kopia lustrzana https://github.com/gaul/s3proxy
Add expiration to query string authorization
Also repair support for query string authorization, regression from
d74a409.
pull/16/head
Andrew Gaul
rodzic
84bfb27d66
commit
ce3d7edad3
|
|
@ -151,19 +151,38 @@ final class S3ProxyHandler extends AbstractHandler {
|
||||||
identity, credential);
|
identity, credential);
|
||||||
String headerAuthorization = request.getHeader(
|
String headerAuthorization = request.getHeader(
|
||||||
HttpHeaders.AUTHORIZATION);
|
HttpHeaders.AUTHORIZATION);
|
||||||
if (headerAuthorization == null) {
|
String parameterSignature = request.getParameter("Signature");
|
||||||
sendSimpleErrorResponse(response, S3ErrorCode.ACCESS_DENIED);
|
if (headerAuthorization != null) {
|
||||||
baseRequest.setHandled(true);
|
if (!expectedAuthorization.equals(headerAuthorization)) {
|
||||||
return;
|
sendSimpleErrorResponse(response,
|
||||||
}
|
S3ErrorCode.SIGNATURE_DOES_NOT_MATCH);
|
||||||
|
baseRequest.setHandled(true);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else if (parameterSignature != null) {
|
||||||
|
String queryStringAuthorization = "AWS " +
|
||||||
|
request.getParameter("AWSAccessKeyId") + ":" +
|
||||||
|
parameterSignature;
|
||||||
|
if (!expectedAuthorization.equals(queryStringAuthorization)) {
|
||||||
|
sendSimpleErrorResponse(response,
|
||||||
|
S3ErrorCode.SIGNATURE_DOES_NOT_MATCH);
|
||||||
|
baseRequest.setHandled(true);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
String queryStringAuthorization = "AWS " +
|
String expiresString = request.getParameter("Expires");
|
||||||
request.getParameter("AWSAccessKeyId") + ":" +
|
if (expiresString != null) {
|
||||||
request.getParameter("Signature");
|
long expires = Long.parseLong(expiresString);
|
||||||
if (!expectedAuthorization.equals(headerAuthorization) &&
|
long nowSeconds = System.currentTimeMillis() / 1000;
|
||||||
!expectedAuthorization.equals(queryStringAuthorization)) {
|
if (nowSeconds > expires) {
|
||||||
sendSimpleErrorResponse(response,
|
sendSimpleErrorResponse(response,
|
||||||
S3ErrorCode.SIGNATURE_DOES_NOT_MATCH);
|
S3ErrorCode.ACCESS_DENIED);
|
||||||
|
baseRequest.setHandled(true);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
sendSimpleErrorResponse(response, S3ErrorCode.ACCESS_DENIED);
|
||||||
baseRequest.setHandled(true);
|
baseRequest.setHandled(true);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue