Merge pull request #582 from harshavardhana/pr_out_handle_two_different_styles_of_time_format_s3cmd_now_compatible

This commit is contained in:
Harshavardhana 2015-05-08 16:33:34 -07:00
commit ef793dcf03

View File

@ -52,11 +52,25 @@ func stripAccessKey(r *http.Request) string {
}
func getDate(req *http.Request) (time.Time, error) {
if req.Header.Get("x-amz-date") != "" {
return time.Parse(http.TimeFormat, req.Header.Get("x-amz-date"))
amzDate := req.Header.Get("X-Amz-Date")
switch {
case amzDate != "":
if _, err := time.Parse(time.RFC1123, amzDate); err == nil {
return time.Parse(time.RFC1123, amzDate)
}
if _, err := time.Parse(time.RFC1123Z, amzDate); err == nil {
return time.Parse(time.RFC1123Z, amzDate)
}
}
date := req.Header.Get("Date")
switch {
case date != "":
if _, err := time.Parse(time.RFC1123, date); err == nil {
return time.Parse(time.RFC1123, date)
}
if _, err := time.Parse(time.RFC1123Z, date); err == nil {
return time.Parse(time.RFC1123Z, date)
}
if req.Header.Get("Date") != "" {
return time.Parse(http.TimeFormat, req.Header.Get("Date"))
}
return time.Time{}, errors.New("invalid request")
}
@ -74,7 +88,7 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Verify if date headers are set, if not reject the request
if r.Header.Get("Authorization") != "" {
if r.Header.Get("x-amz-date") == "" && r.Header.Get("Date") == "" {
if r.Header.Get("X-Amz-Date") == "" && r.Header.Get("Date") == "" {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return