gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

master: Fix raft url (#7255)

Browse Source 
* fix signature

* fix url scheme
This commit is contained in:
Chris Lu
2025-09-18 14:46:53 -07:00
committed by GitHub
parent 273720ffc6
commit 07dc552e1c
3 changed files with 156 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
weed/s3api/auth_signature_v4.go
View File

@@ -216,7 +216,14 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
if forwardedPrefix := r.Header.Get("X-Forwarded-Prefix"); forwardedPrefix != "" {
// Try signature verification with the forwarded prefix first.
// This handles cases where reverse proxies strip URL prefixes and add the X-Forwarded-Prefix header.
errCode = iam.verifySignatureWithPath(extractedSignedHeaders, hashedPayload, queryStr, path.Clean(forwardedPrefix+req.URL.Path), req.Method, foundCred.SecretKey, t, signV4Values)
// Preserve trailing slash if present in the original URL path to match S3 SDK signature
fullPath := forwardedPrefix + req.URL.Path
hasTrailingSlash := strings.HasSuffix(req.URL.Path, "/") && req.URL.Path != "/"
cleanedPath := path.Clean(fullPath)
if hasTrailingSlash && !strings.HasSuffix(cleanedPath, "/") {
cleanedPath += "/"
}
errCode = iam.verifySignatureWithPath(extractedSignedHeaders, hashedPayload, queryStr, cleanedPath, req.Method, foundCred.SecretKey, t, signV4Values)
if errCode == s3err.ErrNone {
return identity, errCode
}
@@ -369,7 +376,14 @@ func (iam *IdentityAccessManagement) doesPresignedSignatureMatch(hashedPayload s
if forwardedPrefix := r.Header.Get("X-Forwarded-Prefix"); forwardedPrefix != "" {
// Try signature verification with the forwarded prefix first.
// This handles cases where reverse proxies strip URL prefixes and add the X-Forwarded-Prefix header.
errCode = iam.verifyPresignedSignatureWithPath(extractedSignedHeaders, hashedPayload, queryStr, path.Clean(forwardedPrefix+r.URL.Path), r.Method, foundCred.SecretKey, t, credHeader, signature)
// Preserve trailing slash if present in the original URL path to match S3 SDK signature
fullPath := forwardedPrefix + r.URL.Path
hasTrailingSlash := strings.HasSuffix(r.URL.Path, "/") && r.URL.Path != "/"
cleanedPath := path.Clean(fullPath)
if hasTrailingSlash && !strings.HasSuffix(cleanedPath, "/") {
cleanedPath += "/"
}
errCode = iam.verifyPresignedSignatureWithPath(extractedSignedHeaders, hashedPayload, queryStr, cleanedPath, r.Method, foundCred.SecretKey, t, credHeader, signature)
if errCode == s3err.ErrNone {
return identity, errCode
}