Skip to content

Commit

Permalink
Add ip check for oss
Browse files Browse the repository at this point in the history
  • Loading branch information
wzshiming committed Nov 27, 2024
1 parent fed30af commit 03ad2b1
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 8 deletions.
1 change: 1 addition & 0 deletions crproxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -716,6 +716,7 @@ func (c *CRProxy) notFoundResponse(rw http.ResponseWriter, r *http.Request) {
func (c *CRProxy) redirect(rw http.ResponseWriter, r *http.Request, blobPath string, info *PathInfo) error {
options := map[string]interface{}{
"method": r.Method,
"ip": r.RemoteAddr,
}
linkExpires := c.linkExpires
if linkExpires > 0 {
Expand Down
7 changes: 5 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/daocloud/crproxy
go 1.22

require (
github.com/denverdino/aliyungo v0.0.0-20230411124812-ab98a9173ace
github.com/denverdino/aliyungo v0.0.0
github.com/distribution/reference v0.6.0
github.com/docker/distribution v0.0.0
github.com/gorilla/handlers v1.5.2
Expand All @@ -18,7 +18,10 @@ require (
golang.org/x/crypto v0.28.0
)

replace github.com/docker/distribution => github.com/distribution/distribution v2.8.3+incompatible
replace (
github.com/denverdino/aliyungo => github.com/wzshiming/aliyungo v0.0.0-20241126040137-4b8c22b50cd3
github.com/docker/distribution => github.com/distribution/distribution v2.8.3+incompatible
)

require (
cloud.google.com/go/compute/metadata v0.3.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,6 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/denverdino/aliyungo v0.0.0-20230411124812-ab98a9173ace h1:1SnCTPFh2AADpm7ti864EYaugexyiDFt55BW188+d6k=
github.com/denverdino/aliyungo v0.0.0-20230411124812-ab98a9173ace/go.mod h1:TK05uvk4XXfK2kdvRwfcZ1NaxjDxmm7H3aQLko0mJxA=
github.com/distribution/distribution v2.8.3+incompatible h1:RlpEXBLq/WPXYvBYMDAmBX/SnhD67qwtvW/DzKc8pAo=
github.com/distribution/distribution v2.8.3+incompatible/go.mod h1:EgLm2NgWtdKgzF9NpMzUKgzmR7AMmb0VQi2B+ZzDRjc=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
Expand Down Expand Up @@ -202,6 +200,8 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO
github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
github.com/wzshiming/aliyungo v0.0.0-20241126040137-4b8c22b50cd3 h1:MwH8lliQekyhQXNq6RXiL7hHS66+nqMnnrRJ0Xn6s9Y=
github.com/wzshiming/aliyungo v0.0.0-20241126040137-4b8c22b50cd3/go.mod h1:TK05uvk4XXfK2kdvRwfcZ1NaxjDxmm7H3aQLko0mJxA=
github.com/wzshiming/cmux v0.4.2 h1:tI73lL5ztVfiqw7R5m5BkxT1+vQ2PBo/oV6qPbNGPiA=
github.com/wzshiming/cmux v0.4.2/go.mod h1:JgE61QfZAjEyNMX0iZo9zIKY6pr9bHVY132yYPwHW5U=
github.com/wzshiming/geario v0.0.0-20240308093553-a996e3817533 h1:mq74wxgDCz7Q6CqZYExt0DHf7Ze28lyMW/TNsfcuk8M=
Expand Down
16 changes: 12 additions & 4 deletions storage/driver/oss/oss.go
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,8 @@ func (d *driver) Delete(ctx context.Context, path string) error {

// URLFor returns a URL which may be used to retrieve the content stored at the given path.
// May return an UnsupportedMethodErr in certain StorageDriver implementations.
// https://help.aliyun.com/zh/oss/developer-reference/ddd-signatures-to-urls
// https://help.aliyun.com/zh/oss/developer-reference/include-signatures-in-the-authorization-header
func (d *driver) URLFor(ctx context.Context, path string, options map[string]interface{}) (string, error) {
methodString := "GET"
method, ok := options["method"]
Expand All @@ -504,17 +506,23 @@ func (d *driver) URLFor(ctx context.Context, path string, options map[string]int
}
}

var q url.Values
q := url.Values{}
referer, ok := options["referer"]
if ok {
refererString, ok := referer.(string)
if ok {
q = url.Values{
"referer": []string{refererString},
}
q["referer"] = []string{refererString}
}
}

ip, ok := options["ip"]
if ok {
ipString, ok := ip.(string)
if ok {
q["x-oss-ac-source-ip"] = []string{ipString}
q["x-oss-ac-subnet-mask"] = []string{"32"}
}
}
signedURL := d.Bucket.SignedURLWithMethod(methodString, d.ossPath(path), expiresTime, q, nil)
return signedURL, nil
}
Expand Down

0 comments on commit 03ad2b1

Please sign in to comment.