diff --git a/weed/s3api/s3api_object_handlers.go b/weed/s3api/s3api_object_handlers.go index a8dc34b54..370429106 100644 --- a/weed/s3api/s3api_object_handlers.go +++ b/weed/s3api/s3api_object_handlers.go @@ -62,6 +62,12 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request) writeErrorResponse(w, s3ErrCode, r.URL) return } + } else { + rAuthType := getRequestAuthType(r) + if authTypeAnonymous != rAuthType { + writeErrorResponse(w, s3err.ErrAuthNotSetup, r.URL) + return + } } defer dataReader.Close() diff --git a/weed/s3api/s3err/s3api_errors.go b/weed/s3api/s3err/s3api_errors.go index 877c39a52..258f21523 100644 --- a/weed/s3api/s3err/s3api_errors.go +++ b/weed/s3api/s3err/s3api_errors.go @@ -91,6 +91,7 @@ const ( ErrRequestNotReadyYet ErrMissingDateHeader ErrInvalidRequest + ErrAuthNotSetup ErrNotImplemented ErrExistingObjectIsDirectory @@ -341,6 +342,11 @@ var errorCodeResponse = map[ErrorCode]APIError{ Description: "Invalid Request", HTTPStatusCode: http.StatusBadRequest, }, + ErrAuthNotSetup : { + Code: "InvalidRequest", + Description: "Signed request requires setting up SeaweedFS S3 authentication", + HTTPStatusCode: http.StatusBadRequest, + }, ErrNotImplemented: { Code: "NotImplemented", Description: "A header you provided implies functionality that is not implemented",