Documentation ¶
Overview ¶
Package auth This file implements helper functions to validate AWS Signature Version '4' authorization header.
This package provides comprehensive helpers for following signature types. - Based on Authorization header. - Based on Query parameters. - Based on Form POST policy.
Index ¶
- Constants
- func AWSMiddleware(secretKeyGetter SecretKeyGetter, domains []string) mux.MiddlewareFunc
- func AccessKeyIDFromRequest(r *http.Request) string
- func EncodePath(pathName string) string
- func PostPresignSignatureV2(policyBase64, secretAccessKey string) (string, error)
- func PreSignV2(req http.Request, accessKeyID, secretAccessKey string, expires int64, ...) (*http.Request, error)
- func QueryEncode(v url.Values) string
- func SignV2(req http.Request, accessKeyID, secretAccessKey string, virtualHost bool) (*http.Request, error)
- type APIError
- type APIErrorCode
- type APIErrorResponse
- type SecretKeyGetter
Constants ¶
const SlashSeparator = "/"
SlashSeparator - slash separator.
Variables ¶
This section is empty.
Functions ¶
func AWSMiddleware ¶
func AWSMiddleware(secretKeyGetter SecretKeyGetter, domains []string) mux.MiddlewareFunc
AWSMiddleware returns a gorilla mux middleware function.
func AccessKeyIDFromRequest ¶
AccessKeyIDFromRequest retrieves the access key ID from the request context.
func EncodePath ¶
EncodePath encode the strings from UTF-8 byte representations to HTML hex escape sequences
This is necessary since regular url.Parse() and url.Encode() functions do not support UTF-8 non english characters cannot be parsed due to the nature in which url.Encode() is written
This function on the other hand is a direct replacement for url.Encode() technique to support pretty much every UTF-8 character.
func PostPresignSignatureV2 ¶
PostPresignSignatureV2 - presigned signature for PostPolicy request.
func PreSignV2 ¶
func PreSignV2(req http.Request, accessKeyID, secretAccessKey string, expires int64, virtualHost bool) (*http.Request, error)
PreSignV2 - presign the request in following style. https://${S3_BUCKET}.s3.amazonaws.com/${S3_OBJECT}?AWSAccessKeyId=${S3_ACCESS_KEY}&Expires=${TIMESTAMP}&Signature=${SIGNATURE}.
func QueryEncode ¶
QueryEncode - encodes query values in their URL encoded form. In addition to the percent encoding performed by urlEncodePath() used here, it also percent encodes '/' (forward slash)
Types ¶
type APIErrorCode ¶
type APIErrorCode int
APIErrorCode type of error status.
const ( ErrNone APIErrorCode = iota ErrAccessDenied ErrBadDigest ErrEntityTooSmall ErrEntityTooLarge ErrPolicyTooLarge ErrIncompleteBody ErrInternalError ErrInvalidAccessKeyID ErrInvalidBucketName ErrInvalidDigest ErrInvalidRange ErrInvalidCopyPartRange ErrInvalidCopyPartRangeSource ErrInvalidMaxKeys ErrInvalidEncodingMethod ErrInvalidMaxUploads ErrInvalidMaxParts ErrInvalidPartNumberMarker ErrInvalidRequestBody ErrInvalidCopySource ErrInvalidMetadataDirective ErrInvalidCopyDest ErrInvalidPolicyDocument ErrInvalidObjectState ErrMalformedXML ErrMissingContentLength ErrMissingContentMD5 ErrMissingRequestBodyError ErrMissingSecurityHeader ErrNoSuchBucket ErrNoSuchBucketPolicy ErrNoSuchBucketLifecycle ErrNoSuchLifecycleConfiguration ErrNoSuchBucketSSEConfig ErrNoSuchCORSConfiguration ErrNoSuchWebsiteConfiguration ErrReplicationConfigurationNotFoundError ErrRemoteDestinationNotFoundError ErrReplicationDestinationMissingLock ErrRemoteTargetNotFoundError