[#607] Support sigV4 streaming with trailers

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2025-02-03 17:51:40 +03:00 · 2025-02-03 17:51:40 +03:00 · 49bf3c1bce
commit 49bf3c1bce
parent a4d9658fbb
4 changed files with 238 additions and 64 deletions
--- a/api/handler/s3reader_test.go
+++ b/api/handler/s3reader_test.go
@ -2,6 +2,7 @@ package handler

 import (
 	"bytes"
+	"context"
 	"fmt"
 	"io"
 	"net/http"
@ -59,7 +60,77 @@ func TestSigV4AStreaming(t *testing.T) {
 	require.Equal(t, chunk1, string(data))
 }

-func TestStreamingUnsigned(t *testing.T) {
+func TestSigV4ChunkedReader(t *testing.T) {
+	accessKeyID := "9uEm8zMrGWsEDWiPCnVuQLKTiGtCEXpYXt8eBG7agupw0JDySJZMFuej7PTcPzRqBUyPtFowNu1RtvHULU8XHjie6"
+	secretKey := "9f546428957ed7e189b7be928906ce7d1d9cb3042dd4d2d5194e28ce8c4c3b8e"
+
+	signature := "b740b3b2a08c541c3fc4bd155a448e25408b509a29af98a86356b894930b93e8"
+	signingTime, err := time.Parse("20060102T150405Z", "20250203T134442Z")
+	require.NoError(t, err)
+
+	key, err := keys.NewPrivateKey()
+	require.NoError(t, err)
+
+	accessBox, err := newTestAccessBox(key)
+	require.NoError(t, err)
+	accessBox.Gate.SecretKey = secretKey
+
+	setBoxFn := func(ctx context.Context) context.Context {
+		return middleware.SetBox(ctx, &middleware.Box{
+			AccessBox: accessBox,
+			AuthHeaders: &middleware.AuthHeader{
+				AccessKeyID: accessKeyID,
+				SignatureV4: signature,
+				Region:      "us-east-1",
+			},
+			ClientTime: signingTime,
+		})
+	}
+
+	chunk1 := "Testing with the {sdk-java}"
+
+	t.Run("with trailers", func(t *testing.T) {
+		body := "1b;chunk-signature=a6a9be5fff05db0b542aedb2203d892b4162250885d06b1422b173ee0ea92ba5\r\n" +
+			chunk1 +
+			"\r\n0;chunk-signature=31afd083a57c416c46afaf101649d7f0c6c0627cfa60c0f93d1f7ea84396ee42\r\n" +
+			"x-amz-checksum-crc32:Np6zMg==\r\n" +
+			"x-amz-trailer-signature:40ec0046ac730fa27a1451d00d849056c49553ee753f5d158306d05671a42125\r\n\r\n"
+
+		reqBody := bytes.NewBufferString(body)
+		req, err := http.NewRequest("PUT", "https://localhost:8184/test2/tmp", reqBody)
+		require.NoError(t, err)
+		req.Header.Set("x-amz-trailer", "x-amz-checksum-crc32")
+
+		req = req.WithContext(setBoxFn(req.Context()))
+
+		r, err := newSignV4ChunkedReader(req)
+		require.NoError(t, err)
+
+		data, err := io.ReadAll(r)
+		require.NoError(t, err)
+		require.Equal(t, chunk1, string(data))
+	})
+
+	t.Run("without trailers", func(t *testing.T) {
+		body := "1b;chunk-signature=a6a9be5fff05db0b542aedb2203d892b4162250885d06b1422b173ee0ea92ba5\r\n" +
+			chunk1 +
+			"\r\n0;chunk-signature=31afd083a57c416c46afaf101649d7f0c6c0627cfa60c0f93d1f7ea84396ee42\r\n\r\n"
+		reqBody := bytes.NewBufferString(body)
+		req, err := http.NewRequest("PUT", "https://localhost:8184/test2/tmp", reqBody)
+		require.NoError(t, err)
+
+		req = req.WithContext(setBoxFn(req.Context()))
+
+		r, err := newSignV4ChunkedReader(req)
+		require.NoError(t, err)
+
+		data, err := io.ReadAll(r)
+		require.NoError(t, err)
+		require.Equal(t, chunk1, string(data))
+	})
+}
+
+func TestUnsignedChunkReader(t *testing.T) {
 	chunk1 := "chunk1"
 	chunk2 := "chunk2"