diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-08-19 08:19:30 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-08-19 08:19:30 -0700 |
| commit | 2714b70955750090edfa6097bf53b6d50c241d07 (patch) | |
| tree | b2fc20d4a56704d7f3d13753fc21512e3315c87f /weed/s3api/s3api_object_handlers_put.go | |
| parent | 6e56cac9e52e18a5f20ea48e0d15384f955b4275 (diff) | |
| download | seaweedfs-2714b70955750090edfa6097bf53b6d50c241d07.tar.xz seaweedfs-2714b70955750090edfa6097bf53b6d50c241d07.zip | |
S3 API: Add SSE-C (#7143)
* implement sse-c
* fix Content-Range
* adding tests
* Update s3_sse_c_test.go
* copy sse-c objects
* adding tests
* refactor
* multi reader
* remove extra write header call
* refactor
* SSE-C encrypted objects do not support HTTP Range requests
* robust
* fix server starts
* Update Makefile
* Update Makefile
* ci: remove SSE-C integration tests and workflows; delete test/s3/encryption/
* s3: SSE-C MD5 must be base64 (case-sensitive); fix validation, comparisons, metadata storage; update tests
* minor
* base64
* Update SSE-C_IMPLEMENTATION.md
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update weed/s3api/s3api_object_handlers.go
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update SSE-C_IMPLEMENTATION.md
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* address comments
* fix test
* fix compilation
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Diffstat (limited to 'weed/s3api/s3api_object_handlers_put.go')
| -rw-r--r-- | weed/s3api/s3api_object_handlers_put.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/weed/s3api/s3api_object_handlers_put.go b/weed/s3api/s3api_object_handlers_put.go index 3d8a62b09..63972bcd6 100644 --- a/weed/s3api/s3api_object_handlers_put.go +++ b/weed/s3api/s3api_object_handlers_put.go @@ -190,6 +190,25 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request) func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader io.Reader, destination string, bucket string) (etag string, code s3err.ErrorCode) { + // Handle SSE-C encryption if requested + customerKey, err := ParseSSECHeaders(r) + if err != nil { + glog.Errorf("SSE-C header validation failed: %v", err) + // Use shared error mapping helper + errCode := MapSSECErrorToS3Error(err) + return "", errCode + } + + // Apply SSE-C encryption if customer key is provided + if customerKey != nil { + encryptedReader, encErr := CreateSSECEncryptedReader(dataReader, customerKey) + if encErr != nil { + glog.Errorf("Failed to create SSE-C encrypted reader: %v", encErr) + return "", s3err.ErrInternalError + } + dataReader = encryptedReader + } + hash := md5.New() var body = io.TeeReader(dataReader, hash) |