Browse Source

S3: configurable access for anonymous user

fix https://github.com/chrislusf/seaweedfs/issues/1413
random_access_file
Chris Lu 4 years ago
parent
commit
2b74abf766
  1. 16
      weed/s3api/auth_credentials.go

16
weed/s3api/auth_credentials.go

@ -107,6 +107,16 @@ func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identi
return nil, nil, false return nil, nil, false
} }
func (iam *IdentityAccessManagement) lookupAnonymous() (identity *Identity, found bool) {
for _, ident := range iam.identities {
if ident.Name == "anonymous" {
return ident, true
}
}
return nil, false
}
func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) http.HandlerFunc { func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) http.HandlerFunc {
if !iam.isEnabled() { if !iam.isEnabled() {
@ -127,6 +137,7 @@ func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) htt
func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) ErrorCode { func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) ErrorCode {
var identity *Identity var identity *Identity
var s3Err ErrorCode var s3Err ErrorCode
var found bool
switch getRequestAuthType(r) { switch getRequestAuthType(r) {
case authTypeStreamingSigned: case authTypeStreamingSigned:
return ErrNone return ErrNone
@ -146,7 +157,10 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action)
glog.V(3).Infof("jwt auth type") glog.V(3).Infof("jwt auth type")
return ErrNotImplemented return ErrNotImplemented
case authTypeAnonymous: case authTypeAnonymous:
return ErrAccessDenied
identity, found = iam.lookupAnonymous()
if !found {
return ErrAccessDenied
}
default: default:
return ErrNotImplemented return ErrNotImplemented
} }

Loading…
Cancel
Save