fix: 修复 stream signed 鉴权场景缺失acl account id 注入bug

Signed-off-by: changlin.shi <changlin.shi@ly.com>
12 months ago · 4b144c1940
1 changed files with 8 additions and 3 deletions
--- a/weed/s3api/s3api_object_multipart_handlers.go
+++ b/weed/s3api/s3api_object_multipart_handlers.go
@ -4,6 +4,7 @@ import (
 	"crypto/sha1"
 	"encoding/xml"
 	"fmt"
+	"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
 	"io"
 	"net/http"
 	"net/url"
@ -282,18 +283,22 @@ func (s3a *S3ApiServer) PutObjectPartHandler(w http.ResponseWriter, r *http.Requ
 	if s3a.iam.isEnabled() {
 		rAuthType := getRequestAuthType(r)
 		var s3ErrCode s3err.ErrorCode
+		var identity *Identity
 		switch rAuthType {
 		case authTypeStreamingSigned:
-			dataReader, _, s3ErrCode = s3a.iam.newSignV4ChunkedReader(r)
+			dataReader, identity, s3ErrCode = s3a.iam.newSignV4ChunkedReader(r)
 		case authTypeSignedV2, authTypePresignedV2:
-			_, s3ErrCode = s3a.iam.isReqAuthenticatedV2(r)
+			identity, s3ErrCode = s3a.iam.isReqAuthenticatedV2(r)
 		case authTypePresigned, authTypeSigned:
-			_, s3ErrCode = s3a.iam.reqSignatureV4Verify(r)
+			identity, s3ErrCode = s3a.iam.reqSignatureV4Verify(r)
 		}
 		if s3ErrCode != s3err.ErrNone {
 			s3err.WriteErrorResponse(w, r, s3ErrCode)
 			return
 		}
+		if identity.AccountId != s3account.AccountAnonymous.Id {
+			r.Header.Set(s3_constants.AmzAccountId, identity.AccountId)
+		}
 	}
 	defer dataReader.Close()