Adds param-signed URLs to swift3 middleware.

Author: redbo

swift/common/middleware/swift3.py

@@ -16,9 +16,6 @@
 """
 The swift3 middleware will emulate the S3 REST api on top of swift.
 
-The boto python library is necessary to use this middleware (install
-the python-boto package if you use Ubuntu).
-
 The following opperations are currently supported:
 
     * GET Service
@@ -438,32 +435,35 @@ def get_controller(self, path):
             return BucketController, d
         return ServiceController, d
 
-    def get_account_info(self, env, req):
-        try:
-            account, user, _junk = \
-                req.headers['Authorization'].split(' ')[-1].split(':')
-        except Exception:
-            return None, None
-
-        h = canonical_string(req)
-        token = base64.urlsafe_b64encode(h)
-        return '%s:%s' % (account, user), token
-
     def __call__(self, env, start_response):
         req = Request(env)
-        if not'Authorization' in req.headers:
+
+        if 'AWSAccessKeyId' in req.GET:
+            try:
+                req.headers['Date'] = req.GET['Expires']
+                req.headers['Authorization'] = \
+                    'AWS %(AWSAccessKeyId)s:%(Signature)s' % req.GET
+            except KeyError:
+                return get_err_response('InvalidArgument')(env, start_response)
+
+        if not 'Authorization' in req.headers:
             return self.app(env, start_response)
+
+        try:
+            account, signature = \
+                req.headers['Authorization'].split(' ')[-1].rsplit(':', 1)
+        except Exception:
+            return get_err_response('InvalidArgument')(env, start_response)
+
         try:
             controller, path_parts = self.get_controller(req.path)
         except ValueError:
             return get_err_response('InvalidURI')(env, start_response)
 
-        account_name, token = self.get_account_info(env, req)
-        if not account_name:
-            return get_err_response('InvalidArgument')(env, start_response)
+        token = base64.urlsafe_b64encode(canonical_string(req))
+
+        controller = controller(env, self.app, account, token, **path_parts)
 
-        controller = controller(env, self.app, account_name, token,
-                                **path_parts)
         if hasattr(controller, req.method):
             res = getattr(controller, req.method)(env, start_response)
         else:

test/unit/common/middleware/test_swift3.py

@@ -594,5 +594,21 @@ def verify(hash, path, headers):
         self.assertEquals(swift3.canonical_string(req2),
                 swift3.canonical_string(req3))
 
+    def test_signed_urls(self):
+        class FakeApp(object):
+            def __call__(self, env, start_response):
+                self.req = Request(env)
+                start_response('200 OK')
+                start_response([])
+        app = FakeApp()
+        local_app = swift3.filter_factory({})(app)
+        req = Request.blank('/bucket/object?Signature=X&Expires=Y&'
+                'AWSAccessKeyId=Z', environ={'REQUEST_METHOD': 'GET'})
+        req.date = datetime.now()
+        req.content_type = 'text/plain'
+        resp = local_app(req.environ, lambda *args: None)
+        self.assertEquals(app.req.headers['Authorization'], 'AWS Z:X')
+        self.assertEquals(app.req.headers['Date'], 'Y')
+
 if __name__ == '__main__':
     unittest.main()