"github.com/minio/pkg/v3/policy"
)

func (api objectAPIHandlers) ListenNotificationHandler(w http.ResponseWriter, r *http.Request) {
	ctx := newContext(r, w, "ListenNotification")

	defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))

	// Validate if bucket exists.
	objAPI := api.ObjectAPI()
	if objAPI == nil {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL)
		return
	}

				}

				// All our internal APIs are sensitive towards Date
				// header, for all requests where Date header is not
				// present we will reject such clients.
				defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
				writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(errCode), r.URL)
				atomic.AddUint64(&globalHTTPStats.rejectedRequestsTime, 1)
				return
			}

// handlers:
//
// - updates request context with `logger.ReqInfo` and api name based on the
// name of the function handler passed (this handler must be a method of
// `adminAPIHandlers`).
//
// - sets up call to send AuditLog
//
// While this is a middleware function (i.e. it takes a handler function and
// returns one), due to flags being passed based on required conditions, it is
// done per-"handler function registration" in the router.
//

	return func(w http.ResponseWriter, r *http.Request) {
		resource, err := getResource(r.URL.Path, r.Host, globalDomainNames)
		if err != nil {
			defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))

			apiErr := errorCodes.ToAPIErr(ErrUnsupportedHostHeader)
			apiErr.Description = fmt.Sprintf("%s: %v", apiErr.Description, err)

	// set during decommissioning.
	if reqInfo := logger.GetReqInfo(ctx); reqInfo != nil {
		reqInfo.PopulateTagsMap(opts.Tags)
	}
	ctx = logger.SetAuditEntry(ctx, &entry)
	logger.AuditLog(ctx, nil, nil, nil)
}

func newTLSConfig(getCert certs.GetCertificateFunc) *tls.Config {
	if getCert == nil {
		return nil
	}

	tlsConfig := &tls.Config{
		PreferServerCipherSuites: true,

			VersionID:    objInfo.VersionID,
			UserDefined:  objInfo.UserDefined,
			NoAuditLog:   true,
			SrcPoolIdx:   idx,
			DataMovement: true,
		})
		if err != nil {
			return fmt.Errorf("decommissionObject: NewMultipartUpload() %w", err)
		}
		defer z.AbortMultipartUpload(ctx, bucket, objInfo.Name, res.UploadID, ObjectOptions{NoAuditLog: true})
		parts := make([]CompletePart, len(objInfo.Parts))

			VersionID:    oi.VersionID,
			UserDefined:  oi.UserDefined,
			NoAuditLog:   true,
			DataMovement: true,
			SrcPoolIdx:   poolIdx,
		})
		if err != nil {
			return fmt.Errorf("rebalanceObject: NewMultipartUpload() %w", err)
		}
		defer z.AbortMultipartUpload(ctx, bucket, oi.Name, res.UploadID, ObjectOptions{NoAuditLog: true})

		parts := make([]CompletePart, len(oi.Parts))

		[]MetricDescriptor{
			webhookFailedMessagesMD,
			webhookQueueLengthMD,
			webhookTotalMessagesMD,
		},
		loadLoggerWebhookMetrics,
	)

	auditMG := NewMetricsGroup(auditCollectorPath,
		[]MetricDescriptor{
			auditFailedMessagesMD,
			auditTargetQueueLengthMD,
			auditTotalMessagesMD,
		},
		loadAuditMetrics,
	)

//
// Implements S3 compatible initiate multipart API.
func (er erasureObjects) NewMultipartUpload(ctx context.Context, bucket, object string, opts ObjectOptions) (*NewMultipartUploadResult, error) {
	if !opts.NoAuditLog {
		auditObjectErasureSet(ctx, "NewMultipartUpload", object, &er)
	}

	return er.newMultipartUpload(ctx, bucket, object, opts)
}

	if lrw.ttfbBody != 0 {
		return lrw.ttfbBody
	}
	return lrw.ttfbHeader
}

// NewResponseRecorder - returns a wrapped response writer to trap
// http status codes for auditing purposes.
func NewResponseRecorder(w http.ResponseWriter) *ResponseRecorder {
	rf, _ := w.(io.ReaderFrom)
	return &ResponseRecorder{
		ResponseWriter: w,
		ReaderFrom:     rf,
		StatusCode:     http.StatusOK,