_meta.append({'subdir': x[0]})

        else:

            try:

                meta = backend.get_object_meta(request.user, v_account, v_container, x[0], x[1])

                if until is None:

                    permissions = backend.get_object_permissions(request.user, v_account, v_container, x[0])

                    public = backend.get_object_public(request.user, v_account, v_container, x[0])

                else:

                    permissions = None

                    public = None

            except NotAllowedError:

                raise Unauthorized('Access denied')

            except NameError:

                pass

            else:

                rename_meta_key(meta, 'modified', 'last_modified')

                rename_meta_key(meta, 'modified_by', 'x_object_modified_by')

                rename_meta_key(meta, 'version', 'x_object_version')

                rename_meta_key(meta, 'version_timestamp', 'x_object_version_timestamp')

                update_sharing_meta(permissions, v_account, v_container, x[0], meta)

                update_public_meta(public, meta)

                object_meta.append(printable_header_dict(meta))

    if request.serialization == 'xml':

        data = render_to_string('objects.xml', {'container': v_container, 'objects': object_meta})

    elif request.serialization  == 'json':

        data = json.dumps(object_meta)

    response.status_code = 200

    response.content = data

    return response

@api_method('HEAD')

def object_meta(request, v_account, v_container, v_object):

    # Normal Response Codes: 204

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    version = request.GET.get('version')

    try:

        meta = backend.get_object_meta(request.user, v_account, v_container, v_object, version)

        if version is None:

            permissions = backend.get_object_permissions(request.user, v_account, v_container, v_object)

            public = backend.get_object_public(request.user, v_account, v_container, v_object)

        else:

            permissions = None

            public = None

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Object does not exist')

    except IndexError:

        raise ItemNotFound('Version does not exist')

    update_manifest_meta(request, v_account, meta)

    update_sharing_meta(permissions, v_account, v_container, v_object, meta)

    update_public_meta(public, meta)

    # Evaluate conditions.

    validate_modification_preconditions(request, meta)

    try:

        validate_matching_preconditions(request, meta)

    except NotModified:

        response = HttpResponse(status=304)

        response['ETag'] = meta['hash']

        return response

    response = HttpResponse(status=200)

    put_object_headers(response, meta)

    return response

@api_method('GET', format_allowed=True)

def object_read(request, v_account, v_container, v_object):

    # Normal Response Codes: 200, 206

    # Error Response Codes: serviceUnavailable (503),

    #                       rangeNotSatisfiable (416),

    #                       preconditionFailed (412),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400),

    #                       notModified (304)

    version = request.GET.get('version')

    # Reply with the version list. Do this first, as the object may be deleted.

    if version == 'list':

        if request.serialization == 'text':

            raise BadRequest('No format specified for version list.')

        try:

            v = backend.list_versions(request.user, v_account, v_container, v_object)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        d = {'versions': v}

        if request.serialization == 'xml':

            d['object'] = v_object

            data = render_to_string('versions.xml', d)

        elif request.serialization  == 'json':

            data = json.dumps(d)

        response = HttpResponse(data, status=200)

        response['Content-Length'] = len(data)

        return response

    try:

        meta = backend.get_object_meta(request.user, v_account, v_container, v_object, version)

        if version is None:

            permissions = backend.get_object_permissions(request.user, v_account, v_container, v_object)

            public = backend.get_object_public(request.user, v_account, v_container, v_object)

        else:

            permissions = None

            public = None

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Object does not exist')

    except IndexError:

        raise ItemNotFound('Version does not exist')

    update_manifest_meta(request, v_account, meta)

    update_sharing_meta(permissions, v_account, v_container, v_object, meta)

    update_public_meta(public, meta)

    # Evaluate conditions.

    validate_modification_preconditions(request, meta)

    try:

        validate_matching_preconditions(request, meta)

    except NotModified:

        response = HttpResponse(status=304)

        response['ETag'] = meta['hash']

        return response

    sizes = []

    hashmaps = []

    if 'X-Object-Manifest' in meta:

        try:

            src_container, src_name = split_container_object_string('/' + meta['X-Object-Manifest'])

            objects = backend.list_objects(request.user, v_account, src_container, prefix=src_name, virtual=False)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except ValueError:

            raise BadRequest('Invalid X-Object-Manifest header')

        except NameError:

            raise ItemNotFound('Container does not exist')

        try:

            for x in objects:

                s, h = backend.get_object_hashmap(request.user, v_account, src_container, x[0], x[1])

                sizes.append(s)

                hashmaps.append(h)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Object does not exist')

        except IndexError:

            raise ItemNotFound('Version does not exist')

    else:

        try:

            s, h = backend.get_object_hashmap(request.user, v_account, v_container, v_object, version)

            sizes.append(s)

            hashmaps.append(h)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Object does not exist')

        except IndexError:

            raise ItemNotFound('Version does not exist')

