From 431684798b97d52ccde0bcf2f4749704c5b46455 Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Fri, 21 May 2021 14:08:47 -0700
Subject: [PATCH] s3: add errors if requests are signed by no authentication is
 setup

fix https://github.com/chrislusf/seaweedfs/issues/2075
---
 weed/s3api/s3api_object_handlers.go | 6 ++++++
 weed/s3api/s3err/s3api_errors.go    | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/weed/s3api/s3api_object_handlers.go b/weed/s3api/s3api_object_handlers.go
index a8dc34b54..370429106 100644
--- a/weed/s3api/s3api_object_handlers.go
+++ b/weed/s3api/s3api_object_handlers.go
@@ -62,6 +62,12 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request)
 			writeErrorResponse(w, s3ErrCode, r.URL)
 			return
 		}
+	} else {
+		rAuthType := getRequestAuthType(r)
+		if authTypeAnonymous != rAuthType {
+			writeErrorResponse(w, s3err.ErrAuthNotSetup, r.URL)
+			return
+		}
 	}
 	defer dataReader.Close()
 
diff --git a/weed/s3api/s3err/s3api_errors.go b/weed/s3api/s3err/s3api_errors.go
index 877c39a52..258f21523 100644
--- a/weed/s3api/s3err/s3api_errors.go
+++ b/weed/s3api/s3err/s3api_errors.go
@@ -91,6 +91,7 @@ const (
 	ErrRequestNotReadyYet
 	ErrMissingDateHeader
 	ErrInvalidRequest
+	ErrAuthNotSetup
 	ErrNotImplemented
 
 	ErrExistingObjectIsDirectory
@@ -341,6 +342,11 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "Invalid Request",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrAuthNotSetup : {
+		Code:           "InvalidRequest",
+		Description:    "Signed request requires setting up SeaweedFS S3 authentication",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	ErrNotImplemented: {
 		Code:           "NotImplemented",
 		Description:    "A header you provided implies functionality that is not implemented",