[#607] Support unsigned payload streaming with trailers

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2025-02-03 12:12:21 +03:00 · 2025-02-03 12:12:21 +03:00 · a4d9658fbb
commit a4d9658fbb
parent bec63026bd
6 changed files with 216 additions and 52 deletions
--- a/api/handler/s3unsignedreader.go
+++ b/api/handler/s3unsignedreader.go
@ -2,28 +2,17 @@ package handler

 import (
 	"bufio"
-	"context"
-	"encoding/hex"
 	"io"
-	"net/http"
-	"time"
-
-	v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4sdk2/signer/v4"
-	errs "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
-	"github.com/aws/aws-sdk-go-v2/aws"
 )

 type (
 	s3UnsignedChunkReader struct {
-		ctx          context.Context
-		reader       *bufio.Reader
-		streamSigner *v4.StreamSigner
+		reader *bufio.Reader

-		requestTime time.Time
-		buffer      []byte
-		offset      int
-		err         error
+		trailers map[string]string
+		buffer   []byte
+		offset   int
+		err      error
 	}
 )

@ -114,44 +103,59 @@ func (c *s3UnsignedChunkReader) Read(buf []byte) (num int, err error) {
 	// If the chunk size is zero we return io.EOF. As specified by AWS,
 	// only the last chunk is zero-sized.
 	if size == 0 {
+		var k, v string
+		for err == nil {
+			k, err = c.reader.ReadString(':')
+			if err != nil {
+				if err == io.EOF {
+					break
+				}
+				c.err = errMalformedTrailerHeaders
+				return num, c.err
+			}
+			v, err = c.reader.ReadString('\n')
+			if err != nil {
+				c.err = errMalformedTrailerHeaders
+				return num, c.err
+			}
+			c.trailers[k[:len(k)-1]] = v[:len(v)-1]
+		}
+
 		c.err = io.EOF
 		return num, c.err
 	}

+	b, err = c.reader.ReadByte()
+	if b != '\r' || err != nil {
+		c.err = errMalformedChunkedEncoding
+		return num, c.err
+	}
+	b, err = c.reader.ReadByte()
+	if err == io.EOF {
+		err = io.ErrUnexpectedEOF
+	}
+	if err != nil {
+		c.err = err
+		return num, c.err
+	}
+	if b != '\n' {
+		c.err = errMalformedChunkedEncoding
+		return num, c.err
+	}
+
 	c.offset = copy(buf, c.buffer)
 	num += c.offset
 	return num, err
 }

-func newUnsignedChunkedReader(req *http.Request) (io.ReadCloser, error) {
-	ctx := req.Context()
-	box, err := middleware.GetBoxData(ctx)
-	if err != nil {
-		return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
-	}
-
-	authHeaders, err := middleware.GetAuthHeaders(ctx)
-	if err != nil {
-		return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
-	}
-
-	currentCredentials := aws.Credentials{AccessKeyID: authHeaders.AccessKeyID, SecretAccessKey: box.Gate.SecretKey}
-	seed, err := hex.DecodeString(authHeaders.SignatureV4)
-	if err != nil {
-		return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch)
-	}
-
-	reqTime, err := middleware.GetClientTime(ctx)
-	if err != nil {
-		return nil, errs.GetAPIError(errs.ErrMalformedDate)
-	}
-	newStreamSigner := v4.NewStreamSigner(currentCredentials, "s3", authHeaders.Region, seed)
+func (c *s3UnsignedChunkReader) TrailerHeaders() map[string]string {
+	return c.trailers
+}

+func newUnsignedChunkedReader(body io.Reader) (*s3UnsignedChunkReader, error) {
 	return &s3UnsignedChunkReader{
-		ctx:          ctx,
-		reader:       bufio.NewReader(req.Body),
-		streamSigner: newStreamSigner,
-		requestTime:  reqTime,
-		buffer:       make([]byte, 64*1024),
+		reader:   bufio.NewReader(body),
+		trailers: map[string]string{},
+		buffer:   make([]byte, 64*1024),
 	}, nil
 }