s3api: remove redundant auth verification in getRequestDataReader (#7685)
* s3api: remove redundant auth verification in getRequestDataReader The handlers PutObjectHandler and PutObjectPartHandler are already wrapped with s3a.iam.Auth() middleware which performs signature verification via authRequest() before the handler is invoked. The signature verification for authTypeSignedV2, authTypePresignedV2, authTypePresigned, and authTypeSigned in getRequestDataReader was therefore redundant. The newChunkedReader() call for streaming auth types is kept as it's needed to parse the chunked transfer encoding and extract the actual data. Fixes #7683 * simplify switch to if statement for single condition
This commit is contained in:
Chris Lu
@@ -17,13 +17,8 @@ func getRequestDataReader(s3a *S3ApiServer, r *http.Request) (io.ReadCloser, s3e
|
|||||||
dataReader := r.Body
|
dataReader := r.Body
|
||||||
rAuthType := getRequestAuthType(r)
|
rAuthType := getRequestAuthType(r)
|
||||||
if s3a.iam.isEnabled() {
|
if s3a.iam.isEnabled() {
|
||||||
switch rAuthType {
|
if rAuthType == authTypeStreamingSigned || rAuthType == authTypeStreamingUnsigned {
|
||||||
case authTypeStreamingSigned, authTypeStreamingUnsigned:
|
|
||||||
dataReader, s3ErrCode = s3a.iam.newChunkedReader(r)
|
dataReader, s3ErrCode = s3a.iam.newChunkedReader(r)
|
||||||
case authTypeSignedV2, authTypePresignedV2:
|
|
||||||
_, s3ErrCode = s3a.iam.isReqAuthenticatedV2(r)
|
|
||||||
case authTypePresigned, authTypeSigned:
|
|
||||||
_, s3ErrCode = s3a.iam.reqSignatureV4Verify(r)
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
switch rAuthType {
|
switch rAuthType {
|
||||||
|
|||||||
Reference in New Issue
Block a user