diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-11-21 14:46:32 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-21 14:46:32 -0800 |
| commit | f125a013a8eefd15cc26b01a1a88a45381a772f9 (patch) | |
| tree | 4102feba79ebbdf5b52f66d1005c1f65c9497492 /weed/s3api/s3_constants/header.go | |
| parent | a9fefcd22cc7e35afa6c632ea307d1ae28eb7f03 (diff) | |
| download | seaweedfs-f125a013a8eefd15cc26b01a1a88a45381a772f9.tar.xz seaweedfs-f125a013a8eefd15cc26b01a1a88a45381a772f9.zip | |
S3: set identity to request context, and remove obsolete code (#7523)
* list owned buckets
* simplify
* add unit tests
* no-owner buckets
* set identity id
* fallback to request header if iam is not enabled
* refactor to test
* fix comparing
* fix security vulnerability
* Update s3api_bucket_handlers.go
* Update s3api_bucket_handlers.go
* Update s3api_bucket_handlers.go
* set identity to request context
* remove SeaweedFSIsDirectoryKey
* remove obsolete
* simplify
* reuse
* refactor or remove obsolete logic on filer
* Removed the redundant check in GetOrHeadHandler
* surfacing invalid X-Amz-Tagging as a client error
* clean up
* constant
* reuse
* multiple header values
* code reuse
* err on duplicated tag key
Diffstat (limited to 'weed/s3api/s3_constants/header.go')
| -rw-r--r-- | weed/s3api/s3_constants/header.go | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/weed/s3api/s3_constants/header.go b/weed/s3api/s3_constants/header.go index 1ef6f62c5..a232eb189 100644 --- a/weed/s3api/s3_constants/header.go +++ b/weed/s3api/s3_constants/header.go @@ -17,6 +17,7 @@ package s3_constants import ( + "context" "net/http" "strings" @@ -44,8 +45,6 @@ const ( AmzObjectTaggingDirective = "X-Amz-Tagging-Directive" AmzTagCount = "x-amz-tagging-count" - SeaweedFSIsDirectoryKey = "X-Seaweedfs-Is-Directory-Key" - SeaweedFSPartNumber = "X-Seaweedfs-Part-Number" SeaweedFSUploadId = "X-Seaweedfs-Upload-Id" SeaweedFSMultipartPartsCount = "X-Seaweedfs-Multipart-Parts-Count" SeaweedFSMultipartPartBoundaries = "X-Seaweedfs-Multipart-Part-Boundaries" // JSON: [{part:1,start:0,end:2,etag:"abc"},{part:2,start:2,end:3,etag:"def"}] @@ -174,3 +173,29 @@ var PassThroughHeaders = map[string]string{ func IsSeaweedFSInternalHeader(headerKey string) bool { return strings.HasPrefix(strings.ToLower(headerKey), SeaweedFSInternalPrefix) } + +// Context keys for storing authenticated identity information +type contextKey string + +const ( + contextKeyIdentityName contextKey = "s3-identity-name" +) + +// SetIdentityNameInContext stores the authenticated identity name in the request context +// This is the secure way to propagate identity - headers can be spoofed, context cannot +func SetIdentityNameInContext(ctx context.Context, identityName string) context.Context { + if identityName != "" { + return context.WithValue(ctx, contextKeyIdentityName, identityName) + } + return ctx +} + +// GetIdentityNameFromContext retrieves the authenticated identity name from the request context +// Returns empty string if no identity is set (unauthenticated request) +// This is the secure way to retrieve identity - never read from headers directly +func GetIdentityNameFromContext(r *http.Request) string { + if name, ok := r.Context().Value(contextKeyIdentityName).(string); ok { + return name + } + return "" +} |