From 0a4761269d0fca30e4e319baefca0bfe2441e48c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=B2=A1=E6=9C=89=E5=B0=8F=E5=90=8D=E7=9A=84=E6=9B=B2?=
 <951012707@qq.com>
Date: Sat, 15 Nov 2025 22:51:21 +0800
Subject: [PATCH] fix(s3api): fix AWS Signature V2 format and validation

---
 weed/s3api/auth_signature_v2.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/weed/s3api/auth_signature_v2.go b/weed/s3api/auth_signature_v2.go
index b31c37a27..d204d3971 100644
--- a/weed/s3api/auth_signature_v2.go
+++ b/weed/s3api/auth_signature_v2.go
@@ -117,7 +117,7 @@ func (iam *IdentityAccessManagement) doesSignV2Match(r *http.Request) (*Identity
 	}
 
 	expectedAuth := signatureV2(cred, r.Method, r.URL.Path, r.URL.Query().Encode(), r.Header)
-	if !compareSignatureV2(v2Auth, expectedAuth) {
+	if v2Auth != expectedAuth {
 		return nil, s3err.ErrSignatureDoesNotMatch
 	}
 	return identity, s3err.ErrNone
@@ -194,14 +194,14 @@ func validateV2AuthHeader(v2Auth string) (accessKey string, errCode s3err.ErrorC
 		return "", s3err.ErrMissingFields
 	}
 
-	return authFields[0], s3err.ErrNone
+	return strings.TrimLeft(authFields[0], " "), s3err.ErrNone
 }
 
 // signatureV2 - calculates signature version 2 for request.
 func signatureV2(cred *Credential, method string, encodedResource string, encodedQuery string, headers http.Header) string {
 	stringToSign := getStringToSignV2(method, encodedResource, encodedQuery, headers, "")
 	signature := calculateSignatureV2(stringToSign, cred.SecretKey)
-	return signV2Algorithm + cred.AccessKey + ":" + signature
+	return signV2Algorithm + " " + cred.AccessKey + ":" + signature
 }
 
 // getStringToSignV2 - string to sign in accordance with