Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'master' into fix/masterclient-vidmap-race-condition

pull/7412/head
chrislu 1 month ago
parent
49eddce431 9f07bca9cc
commit
95e00ab72e
3 changed files with 20 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      weed/s3api/auth_signature_v4.go
  2. 12
      weed/s3api/auth_signature_v4_test.go
  3. 12
      weed/s3api/auto_signature_v4_test.go

11
weed/s3api/auth_signature_v4.go
View File

@ -648,9 +648,14 @@ func extractHostHeader(r *http.Request) string {
return net.JoinHostPort(host, port) return net.JoinHostPort(host, port)
} }
// No port or default port, just ensure host is correctly formatted (IPv6 brackets).
if strings.Contains(host, ":") && !strings.HasPrefix(host, "[") {
return "[" + host + "]"
// No port or default port was stripped. According to AWS SDK behavior (aws-sdk-go-v2),
// when a default port is removed from an IPv6 address, the brackets should also be removed.
// This matches AWS S3 signature calculation requirements.
// Reference: https://github.com/aws/aws-sdk-go-v2/blob/main/aws/signer/internal/v4/host.go
// The stripPort function returns IPv6 without brackets when port is stripped.
if strings.Contains(host, ":") {
// This is an IPv6 address. Strip brackets to match AWS SDK behavior.
return strings.Trim(host, "[]")
} }
return host return host
} }

12
weed/s3api/auth_signature_v4_test.go
View File

@ -192,20 +192,20 @@ func TestExtractHostHeader(t *testing.T) {
expected: "[::1]:8080", expected: "[::1]:8080",
}, },
{ {
name: "IPv6 address without brackets and standard port, should return bracketed IPv6",
name: "IPv6 address without brackets and standard port, should strip brackets per AWS SDK",
hostHeader: "backend:8333", hostHeader: "backend:8333",
forwardedHost: "::1", forwardedHost: "::1",
forwardedPort: "80", forwardedPort: "80",
forwardedProto: "http", forwardedProto: "http",
expected: "[::1]",
expected: "::1",
}, },
{ {
name: "IPv6 address without brackets and standard HTTPS port, should return bracketed IPv6",
name: "IPv6 address without brackets and standard HTTPS port, should strip brackets per AWS SDK",
hostHeader: "backend:8333", hostHeader: "backend:8333",
forwardedHost: "2001:db8::1", forwardedHost: "2001:db8::1",
forwardedPort: "443", forwardedPort: "443",
forwardedProto: "https", forwardedProto: "https",
expected: "[2001:db8::1]",
expected: "2001:db8::1",
}, },
{ {
name: "IPv6 address with brackets but no port, should add port", name: "IPv6 address with brackets but no port, should add port",
@ -216,12 +216,12 @@ func TestExtractHostHeader(t *testing.T) {
expected: "[2001:db8::1]:8080", expected: "[2001:db8::1]:8080",
}, },
{ {
name: "IPv6 full address with brackets and default port (should strip port)",
name: "IPv6 full address with brackets and default port (should strip port and brackets)",
hostHeader: "backend:8333", hostHeader: "backend:8333",
forwardedHost: "[2001:db8:85a3::8a2e:370:7334]:443", forwardedHost: "[2001:db8:85a3::8a2e:370:7334]:443",
forwardedPort: "443", forwardedPort: "443",
forwardedProto: "https", forwardedProto: "https",
expected: "[2001:db8:85a3::8a2e:370:7334]",
expected: "2001:db8:85a3::8a2e:370:7334",
}, },
{ {
name: "IPv4-mapped IPv6 address without brackets, should add brackets with port", name: "IPv4-mapped IPv6 address without brackets, should add brackets with port",

12
weed/s3api/auto_signature_v4_test.go
View File

@ -451,25 +451,25 @@ func TestSignatureV4WithoutProxy(t *testing.T) {
name: "IPv6 HTTP with standard port", name: "IPv6 HTTP with standard port",
host: "[::1]:80", host: "[::1]:80",
proto: "http", proto: "http",
expectedHost: "[::1]",
expectedHost: "::1",
}, },
{ {
name: "IPv6 HTTPS with standard port", name: "IPv6 HTTPS with standard port",
host: "[::1]:443", host: "[::1]:443",
proto: "https", proto: "https",
expectedHost: "[::1]",
expectedHost: "::1",
}, },
{ {
name: "IPv6 HTTP without port", name: "IPv6 HTTP without port",
host: "::1", host: "::1",
proto: "http", proto: "http",
expectedHost: "[::1]",
expectedHost: "::1",
}, },
{ {
name: "IPv6 HTTPS without port", name: "IPv6 HTTPS without port",
host: "::1", host: "::1",
proto: "https", proto: "https",
expectedHost: "[::1]",
expectedHost: "::1",
}, },
} }
@ -608,7 +608,7 @@ func TestSignatureV4WithForwardedPort(t *testing.T) {
forwardedHost: "[::1]:443", forwardedHost: "[::1]:443",
forwardedPort: "443", forwardedPort: "443",
forwardedProto: "https", forwardedProto: "https",
expectedHost: "[::1]",
expectedHost: "::1",
}, },
{ {
name: "IPv6 X-Forwarded-Host with standard http port already included (Traefik/HAProxy style)", name: "IPv6 X-Forwarded-Host with standard http port already included (Traefik/HAProxy style)",
@ -616,7 +616,7 @@ func TestSignatureV4WithForwardedPort(t *testing.T) {
forwardedHost: "[::1]:80", forwardedHost: "[::1]:80",
forwardedPort: "80", forwardedPort: "80",
forwardedProto: "http", forwardedProto: "http",
expectedHost: "[::1]",
expectedHost: "::1",
}, },
{ {
name: "IPv6 with port in brackets", name: "IPv6 with port in brackets",

Write Preview
Loading…
Cancel
Save