Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

s3api: remove redundant auth verification in getRequestDataReader (#7685) 

* s3api: remove redundant auth verification in getRequestDataReader

The handlers PutObjectHandler and PutObjectPartHandler are already wrapped
with s3a.iam.Auth() middleware which performs signature verification via
authRequest() before the handler is invoked.

The signature verification for authTypeSignedV2, authTypePresignedV2,
authTypePresigned, and authTypeSigned in getRequestDataReader was therefore
redundant.

The newChunkedReader() call for streaming auth types is kept as it's needed
to parse the chunked transfer encoding and extract the actual data.

Fixes #7683

* simplify switch to if statement for single condition
pull/2932/merge
Chris Lu 3 days ago
committed by GitHub
parent
d6d893c8c3
commit
b4e2cca204
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      weed/s3api/s3api_put_object_helper.go

7
weed/s3api/s3api_put_object_helper.go
View File

@ -17,13 +17,8 @@ func getRequestDataReader(s3a *S3ApiServer, r *http.Request) (io.ReadCloser, s3e
dataReader := r.Body
rAuthType := getRequestAuthType(r)
if s3a.iam.isEnabled() {
switch rAuthType {
case authTypeStreamingSigned, authTypeStreamingUnsigned:
if rAuthType == authTypeStreamingSigned || rAuthType == authTypeStreamingUnsigned {
dataReader, s3ErrCode = s3a.iam.newChunkedReader(r)
case authTypeSignedV2, authTypePresignedV2:
_, s3ErrCode = s3a.iam.isReqAuthenticatedV2(r)
case authTypePresigned, authTypeSigned:
_, s3ErrCode = s3a.iam.reqSignatureV4Verify(r)
}
} else {
switch rAuthType {

Write Preview
Loading…
Cancel
Save