Extract recheckPolicyWithObjectEntry helper to reduce duplication

Move the repeated identity extraction and policy re-check logic from GetObjectHandler and HeadObjectHandler into a shared helper method.
author: chrislu <chris.lu@gmail.com> 2025-12-09 08:38:31 -0800
committer: chrislu <chris.lu@gmail.com> 2025-12-09 08:38:31 -0800
commit: 852173f64880a960cecc50c5128f185d1d6ae046 (patch)
tree: 26b7bd0b6285b8548de04da663704d39a039c2a4 /weed/s3api/s3api_object_handlers.go
parent: 38e5871c3bc42da13057cfcb015bf49c6308c4dd (diff)
download: seaweedfs-852173f64880a960cecc50c5128f185d1d6ae046.tar.xz
seaweedfs-852173f64880a960cecc50c5128f185d1d6ae046.zip
1 files changed, 2 insertions, 26 deletions
diff --git a/weed/s3api/s3api_object_handlers.go b/weed/s3api/s3api_object_handlers.go
index f42e2f3b5..bdd16195a 100644
--- a/weed/s3api/s3api_object_handlers.go
+++ b/weed/s3api/s3api_object_handlers.go
@@ -642,19 +642,7 @@ func (s3a *S3ApiServer) GetObjectHandler(w http.ResponseWriter, r *http.Request)
 	}
 
 	// Re-check bucket policy with object entry for tag-based conditions (e.g., s3:ExistingObjectTag)
-	identityRaw := s3_constants.GetIdentityFromContext(r)
-	var identity *Identity
-	if identityRaw != nil {
-		var ok bool
-		identity, ok = identityRaw.(*Identity)
-		if !ok {
-			glog.Errorf("GetObjectHandler: unexpected identity type in context for %s/%s", bucket, object)
-			s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
-			return
-		}
-	}
-	principal := buildPrincipalARN(identity)
-	if errCode, _ := s3a.checkPolicyWithEntry(r, bucket, object, string(s3_constants.ACTION_READ), principal, objectEntryForSSE.Extended); errCode != s3err.ErrNone {
+	if errCode := s3a.recheckPolicyWithObjectEntry(r, bucket, object, string(s3_constants.ACTION_READ), objectEntryForSSE.Extended, "GetObjectHandler"); errCode != s3err.ErrNone {
 		s3err.WriteErrorResponse(w, r, errCode)
 		return
 	}
@@ -2213,19 +2201,7 @@ func (s3a *S3ApiServer) HeadObjectHandler(w http.ResponseWriter, r *http.Request
 	}
 
 	// Re-check bucket policy with object entry for tag-based conditions (e.g., s3:ExistingObjectTag)
-	identityRaw := s3_constants.GetIdentityFromContext(r)
-	var identity *Identity
-	if identityRaw != nil {
-		var ok bool
-		identity, ok = identityRaw.(*Identity)
-		if !ok {
-			glog.Errorf("HeadObjectHandler: unexpected identity type in context for %s/%s", bucket, object)
-			s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
-			return
-		}
-	}
-	principal := buildPrincipalARN(identity)
-	if errCode, _ := s3a.checkPolicyWithEntry(r, bucket, object, string(s3_constants.ACTION_READ), principal, objectEntryForSSE.Extended); errCode != s3err.ErrNone {
+	if errCode := s3a.recheckPolicyWithObjectEntry(r, bucket, object, string(s3_constants.ACTION_READ), objectEntryForSSE.Extended, "HeadObjectHandler"); errCode != s3err.ErrNone {
 		s3err.WriteErrorResponse(w, r, errCode)
 		return
 	}
author	chrislu <chris.lu@gmail.com>	2025-12-09 08:38:31 -0800
committer	chrislu <chris.lu@gmail.com>	2025-12-09 08:38:31 -0800
commit	852173f64880a960cecc50c5128f185d1d6ae046 (patch)
tree	26b7bd0b6285b8548de04da663704d39a039c2a4 /weed/s3api/s3api_object_handlers.go
parent	38e5871c3bc42da13057cfcb015bf49c6308c4dd (diff)
download	seaweedfs-852173f64880a960cecc50c5128f185d1d6ae046.tar.xz seaweedfs-852173f64880a960cecc50c5128f185d1d6ae046.zip