File: headers.go

package info (click to toggle)
incus 6.0.5-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 24,392 kB
  • sloc: sh: 16,313; ansic: 3,121; python: 457; makefile: 337; ruby: 51; sql: 50; lisp: 6
file content (41 lines) | stat: -rw-r--r-- 1,556 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
package s3

import (
	"strings"
)

// AuthorizationHeaderAccessKey attempts to extract the (unverified) access key from the Authorization header.
func AuthorizationHeaderAccessKey(authorizationHeader string) string {
	// Parses an Authorization header as below, trying to extract the access key "PRL470D7Q93X1ZA1L82X".
	// AWS4-HMAC-SHA256 Credential=PRL470D7Q93X1ZA1L82X/20220825/US/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=d8fdaf67c5072d4ff7ac56e4529e66fb08255aaa79193b212cba4670d058fade
	after, found := strings.CutPrefix(authorizationHeader, "AWS4-HMAC-SHA256")
	if found {
		authHeaderParts := strings.Split(strings.TrimSpace(after), ",")
		if strings.HasPrefix(authHeaderParts[0], "Credential=") {
			_, after, found = strings.Cut(authHeaderParts[0], "=")
			if found {
				credParts := strings.Split(after, "/")
				credPartsLen := len(credParts)
				if credPartsLen >= 5 {
					// The access key can contain / characters, so perform a reverse range search.
					return strings.Join(credParts[:credPartsLen-4], "/")
				}
			}
		}

		return ""
	}

	after, found = strings.CutPrefix(authorizationHeader, "AWS")
	if found {
		// Parses an older Authorization header as below, to extract the access key "PRL470D7Q93X1ZA1L82X".
		// AWS PRL470D7Q93X1ZA1L82X:dC5GcyRFCyQIr+y9BdpAwBjkOK0=
		authHeaderParts := strings.Split(strings.TrimSpace(after), ":")
		authHeaderPartsLen := len(authHeaderParts)
		if authHeaderPartsLen > 1 {
			return strings.Join(authHeaderParts[:authHeaderPartsLen-1], ":")
		}
	}

	return ""
}