Fix checksum validation for unsigned streaming uploads

- Always validate checksum for data integrity regardless of signing
- Correct checksum value in test case
- Addresses PR review feedback about checksum verification

weed/s3api/chunked_bug_reproduction_test.go

@@ -20,7 +20,7 @@ func TestChunkedEncodingMixedFormat(t *testing.T) {
 	mixedFormatPayload := "c;chunk-signature=347f6c62acd95b7c6ae18648776024a9e8cd6151184a5e777ea8e1d9b4e45b3c\r\n" +
 		"hello world\n\r\n" +
 		"0;chunk-signature=1a99b7790b8db0f4bfc048c8802056c3179d561e40c073167e79db5f1a6af4b2\r\n" +
-		"x-amz-checksum-crc32:rhg7LQ==\r\n" +
+		"x-amz-checksum-crc32:rwg7LQ==\r\n" +
 		"\r\n"
 
 	// Create HTTP request with unsigned streaming headers

weed/s3api/chunked_reader_v4.go

@@ -320,15 +320,13 @@ func (cr *s3ChunkedReader) Read(buf []byte) (n int, err error) {
 				return 0, cr.err
 			}
 
-			// Check checksum only for signed streaming
-			if cr.cred != nil {
-				computedChecksum := cr.checkSumWriter.Sum(nil)
-				base64Checksum := base64.StdEncoding.EncodeToString(computedChecksum)
-				if string(extractedChecksum) != base64Checksum {
-					glog.V(3).Infof("payload checksum '%s' does not match provided checksum '%s'", base64Checksum, string(extractedChecksum))
-					cr.err = errors.New(s3err.ErrMsgPayloadChecksumMismatch)
-					return 0, cr.err
-				}
+			// Validate checksum for data integrity (required for both signed and unsigned streaming with trailers)
+			computedChecksum := cr.checkSumWriter.Sum(nil)
+			base64Checksum := base64.StdEncoding.EncodeToString(computedChecksum)
+			if string(extractedChecksum) != base64Checksum {
+				glog.V(3).Infof("payload checksum '%s' does not match provided checksum '%s'", base64Checksum, string(extractedChecksum))
+				cr.err = errors.New(s3err.ErrMsgPayloadChecksumMismatch)
+				return 0, cr.err
 			}
 
 			// TODO: Extract signature from trailer chunk and verify it.