gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

s3tables: harden auth and error handling

Browse Source 
- Add authorization checks to all S3 Tables handlers (policy, table ops) to enforce security
- Improve error handling to distinguish between NotFound (404) and InternalError (500)
- Fix directory FileMode usage in filer_ops
- Improve test randomness for version tokens
- Update permissions comments to acknowledge IAM gaps
This commit is contained in:
Chris Lu
2026-01-28 11:49:57 -08:00
parent a3af5eb77a
commit dc4c62e742
4 changed files with 122 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
weed/s3api/s3tables/permissions.go
View File

@@ -94,6 +94,7 @@ func CheckPermission(operation, principal, owner string) bool {
// For now, only the owner can perform operations
// This can be extended to support more granular permissions via policies
// TODO: Integrate with full IAM policy evaluation
return false
}
@@ -181,8 +182,10 @@ func ExtractPrincipalFromContext(contextID string) string {
}
}
// Extract from context, e.g., "user123" or "account-id"
// Extract from context, e.g., "user123" or "account-id"
// This is a simplified version - in production, this would parse AWS auth headers
// TODO: Parse AWS Signature V4 identity or mTLS identity
if strings.Contains(contextID, ":") {
parts := strings.Split(contextID, ":")
return parts[0]