    # Reply with the hashmap.

    if request.serialization != 'text':

        size = sum(sizes)

        hashmap = sum(hashmaps, [])

        d = {'block_size': backend.block_size, 'block_hash': backend.hash_algorithm, 'bytes': size, 'hashes': hashmap}

        if request.serialization == 'xml':

            d['object'] = v_object

            data = render_to_string('hashes.xml', d)

        elif request.serialization  == 'json':

            data = json.dumps(d)

        response = HttpResponse(data, status=200)

        put_object_headers(response, meta)

        response['Content-Length'] = len(data)

        return response

    return object_data_response(request, sizes, hashmaps, meta)

@api_method('PUT', format_allowed=True)

def object_write(request, v_account, v_container, v_object):

    # Normal Response Codes: 201

    # Error Response Codes: serviceUnavailable (503),

    #                       unprocessableEntity (422),

    #                       lengthRequired (411),

    #                       conflict (409),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    if not request.GET.get('format'):

        request.serialization = 'text'

    # Evaluate conditions.

    if request.META.get('HTTP_IF_MATCH') or request.META.get('HTTP_IF_NONE_MATCH'):

        try:

            meta = backend.get_object_meta(request.user, v_account, v_container, v_object)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            meta = {}

        validate_matching_preconditions(request, meta)

    copy_from = request.META.get('HTTP_X_COPY_FROM')

    move_from = request.META.get('HTTP_X_MOVE_FROM')

    if copy_from or move_from:

        content_length = get_content_length(request) # Required by the API.

        if move_from:

            try:

                src_container, src_name = split_container_object_string(move_from)

            except ValueError:

                raise BadRequest('Invalid X-Move-From header')

            copy_or_move_object(request, v_account, src_container, src_name, v_container, v_object, move=True)

        else:

            try:

                src_container, src_name = split_container_object_string(copy_from)

            except ValueError:

                raise BadRequest('Invalid X-Copy-From header')

            copy_or_move_object(request, v_account, src_container, src_name, v_container, v_object, move=False)

        return HttpResponse(status=201)

    meta, permissions, public = get_object_headers(request)

    content_length = -1

    if request.META.get('HTTP_TRANSFER_ENCODING') != 'chunked':

        content_length = get_content_length(request)

    # Should be BadRequest, but API says otherwise.

    if 'Content-Type' not in meta:

        raise LengthRequired('Missing Content-Type header')

    if request.serialization != 'text':

        data = ''

        for block in socket_read_iterator(request, content_length, backend.block_size):

            data = '%s%s' % (data, block)

        if request.serialization == 'json':

            d = json.loads(data)

            if not hasattr(d, '__getitem__'):

                raise BadRequest('Invalid data formating')

            try:

                hashmap = d['hashes']

                size = d['bytes']

            except KeyError:

                raise BadRequest('Invalid data formatting')

        elif request.serialization == 'xml':

            try:

                xml = minidom.parseString(data)

                obj = xml.getElementsByTagName('object')[0]

                size = obj.attributes['bytes'].value

                hashes = xml.getElementsByTagName('hash')

                hashmap = []

                for hash in hashes:

                    hashmap.append(hash.firstChild.data)

            except Exception:

                raise BadRequest('Invalid data formatting')

        meta.update({'hash': hashmap_hash(hashmap)}) # Update ETag.

    else:

        md5 = hashlib.md5()

        size = 0

        hashmap = []

        for data in socket_read_iterator(request, content_length, backend.block_size):

            # TODO: Raise 408 (Request Timeout) if this takes too long.

            # TODO: Raise 499 (Client Disconnect) if a length is defined and we stop before getting this much data.

            size += len(data)

            hashmap.append(backend.put_block(data))

            md5.update(data)

        meta['hash'] = md5.hexdigest().lower()

        etag = request.META.get('HTTP_ETAG')

        if etag and parse_etags(etag)[0].lower() != meta['hash']:

            raise UnprocessableEntity('Object ETag does not match')

    try:

        backend.update_object_hashmap(request.user, v_account, v_container, v_object, size, hashmap, meta, True, permissions)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except IndexError, e:

        raise Conflict(json.dumps(e.data))

    except NameError:

        raise ItemNotFound('Container does not exist')

    except ValueError:

        raise BadRequest('Invalid sharing header')

    except AttributeError, e:

        raise Conflict(json.dumps(e.data))

    if public is not None:

        try:

            backend.update_object_public(request.user, v_account, v_container, v_object, public)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Object does not exist')

    response = HttpResponse(status=201)

    response['ETag'] = meta['hash']

    return response

@api_method('POST')

def object_write_form(request, v_account, v_container, v_object):

