MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-25 13:43:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

add missing signature v2 query params (#9670)

Browse Source
This commit is contained in:
Harshavardhana 2020-05-21 18:51:23 -07:00 committed by GitHub
parent f1f414ca59
commit d15042470e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/api-router.go
View File

@ -285,6 +285,11 @@ func registerAPIRouter(router *mux.Router, encryptionEnabled, allowSSEKMS bool)
apiRouter.Methods(http.MethodGet).Path(SlashSeparator).HandlerFunc( apiRouter.Methods(http.MethodGet).Path(SlashSeparator).HandlerFunc(
maxClients(collectAPIStats("listbuckets", httpTraceAll(api.ListBucketsHandler)))) maxClients(collectAPIStats("listbuckets", httpTraceAll(api.ListBucketsHandler))))
// S3 browser with signature v4 adds '//' for ListBuckets request, so rather
// than failing with UnknownAPIRequest we simply handle it for now.
apiRouter.Methods(http.MethodGet).Path(SlashSeparator + SlashSeparator).HandlerFunc(
maxClients(collectAPIStats("listbuckets", httpTraceAll(api.ListBucketsHandler))))
// If none of the routes match add default error handler routes // If none of the routes match add default error handler routes
apiRouter.NotFoundHandler = http.HandlerFunc(collectAPIStats("notfound", httpTraceAll(errorResponseHandler))) apiRouter.NotFoundHandler = http.HandlerFunc(collectAPIStats("notfound", httpTraceAll(errorResponseHandler)))
apiRouter.MethodNotAllowedHandler = http.HandlerFunc(collectAPIStats("methodnotallowed", httpTraceAll(errorResponseHandler))) apiRouter.MethodNotAllowedHandler = http.HandlerFunc(collectAPIStats("methodnotallowed", httpTraceAll(errorResponseHandler)))

26
cmd/signature-v2.go
View File

@ -33,19 +33,15 @@ import (
"github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/auth"
) )
// Signature and API related constants.
const (
signV2Algorithm = "AWS"
)
// AWS S3 Signature V2 calculation rule is give here:
// http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationStringToSign
// Whitelist resource list that will be used in query string for signature-V2 calculation. // Whitelist resource list that will be used in query string for signature-V2 calculation.
// The list should be alphabetically sorted //
// This list should be kept alphabetically sorted, do not hastily edit.
var resourceList = []string{ var resourceList = []string{
"acl", "acl",
"cors",
"delete", "delete",
"encryption",
"legal-hold",
"lifecycle", "lifecycle",
"location", "location",
"logging", "logging",
@ -59,6 +55,10 @@ var resourceList = []string{
"response-content-language", "response-content-language",
"response-content-type", "response-content-type",
"response-expires", "response-expires",
"retention",
"select",
"select-type",
"tagging",
"torrent", "torrent",
"uploadId", "uploadId",
"uploads", "uploads",
@ -68,6 +68,14 @@ var resourceList = []string{
"website", "website",
} }
// Signature and API related constants.
const (
signV2Algorithm = "AWS"
)
// AWS S3 Signature V2 calculation rule is give here:
// http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationStringToSign
func doesPolicySignatureV2Match(formValues http.Header) APIErrorCode { func doesPolicySignatureV2Match(formValues http.Header) APIErrorCode {
cred := globalActiveCred cred := globalActiveCred
accessKey := formValues.Get(xhttp.AmzAccessKeyID) accessKey := formValues.Get(xhttp.AmzAccessKeyID)