fix: correct xml response encoding for list-buckets and tagging

fixes #395
2026-01-06 19:56:27 +00:00 · 2024-02-10 23:02:28 -08:00
parent 4d168da376
commit 0760467c3d
6 changed files with 939 additions and 1340 deletions
--- a/s3api/controllers/base.go
+++ b/s3api/controllers/base.go
--- a/s3api/utils/auth-reader.go
+++ b/s3api/utils/auth-reader.go
@@ -126,16 +126,19 @@ func CheckValidSignature(ctx *fiber.Ctx, auth AuthData, secret, checksum string,

 	signer := v4.NewSigner()

-	signErr := signer.SignHTTP(req.Context(), aws.Credentials{
-		AccessKeyID:     auth.Access,
-		SecretAccessKey: secret,
-	}, req, checksum, service, auth.Region, tdate, func(options *v4.SignerOptions) {
-		options.DisableURIPathEscaping = true
-		if debug {
-			options.LogSigning = true
-			options.Logger = logging.NewStandardLogger(os.Stderr)
-		}
-	})
+	signErr := signer.SignHTTP(req.Context(),
+		aws.Credentials{
+			AccessKeyID:     auth.Access,
+			SecretAccessKey: secret,
+		},
+		req, checksum, service, auth.Region, tdate,
+		func(options *v4.SignerOptions) {
+			options.DisableURIPathEscaping = true
+			if debug {
+				options.LogSigning = true
+				options.Logger = logging.NewStandardLogger(os.Stderr)
+			}
+		})
 	if signErr != nil {
 		return fmt.Errorf("sign generated http request: %w", err)
 	}
--- a/s3api/utils/auth_test.go
+++ b/s3api/utils/auth_test.go
@@ -10,18 +10,26 @@ func TestAuthParse(t *testing.T) {
 		authstr string // Authorization string
 		algo    string
 		sig     string
-	}{{
-		name:    "restic",
-		authstr: "AWS4-HMAC-SHA256 Credential=user/20240116/us-east-1/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length,Signature=d5199fc7f3aa35dd3d400427be2ae4c98bfad390785280cbb9eea015b51e12ac",
-		algo:    "AWS4-HMAC-SHA256",
-		sig:     "d5199fc7f3aa35dd3d400427be2ae4c98bfad390785280cbb9eea015b51e12ac",
-	},
+	}{
+		{
+			name:    "restic",
+			authstr: "AWS4-HMAC-SHA256 Credential=user/20240116/us-east-1/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length,Signature=d5199fc7f3aa35dd3d400427be2ae4c98bfad390785280cbb9eea015b51e12ac",
+			algo:    "AWS4-HMAC-SHA256",
+			sig:     "d5199fc7f3aa35dd3d400427be2ae4c98bfad390785280cbb9eea015b51e12ac",
+		},
 		{
 			name:    "aws eaxample",
 			authstr: "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request, SignedHeaders=host;range;x-amz-date, Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024",
 			algo:    "AWS4-HMAC-SHA256",
 			sig:     "fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024",
-		}}
+		},
+		{
+			name:    "s3browser",
+			authstr: "AWS4-HMAC-SHA256 Credential=access_key/20240206/us-east-1/s3/aws4_request,SignedHeaders=host;user-agent;x-amz-content-sha256;x-amz-date, Signature=37a35d96998d786113ad420c57c22c5433f6aca74f88f26566caa047fc3601c6",
+			algo:    "AWS4-HMAC-SHA256",
+			sig:     "37a35d96998d786113ad420c57c22c5433f6aca74f88f26566caa047fc3601c6",
+		},
+	}

 	for _, v := range vectors {
 		t.Run(v.name, func(t *testing.T) {
--- a/s3response/README.txt
+++ b/s3response/README.txt
@@ -1,6 +0,0 @@
-https://doc.s3.amazonaws.com/2006-03-01/AmazonS3.xsd
-
-see https://blog.aqwari.net/xml-schema-go/
-
-go install aqwari.net/xml/cmd/xsdgen@latest
-xsdgen -o s3api_xsd_generated.go -pkg s3response AmazonS3.xsd
--- a/s3response/s3api_xsd_generated.go
+++ b/s3response/s3api_xsd_generated.go
--- a/s3response/s3response.go
+++ b/s3response/s3response.go
@@ -16,6 +16,7 @@ package s3response

 import (
 	"encoding/xml"
+	"time"

 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
 )
@@ -107,7 +108,8 @@ type TagSet struct {
 }

 type Tagging struct {
-	TagSet TagSet `xml:"TagSet"`
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ Tagging" json:"-"`
+	TagSet  TagSet   `xml:"TagSet"`
 }

 type DeleteObjects struct {
@@ -139,3 +141,58 @@ type Bucket struct {
 	Name  string `json:"name"`
 	Owner string `json:"owner"`
 }
+
+type ListAllMyBucketsResult struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListAllMyBucketsResult" json:"-"`
+	Owner   CanonicalUser
+	Buckets ListAllMyBucketsList
+}
+
+type ListAllMyBucketsEntry struct {
+	Name         string
+	CreationDate time.Time
+}
+
+type ListAllMyBucketsList struct {
+	Bucket []ListAllMyBucketsEntry
+}
+
+type CanonicalUser struct {
+	ID          string
+	DisplayName string
+}
+
+type CopyObjectResult struct {
+	XMLName      xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ CopyObjectResult" json:"-"`
+	LastModified time.Time
+	ETag         string
+}
+
+type AccessControlPolicy struct {
+	XMLName           xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ AccessControlPolicy" json:"-"`
+	Owner             CanonicalUser
+	AccessControlList AccessControlList
+}
+
+type AccessControlList struct {
+	Grant []Grant
+}
+
+type Grant struct {
+	Grantee    Grantee
+	Permission string
+}
+
+// Set the following to encode correctly:
+//
+//	Grantee: s3response.Grantee{
+//		Xsi:         "http://www.w3.org/2001/XMLSchema-instance",
+//		Type:        "CanonicalUser",
+//	},
+type Grantee struct {
+	XMLName     xml.Name `xml:"Grantee"`
+	Xsi         string   `xml:"xmlns:xsi,attr,omitempty"`
+	Type        string   `xml:"xsi:type,attr,omitempty"`
+	ID          string
+	DisplayName string
+}