From 12dde3751da69b1a9406a2cd0b3ce9613744bddf Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Thu, 4 Dec 2025 14:01:16 -0800
Subject: [PATCH] refactor: check HTTP method first in streaming auth checks
 (fail-fast)

---
 weed/s3api/s3api_auth.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/weed/s3api/s3api_auth.go b/weed/s3api/s3api_auth.go
index 95c195d49..5592fe939 100644
--- a/weed/s3api/s3api_auth.go
+++ b/weed/s3api/s3api_auth.go
@@ -52,14 +52,18 @@ func isRequestPostPolicySignatureV4(r *http.Request) bool {
 // - STREAMING-AWS4-HMAC-SHA256-PAYLOAD (original)
 // - STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER (with trailing checksums)
 func isRequestSignStreamingV4(r *http.Request) bool {
+	if r.Method != http.MethodPut {
+		return false
+	}
 	contentSha256 := r.Header.Get("x-amz-content-sha256")
-	return (contentSha256 == streamingContentSHA256 || contentSha256 == streamingContentSHA256Trailer) &&
-		r.Method == http.MethodPut
+	return contentSha256 == streamingContentSHA256 || contentSha256 == streamingContentSHA256Trailer
 }
 
 func isRequestUnsignedStreaming(r *http.Request) bool {
-	return r.Header.Get("x-amz-content-sha256") == streamingUnsignedPayload &&
-		r.Method == http.MethodPut
+	if r.Method != http.MethodPut {
+		return false
+	}
+	return r.Header.Get("x-amz-content-sha256") == streamingUnsignedPayload
 }
 
 // Authorization type.