This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
forked from smarty-archives/go-aws-auth
-
Notifications
You must be signed in to change notification settings - Fork 2
/
s3.go
121 lines (95 loc) · 2.69 KB
/
s3.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package awsauth
import (
"encoding/base64"
"net/http"
"sort"
"strconv"
"strings"
"time"
)
func signatureS3(stringToSign string, keys Credentials) string {
hashed := hmacSHA1([]byte(keys.SecretAccessKey), stringToSign)
return base64.StdEncoding.EncodeToString(hashed)
}
func stringToSignS3(request *http.Request) string {
str := request.Method + "\n"
if request.Header.Get("Content-Md5") != "" {
str += request.Header.Get("Content-Md5")
} else {
body := readAndReplaceBody(request)
if len(body) > 0 {
str += hashMD5(body)
}
}
str += "\n"
str += request.Header.Get("Content-Type") + "\n"
if request.Header.Get("Date") != "" {
str += request.Header.Get("Date")
} else {
str += timestampS3()
}
str += "\n"
canonicalHeaders := canonicalAmzHeadersS3(request)
if canonicalHeaders != "" {
str += canonicalHeaders
}
str += canonicalResourceS3(request)
return str
}
func stringToSignS3Url(method string, expire time.Time, path string) string {
return method + "\n\n\n" + timeToUnixEpochString(expire) + "\n" + path
}
func timeToUnixEpochString(t time.Time) string {
return strconv.FormatInt(t.Unix(), 10)
}
func canonicalAmzHeadersS3(request *http.Request) string {
var headers []string
for header := range request.Header {
standardized := strings.ToLower(strings.TrimSpace(header))
if strings.HasPrefix(standardized, "x-amz") {
headers = append(headers, standardized)
}
}
sort.Strings(headers)
for i, header := range headers {
headers[i] = header + ":" + strings.Replace(request.Header.Get(header), "\n", " ", -1)
}
if len(headers) > 0 {
return strings.Join(headers, "\n") + "\n"
} else {
return ""
}
}
func canonicalResourceS3(request *http.Request) string {
res := ""
if isS3VirtualHostedStyle(request) {
bucketname := strings.Split(request.Host, ".")[0]
res += "/" + bucketname
}
res += request.URL.Path
for _, subres := range strings.Split(subresourcesS3, ",") {
if strings.HasPrefix(request.URL.RawQuery, subres) {
res += "?" + subres
}
}
return res
}
func prepareRequestS3(request *http.Request) *http.Request {
request.Header.Set("Date", timestampS3())
if request.URL.Path == "" {
request.URL.Path += "/"
}
return request
}
// Info: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
func isS3VirtualHostedStyle(request *http.Request) bool {
service, _ := serviceAndRegion(request.Host)
return service == "s3" && strings.Count(request.Host, ".") == 3
}
func timestampS3() string {
return now().Format(timeFormatS3)
}
const (
timeFormatS3 = time.RFC1123Z
subresourcesS3 = "acl,lifecycle,location,logging,notification,partNumber,policy,requestPayment,torrent,uploadId,uploads,versionId,versioning,versions,website"
)