forked from TrueCloudLab/frostfs-s3-gw
157 lines
3.4 KiB
Go
157 lines
3.4 KiB
Go
package handler
|
|
|
|
import (
|
|
"bufio"
|
|
"context"
|
|
"encoding/hex"
|
|
"io"
|
|
"net/http"
|
|
"time"
|
|
|
|
v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4sdk2/signer/v4"
|
|
errs "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
|
|
"github.com/aws/aws-sdk-go-v2/aws"
|
|
)
|
|
|
|
type (
|
|
s3UnsignedChunkReader struct {
|
|
ctx context.Context
|
|
reader *bufio.Reader
|
|
streamSigner *v4.StreamSigner
|
|
|
|
requestTime time.Time
|
|
buffer []byte
|
|
offset int
|
|
err error
|
|
}
|
|
)
|
|
|
|
func (c *s3UnsignedChunkReader) Close() (err error) {
|
|
return nil
|
|
}
|
|
|
|
func (c *s3UnsignedChunkReader) Read(buf []byte) (num int, err error) {
|
|
if c.offset > 0 {
|
|
num = copy(buf, c.buffer[c.offset:])
|
|
if num == len(buf) {
|
|
c.offset += num
|
|
return num, nil
|
|
}
|
|
c.offset = 0
|
|
buf = buf[num:]
|
|
}
|
|
|
|
var size int
|
|
var b byte
|
|
for {
|
|
b, err = c.reader.ReadByte()
|
|
if err == io.EOF {
|
|
err = io.ErrUnexpectedEOF
|
|
}
|
|
if err != nil {
|
|
c.err = err
|
|
return num, c.err
|
|
}
|
|
if b == '\r' {
|
|
break
|
|
}
|
|
|
|
// Manually deserialize the size since AWS specified
|
|
// the chunk size to be of variable width. In particular,
|
|
// a size of 16 is encoded as `10` while a size of 64 KB
|
|
// is `10000`.
|
|
switch {
|
|
case b >= '0' && b <= '9':
|
|
size = size<<4 | int(b-'0')
|
|
case b >= 'a' && b <= 'f':
|
|
size = size<<4 | int(b-('a'-10))
|
|
case b >= 'A' && b <= 'F':
|
|
size = size<<4 | int(b-('A'-10))
|
|
default:
|
|
c.err = errMalformedChunkedEncoding
|
|
return num, c.err
|
|
}
|
|
if size > maxChunkSize {
|
|
c.err = errGiantChunk
|
|
return num, c.err
|
|
}
|
|
}
|
|
|
|
if b != '\r' {
|
|
c.err = errMalformedChunkedEncoding
|
|
return num, c.err
|
|
}
|
|
b, err = c.reader.ReadByte()
|
|
if err == io.EOF {
|
|
err = io.ErrUnexpectedEOF
|
|
}
|
|
if err != nil {
|
|
c.err = err
|
|
return num, c.err
|
|
}
|
|
if b != '\n' {
|
|
c.err = errMalformedChunkedEncoding
|
|
return num, c.err
|
|
}
|
|
|
|
if cap(c.buffer) < size {
|
|
c.buffer = make([]byte, size)
|
|
} else {
|
|
c.buffer = c.buffer[:size]
|
|
}
|
|
|
|
// Now, we read the payload and compute its SHA-256 hash.
|
|
_, err = io.ReadFull(c.reader, c.buffer)
|
|
if err == io.EOF && size != 0 {
|
|
err = io.ErrUnexpectedEOF
|
|
}
|
|
if err != nil && err != io.EOF {
|
|
c.err = err
|
|
return num, c.err
|
|
}
|
|
|
|
// If the chunk size is zero we return io.EOF. As specified by AWS,
|
|
// only the last chunk is zero-sized.
|
|
if size == 0 {
|
|
c.err = io.EOF
|
|
return num, c.err
|
|
}
|
|
|
|
c.offset = copy(buf, c.buffer)
|
|
num += c.offset
|
|
return num, err
|
|
}
|
|
|
|
func newUnsignedChunkedReader(req *http.Request) (io.ReadCloser, error) {
|
|
ctx := req.Context()
|
|
box, err := middleware.GetBoxData(ctx)
|
|
if err != nil {
|
|
return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
|
|
}
|
|
|
|
authHeaders, err := middleware.GetAuthHeaders(ctx)
|
|
if err != nil {
|
|
return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
|
|
}
|
|
|
|
currentCredentials := aws.Credentials{AccessKeyID: authHeaders.AccessKeyID, SecretAccessKey: box.Gate.SecretKey}
|
|
seed, err := hex.DecodeString(authHeaders.SignatureV4)
|
|
if err != nil {
|
|
return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch)
|
|
}
|
|
|
|
reqTime, err := middleware.GetClientTime(ctx)
|
|
if err != nil {
|
|
return nil, errs.GetAPIError(errs.ErrMalformedDate)
|
|
}
|
|
newStreamSigner := v4.NewStreamSigner(currentCredentials, "s3", authHeaders.Region, seed)
|
|
|
|
return &s3UnsignedChunkReader{
|
|
ctx: ctx,
|
|
reader: bufio.NewReader(req.Body),
|
|
streamSigner: newStreamSigner,
|
|
requestTime: reqTime,
|
|
buffer: make([]byte, 64*1024),
|
|
}, nil
|
|
}
|