From 6719b6e7ac1748484bfb3b26c16d3e5563da32a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=B2=A1=E6=9C=89=E5=B0=8F=E5=90=8D=E7=9A=84=E6=9B=B2?=
 <951012707@qq.com>
Date: Sun, 16 Nov 2025 10:21:02 +0800
Subject: [PATCH] fix(s3api): simply comparing signatures

---
 weed/s3api/auth_signature_v2.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/weed/s3api/auth_signature_v2.go b/weed/s3api/auth_signature_v2.go
index 7af400bc8..fb659db0f 100644
--- a/weed/s3api/auth_signature_v2.go
+++ b/weed/s3api/auth_signature_v2.go
@@ -117,7 +117,15 @@ func (iam *IdentityAccessManagement) doesSignV2Match(r *http.Request) (*Identity
 	}
 
 	expectedAuth := signatureV2(cred, r.Method, r.URL.Path, r.URL.Query().Encode(), r.Header)
-	if v2Auth != expectedAuth {
+	v2Signature := ""
+	expectedV2Signature := ""
+	if idx := strings.LastIndex(v2Auth, ":"); idx != -1 {
+		v2Signature = v2Auth[idx+1:]
+	}
+	if idx := strings.LastIndex(expectedAuth, ":"); idx != -1 {
+		expectedV2Signature = expectedAuth[idx+1:]
+	}
+	if !compareSignatureV2(v2Signature, expectedV2Signature) {
 		return nil, s3err.ErrSignatureDoesNotMatch
 	}
 	return identity, s3err.ErrNone