lib

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 30, 2019 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Overview

This file implements helper functions to validate AWS Signature Version '4' authorization header.

This package provides comprehensive helpers for following signature types. - Based on Authorization header. - Based on Query parameters. - Based on Form POST policy.

Index

Constants

View Source 
const (
	// BucketCannedACLPrivate is a BucketCannedACL enum value
	BucketCannedACLPrivate = "private"

	// BucketCannedACLPublicRead is a BucketCannedACL enum value
	BucketCannedACLPublicRead = "public-read"

	// BucketCannedACLPublicReadWrite is a BucketCannedACL enum value
	BucketCannedACLPublicReadWrite = "public-read-write"

	// BucketCannedACLAuthenticatedRead is a BucketCannedACL enum value
	BucketCannedACLAuthenticatedRead = "authenticated-read"

	// ObjectCannedACLPrivate is a ObjectCannedACL enum value
	ObjectCannedACLPrivate = "private"

	// ObjectCannedACLPublicRead is a ObjectCannedACL enum value
	ObjectCannedACLPublicRead = "public-read"

	// ObjectCannedACLPublicReadWrite is a ObjectCannedACL enum value
	ObjectCannedACLPublicReadWrite = "public-read-write"

	// ObjectCannedACLAuthenticatedRead is a ObjectCannedACL enum value
	ObjectCannedACLAuthenticatedRead = "authenticated-read"

	// ObjectCannedACLAwsExecRead is a ObjectCannedACL enum value
	ObjectCannedACLAwsExecRead = "aws-exec-read"

	// ObjectCannedACLBucketOwnerRead is a ObjectCannedACL enum value
	ObjectCannedACLBucketOwnerRead = "bucket-owner-read"

	// ObjectCannedACLBucketOwnerFullControl is a ObjectCannedACL enum value
	ObjectCannedACLBucketOwnerFullControl = "bucket-owner-full-control"
)
View Source 
const (
	Endpoint         = "s3.test.com:8080"
	EndpointInternal = "s3-internal.test.com:8080"
	AccessKey        = "hehehehe"
	SecretKey        = "hehehehe"
	Region           = "RegionHeHe"

	TEST_BUCKET         = "mybucket"
	TEST_KEY            = "testput"
	TEST_KEY_SPECIAL    = "testputspecial:!@$%^&*()_+=-;?><| "
	TEST_VALUE          = "valueput"
	TEST_ILLEGALREFERER = "http://www.thief.com/"
	TEST_LEGALREFERER   = "http://www.genltemen.com/"
	TEST_COMMONREFERER  = "http://www.common.com/"
)
View Source 
const (
	GetObjectPolicy_1 = `{
			"Version": "2012-10-17",
			"Statement": [{
			"Effect": "Allow",
			"Principal": {"AWS":["*"]},
			"Action": ["s3:GetObject"],
			"Resource": [
				"arn:aws:s3:::` + TEST_BUCKET + `/*"
			]
			}]
		}`

	GetObjectPolicy_2 = `{
			"Version": "2012-10-17",
			"Statement": [{
			"Effect": "Allow",
			"Principal": {"AWS":["*"]},
			"Action": ["s3:GetObject"],
			"Resource": [
				"arn:aws:s3:::` + TEST_BUCKET + `/test/*"
			]
			}]
		}`

	SetBucketPolicyAllowStringLike = `{
			"Version": "2012-10-17",
			"Id": "http referer policy example",
			"Statement": [
				{
					"Sid": "Allow get requests referred by url test1",
					"Effect":"Allow",
					"Principal": {
						"AWS":"*"
					},
					"Action":["s3:GetObject"],
					"Resource":[
							"arn:aws:s3:::` + TEST_BUCKET + `",
							"arn:aws:s3:::` + TEST_BUCKET + `/*"
					],
					"Condition":
							{"StringLike":{"aws:Referer":["http://www.genltemen.com/*","http://genltemen.com/*"]}}
				}
			]
		}`