    # Normal Response Codes: 201

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    if not request.FILES.has_key('X-Object-Data'):

        raise BadRequest('Missing X-Object-Data field')

    file = request.FILES['X-Object-Data']

    meta = {}

    meta['Content-Type'] = file.content_type

    md5 = hashlib.md5()

    size = 0

    hashmap = []

    for data in file.chunks(backend.block_size):

        size += len(data)

        hashmap.append(backend.put_block(data))

        md5.update(data)

    meta['hash'] = md5.hexdigest().lower()

    try:

        backend.update_object_hashmap(request.user, v_account, v_container, v_object, size, hashmap, meta, True)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Container does not exist')

    response = HttpResponse(status=201)

    response['ETag'] = meta['hash']

    return response

@api_method('COPY')

def object_copy(request, v_account, v_container, v_object):

    # Normal Response Codes: 201

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    dest_path = request.META.get('HTTP_DESTINATION')

    if not dest_path:

        raise BadRequest('Missing Destination header')

    try:

        dest_container, dest_name = split_container_object_string(dest_path)

    except ValueError:

        raise BadRequest('Invalid Destination header')

    # Evaluate conditions.

    if request.META.get('HTTP_IF_MATCH') or request.META.get('HTTP_IF_NONE_MATCH'):

        src_version = request.META.get('HTTP_X_SOURCE_VERSION')

        try:

            meta = backend.get_object_meta(request.user, v_account, v_container, v_object, src_version)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except (NameError, IndexError):

            raise ItemNotFound('Container or object does not exist')

        validate_matching_preconditions(request, meta)

    copy_or_move_object(request, v_account, v_container, v_object, dest_container, dest_name, move=False)

    return HttpResponse(status=201)

@api_method('MOVE')

def object_move(request, v_account, v_container, v_object):

    # Normal Response Codes: 201

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    dest_path = request.META.get('HTTP_DESTINATION')

    if not dest_path:

        raise BadRequest('Missing Destination header')

    try:

        dest_container, dest_name = split_container_object_string(dest_path)

    except ValueError:

        raise BadRequest('Invalid Destination header')

    # Evaluate conditions.

    if request.META.get('HTTP_IF_MATCH') or request.META.get('HTTP_IF_NONE_MATCH'):

        try:

            meta = backend.get_object_meta(request.user, v_account, v_container, v_object)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Container or object does not exist')

        validate_matching_preconditions(request, meta)

    copy_or_move_object(request, v_account, v_container, v_object, dest_container, dest_name, move=True)

    return HttpResponse(status=201)

@api_method('POST')

def object_update(request, v_account, v_container, v_object):

    # Normal Response Codes: 202, 204

    # Error Response Codes: serviceUnavailable (503),

    #                       conflict (409),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    meta, permissions, public = get_object_headers(request)

    content_type = meta.get('Content-Type')

    if content_type:

        del(meta['Content-Type']) # Do not allow changing the Content-Type.

    try:

        prev_meta = backend.get_object_meta(request.user, v_account, v_container, v_object)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Object does not exist')

    # Evaluate conditions.

    if request.META.get('HTTP_IF_MATCH') or request.META.get('HTTP_IF_NONE_MATCH'):

        validate_matching_preconditions(request, prev_meta)

    # If replacing, keep previous values of 'Content-Type' and 'hash'.

    replace = True

    if 'update' in request.GET:

        replace = False

    if replace:

        for k in ('Content-Type', 'hash'):

            if k in prev_meta:

                meta[k] = prev_meta[k]

    # A Content-Type or X-Source-Object header indicates data updates.

    src_object = request.META.get('HTTP_X_SOURCE_OBJECT')

    if (not content_type or content_type != 'application/octet-stream') and not src_object:

        # Do permissions first, as it may fail easier.

        if permissions is not None:

            try:

                backend.update_object_permissions(request.user, v_account, v_container, v_object, permissions)

            except NotAllowedError:

                raise Unauthorized('Access denied')

            except NameError:

                raise ItemNotFound('Object does not exist')

            except ValueError:

                raise BadRequest('Invalid sharing header')

            except AttributeError, e:

                raise Conflict(json.dumps(e.data))

        if public is not None:

            try:

                backend.update_object_public(request.user, v_account, v_container, v_object, public)

            except NotAllowedError:

                raise Unauthorized('Access denied')

            except NameError:

                raise ItemNotFound('Object does not exist')

        try:

            backend.update_object_meta(request.user, v_account, v_container, v_object, meta, replace)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Object does not exist')

        return HttpResponse(status=202)

