Commit 1f932007 authored by Nugine's avatar Nugine
Browse files

fix(s3s): access check

parent 46a6e0a6

crates/s3s/src/ops/mod.rs

+10 −3
Original line number Diff line number Diff line
@@ -207,9 +207,16 @@ pub async fn call(req: &mut Request, ccx: &CallContext<'_>) -> S3Result<Response 
        }

        Prepare::CustomRoute => {

            let body = mem::take(&mut req.body);

            let s3_req = build_s3_request(body, req);

            let mut s3_req = build_s3_request(body, req);

            let route = ccx.route.unwrap();

            match route.call(s3_req).await {



            let result = async {

                route.check_access(&mut s3_req).await?;

                route.call(s3_req).await

            }

            .await;



            match result {

                Ok(s3_resp) => Ok(Response {

                    status: s3_resp.output.0,

                    headers: s3_resp.headers,
@@ -374,7 +381,7 @@ async fn prepare(req: &mut Request, ccx: &CallContext<'_>) -> S3Result<Prepare> 


    debug!(op = %op.name(), ?s3_path, "resolved route");



    {

    if ccx.auth.is_some() {

        let mut acx = S3AccessContext {

            credentials: req.s3ext.credentials.as_ref(),

            s3_path,

crates/s3s/src/route.rs

+7 −0
Original line number Diff line number Diff line
@@ -13,6 +13,13 @@ use hyper::Uri; 
pub trait S3Route: Send + Sync + 'static {

    fn is_match(&self, method: &Method, uri: &Uri, headers: &HeaderMap, extensions: &mut Extensions) -> bool;



    async fn check_access(&self, req: &mut S3Request<Body>) -> S3Result<()> {

        match req.credentials {

            Some(_) => Ok(()),

            None => Err(s3_error!(AccessDenied, "Signature is required")),

        }

    }



    async fn call(&self, req: S3Request<Body>) -> S3Result<S3Response<(StatusCode, Body)>>;

}