mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
parent
023866642c
commit
a4bdcba503
@ -53,10 +53,12 @@ func newPostPolicyBytesV4WithContentRange(credential, bucketName, objectKey stri
|
|||||||
dateConditionStr := fmt.Sprintf(`["eq", "$x-amz-date", "%s"]`, t.Format(iso8601DateFormat))
|
dateConditionStr := fmt.Sprintf(`["eq", "$x-amz-date", "%s"]`, t.Format(iso8601DateFormat))
|
||||||
// Add the credential string, only accept the credential passed.
|
// Add the credential string, only accept the credential passed.
|
||||||
credentialConditionStr := fmt.Sprintf(`["eq", "$x-amz-credential", "%s"]`, credential)
|
credentialConditionStr := fmt.Sprintf(`["eq", "$x-amz-credential", "%s"]`, credential)
|
||||||
|
// Add the meta-uuid string, set to 1234
|
||||||
|
uuidConditionStr := fmt.Sprintf(`["eq", "$x-amz-meta-uuid", "%s"]`, "1234")
|
||||||
|
|
||||||
// Combine all conditions into one string.
|
// Combine all conditions into one string.
|
||||||
conditionStr := fmt.Sprintf(`"conditions":[%s, %s, %s, %s, %s, %s]`, bucketConditionStr,
|
conditionStr := fmt.Sprintf(`"conditions":[%s, %s, %s, %s, %s, %s, %s]`, bucketConditionStr,
|
||||||
keyConditionStr, contentLengthCondStr, algorithmConditionStr, dateConditionStr, credentialConditionStr)
|
keyConditionStr, contentLengthCondStr, algorithmConditionStr, dateConditionStr, credentialConditionStr, uuidConditionStr)
|
||||||
retStr := "{"
|
retStr := "{"
|
||||||
retStr = retStr + expirationStr + ","
|
retStr = retStr + expirationStr + ","
|
||||||
retStr = retStr + conditionStr
|
retStr = retStr + conditionStr
|
||||||
@ -80,9 +82,11 @@ func newPostPolicyBytesV4(credential, bucketName, objectKey string, expiration t
|
|||||||
dateConditionStr := fmt.Sprintf(`["eq", "$x-amz-date", "%s"]`, t.Format(iso8601DateFormat))
|
dateConditionStr := fmt.Sprintf(`["eq", "$x-amz-date", "%s"]`, t.Format(iso8601DateFormat))
|
||||||
// Add the credential string, only accept the credential passed.
|
// Add the credential string, only accept the credential passed.
|
||||||
credentialConditionStr := fmt.Sprintf(`["eq", "$x-amz-credential", "%s"]`, credential)
|
credentialConditionStr := fmt.Sprintf(`["eq", "$x-amz-credential", "%s"]`, credential)
|
||||||
|
// Add the meta-uuid string, set to 1234
|
||||||
|
uuidConditionStr := fmt.Sprintf(`["eq", "$x-amz-meta-uuid", "%s"]`, "1234")
|
||||||
|
|
||||||
// Combine all conditions into one string.
|
// Combine all conditions into one string.
|
||||||
conditionStr := fmt.Sprintf(`"conditions":[%s, %s, %s, %s, %s]`, bucketConditionStr, keyConditionStr, algorithmConditionStr, dateConditionStr, credentialConditionStr)
|
conditionStr := fmt.Sprintf(`"conditions":[%s, %s, %s, %s, %s, %s]`, bucketConditionStr, keyConditionStr, algorithmConditionStr, dateConditionStr, credentialConditionStr, uuidConditionStr)
|
||||||
retStr := "{"
|
retStr := "{"
|
||||||
retStr = retStr + expirationStr + ","
|
retStr = retStr + expirationStr + ","
|
||||||
retStr = retStr + conditionStr
|
retStr = retStr + conditionStr
|
||||||
@ -261,7 +265,7 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
accessKey: credentials.AccessKey,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretKey,
|
secretKey: credentials.SecretKey,
|
||||||
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
||||||
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
|
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"],["eq", "$x-amz-meta-uuid", "1234"]]}`,
|
||||||
},
|
},
|
||||||
// Corrupted Base 64 result
|
// Corrupted Base 64 result
|
||||||
{
|
{
|
||||||
@ -457,7 +461,7 @@ func testPostPolicyBucketHandlerRedirect(obj ObjectLayer, instanceType string, t
|
|||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
|
|
||||||
dates := []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}
|
dates := []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}
|
||||||
policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL.String() + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`
|
policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL.String() + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-meta-uuid", "1234"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`
|
||||||
|
|
||||||
// Generate the final policy document
|
// Generate the final policy document
|
||||||
policy = fmt.Sprintf(policy, dates...)
|
policy = fmt.Sprintf(policy, dates...)
|
||||||
|
@ -222,6 +222,22 @@ func checkPostPolicy(formValues http.Header, postPolicyForm PostPolicyForm) erro
|
|||||||
if !postPolicyForm.Expiration.After(UTCNow()) {
|
if !postPolicyForm.Expiration.After(UTCNow()) {
|
||||||
return fmt.Errorf("Invalid according to Policy: Policy expired")
|
return fmt.Errorf("Invalid according to Policy: Policy expired")
|
||||||
}
|
}
|
||||||
|
// map to store the metadata
|
||||||
|
metaMap := make(map[string]string)
|
||||||
|
for cond, v := range postPolicyForm.Conditions.Policies {
|
||||||
|
if strings.HasPrefix(cond, "$x-amz-meta-") {
|
||||||
|
formCanonicalName := http.CanonicalHeaderKey(strings.TrimPrefix(cond, "$"))
|
||||||
|
metaMap[formCanonicalName] = v.Value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Check if any extra metadata field is passed as input
|
||||||
|
for key := range formValues {
|
||||||
|
if strings.HasPrefix(key, "X-Amz-Meta-") {
|
||||||
|
if _, ok := metaMap[key]; !ok {
|
||||||
|
return fmt.Errorf("Invalid according to Policy: Extra input fields: %s", key)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Flag to indicate if all policies conditions are satisfied
|
// Flag to indicate if all policies conditions are satisfied
|
||||||
condPassed := true
|
condPassed := true
|
||||||
|
Loading…
Reference in New Issue
Block a user