seaweedFS

Files

Chris Lu 8b5d31e5eb s3api/policy_engine: use forwarded client IP for aws:SourceIp (#8304 )

* s3api: honor forwarded source IP for policy conditions

Prefer X-Forwarded-For/X-Real-Ip before RemoteAddr when populating aws:SourceIp in policy condition evaluation. Also avoid noisy parsing behavior for unix socket markers and add coverage for precedence/fallback paths.\n\nFixes #8301.

* s3api: simplify remote addr parsing

* s3api: guard aws:SourceIp against DNS hosts

* s3api: simplify remote addr fallback

* s3api: simplify remote addr parsing

* Update weed/s3api/policy_engine/engine.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Fix TestExtractConditionValuesFromRequestSourceIPPrecedence using trusted private IP

* Refactor extractSourceIP to use R-to-L XFF parsing and net.IP.IsPrivate

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

2026-02-11 12:47:03 -08:00

conditions.go

feat(s3api): Implement S3 Policy Variables (#8039 )

2026-01-16 11:12:28 -08:00

engine_enhanced_test.go

feat(s3api): Implement S3 Policy Variables (#8039 )

2026-01-16 11:12:28 -08:00

engine_isolation_test.go

feat(s3api): Implement S3 Policy Variables (#8039 )

2026-01-16 11:12:28 -08:00

engine_notresource_test.go

feat(s3api): Implement S3 Policy Variables (#8039 )