Add support for aws-chunked (#914)

Closes #913
nspcc-dev · Dec 1, 2023 · e707b66 · e707b66
2 parents 6541c61 + b20cfa7
commit e707b66
Show file tree

Hide file tree

Showing 4 changed files with 720 additions and 9 deletions.
diff --git a/api/auth/center.go b/api/auth/center.go
@@ -69,14 +69,18 @@ const (
 	authHeaderPartsNum = 6
 	maxFormSizeMemory  = 50 * 1048576 // 50 MB
 
-	AmzAlgorithm     = "X-Amz-Algorithm"
-	AmzCredential    = "X-Amz-Credential"
-	AmzSignature     = "X-Amz-Signature"
-	AmzSignedHeaders = "X-Amz-SignedHeaders"
-	AmzExpires       = "X-Amz-Expires"
-	AmzDate          = "X-Amz-Date"
-	AuthorizationHdr = "Authorization"
-	ContentTypeHdr   = "Content-Type"
+	AmzAlgorithm              = "X-Amz-Algorithm"
+	AmzCredential             = "X-Amz-Credential"
+	AmzSignature              = "X-Amz-Signature"
+	AmzSignedHeaders          = "X-Amz-SignedHeaders"
+	AmzExpires                = "X-Amz-Expires"
+	AmzDate                   = "X-Amz-Date"
+	AuthorizationHdr          = "Authorization"
+	ContentTypeHdr            = "Content-Type"
+	ContentEncodingHdr        = "Content-Encoding"
+	ContentEncodingAwsChunked = "aws-chunked"
+
+	timeFormatISO8601 = "20060102T150405Z"
 )
 
 // ErrNoAuthorizationHeader is returned for unauthenticated requests.
@@ -182,7 +186,7 @@ func (c *center) Authenticate(r *http.Request) (*Box, error) {
 		needClientTime = true
 	}
 
-	signatureDateTime, err := time.Parse("20060102T150405Z", signatureDateTimeStr)
+	signatureDateTime, err := time.Parse(timeFormatISO8601, signatureDateTimeStr)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err)
 	}
@@ -206,6 +210,17 @@ func (c *center) Authenticate(r *http.Request) (*Box, error) {
 		return nil, err
 	}
 
+	if hdr := r.Header.Get(ContentEncodingHdr); hdr == ContentEncodingAwsChunked {
+		sig, err := hex.DecodeString(authHdr.SignatureV4)
+		if err != nil {
+			return nil, fmt.Errorf("DecodeString: %w", err)
+		}
+
+		awsCreds := credentials.NewStaticCredentials(authHdr.AccessKeyID, box.Gate.AccessKey, "")
+		streamSigner := v4.NewChunkSigner(authHdr.Region, authHdr.Service, sig, signatureDateTime, awsCreds)
+		r.Body = v4.NewChunkedReader(r.Body, streamSigner)
+	}
+
 	result := &Box{AccessBox: box}
 	if needClientTime {
 		result.ClientTime = signatureDateTime