Browse Source

s3: add errors if requests are signed by no authentication is setup

fix https://github.com/chrislusf/seaweedfs/issues/2075
pull/2078/head
Chris Lu 4 years ago
parent
commit
431684798b
  1. 6
      weed/s3api/s3api_object_handlers.go
  2. 6
      weed/s3api/s3err/s3api_errors.go

6
weed/s3api/s3api_object_handlers.go

@ -62,6 +62,12 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request)
writeErrorResponse(w, s3ErrCode, r.URL)
return
}
} else {
rAuthType := getRequestAuthType(r)
if authTypeAnonymous != rAuthType {
writeErrorResponse(w, s3err.ErrAuthNotSetup, r.URL)
return
}
}
defer dataReader.Close()

6
weed/s3api/s3err/s3api_errors.go

@ -91,6 +91,7 @@ const (
ErrRequestNotReadyYet
ErrMissingDateHeader
ErrInvalidRequest
ErrAuthNotSetup
ErrNotImplemented
ErrExistingObjectIsDirectory
@ -341,6 +342,11 @@ var errorCodeResponse = map[ErrorCode]APIError{
Description: "Invalid Request",
HTTPStatusCode: http.StatusBadRequest,
},
ErrAuthNotSetup : {
Code: "InvalidRequest",
Description: "Signed request requires setting up SeaweedFS S3 authentication",
HTTPStatusCode: http.StatusBadRequest,
},
ErrNotImplemented: {
Code: "NotImplemented",
Description: "A header you provided implies functionality that is not implemented",

Loading…
Cancel
Save