Adds param-signed URLs to swift3 middleware.

2011-04-16 17:32:51 +00:00 · 2011-04-16 17:32:51 +00:00 · 59ff252362
commit 59ff252362
parent b9eea0f6a1 eea65967eb
2 changed files with 36 additions and 20 deletions
--- a/swift/common/middleware/swift3.py
+++ b/swift/common/middleware/swift3.py
@ -16,9 +16,6 @@
 """
 The swift3 middleware will emulate the S3 REST api on top of swift.

-The boto python library is necessary to use this middleware (install
-the python-boto package if you use Ubuntu).
-
 The following opperations are currently supported:

    * GET Service
@ -438,32 +435,35 @@ class Swift3Middleware(object):
            return BucketController, d
        return ServiceController, d

-    def get_account_info(self, env, req):
-        try:
-            account, user, _junk = \
-                req.headers['Authorization'].split(' ')[-1].split(':')
-        except Exception:
-            return None, None
-
-        h = canonical_string(req)
-        token = base64.urlsafe_b64encode(h)
-        return '%s:%s' % (account, user), token
-
    def __call__(self, env, start_response):
        req = Request(env)
-        if not'Authorization' in req.headers:
+
+        if 'AWSAccessKeyId' in req.GET:
+            try:
+                req.headers['Date'] = req.GET['Expires']
+                req.headers['Authorization'] = \
+                    'AWS %(AWSAccessKeyId)s:%(Signature)s' % req.GET
+            except KeyError:
+                return get_err_response('InvalidArgument')(env, start_response)
+
+        if not 'Authorization' in req.headers:
            return self.app(env, start_response)
+
+        try:
+            account, signature = \
+                req.headers['Authorization'].split(' ')[-1].rsplit(':', 1)
+        except Exception:
+            return get_err_response('InvalidArgument')(env, start_response)
+
        try:
            controller, path_parts = self.get_controller(req.path)
        except ValueError:
            return get_err_response('InvalidURI')(env, start_response)

-        account_name, token = self.get_account_info(env, req)
-        if not account_name:
-            return get_err_response('InvalidArgument')(env, start_response)
+        token = base64.urlsafe_b64encode(canonical_string(req))
+
+        controller = controller(env, self.app, account, token, **path_parts)

-        controller = controller(env, self.app, account_name, token,
-                                **path_parts)
        if hasattr(controller, req.method):
            res = getattr(controller, req.method)(env, start_response)
        else:
--- a/test/unit/common/middleware/test_swift3.py
+++ b/test/unit/common/middleware/test_swift3.py
@ -594,5 +594,21 @@ class TestSwift3(unittest.TestCase):
        self.assertEquals(swift3.canonical_string(req2),
                swift3.canonical_string(req3))

+    def test_signed_urls(self):
+        class FakeApp(object):
+            def __call__(self, env, start_response):
+                self.req = Request(env)
+                start_response('200 OK')
+                start_response([])
+        app = FakeApp()
+        local_app = swift3.filter_factory({})(app)
+        req = Request.blank('/bucket/object?Signature=X&Expires=Y&'
+                'AWSAccessKeyId=Z', environ={'REQUEST_METHOD': 'GET'})
+        req.date = datetime.now()
+        req.content_type = 'text/plain'
+        resp = local_app(req.environ, lambda *args: None)
+        self.assertEquals(app.req.headers['Authorization'], 'AWS Z:X')
+        self.assertEquals(app.req.headers['Date'], 'Y')
+
 if __name__ == '__main__':
    unittest.main()