Merge pull request #2 from stevenh/s3-aws4

Switch s3 to use only AWS Signature Version 4
Unity-Technologies · Jul 30, 2015 · da44938 · da44938
2 parents 34a4365 + a369adb
commit da44938
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 16 deletions.
diff --git a/s3/s3.go b/s3/s3.go
@@ -32,7 +32,7 @@ import (
 	"time"
 )
 
-const debug = false
+var Debug = false
 
 // The S3 type encapsulates operations with an S3 region.
 type S3 struct {
@@ -962,11 +962,6 @@ func (s3 *S3) prepare(req *request) (*http.Request, error) {
 		Host:       u.Host,
 	}
 
-	if debug {
-		dump, _ := httputil.DumpRequest(hreq, true)
-		log.Printf("} -> %s\n", dump)
-	}
-
 	if v, ok := headers["Content-Length"]; ok {
 		hreq.ContentLength, _ = strconv.ParseInt(v[0], 10, 64)
 		delete(headers, "Content-Length")
@@ -976,14 +971,25 @@ func (s3 *S3) prepare(req *request) (*http.Request, error) {
 		hreq.Body = ioutil.NopCloser(req.payload)
 	}
 
-	if s3.Region.Sign == nil {
-		if err = aws.SignV2(hreq, s3.Auth, "s3"); err != nil {
-			return nil, err
+	if Debug {
+		dump, _ := httputil.DumpRequest(hreq, true)
+		log.Printf("hreq } -> %s\n", dump)
+	}
+
+	// Always use AWS V4 Signature to avoid using the older custom V2 signer
+	sign := aws.SignV4Region(s3.Region.Name)
+	if err = sign(hreq, s3.Auth, "s3"); err != nil {
+		if Debug {
+			log.Printf("sign error: %v\n", err)
 		}
-	} else if err = s3.Region.Sign(hreq, s3.Auth, "s3"); err != nil {
 		return nil, err
 	}
 
+	if Debug {
+		dump, _ := httputil.DumpRequest(hreq, true)
+		log.Printf("hreq (signed) } -> %s\n", dump)
+	}
+
 	return hreq, err
 }
 
@@ -1025,9 +1031,9 @@ func (s3 *S3) run(req *http.Request, resp interface{}) (*http.Response, error) {
 	if err != nil {
 		return nil, err
 	}
-	if debug {
+	if Debug {
 		dump, _ := httputil.DumpResponse(hresp, true)
-		log.Printf("} -> %s\n", dump)
+		log.Printf("hresp } -> %s\n", dump)
 	}
 	if hresp.StatusCode != http.StatusOK && hresp.StatusCode != http.StatusNoContent && hresp.StatusCode != http.StatusPartialContent {
 		defer hresp.Body.Close()
@@ -1036,7 +1042,7 @@ func (s3 *S3) run(req *http.Request, resp interface{}) (*http.Response, error) {
 	if resp != nil {
 		err = xml.NewDecoder(hresp.Body).Decode(resp)
 		hresp.Body.Close()
-		if debug {
+		if Debug {
 			log.Printf("goamz.s3> decoded xml into %#v", resp)
 		}
 	}
@@ -1058,7 +1064,7 @@ func (e *Error) Error() string {
 }
 
 func buildError(r *http.Response) error {
-	if debug {
+	if Debug {
 		log.Printf("got error (status code %v)", r.StatusCode)
 		data, err := ioutil.ReadAll(r.Body)
 		if err != nil {
@@ -1077,7 +1083,7 @@ func buildError(r *http.Response) error {
 	if err.Message == "" {
 		err.Message = r.Status
 	}
-	if debug {
+	if Debug {
 		log.Printf("err: %#v\n", err)
 	}
 	return &err

diff --git a/s3/sign.go b/s3/sign.go
@@ -107,7 +107,7 @@ func sign(auth aws.Auth, method, canonicalPath string, params, headers map[strin
 	} else {
 		headers["Authorization"] = []string{"AWS " + auth.AccessKey + ":" + string(signature)}
 	}
-	if debug {
+	if Debug {
 		log.Printf("Signature payload: %q", payload)
 		log.Printf("Signature: %q", signature)
 	}