ferdzo/fs
1
0
Fork 0
mirror of https://github.com/ferdzo/fs.git synced 2026-04-05 01:56:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

allow signed admin routes before S3 policy resolution

Browse Source
This commit is contained in:
Andrej Mickov
2026-03-02 23:51:46 +01:00
parent 9b8d0b2b3e
commit 93a3aabf7d
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
auth/service.go
View File

@@ -187,6 +187,17 @@ func (s *Service) AuthenticateRequest(r *http.Request) (RequestContext, error) {
if input.Presigned { if input.Presigned {
authType = "sigv4-presign" authType = "sigv4-presign"
} }
// Admin API authorization is enforced in admin handlers (bootstrap-only).
// We still require valid SigV4 credentials here, but skip S3 action policy checks.
if strings.HasPrefix(r.URL.Path, "/_admin/") {
return RequestContext{
Authenticated: true,
AccessKeyID: identity.AccessKeyID,
AuthType: authType,
}, nil
}
return RequestContext{ return RequestContext{
Authenticated: true, Authenticated: true,
AccessKeyID: identity.AccessKeyID, AccessKeyID: identity.AccessKeyID,