diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-04-28 01:05:40 +0200 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-04-28 01:05:40 +0200 |
| commit | dcfc32cf85bc6276fdff2492898c1cbb527e9b9d (patch) | |
| tree | 01ec3f7476733dab8c74ecb1c72b5061f6e5c8e1 /src/api/signature.rs | |
| parent | 368eb354846790e9fc616d9a26ddc414748d847f (diff) | |
| download | garage-dcfc32cf85bc6276fdff2492898c1cbb527e9b9d.tar.gz garage-dcfc32cf85bc6276fdff2492898c1cbb527e9b9d.zip | |
Many S3 compatibility improvements:v0.2.1.5
- return XML errors
- implement AuthorizationHeaderMalformed error to redirect clients to
correct location (used by minio client)
- implement GetBucketLocation
- fix DeleteObjects XML parsing and response
Diffstat (limited to 'src/api/signature.rs')
| -rw-r--r-- | src/api/signature.rs | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/api/signature.rs b/src/api/signature.rs index 6dc69afa..7fcab0f9 100644 --- a/src/api/signature.rs +++ b/src/api/signature.rs @@ -58,10 +58,7 @@ pub async fn check_signature( garage.config.s3_api.s3_region ); if authorization.scope != scope { - return Err(Error::BadRequest(format!( - "Invalid scope in authorization field, expected: {}", - scope - ))); + return Err(Error::AuthorizationHeaderMalformed(scope.to_string())); } let key = garage @@ -101,7 +98,9 @@ pub async fn check_signature( return Err(Error::Forbidden(format!("Invalid signature"))); } - let content_sha256 = if authorization.content_sha256 == "UNSIGNED-PAYLOAD" { + let content_sha256 = if authorization.content_sha256 == "UNSIGNED-PAYLOAD" + || authorization.content_sha256 == "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" + { None } else { let bytes = hex::decode(authorization.content_sha256) |