	SetBucketPolicyAllowStringNotLike = `{
			"Version": "2012-10-17",
			"Id": "http referer policy example",
			"Statement": [
				{
					"Sid": "Allow get requests referred by url test2",
					"Effect":"Allow",
					"Principal": {
						"AWS":"*"
					},
					"Action":["s3:GetObject"],
					"Resource":[
							"arn:aws:s3:::` + TEST_BUCKET + `",
							"arn:aws:s3:::` + TEST_BUCKET + `/*"
					],
					"Condition":
							{"StringNotLike":{"aws:Referer":["http://www.thief.com/*","http://thief.com/*"]}}
				}
			]
		}`

	SetBucketPolicyDenyStringLike = `{
			"Version": "2012-10-17",
			"Id": "http referer policy example",
			"Statement": [
				{
					"Sid": "Deny get requests referred by url test3",
					"Effect":"Deny",
					"Principal": {
						"AWS":"*"
					},
					"Action":["s3:GetObject"],
					"Resource":[
							"arn:aws:s3:::` + TEST_BUCKET + `",
							"arn:aws:s3:::` + TEST_BUCKET + `/*"
					],
					"Condition":
							{"StringLike":{"aws:Referer":["http://www.thief.com/*","http://thief.com/*"]}}
				}
			]
		}`

	SetBucketPolicyDenyStringNotLike = `{
			"Version": "2012-10-17",
			"Id": "http referer policy example",
			"Statement": [
				{
					"Sid": "Deny get requests referred by url test3",
					"Effect":"Deny",
					"Principal": {
						"AWS":"*"
					},
					"Action":["s3:GetObject"],
					"Resource":[
							"arn:aws:s3:::` + TEST_BUCKET + `",
							"arn:aws:s3:::` + TEST_BUCKET + `/*"
					],
					"Condition":
							{"StringNotLike":{"aws:Referer":["http://www.genltemen.com/*","http://genltemen.com/*"]}}
				}
			]
		}`

	SetBucketPolicyAllowIPAddress = `{
  			"Id":"PolicyId2",
  			"Version":"2012-10-17",
  			"Statement":[
    			{
      				"Sid":"AllowIPmix",
      				"Effect":"Allow",
      				"Principal":"*",
      				"Action":"s3:GetObject",
      				"Resource":"arn:aws:s3:::` + TEST_BUCKET + `/*",
     				"Condition": {
        				"IpAddress": {
          					"aws:SourceIp": "10.0.12.0/24"
						}
     				}
   				}
  			]
	}`

	SetBucketPolicyAllowNotIPAddress = `{
  			"Id":"PolicyId2",
  			"Version":"2012-10-17",
  			"Statement":[
    			{
      				"Sid":"AllowIPmix",
      				"Effect":"Allow",
      				"Principal":"*",
      				"Action":"s3:GetObject",
      				"Resource":"arn:aws:s3:::` + TEST_BUCKET + `/*",
     				"Condition": {
        				"NotIpAddress": {
          					"aws:SourceIp": "10.0.11.0/24"
						}
     				}
   				}
  			]
	}`

	SetBucketPolicyDenyIPAddress = `{
  			"Id":"PolicyId2",
  			"Version":"2012-10-17",
  			"Statement":[
    			{
      				"Sid":"DenyIPmix",
      				"Effect":"Deny",
      				"Principal":"*",
      				"Action":"s3:GetObject",
      				"Resource":"arn:aws:s3:::` + TEST_BUCKET + `/*",
     				"Condition": {
        				"IpAddress": {
          					"aws:SourceIp": "10.0.11.0/24"
						}
     				}
   				}
  			]
	}`

	SetBucketPolicyDenyNotIPAddress = `{
  			"Id":"PolicyId2",
  			"Version":"2012-10-17",
  			"Statement":[
    			{
      				"Sid":"DenyIPmix",
      				"Effect":"Deny",
      				"Principal":"*",
      				"Action":"s3:GetObject",
      				"Resource":"arn:aws:s3:::` + TEST_BUCKET + `/*",
     				"Condition": {
        				"NotIpAddress": {
          					"aws:SourceIp": "10.0.12.0/24"
						}
     				}
   				}
  			]
	}`
)

Variables

This section is empty.

