gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX: ensure Authorization header is only added once

Browse source
This commit is contained in:
Sebastian Kurfuerst 2021-12-31 22:06:18 +01:00
parent 1cd3b6b4e1
commit c35660175d
2 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
weed/s3api/s3api_object_handlers.go
View file

@ -312,7 +312,6 @@ func (s3a *S3ApiServer) proxyToFiler(w http.ResponseWriter, r *http.Request, des
glog.V(3).Infof("s3 proxying %s to %s", r.Method, destUrl) glog.V(3).Infof("s3 proxying %s to %s", r.Method, destUrl)
proxyReq, err := http.NewRequest(r.Method, destUrl, r.Body) proxyReq, err := http.NewRequest(r.Method, destUrl, r.Body)
s3a.maybeAddFilerJwtAuthorization(proxyReq, isWrite)
if err != nil { if err != nil {
glog.Errorf("NewRequest %s: %v", destUrl, err) glog.Errorf("NewRequest %s: %v", destUrl, err)
@ -330,6 +329,9 @@ func (s3a *S3ApiServer) proxyToFiler(w http.ResponseWriter, r *http.Request, des
proxyReq.Header[header] = values proxyReq.Header[header] = values
} }
// ensure that the Authorization header is overriding any previous
// Authorization header which might be already present in proxyReq
s3a.maybeAddFilerJwtAuthorization(proxyReq, isWrite)
resp, postErr := client.Do(proxyReq) resp, postErr := client.Do(proxyReq)
if postErr != nil { if postErr != nil {
@ -376,7 +378,6 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader
var body = io.TeeReader(dataReader, hash) var body = io.TeeReader(dataReader, hash)
proxyReq, err := http.NewRequest("PUT", uploadUrl, body) proxyReq, err := http.NewRequest("PUT", uploadUrl, body)
s3a.maybeAddFilerJwtAuthorization(proxyReq, true)
if err != nil { if err != nil {
glog.Errorf("NewRequest %s: %v", uploadUrl, err) glog.Errorf("NewRequest %s: %v", uploadUrl, err)
@ -390,7 +391,9 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader
proxyReq.Header.Add(header, value) proxyReq.Header.Add(header, value)
} }
} }
// ensure that the Authorization header is overriding any previous
// Authorization header which might be already present in proxyReq
s3a.maybeAddFilerJwtAuthorization(proxyReq, true)
resp, postErr := client.Do(proxyReq) resp, postErr := client.Do(proxyReq)
if postErr != nil { if postErr != nil {
@ -444,7 +447,7 @@ func (s3a *S3ApiServer) maybeAddFilerJwtAuthorization(r *http.Request, isWrite b
return return
} }
r.Header.Add("Authorization", "BEARER "+string(encodedJwt)) r.Header.Set("Authorization", "BEARER "+string(encodedJwt))
} }
func (s3a *S3ApiServer) maybeGetFilerJwtAuthorizationToken(isWrite bool) string { func (s3a *S3ApiServer) maybeGetFilerJwtAuthorizationToken(isWrite bool) string {

4
weed/util/http_util.go
View file

@ -186,7 +186,7 @@ func DownloadFile(fileUrl string, jwt string) (filename string, header http.Head
} }
if len(jwt) > 0 { if len(jwt) > 0 {
req.Header.Add("Authorization", "BEARER "+jwt) req.Header.Set("Authorization", "BEARER "+jwt)
} }
response, err := client.Do(req) response, err := client.Do(req)
@ -380,7 +380,7 @@ func ReadUrlAsReaderCloser(fileUrl string, jwt string, rangeHeader string) (io.R
} }
if len(jwt) > 0 { if len(jwt) > 0 {
req.Header.Add("Authorization", "BEARER "+jwt) req.Header.Set("Authorization", "BEARER "+jwt)
} }
r, err := client.Do(req) r, err := client.Do(req)