ErrReplicationRemoteConnectionError ErrBucketRemoteIdenticalToSource ErrBucketRemoteAlreadyExists ErrBucketRemoteLabelInUse ErrBucketRemoteArnTypeInvalid ErrBucketRemoteArnInvalid ErrBucketRemoteRemoveDisallowed ErrRemoteTargetNotVersionedError ErrReplicationSourceNotVersionedError ErrReplicationNeedsVersioningError ErrReplicationBucketNeedsVersioningError ErrBucketReplicationDisabledError ErrObjectRestoreAlreadyInProgress ErrNoSuchKey ErrNoSuchUpload ErrInvalidVersionID ErrNoSuchVersion ErrNotImplemented ErrPreconditionFailed ErrRequestTimeTooSkewed ErrSignatureDoesNotMatch ErrMethodNotAllowed ErrInvalidPart ErrInvalidPartOrder ErrAuthorizationHeaderMalformed ErrMalformedPOSTRequest ErrPOSTFileRequired ErrSignatureVersionNotSupported ErrBucketNotEmpty ErrAllAccessDisabled ErrMalformedPolicy ErrMissingFields ErrMissingCredTag ErrCredMalformed ErrInvalidRegion ErrInvalidServiceS3 ErrInvalidServiceSTS ErrInvalidRequestVersion ErrMissingSignTag ErrMissingSignHeadersTag ErrMalformedDate ErrMalformedPresignedDate ErrMalformedCredentialDate ErrMalformedCredentialRegion ErrMalformedExpires ErrNegativeExpires ErrAuthHeaderEmpty ErrExpiredPresignRequest ErrRequestNotReadyYet ErrUnsignedHeaders ErrMissingDateHeader ErrInvalidQuerySignatureAlgo ErrInvalidQueryParams ErrBucketAlreadyOwnedByYou ErrInvalidDuration ErrBucketAlreadyExists ErrMetadataTooLarge ErrUnsupportedMetadata ErrMaximumExpires ErrSlowDown ErrInvalidPrefixMarker ErrBadRequest ErrKeyTooLongError ErrInvalidBucketObjectLockConfiguration ErrObjectLockConfigurationNotFound ErrObjectLockConfigurationNotAllowed ErrNoSuchObjectLockConfiguration ErrObjectLocked ErrInvalidRetentionDate ErrPastObjectLockRetainDate ErrUnknownWORMModeDirective ErrBucketTaggingNotFound ErrObjectLockInvalidHeaders ErrInvalidTagDirective // SSE-S3 related API errors ErrInvalidEncryptionMethod // Server-Side-Encryption (with Customer provided key) related API errors. ErrInsecureSSECustomerRequest ErrSSEMultipartEncrypted ErrSSEEncryptedObject ErrInvalidEncryptionParameters ErrInvalidSSECustomerAlgorithm ErrInvalidSSECustomerKey ErrMissingSSECustomerKey ErrMissingSSECustomerKeyMD5 ErrSSECustomerKeyMD5Mismatch ErrInvalidSSECustomerParameters ErrIncompatibleEncryptionMethod ErrKMSNotConfigured ErrKMSAuthFailure ErrNoAccessKey ErrInvalidToken // Bucket notification related errors. ErrEventNotification ErrARNNotification ErrRegionNotification ErrOverlappingFilterNotification ErrFilterNameInvalid ErrFilterNamePrefix ErrFilterNameSuffix ErrFilterValueInvalid ErrOverlappingConfigs ErrUnsupportedNotification // S3 extended errors. ErrContentSHA256Mismatch // MinIO extended errors. ErrReadQuorum ErrWriteQuorum ErrParentIsObject ErrStorageFull ErrRequestBodyParse ErrObjectExistsAsDirectory ErrInvalidObjectName ErrInvalidObjectNamePrefixSlash ErrInvalidResourceName ErrServerNotInitialized ErrOperationTimedOut ErrClientDisconnected ErrOperationMaxedOut ErrInvalidRequest // MinIO storage class error codes ErrInvalidStorageClass ErrBackendDown ErrMalformedJSON ErrAdminNoSuchUser ErrAdminNoSuchGroup ErrAdminGroupNotEmpty ErrAdminNoSuchPolicy ErrAdminInvalidArgument ErrAdminInvalidAccessKey ErrAdminInvalidSecretKey ErrAdminConfigNoQuorum ErrAdminConfigTooLarge ErrAdminConfigBadJSON ErrAdminConfigDuplicateKeys ErrAdminCredentialsMismatch ErrInsecureClientRequest ErrObjectTampered // Bucket Quota error codes ErrAdminBucketQuotaExceeded ErrAdminNoSuchQuotaConfiguration