Skip to content

Commit

Permalink
Preserve user provided http headers in aws.sign_req
Browse files Browse the repository at this point in the history 
Currently while all the headers are signed the headers in the
returned object are missing all the original user provided headers
This means that if you pass the object directly to http.send
amazon will fail the request because the signed data doesn't match
the canonical request. Users can work around it by using object.union
to restore the original headers, but would be nice to avoid that extra
step

Signed-off-by: Peter <c2zwdjnlcg@users.noreply.github.com>
  • Loading branch information
@c2zwdjnlcg @ashutosh-narkar
c2zwdjnlcg authored and ashutosh-narkar committed Dec 12, 2023
1 parent 30fa90e commit ef9e837
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
3 changes: 2 additions & 1 deletion test/cases/testdata/providers-aws/aws-sign_req.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,8 @@ cases:
"Authorization": "AWS4-HMAC-SHA256 Credential=MYAWSACCESSKEYGOESHERE/20151228/us-east-1/s3/aws4_request,SignedHeaders=foo;host;x-amz-content-sha256;x-amz-date,Signature=8f1dc7c9b9978356a0d0989fd26a95307f4f8a4aa264d8220647b7097d839952",
"host": "example.com",
"x-amz-content-sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"x-amz-date": "20151228T140825Z"
"x-amz-date": "20151228T140825Z",
"foo": "bar"
},
"method": "get",
"url": "http://example.com"
Expand Down
15 changes: 13 additions & 2 deletions topdown/providers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,10 +172,21 @@ func builtinAWSSigV4SignReq(ctx BuiltinContext, operands []*ast.Term, iter func(
}

// Sign the request object's headers, and reconstruct the headers map.
authHeader, signedHeadersMap := aws.SignV4(objectToMap(headers), method, theURL, body, service, awsCreds, signingTimestamp)
headersMap := objectToMap(headers)
authHeader, awsHeadersMap := aws.SignV4(headersMap, method, theURL, body, service, awsCreds, signingTimestamp)
signedHeadersObj := ast.NewObject()
// Restore original headers
for k, v := range headersMap {
// objectToMap doesn't support arrays
if len(v) == 1 {
signedHeadersObj.Insert(ast.StringTerm(k), ast.StringTerm(v[0]))
}
}
// Set authorization header
signedHeadersObj.Insert(ast.StringTerm("Authorization"), ast.StringTerm(authHeader))
for k, v := range signedHeadersMap {

// set aws signature headers
for k, v := range awsHeadersMap {
signedHeadersObj.Insert(ast.StringTerm(k), ast.StringTerm(v))
}

Expand Down

0 comments on commit ef9e837

Please sign in to comment.