Skip to content

Signed query (again) #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
matope wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Signed query (again) #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d11b816
Signed URL path.
mfine Jul 14, 2013
c4377ed
move over to SignQuery.
mfine Jul 14, 2013
12635f7
Add SignQuery and TestQuerySign
matope Dec 4, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions sign.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,11 @@ import (
"encoding/base64"
"io"
"net/http"
"net/url"
"sort"
"strconv"
"strings"
"time"
)

var signParams = map[string]bool{
Expand Down Expand Up @@ -71,6 +74,10 @@ func Sign(r *http.Request, k Keys) {
DefaultService.Sign(r, k)
}

func SignQuery(r *http.Request, t time.Time, k Keys) {
DefaultService.SignQuery(r, t, k)
}

// Service represents an S3-compatible service.
type Service struct {
Domain string // service root domain, used to extract subdomain from an http.Request and pass it to Bucket
Expand All @@ -89,6 +96,21 @@ func (s *Service) Sign(r *http.Request, k Keys) {
r.Header.Set("Authorization", "AWS "+k.AccessKey+":"+string(sig))
}

func (s *Service) SignQuery(r *http.Request, t time.Time, k Keys) {
if k.SecurityToken != "" {
r.Header.Set("X-Amz-Security-Token", k.SecurityToken)
}
h := hmac.New(sha1.New, []byte(k.SecretKey))
s.writeSigQueryData(h, r, t)
sig := make([]byte, base64.StdEncoding.EncodedLen(h.Size()))
base64.StdEncoding.Encode(sig, h.Sum(nil))
if r.URL.RawQuery == "" {
r.URL.RawQuery = "AWSAccessKeyId=" + k.AccessKey + "&Signature=" + url.QueryEscape(string(sig)) + "&Expires=" + strconv.FormatInt(t.Unix(), 10)
} else {
r.URL.RawQuery += "&AWSAccessKeyId=" + k.AccessKey + "&Signature=" + url.QueryEscape(string(sig)) + "&Expires=" + strconv.FormatInt(t.Unix(), 10)
}
}

func (s *Service) writeSigData(w io.Writer, r *http.Request) {
w.Write([]byte(r.Method))
w.Write([]byte{'\n'})
Expand All @@ -104,6 +126,19 @@ func (s *Service) writeSigData(w io.Writer, r *http.Request) {
s.writeResource(w, r)
}

func (s *Service) writeSigQueryData(w io.Writer, r *http.Request, t time.Time) {
w.Write([]byte(r.Method))
w.Write([]byte{'\n'})
w.Write([]byte(r.Header.Get("content-md5")))
w.Write([]byte{'\n'})
w.Write([]byte(r.Header.Get("content-type")))
w.Write([]byte{'\n'})
w.Write([]byte(strconv.FormatInt(t.Unix(), 10)))
w.Write([]byte{'\n'})
writeAmzHeaders(w, r)
s.writeResource(w, r)
}

func (s *Service) writeResource(w io.Writer, r *http.Request) {
s.writeVhostBucket(w, strings.ToLower(r.Host))
path := r.URL.RequestURI()
Expand Down
68 changes: 68 additions & 0 deletions sign_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"net/http"
"testing"
"time"
)

var exKeys = Keys{
Expand Down Expand Up @@ -297,3 +298,70 @@ func TestVhostBucket(t *testing.T) {
}
}
}

var signQueryTest = []struct {
service *Service
method string
url string
more http.Header
expires int64
expBuf string
expQuery string
}{
{
DefaultService,
"GET",
"http://johnsmith.s3.amazonaws.com/photos/puppy.jpg",
nil,
1175139620,
"GET\n\n\n1175139620\n/johnsmith/photos/puppy.jpg",
"AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Signature=NpgCjnDzrM%2BWFzoENXmpNDUsSn8%3D&Expires=1175139620",
}, {
DefaultService,
"GET",
"http://s3.amazonaws.com/johnsmith/photos/puppy.jpg",
nil,
1175139620,
"GET\n\n\n1175139620\n/johnsmith/photos/puppy.jpg",
"AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Signature=NpgCjnDzrM%2BWFzoENXmpNDUsSn8%3D&Expires=1175139620",
}, {
DefaultService,
"GET",
"http://johnsmith.s3.amazonaws.com/photos/puppy.jpg?acl",
nil,
1175139620,
"GET\n\n\n1175139620\n/johnsmith/photos/puppy.jpg?acl",
"acl&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Signature=2t9CVTYWEqyKpbsimoCqHNLfxsA%3D&Expires=1175139620",
},
}

func TestQuerySign(t *testing.T) {
for _, ts := range signQueryTest {
r, err := http.NewRequest(ts.method, ts.url, nil)
if err != nil {
panic(err)
}

for k, vs := range ts.more {
for _, v := range vs {
r.Header.Add(k, v)
}
}
var buf bytes.Buffer
ts.service.writeSigQueryData(&buf, r, time.Unix(ts.expires, 0))
if buf.String() != ts.expBuf {
t.Errorf("in %s:", r.Method)
t.Logf("url %s", r.URL.String())
t.Logf("exp %q", ts.expBuf)
t.Logf("got %q", buf.String())
}

ts.service.SignQuery(r, time.Unix(ts.expires, 0), exKeys)
if got := r.URL.RawQuery; got != ts.expQuery {
t.Errorf("in %s:", r.Method)
t.Logf("url %s", r.URL.String())
t.Logf("exp %q", ts.expQuery)
t.Logf("got %q", got)
}
}
}