Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

address comments

pull/7398/head
chrislu 1 month ago
parent
7b5296c10f
commit
a9f58fff6c
2 changed files with 22 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      weed/s3api/auth_signature_v4.go
  2. 16
      weed/s3api/auth_signature_v4_test.go

13
weed/s3api/auth_signature_v4.go
View File

@ -595,24 +595,23 @@ func extractHostHeader(r *http.Request) string {
if forwardedHost := r.Header.Get("X-Forwarded-Host"); forwardedHost != "" { if forwardedHost := r.Header.Get("X-Forwarded-Host"); forwardedHost != "" {
// Check if X-Forwarded-Host already contains a port // Check if X-Forwarded-Host already contains a port
// This handles proxies (like Traefik, HAProxy) that include port in X-Forwarded-Host // This handles proxies (like Traefik, HAProxy) that include port in X-Forwarded-Host
_, _, err := net.SplitHostPort(forwardedHost)
if err == nil {
if _, _, err := net.SplitHostPort(forwardedHost); err == nil {
// X-Forwarded-Host already contains a port (e.g., "example.com:8443" or "[::1]:8080") // X-Forwarded-Host already contains a port (e.g., "example.com:8443" or "[::1]:8080")
// Use it as-is // Use it as-is
return forwardedHost return forwardedHost
} }
// An IPv6 address literal must be enclosed in square brackets.
if strings.Contains(forwardedHost, ":") && !strings.HasPrefix(forwardedHost, "[") {
forwardedHost = "[" + forwardedHost + "]"
}
// X-Forwarded-Host doesn't contain a port, check if X-Forwarded-Port is provided // X-Forwarded-Host doesn't contain a port, check if X-Forwarded-Port is provided
if forwardedPort := r.Header.Get("X-Forwarded-Port"); forwardedPort != "" { if forwardedPort := r.Header.Get("X-Forwarded-Port"); forwardedPort != "" {
// Determine the protocol to check for standard ports // Determine the protocol to check for standard ports
proto := strings.ToLower(r.Header.Get("X-Forwarded-Proto")) proto := strings.ToLower(r.Header.Get("X-Forwarded-Proto"))
// Only add port if it's not the standard port for the protocol // Only add port if it's not the standard port for the protocol
if (proto == "https" && forwardedPort != "443") || (proto != "https" && forwardedPort != "80") { if (proto == "https" && forwardedPort != "443") || (proto != "https" && forwardedPort != "80") {
// Handle IPv6 addresses: wrap in brackets if needed
if strings.Contains(forwardedHost, ":") && !strings.HasPrefix(forwardedHost, "[") {
// This is an IPv6 address without brackets
return "[" + forwardedHost + "]:" + forwardedPort
}
return forwardedHost + ":" + forwardedPort return forwardedHost + ":" + forwardedPort
} }
} }

16
weed/s3api/auth_signature_v4_test.go
View File

@ -191,6 +191,22 @@ func TestExtractHostHeader(t *testing.T) {
forwardedProto: "http", forwardedProto: "http",
expected: "[::1]:8080", expected: "[::1]:8080",
}, },
{
name: "IPv6 address without brackets and standard port, should return bracketed IPv6",
hostHeader: "backend:8333",
forwardedHost: "::1",
forwardedPort: "80",
forwardedProto: "http",
expected: "[::1]",
},
{
name: "IPv6 address without brackets and standard HTTPS port, should return bracketed IPv6",
hostHeader: "backend:8333",
forwardedHost: "2001:db8::1",
forwardedPort: "443",
forwardedProto: "https",
expected: "[2001:db8::1]",
},
{ {
name: "IPv6 address with brackets but no port, should add port", name: "IPv6 address with brackets but no port, should add port",
hostHeader: "backend:8333", hostHeader: "backend:8333",

Write Preview
Loading…
Cancel
Save