projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f904db)
16535: Trial support for V4 S3 signatures.
authorTom Clegg <tom@tomclegg.ca>
Tue, 28 Jul 2020 20:13:50 +0000 (16:13 -0400)
committerTom Clegg <tom@tomclegg.ca>
Tue, 28 Jul 2020 20:13:50 +0000 (16:13 -0400)
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>

services/keep-web/s3.go patch | blob | history

diff --git a/services/keep-web/s3.go b/services/keep-web/s3.go
index 796e95cb615dd67baed4112dd5fc8ca68bfcb233..8bda2eac504a97835f677cd09219498865f90f72 100644 (file)
--- a/services/keep-web/s3.go
+++ b/services/keep-web/s3.go
@@ -33,9 +33,22 @@ func (h *handler) serveS3(w http.ResponseWriter, r *http.Request) bool {
                }
                token = split[0]
        } else if strings.HasPrefix(auth, "AWS4-HMAC-SHA256 ") {
-               w.WriteHeader(http.StatusBadRequest)
-               fmt.Println(w, "V4 signature is not supported")
-               return true
+               for _, cmpt := range strings.Split(auth[17:], ",") {
+                       cmpt = strings.TrimSpace(cmpt)
+                       split := strings.SplitN(cmpt, "=", 2)
+                       if len(split) == 2 && split[0] == "Credential" {
+                               keyandscope := strings.Split(split[1], "/")
+                               if len(keyandscope[0]) > 0 {
+                                       token = keyandscope[0]
+                                       break
+                               }
+                       }
+               }
+               if token == "" {
+                       w.WriteHeader(http.StatusBadRequest)
+                       fmt.Println(w, "invalid V4 signature")
+                       return true
+               }
        } else {
                return false
        }