add debug

2025-10-08 03:44:24 +08:00 · 2025-10-07 07:50:55 -07:00
parent f63cdcfa47
commit d8d1c813b1
2 changed files with 7 additions and 60 deletions
--- a/weed/s3api/s3api_bucket_handlers.go
+++ b/weed/s3api/s3api_bucket_handlers.go
@@ -366,9 +366,11 @@ func (s3a *S3ApiServer) isBucketPublicRead(bucket string) bool {
 	// Get bucket configuration which contains cached public-read status
 	config, errCode := s3a.getBucketConfig(bucket)
 	if errCode != s3err.ErrNone {
+		glog.V(4).Infof("isBucketPublicRead: failed to get bucket config for %s: %v", bucket, errCode)
 		return false
 	}

+	glog.V(4).Infof("isBucketPublicRead: bucket=%s, IsPublicRead=%v", bucket, config.IsPublicRead)
 	// Return the cached public-read status (no JSON parsing needed)
 	return config.IsPublicRead
 }
@@ -394,13 +396,18 @@ func (s3a *S3ApiServer) AuthWithPublicRead(handler http.HandlerFunc, action Acti
 		authType := getRequestAuthType(r)
 		isAnonymous := authType == authTypeAnonymous

+		glog.V(4).Infof("AuthWithPublicRead: bucket=%s, authType=%v, isAnonymous=%v", bucket, authType, isAnonymous)
+
 		// For anonymous requests, check if bucket allows public read
 		if isAnonymous {
 			isPublic := s3a.isBucketPublicRead(bucket)
+			glog.V(4).Infof("AuthWithPublicRead: bucket=%s, isPublic=%v", bucket, isPublic)
 			if isPublic {
+				glog.V(3).Infof("AuthWithPublicRead: allowing anonymous access to public-read bucket %s", bucket)
 				handler(w, r)
 				return
 			}
+			glog.V(3).Infof("AuthWithPublicRead: bucket %s is not public-read, falling back to IAM auth", bucket)
 		}

 		// For all authenticated requests and anonymous requests to non-public buckets,
--- a/weed/s3api/s3api_public_read_test.go
+++ b/weed/s3api/s3api_public_read_test.go
@@ -1,60 +0,0 @@
-package s3api
-
-import (
-	"net/http/httptest"
-	"testing"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/s3"
-	"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
-)
-
-// TestPublicReadACL tests that anonymous users can list objects in a public-read bucket
-func TestPublicReadACL(t *testing.T) {
-	// TODO: Set up a test S3 API server with a bucket
-	// 1. Create a bucket
-	// 2. Set bucket ACL to public-read
-	// 3. Make an anonymous ListObjects request
-	// 4. Verify it succeeds
-	
-	t.Skip("Test needs full S3 API server setup - run s3-tests instead")
-}
-
-// TestAuthWithPublicReadLogic tests the AuthWithPublicRead wrapper logic
-func TestAuthWithPublicReadLogic(t *testing.T) {
-	// Test that the wrapper correctly identifies anonymous requests
-	// and checks public-read status
-	
-	req := httptest.NewRequest("GET", "/bucket", nil)
-	// Anonymous request - no Authorization header
-	
-	authType := getRequestAuthType(req)
-	if authType != authTypeAnonymous {
-		t.Errorf("Expected authTypeAnonymous, got %v", authType)
-	}
-}
-
-// TestIsPublicReadGrants tests the grant parsing logic
-func TestIsPublicReadGrants(t *testing.T) {
-	// Test with public-read grant
-	publicReadGrant := s3_constants.PublicRead[0]
-	grants := []*s3.Grant{publicReadGrant}
-	
-	if !isPublicReadGrants(grants) {
-		t.Error("Expected public-read grant to be detected")
-	}
-	
-	// Test with private grant
-	privateGrant := &s3.Grant{
-		Grantee: &s3.Grantee{
-			ID:   aws.String("user-123"),
-			Type: aws.String(s3_constants.GrantTypeCanonicalUser),
-		},
-		Permission: aws.String(s3_constants.PermissionFullControl),
-	}
-	grants = []*s3.Grant{privateGrant}
-	
-	if isPublicReadGrants(grants) {
-		t.Error("Expected private grant to NOT be detected as public-read")
-	}
-}