add more func; dep update

2025-12-24 12:58:04 +08:00 · 2022-10-27 11:37:30 +00:00
parent 4a3b2e85d9
commit c88933c84e
7 changed files with 47 additions and 30 deletions
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/Mikubill/gofakes3
 go 1.17

 require (
-	github.com/aws/aws-sdk-go v1.44.121
+	github.com/aws/aws-sdk-go v1.44.124
 	github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46
 	github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500
 	github.com/stretchr/testify v1.8.0
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
 github.com/aws/aws-sdk-go v1.44.121 h1:ahBRUqUp4qLyGmSM5KKn+TVpZkRmtuLxTWw+6Hq/ebs=
 github.com/aws/aws-sdk-go v1.44.121/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.124 h1:Xe1WQRUUekZf6ZFm3SD0vplB/AP/hymVqMiRS9LQRIs=
+github.com/aws/aws-sdk-go v1.44.124/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
--- a/gofakes3.go
+++ b/gofakes3.go
@@ -89,14 +89,23 @@ func (g *GoFakeS3) Server() http.Handler {
 		handler = g.hostBucketMiddleware(handler)
 	}

-	if len(g.v4AuthPair) > 0 {
-		signature.LoadKeys(g.v4AuthPair)
-		handler = g.hostBucketMiddleware(handler)
-	}
-
 	return handler
 }

+func (g *GoFakeS3) AddAuthKeys(p map[string]string) {
+	for k, v := range p {
+		g.v4AuthPair[k] = v
+	}
+	signature.StoreKeys(g.v4AuthPair)
+}
+
+func (g *GoFakeS3) DelAuthKeys(p []string) {
+	for _, v := range p {
+		delete(g.v4AuthPair, v)
+	}
+	signature.ReloadKeys(g.v4AuthPair)
+}
+
 func (g *GoFakeS3) timeSkewMiddleware(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, rq *http.Request) {
 		timeHdr := rq.Header.Get("x-amz-date")
@@ -116,22 +125,6 @@ func (g *GoFakeS3) timeSkewMiddleware(handler http.Handler) http.Handler {
 	})
 }

-func (g *GoFakeS3) v4AuthMiddleware(handler http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, rq *http.Request) {
-		if result := signature.Verify(rq); result != signature.ErrNone {
-			g.log.Print(LogWarn, "Access Denied:", rq.RemoteAddr, "=>", rq.URL)
-
-			resp := signature.GetAPIError(result)
-			w.WriteHeader(resp.HTTPStatusCode)
-			w.Header().Add("content-type", "application/xml")
-			_, _ = w.Write(signature.EncodeAPIErrorToResponse(resp))
-			return
-		}
-
-		handler.ServeHTTP(w, rq)
-	})
-}
-
 // hostBucketMiddleware forces the server to use VirtualHost-style bucket URLs:
 // https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html
 func (g *GoFakeS3) hostBucketMiddleware(handler http.Handler) http.Handler {
--- a/routing.go
+++ b/routing.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"net/http"
 	"strings"
+
+	"github.com/Mikubill/gofakes3/signature"
 )

 // routeBase is a http.HandlerFunc that dispatches top level routes for
@@ -35,6 +37,18 @@ func (g *GoFakeS3) routeBase(w http.ResponseWriter, r *http.Request) {
 	hdr.Set("x-amz-request-id", id)
 	hdr.Set("Server", "AmazonS3")

+	if len(g.v4AuthPair) > 0 {
+		if result := signature.V4SignVerify(r); result != signature.ErrNone {
+			g.log.Print(LogWarn, "Access Denied:", r.RemoteAddr, "=>", r.URL)
+
+			resp := signature.GetAPIError(result)
+			w.WriteHeader(resp.HTTPStatusCode)
+			w.Header().Add("content-type", "application/xml")
+			_, _ = w.Write(signature.EncodeAPIErrorToResponse(resp))
+			return
+		}
+	}
+
 	if len(parts) == 2 {
 		object = parts[1]
 	}
--- a/signature/signature-v4.go
+++ b/signature/signature-v4.go
@@ -126,11 +126,11 @@ func getSigningKey(secretKey string, t time.Time, region string) []byte {
 	return signingKey
 }

-// Verify - Verify authorization header with calculated header in accordance with
+// V4SignVerify - Verify authorization header with calculated header in accordance with
 //   - http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
 //
 // returns nil if signature matches.
-func Verify(r *http.Request) ErrorCode {
+func V4SignVerify(r *http.Request) ErrorCode {
 	// Copy request.
 	req := *r
 	hashedPayload := getContentSha256Cksum(r)
--- a/signature/signature-v4_test.go
+++ b/signature/signature-v4_test.go
@@ -45,7 +45,7 @@ func TestSignatureMatch(t *testing.T) {
 	region := RandString(16)

 	credentials := credentials.NewStaticCredentials(ak, sk, "")
-	signature.LoadKeys(map[string]string{ak: sk})
+	signature.ReloadKeys(map[string]string{ak: sk})
 	signer := v4.NewSigner(credentials)

 	req, err := http.NewRequest(http.MethodPost, "https://s3-endpoint.exmaple.com/", Body)
@@ -58,7 +58,7 @@ func TestSignatureMatch(t *testing.T) {
 		t.Error(err)
 	}

-	if result := signature.Verify(req); result != signature.ErrNone {
+	if result := signature.V4SignVerify(req); result != signature.ErrNone {
 		t.Error(fmt.Errorf("invalid result: expect none but got %+v", signature.GetAPIError(result)))
 	}
 }
--- a/signature/utils.go
+++ b/signature/utils.go
@@ -27,10 +27,8 @@ func checkKeyValid(r *http.Request, accessKey string) (Credentials, bool, ErrorC
 	return u.(Credentials), true, ErrNone
 }

-// LoadKeys parse and load accessKey-secretKey pair from user input
-//
-// example: abc123abc123-ac8bef6aaccd
-func LoadKeys(pairs map[string]string) {
+// LoadKeys parse and store accessKey-secretKey pair
+func StoreKeys(pairs map[string]string) {
 	for accessKey, secretKey := range pairs {
 		credStore.Store(accessKey, Credentials{
 			AccessKey: accessKey,
@@ -39,6 +37,16 @@ func LoadKeys(pairs map[string]string) {
 	}
 }

+func ReloadKeys(pairs map[string]string) {
+	credStore.Range(func(key, value interface{}) bool {
+		if _, ok := pairs[key.(string)]; !ok {
+			credStore.Delete(key)
+		}
+		return true
+	})
+	StoreKeys(pairs)
+}
+
 func sumHMAC(key []byte, data []byte) []byte {
 	hash := hmac.New(sha256.New, key)
 	hash.Write(data)