Functions

func AESDecrypt 

func AESDecrypt(cryptData, key []byte) ([]byte, error)

func AESDecryptHexStringToOrigin 

func AESDecryptHexStringToOrigin(hexStr string, key []byte) (string, error)

func AESEncrypt 

func AESEncrypt(data, key []byte) ([]byte, error)

func AESEncryptToHexString 

func AESEncryptToHexString(data, key []byte) (string, error)

func Format 

func Format(s string) string

func GenMinimalPart 

func GenMinimalPart() []byte

Generate 5M part data

func GenTestObjectUrl 

func GenTestObjectUrl(sc *S3Client) string

func GenTestSpecialCharaterObjectUrl 

func GenTestSpecialCharaterObjectUrl(sc *S3Client) string

func HTTPRequestToGetObject 

func HTTPRequestToGetObject(url string) (status int, val []byte, err error)

func HTTPRequestToGetObjectWithReferer 

func HTTPRequestToGetObjectWithReferer(url string, refererUrl string) (status int, val []byte, err error)

func HTTPRequestToGetObjectWithSpecialIP 

func HTTPRequestToGetObjectWithSpecialIP(url string, ipAddress string) (status int, val []byte, err error)

func RandBytes 

func RandBytes(ln int) []byte

RandBytes return the random byte sequence.

func TransferToS3AccessControlPolicy 

func TransferToS3AccessControlPolicy(policy *datatype.AccessControlPolicy) (s3policy *s3.AccessControlPolicy)

Types

type AccessPolicyGroup 

type AccessPolicyGroup struct {
	BucketPolicy string
	BucketACL    string
	ObjectACL    string
}

type HTTPRequestToGetObjectType 

type HTTPRequestToGetObjectType func(url string, requestCondition string) (status int, val []byte, err error)

type PostObjectInput 

type PostObjectInput struct {
	Url        string
	Bucket     string
	ObjName    string
	Expiration time.Time
	Date       time.Time
	Region     string
	AK         string
	SK         string
	FileSize   int
}

type S3Client 

type S3Client struct {
	Client *s3.S3
}

func NewS3 

func NewS3() *S3Client

func NewS3Internal 

func NewS3Internal() *S3Client

func NewS3WithoutMD5 

func NewS3WithoutMD5() *S3Client

func (*S3Client) AbortMultiPartUpload 

func (s3client *S3Client) AbortMultiPartUpload(bucketName, key, uploadId string) (err error)

func (*S3Client) AppendObject 

func (s3client *S3Client) AppendObject(bucketName, key, value string, position int64) (nextPos int64, err error)

func (*S3Client) ChangeObjectStorageClass 

func (s3client *S3Client) ChangeObjectStorageClass(bucketName, key string, storageClass string) (err error)

func (*S3Client) CleanEnv 

func (sc *S3Client) CleanEnv()

func (*S3Client) CompleteMultiPartUpload 

func (s3client *S3Client) CompleteMultiPartUpload(bucketName, key, uploadId string, completed *s3.CompletedMultipartUpload) (err error)

func (*S3Client) CreateMultiPartUpload 

func (s3client *S3Client) CreateMultiPartUpload(bucketName, key, storageClass string) (uploadId string, err error)

func (*S3Client) DeleteBucket 

func (s3client *S3Client) DeleteBucket(bucketName string) (err error)

func (*S3Client) DeleteBucketPolicy 

func (s3client *S3Client) DeleteBucketPolicy(bucketName string) (err error)

func (*S3Client) DeleteBucketWebsite 

func (s3client *S3Client) DeleteBucketWebsite(bucketName string) (err error)

func (*S3Client) DeleteObject 

func (s3client *S3Client) DeleteObject(bucketName, key string) (err error)

func (*S3Client) GetBucketAcl 

func (s3client *S3Client) GetBucketAcl(bucketName string) (ret string, err error)

func (*S3Client) GetBucketPolicy 

func (s3client *S3Client) GetBucketPolicy(bucketName string) (policy string, err error)

func (*S3Client) GetBucketWebsite 

func (s3client *S3Client) GetBucketWebsite(bucketName string) (conf string, err error)

func (*S3Client) GetEncryptObjectWithSSEC 

func (s3client *S3Client) GetEncryptObjectWithSSEC(bucketName, key string) (value string, err error)

