gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
49a64f50f1f67f6d69133167cc1339052d3f4c92
seaweedFS/weed/s3api/policy_engine
History
Chris Lu 8b5d31e5eb s3api/policy_engine: use forwarded client IP for aws:SourceIp (#8304) 
* s3api: honor forwarded source IP for policy conditions

Prefer X-Forwarded-For/X-Real-Ip before RemoteAddr when populating aws:SourceIp in policy condition evaluation. Also avoid noisy parsing behavior for unix socket markers and add coverage for precedence/fallback paths.\n\nFixes #8301.

* s3api: simplify remote addr parsing

* s3api: guard aws:SourceIp against DNS hosts

* s3api: simplify remote addr fallback

* s3api: simplify remote addr parsing

* Update weed/s3api/policy_engine/engine.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Fix TestExtractConditionValuesFromRequestSourceIPPrecedence using trusted private IP

* Refactor extractSourceIP to use R-to-L XFF parsing and net.IP.IsPrivate

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-02-11 12:47:03 -08:00
..
conditions.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
engine_enhanced_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
engine_isolation_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
engine_notresource_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
engine_paths_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
engine_test.go
s3api/policy_engine: use forwarded client IP for aws:SourceIp (#8304)
2026-02-11 12:47:03 -08:00
engine_variables_test.go
feat(s3api): Implement S3 Policy Variables (#8039)
2026-01-16 11:12:28 -08:00
engine.go
s3api/policy_engine: use forwarded client IP for aws:SourceIp (#8304)
2026-02-11 12:47:03 -08:00
examples.go
fix: resolve inconsistent S3 API authorization for DELETE operations (issue #7864) (#7865)
2025-12-24 10:29:30 -08:00
GOVERNANCE_PERMISSIONS.md
Add policy engine (#6970)
2025-07-13 16:21:36 -07:00
INTEGRATION_EXAMPLE.md
Add policy engine (#6970)
2025-07-13 16:21:36 -07:00
integration_test.go
fix: resolve inconsistent S3 API authorization for DELETE operations (issue #7864) (#7865)
2025-12-24 10:29:30 -08:00
integration.go
s3: enforce authentication and JSON error format for Iceberg REST Catalog (#8192)
2026-02-03 11:55:12 -08:00
POLICY_EXAMPLES.md
Add policy engine (#6970)
2025-07-13 16:21:36 -07:00
README_POLICY_ENGINE.md
s3: add s3:ExistingObjectTag condition support for bucket policies (#7677)
2025-12-09 09:48:13 -08:00
types.go
s3: allow single Statement object in policy document (#8212)
2026-02-04 16:23:20 -08:00
wildcard_matcher_test.go
Add policy engine (#6970)
2025-07-13 16:21:36 -07:00
wildcard_matcher.go
fix(s3api): correct wildcard matching (#8052)
2026-01-18 14:54:03 -08:00