diff options
Diffstat (limited to 'weed/s3api/s3_constants/header.go')
| -rw-r--r-- | weed/s3api/s3_constants/header.go | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/weed/s3api/s3_constants/header.go b/weed/s3api/s3_constants/header.go index 1ef6f62c5..a232eb189 100644 --- a/weed/s3api/s3_constants/header.go +++ b/weed/s3api/s3_constants/header.go @@ -17,6 +17,7 @@ package s3_constants import ( + "context" "net/http" "strings" @@ -44,8 +45,6 @@ const ( AmzObjectTaggingDirective = "X-Amz-Tagging-Directive" AmzTagCount = "x-amz-tagging-count" - SeaweedFSIsDirectoryKey = "X-Seaweedfs-Is-Directory-Key" - SeaweedFSPartNumber = "X-Seaweedfs-Part-Number" SeaweedFSUploadId = "X-Seaweedfs-Upload-Id" SeaweedFSMultipartPartsCount = "X-Seaweedfs-Multipart-Parts-Count" SeaweedFSMultipartPartBoundaries = "X-Seaweedfs-Multipart-Part-Boundaries" // JSON: [{part:1,start:0,end:2,etag:"abc"},{part:2,start:2,end:3,etag:"def"}] @@ -174,3 +173,29 @@ var PassThroughHeaders = map[string]string{ func IsSeaweedFSInternalHeader(headerKey string) bool { return strings.HasPrefix(strings.ToLower(headerKey), SeaweedFSInternalPrefix) } + +// Context keys for storing authenticated identity information +type contextKey string + +const ( + contextKeyIdentityName contextKey = "s3-identity-name" +) + +// SetIdentityNameInContext stores the authenticated identity name in the request context +// This is the secure way to propagate identity - headers can be spoofed, context cannot +func SetIdentityNameInContext(ctx context.Context, identityName string) context.Context { + if identityName != "" { + return context.WithValue(ctx, contextKeyIdentityName, identityName) + } + return ctx +} + +// GetIdentityNameFromContext retrieves the authenticated identity name from the request context +// Returns empty string if no identity is set (unauthenticated request) +// This is the secure way to retrieve identity - never read from headers directly +func GetIdentityNameFromContext(r *http.Request) string { + if name, ok := r.Context().Value(contextKeyIdentityName).(string); ok { + return name + } + return "" +} |