aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris Lu <chris.lu@gmail.com>2020-08-06 03:41:34 -0700
committerChris Lu <chris.lu@gmail.com>2020-08-06 03:41:34 -0700
commit2b74abf7661faaeca944cc1ec3a5bf4c85cc58b7 (patch)
tree2bbebd39e6b701ef645275308afe8b20c51a86f0
parentcbd80253e33688f55c02dd29c994a3ee6eac3d6c (diff)
downloadseaweedfs-2b74abf7661faaeca944cc1ec3a5bf4c85cc58b7.tar.xz
seaweedfs-2b74abf7661faaeca944cc1ec3a5bf4c85cc58b7.zip
S3: configurable access for anonymous user
fix https://github.com/chrislusf/seaweedfs/issues/1413
Diffstat
-rw-r--r--weed/s3api/auth_credentials.go16
1 files changed, 15 insertions, 1 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go
index db5f4c8a3..851f6d4a3 100644
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@@ -107,6 +107,16 @@ func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identi
return nil, nil, false
}
+func (iam *IdentityAccessManagement) lookupAnonymous() (identity *Identity, found bool) {
+
+ for _, ident := range iam.identities {
+ if ident.Name == "anonymous" {
+ return ident, true
+ }
+ }
+ return nil, false
+}
+
func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) http.HandlerFunc {
if !iam.isEnabled() {
@@ -127,6 +137,7 @@ func (iam *IdentityAccessManagement) Auth(f http.HandlerFunc, action Action) htt
func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) ErrorCode {
var identity *Identity
var s3Err ErrorCode
+ var found bool
switch getRequestAuthType(r) {
case authTypeStreamingSigned:
return ErrNone
@@ -146,7 +157,10 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action)
glog.V(3).Infof("jwt auth type")
return ErrNotImplemented
case authTypeAnonymous:
- return ErrAccessDenied
+ identity, found = iam.lookupAnonymous()
+ if !found {
+ return ErrAccessDenied
+ }
default:
return ErrNotImplemented
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 23:29:37 +0000