refactor: check HTTP method first in streaming auth checks (fail-fast)

6 days ago · 12dde3751d
1 changed files with 8 additions and 4 deletions
--- a/weed/s3api/s3api_auth.go
+++ b/weed/s3api/s3api_auth.go
@ -52,14 +52,18 @@ func isRequestPostPolicySignatureV4(r *http.Request) bool {
 // - STREAMING-AWS4-HMAC-SHA256-PAYLOAD (original)
 // - STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER (with trailing checksums)
 func isRequestSignStreamingV4(r *http.Request) bool {
+	if r.Method != http.MethodPut {
+		return false
+	}
 	contentSha256 := r.Header.Get("x-amz-content-sha256")
-	return (contentSha256 == streamingContentSHA256 || contentSha256 == streamingContentSHA256Trailer) &&
-		r.Method == http.MethodPut
+	return contentSha256 == streamingContentSHA256 || contentSha256 == streamingContentSHA256Trailer
 }

 func isRequestUnsignedStreaming(r *http.Request) bool {
-	return r.Header.Get("x-amz-content-sha256") == streamingUnsignedPayload &&
-		r.Method == http.MethodPut
+	if r.Method != http.MethodPut {
+		return false
+	}
+	return r.Header.Get("x-amz-content-sha256") == streamingUnsignedPayload
 }

 // Authorization type.