1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Description: Add [filter:tempurl]/path_prefix configuration option
If swiftproxy endpoint is something like /object, with URL rewriting
by haproxy, then the hmac calculation is wrong.
.
This patch adds a new path_prefix directive which is stripped away
in the URLs before calculating the tempurl hmac.
Author: Kevin Allioli <kevin@linit.io>
Date: Thu, 18 Nov 2021 15:01:45 +0100
Change-Id: I9359feedd93cec482dcd575800e28850c0fc02f3
Forwarded: https://review.opendev.org/c/openstack/swift/+/818388
Last-Update: 2021-11-18
Index: swift/etc/proxy-server.conf-sample
===================================================================
--- swift.orig/etc/proxy-server.conf-sample
+++ swift/etc/proxy-server.conf-sample
@@ -961,6 +961,10 @@ use = egg:swift#tempurl
# whitespace-delimited.
# allowed_digests = sha1 sha256 sha512
+# Allow to have swiftproxy endpoint not bound to the root with haproxy
+# on-the-fly URL rewriting.
+# path_prefix = /object
+
# Note: Put formpost just before your auth filter(s) in the pipeline
[filter:formpost]
use = egg:swift#formpost
Index: swift/swift/common/middleware/tempurl.py
===================================================================
--- swift.orig/swift/common/middleware/tempurl.py
+++ swift/swift/common/middleware/tempurl.py
@@ -771,6 +771,10 @@ class TempURL(object):
to be accessed
:returns: a list of (hmac, scope) 2-tuples
"""
+
+ if 'path_prefix' in self.conf:
+ path = "/" + self.conf['path_prefix'].strip("/") + path
+
if not request_method:
request_method = env['REQUEST_METHOD']
|