ErrAdminBucketQuotaDisabled ErrHealNotImplemented ErrHealNoSuchProcess ErrHealInvalidClientToken ErrHealMissingBucket ErrHealAlreadyRunning ErrHealOverlappingPaths ErrIncorrectContinuationToken // S3 Select Errors ErrEmptyRequestBody ErrUnsupportedFunction ErrInvalidExpressionType ErrBusy ErrExpressionTooLong ErrIllegalSQLFunctionArgument ErrInvalidKeyPath ErrInvalidCompressionFormat ErrInvalidFileHeaderInfo ErrInvalidJSONType ErrInvalidQuoteFields ErrInvalidRequestParameter ErrInvalidDataType ErrInvalidTextEncoding ErrInvalidDataSource ErrInvalidTableAlias ErrMissingRequiredParameter ErrObjectSerializationConflict ErrUnsupportedSQLOperation ErrUnsupportedSQLStructure ErrUnsupportedSyntax ErrUnsupportedRangeHeader ErrLexerInvalidChar ErrLexerInvalidOperator ErrLexerInvalidLiteral ErrLexerInvalidIONLiteral ErrParseExpectedDatePart ErrParseExpectedKeyword ErrParseExpectedTokenType ErrParseExpected2TokenTypes ErrParseExpectedNumber ErrParseExpectedRightParenBuiltinFunctionCall ErrParseExpectedTypeName ErrParseExpectedWhenClause ErrParseUnsupportedToken ErrParseUnsupportedLiteralsGroupBy ErrParseExpectedMember ErrParseUnsupportedSelect ErrParseUnsupportedCase ErrParseUnsupportedCaseClause ErrParseUnsupportedAlias ErrParseUnsupportedSyntax ErrParseUnknownOperator ErrParseMissingIdentAfterAt ErrParseUnexpectedOperator ErrParseUnexpectedTerm ErrParseUnexpectedToken ErrParseUnexpectedKeyword ErrParseExpectedExpression ErrParseExpectedLeftParenAfterCast ErrParseExpectedLeftParenValueConstructor ErrParseExpectedLeftParenBuiltinFunctionCall ErrParseExpectedArgumentDelimiter ErrParseCastArity ErrParseInvalidTypeParam ErrParseEmptySelect ErrParseSelectMissingFrom ErrParseExpectedIdentForGroupName ErrParseExpectedIdentForAlias ErrParseUnsupportedCallWithStar ErrParseNonUnaryAgregateFunctionCall ErrParseMalformedJoin ErrParseExpectedIdentForAt ErrParseAsteriskIsNotAloneInSelectList ErrParseCannotMixSqbAndWildcardInSelectList ErrParseInvalidContextForWildcardInSelectList ErrIncorrectSQLFunctionArgumentType ErrValueParseFailure ErrEvaluatorInvalidArguments ErrIntegerOverflow ErrLikeInvalidInputs ErrCastFailed ErrInvalidCast ErrEvaluatorInvalidTimestampFormatPattern ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing ErrEvaluatorTimestampFormatPatternDuplicateFields ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch ErrEvaluatorUnterminatedTimestampFormatPatternToken ErrEvaluatorInvalidTimestampFormatPatternToken ErrEvaluatorInvalidTimestampFormatPatternSymbol ErrEvaluatorBindingDoesNotExist ErrMissingHeaders ErrInvalidColumnIndex ErrAdminConfigNotificationTargetsFailed ErrAdminProfilerNotEnabled ErrInvalidDecompressedSize ErrAddUserInvalidArgument ErrAdminAccountNotEligible ErrAccountNotEligible ErrServiceAccountNotFound ErrPostPolicyConditionInvalidFormat )
Error codes, non exhaustive list - http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
type APIErrorResponse ¶
type APIErrorResponse struct { XMLName xml.Name `xml:"Error" json:"-"` Code string Message string Key string `xml:"Key,omitempty" json:"Key,omitempty"` BucketName string `xml:"BucketName,omitempty" json:"BucketName,omitempty"` Resource string Region string `xml:"Region,omitempty" json:"Region,omitempty"` RequestID string `xml:"RequestId" json:"RequestId"` HostID string `xml:"HostId" json:"HostId"` }
APIErrorResponse - error response format
type SecretKeyGetter ¶
SecretKeyGetter returns a secret key from an access key.