fix: compatibility for S3

StarlightIbuki · StarlightIbuki · commit 3d7b0365f8ed · 2022-11-03T17:51:50.000+08:00
Put bucket into host instead of path.
Add option "s3_bucket_in_path" to use deprecated APIs.

I wonder why the offical SDK do not update api definition. They instead do it with monkey patch code?!
diff --git a/src/resty/aws/init.lua b/src/resty/aws/init.lua
@@ -317,8 +317,13 @@ local function generate_service_methods(service)
         self.config.signatureVersion = "none"
       end
 
+      local bucket
+      if not self.config.s3_bucket_in_path then
+        bucket = params.Bucket
+      end
+
       -- sign the request according to the signature version required
-      local signed_request, err = sign_request(self.config, request)
+      local signed_request, err = sign_request(self.config, request, bucket)
       if old_sig then
         -- revert the patched signatureVersion
         self.config.signatureVersion = old_sig
diff --git a/src/resty/aws/request/signatures/v4.lua b/src/resty/aws/request/signatures/v4.lua
@@ -100,6 +100,60 @@ local function derive_signing_key(kSecret, date, region, service)
 end
 
 
+local function get_host(config)
+  local host = config.endpoint
+  do
+    local s, e = host:find("://")
+    if s then
+      -- the "globalSSL" one from the region_config_data file
+      local scheme = host:sub(1, s-1):lower()
+      host = host:sub(e+1, -1)
+      if config.tls == nil then
+        config.tls = scheme == "https"
+      end
+    end
+  end
+
+  local tls = config.tls
+  local port = config.port or (tls and 443 or 80)
+
+  local host_header do -- If the "standard" port is not in use, the port should be added to the Host header
+    local with_port
+    if tls then
+      with_port = port ~= 443
+    else
+      with_port = port ~= 80
+    end
+    if with_port then
+      host_header = string.format("%s:%d", host, port)
+    else
+      host_header = host
+    end
+  end
+
+  return host_header
+end
+
+
+local function s3_patch(request, bucket)
+  if not bucket then
+    return
+  end
+
+  request.headers.Host = bucket .. "." .. request.headers.Host
+
+  local path = request.path
+  if bucket and path then
+    path = path:sub(#bucket + 2)
+    if path == "/" then
+      path = ""
+    end
+
+    request.path = path
+  end
+end
+
+
 -- config to contain:
 -- config.endpoint: hostname to connect to
 -- config.credentials: the Credentials class to use
@@ -122,7 +176,10 @@ end
 -- tbl.timestamp: number defaults to 'ngx.time()''
 -- tbl.global_endpoint: if true, then use "us-east-1" as signing region and different
 --     hostname template: see https://github.com/aws/aws-sdk-js/blob/ae07e498e77000e55da70b20996dc8fd2f8b3051/lib/region_config_data.json
-local function prepare_awsv4_request(config, request_data)
+local function prepare_awsv4_request(config, request_data, bucket)
+  request_data.headers = request_data.headers or {}
+  request_data.headers.Host = get_host(config)
+  s3_patch(request_data, bucket)
   local region = config.signingRegion or config.region
   local service = config.endpointPrefix or config.targetPrefix -- TODO: targetPrefix as fallback, correct???
   local request_method = request_data.method -- TODO: should this get a fallback/default??
@@ -141,7 +198,7 @@ local function prepare_awsv4_request(config, request_data)
     canonical_querystring = canonicalise_query_string(query)
   end
 
-  local req_headers = request_data.headers or {}
+  local req_headers = request_data.headers
   local req_payload = request_data.body
 
   -- get credentials
@@ -157,46 +214,18 @@ local function prepare_awsv4_request(config, request_data)
   end
 
   local tls = config.tls
-  local host = config.endpoint
-  do
-    local s, e = host:find("://")
-    if s then
-      -- the "globalSSL" one from the region_config_data file
-      local scheme = host:sub(1, s-1):lower()
-      host = host:sub(e+1, -1)
-      if config.tls == nil then
-        config.tls = scheme == "https"
-      end
-    end
-  end
 
-  if tls == nil then
-    tls = true
-  end
   local port = config.port or (tls and 443 or 80)
   local timestamp = ngx.time()
   local req_date = os.date("!%Y%m%dT%H%M%SZ", timestamp)
   local date = os.date("!%Y%m%d", timestamp)
 
-  local host_header do -- If the "standard" port is not in use, the port should be added to the Host header
-    local with_port
-    if tls then
-      with_port = port ~= 443
-    else
-      with_port = port ~= 80
-    end
-    if with_port then
-      host_header = string.format("%s:%d", host, port)
-    else
-      host_header = host
-    end
-  end
-
   local headers = {
     ["X-Amz-Date"] = req_date,
-    ["Host"] = host_header,
+    ["Host"] = request_data.Host,
     ["X-Amz-Security-Token"] = session_token,
   }
+  request_data.Host = nil
 
   local S3 = config.signatureVersion == "s3"
 
@@ -289,7 +318,7 @@ local function prepare_awsv4_request(config, request_data)
 
   return {
     --url = url,      -- "https://lambda.us-east-1.amazon.com:443/some/path?query1=val1"
-    host = host,    -- "lambda.us-east-1.amazon.com"
+    host = headers.Host,    -- "lambda.us-east-1.amazon.com"
     port = port,    -- 443
     tls = tls,      -- true
     path = path or canonicalURI,             -- "/some/path"
