add missing validate access keys after being extracted from AuthHeader

2025-11-20 09:56:07 -05:00 · 2015-05-21 19:20:23 -07:00
parent 138288f788
commit e11f9110b6
2 changed files with 19 additions and 19 deletions
--- a/pkg/api/api_generic_handlers.go
+++ b/pkg/api/api_generic_handlers.go
@@ -23,6 +23,7 @@ import (
 	"time"

 	"github.com/minio/minio/pkg/api/config"
+	"github.com/minio/minio/pkg/utils/crypto/keys"
 )

 type contentTypeHandler struct {
@@ -78,6 +79,9 @@ func stripAuth(r *http.Request) (*auth, error) {
 	a.signedheaders = strings.Split(signedheaders, "=")[1]
 	a.signature = strings.Split(signature, "=")[1]
 	a.accessKey = strings.Split(a.credential, "/")[0]
+	if !keys.IsValidAccessKey(a.accessKey) {
+		return nil, errors.New("Invalid access key")
+	}
 	return a, nil
 }