func (*S3Client) GetEncryptObjectWithSSES3 

func (s3client *S3Client) GetEncryptObjectWithSSES3(bucketName, key string) (value string, err error)

func (*S3Client) GetObject 

func (s3client *S3Client) GetObject(bucketName, key string) (value string, err error)

func (*S3Client) GetObjectAcl 

func (s3client *S3Client) GetObjectAcl(bucketName, objName string) (ret string, err error)

func (*S3Client) GetObjectOutPut 

func (s3client *S3Client) GetObjectOutPut(bucketName, key string) (out *s3.GetObjectOutput, err error)

func (*S3Client) GetObjectPreSigned 

func (s3client *S3Client) GetObjectPreSigned(bucketName, key string, expire time.Duration) (url string, err error)

func (*S3Client) HeadBucket 

func (s3client *S3Client) HeadBucket(bucketName string) (err error)

func (*S3Client) HeadObject 

func (s3client *S3Client) HeadObject(bucketName, key string) (err error)

func (*S3Client) MakeBucket 

func (s3client *S3Client) MakeBucket(bucketName string) (err error)

func (*S3Client) PostObject 

func (s3Client *S3Client) PostObject(pbi *PostObjectInput) error

func (*S3Client) PutBucketAcl 

func (s3client *S3Client) PutBucketAcl(bucketName string, acl string) (err error)

func (*S3Client) PutBucketAclWithXml 

func (s3client *S3Client) PutBucketAclWithXml(bucketName string, acl *s3.AccessControlPolicy) (err error)

func (*S3Client) PutBucketPolicy 

func (s3client *S3Client) PutBucketPolicy(bucketName, policy string) (err error)

func (*S3Client) PutBucketWebsite 

func (s3client *S3Client) PutBucketWebsite(bucketName, index, error string) (err error)

func (*S3Client) PutBucketWebsiteWithConf 

func (s3client *S3Client) PutBucketWebsiteWithConf(bucketName string, conf *s3.WebsiteConfiguration) (err error)

func (*S3Client) PutEncryptObjectWithSSEC 

func (s3client *S3Client) PutEncryptObjectWithSSEC(bucketName, key, value string) (err error)

func (*S3Client) PutEncryptObjectWithSSES3 

func (s3client *S3Client) PutEncryptObjectWithSSES3(bucketName, key, value string) (err error)

func (*S3Client) PutObject 

func (s3client *S3Client) PutObject(bucketName, key, value string) (err error)

func (*S3Client) PutObjectAcl 

func (s3client *S3Client) PutObjectAcl(bucketName, objName string, acl string) (err error)

func (*S3Client) PutObjectAclWithXml 

func (s3client *S3Client) PutObjectAclWithXml(bucketName, objName string, acl *s3.AccessControlPolicy) (err error)

func (*S3Client) PutObjectPreSignedWithSpecifiedBody 

func (s3client *S3Client) PutObjectPreSignedWithSpecifiedBody(bucketName, key, value string, expire time.Duration) (url string, err error)

func (*S3Client) PutObjectPreSignedWithoutSpecifiedBody 

func (s3client *S3Client) PutObjectPreSignedWithoutSpecifiedBody(bucketName, key, value string, expire time.Duration) (url string, err error)

func (*S3Client) PutObjectWithStorageClass 

func (s3client *S3Client) PutObjectWithStorageClass(bucketName, key, value string, storageClass string) (err error)

func (*S3Client) TestAnonymousAccessResult 

func (sc *S3Client) TestAnonymousAccessResult(policyGroup AccessPolicyGroup, resultCode int) (err error)

func (*S3Client) TestAnonymousAccessResultWithPolicyCondition 

func (sc *S3Client) TestAnonymousAccessResultWithPolicyCondition(policyGroup AccessPolicyGroup, resultCode int,
	requestCondition string, HTTPRequestToGetObject HTTPRequestToGetObjectType) (err error)

func (*S3Client) UploadPart 

func (s3client *S3Client) UploadPart(bucketName, key string, value []byte, uploadId string, partNumber int64) (etag string, err error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.