    # Single range update. Range must be in Content-Range.

    # Based on: http://code.google.com/p/gears/wiki/ContentRangePostProposal

    # (with the addition that '*' is allowed for the range - will append).

    content_range = request.META.get('HTTP_CONTENT_RANGE')

    if not content_range:

        raise BadRequest('Missing Content-Range header')

    ranges = get_content_range(request)

    if not ranges:

        raise RangeNotSatisfiable('Invalid Content-Range header')

    try:

        size, hashmap = backend.get_object_hashmap(request.user, v_account, v_container, v_object)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Object does not exist')

    offset, length, total = ranges

    if offset is None:

        offset = size

    elif offset > size:

        raise RangeNotSatisfiable('Supplied offset is beyond object limits')

    if src_object:

        src_container, src_name = split_container_object_string(src_object)

        src_version = request.META.get('HTTP_X_SOURCE_VERSION')

        try:

            src_size, src_hashmap = backend.get_object_hashmap(request.user, v_account, src_container, src_name, src_version)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Source object does not exist')

        if length is None:

            length = src_size

        elif length > src_size:

            raise BadRequest('Object length is smaller than range length')

    else:

        # Require either a Content-Length, or 'chunked' Transfer-Encoding.

        content_length = -1

        if request.META.get('HTTP_TRANSFER_ENCODING') != 'chunked':

            content_length = get_content_length(request)

        if length is None:

            length = content_length

        else:

            if content_length == -1:

                # TODO: Get up to length bytes in chunks.

                length = content_length

            elif length != content_length:

                raise BadRequest('Content length does not match range length')

    if total is not None and (total != size or offset >= size or (length > 0 and offset + length >= size)):

        raise RangeNotSatisfiable('Supplied range will change provided object limits')

    dest_bytes = request.META.get('HTTP_X_OBJECT_BYTES')

    if dest_bytes is not None:

        dest_bytes = get_int_parameter(dest_bytes)

        if dest_bytes is None:

            raise BadRequest('Invalid X-Object-Bytes header')

    if src_object:

        if offset % backend.block_size == 0:

            # Update the hashes only.

            sbi = 0

            while length > 0:

                bi = int(offset / backend.block_size)

                bl = min(length, backend.block_size)

                if bi < len(hashmap):

                    if bl == backend.block_size:

                        hashmap[bi] = src_hashmap[sbi]

                    else:

                        data = backend.get_block(src_hashmap[sbi])

                        hashmap[bi] = backend.update_block(hashmap[bi], data[:bl], 0)

                else:

                    hashmap.append(src_hashmap[sbi])

                offset += bl

                length -= bl

                sbi += 1

        else:

            data = ''

            sbi = 0

            while length > 0:

                data += backend.get_block(src_hashmap[sbi])

                if length < backend.block_size:

                    data = data[:length]

                bytes = put_object_block(hashmap, data, offset)

                offset += bytes

                data = data[bytes:]

                length -= bytes

                sbi += 1

    else:

        data = ''

        for d in socket_read_iterator(request, length, backend.block_size):

            # TODO: Raise 408 (Request Timeout) if this takes too long.

            # TODO: Raise 499 (Client Disconnect) if a length is defined and we stop before getting this much data.

            data += d

            bytes = put_object_block(hashmap, data, offset)

            offset += bytes

            data = data[bytes:]

        if len(data) > 0:

            put_object_block(hashmap, data, offset)

    if offset > size:

        size = offset

    if dest_bytes is not None and dest_bytes < size:

        size = dest_bytes

        hashmap = hashmap[:(int((size - 1) / backend.block_size) + 1)]

    meta.update({'hash': hashmap_hash(hashmap)}) # Update ETag.

    try:

        backend.update_object_hashmap(request.user, v_account, v_container, v_object, size, hashmap, meta, replace, permissions)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Container does not exist')

    except ValueError:

        raise BadRequest('Invalid sharing header')

    except AttributeError, e:

        raise Conflict(json.dumps(e.data))

    if public is not None:

        try:

            backend.update_object_public(request.user, v_account, v_container, v_object, public)

        except NotAllowedError:

            raise Unauthorized('Access denied')

        except NameError:

            raise ItemNotFound('Object does not exist')

    response = HttpResponse(status=204)

    response['ETag'] = meta['hash']

    return response

@api_method('DELETE')

def object_delete(request, v_account, v_container, v_object):

    # Normal Response Codes: 204

    # Error Response Codes: serviceUnavailable (503),

    #                       itemNotFound (404),

    #                       unauthorized (401),

    #                       badRequest (400)

    until = get_int_parameter(request.GET.get('until'))

    try:

        backend.delete_object(request.user, v_account, v_container, v_object, until)

    except NotAllowedError:

        raise Unauthorized('Access denied')

    except NameError:

        raise ItemNotFound('Object does not exist')

    return HttpResponse(status=204)

@api_method()

def method_not_allowed(request):

    raise BadRequest('Method not allowed')