fix: awsv4 signatures + http client

This commit is contained in:
Milas Bowman 2025-03-28 21:50:12 -04:00
parent bdf9298496
commit f47bdf7fd2
Signed by: milas
SSH key fingerprint: SHA256:ek2D5l1HA34B3wbdErz0QOXm1E46CVvyf/nM4Fwfx/U
7 changed files with 36 additions and 16 deletions

View file

@ -19,6 +19,9 @@ import (
const CausalityTokenHeader = "X-Garage-Causality-Token"
const payloadHashEmpty = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
const payloadHashUnsigned = "UNSIGNED-PAYLOAD"
var TombstoneItemErr = errors.New("item is a tombstone")
var NoSuchItemErr = errors.New("item does not exist")
var ConcurrentItemsErr = errors.New("item has multiple concurrent values")
@ -95,7 +98,7 @@ func (c *Client) executeRequest(req *http.Request) (*http.Response, error) {
return nil, err
}
resp, err := http.DefaultClient.Do(req)
resp, err := c.httpClient.Do(req)
if err != nil {
return nil, err
}
@ -104,14 +107,25 @@ func (c *Client) executeRequest(req *http.Request) (*http.Response, error) {
}
func (c *Client) signRequest(req *http.Request) error {
if c.key.ID == "" || c.key.Secret == "" {
return errors.New("no credentials provided")
}
creds := aws.Credentials{
AccessKeyID: c.key.ID,
SecretAccessKey: c.key.Secret,
}
const noBody = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
req.Header.Set("X-Amz-Content-Sha256", noBody)
err := awsSigner.SignHTTP(req.Context(), creds, req, noBody, "k2v", "garage", time.Now())
var payloadHash string
if req.Body == nil || req.Body == http.NoBody {
payloadHash = payloadHashEmpty
} else {
payloadHash = payloadHashUnsigned
}
req.Header.Set("X-Amz-Content-Sha256", payloadHash)
err := awsSigner.SignHTTP(req.Context(), creds, req, payloadHash, "k2v", "garage", time.Now())
if err != nil {
return err
}
@ -248,9 +262,6 @@ func (c *Client) ReadItemMulti(ctx context.Context, b Bucket, pk string, sk stri
return []Item{body}, ct, nil
case "application/json":
var items []Item
if err != nil {
return nil, "", err
}
if err := json.Unmarshal(body, &items); err != nil {
return nil, "", err
}