s3: add support for PostPolicy

fix https://github.com/chrislusf/seaweedfs/issues/1426
2025-09-19 10:48:03 +08:00 · 2020-09-19 20:14:19 -07:00
parent 41d508edfd
commit 29abe980df
11 changed files with 1482 additions and 3 deletions
--- a/weed/s3api/auth_signature_v2.go
+++ b/weed/s3api/auth_signature_v2.go
@@ -69,6 +69,20 @@ func (iam *IdentityAccessManagement) isReqAuthenticatedV2(r *http.Request) (*Ide
 	return iam.doesPresignV2SignatureMatch(r)
 }

+func (iam *IdentityAccessManagement) doesPolicySignatureV2Match(formValues http.Header) s3err.ErrorCode {
+	accessKey := formValues.Get("AWSAccessKeyId")
+	_, cred, found := iam.lookupByAccessKey(accessKey)
+	if !found {
+		return s3err.ErrInvalidAccessKeyID
+	}
+	policy := formValues.Get("Policy")
+	signature := formValues.Get("Signature")
+	if !compareSignatureV2(signature, calculateSignatureV2(policy, cred.SecretKey)) {
+		return s3err.ErrSignatureDoesNotMatch
+	}
+	return s3err.ErrNone
+}
+
 // Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
 // Signature = Base64( HMAC-SHA1( YourSecretKey, UTF-8-Encoding-Of( StringToSign ) ) );
 //