Test: s3 policy

qxj006 · Oct 26, 2020 · 746aa3e · 746aa3e
1 parent 95f318e
commit 746aa3e
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 15 deletions.
diff --git a/go.sum b/go.sum
@@ -239,6 +239,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/tencentcloud/tencentcloud-sdk-go v3.0.125+incompatible h1:dqpmYaez7VBT7PCRBcBxkzlDOiTk7Td8ATiia1b1GuE=
 github.com/tencentcloud/tencentcloud-sdk-go v3.0.125+incompatible/go.mod h1:0PfYow01SHPMhKY31xa+EFz2RStxIqj6JFAJS+IkCi4=

diff --git a/middleware/auth.go b/middleware/auth.go
@@ -175,7 +175,7 @@ func QiniuCallbackAuth() gin.HandlerFunc {
 		// 验证key并查找用户
 		resp, user := uploadCallbackCheck(c)
 		if resp.Code != 0 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: resp.Msg})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
 			c.Abort()
 			return
 		}
@@ -185,12 +185,12 @@ func QiniuCallbackAuth() gin.HandlerFunc {
 		ok, err := mac.VerifyCallback(c.Request)
 		if err != nil {
 			util.Log().Debug("无法验证回调请求，%s", err)
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: "无法验证回调请求"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "无法验证回调请求"})
 			c.Abort()
 			return
 		}
 		if !ok {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: "回调签名无效"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "回调签名无效"})
 			c.Abort()
 			return
 		}
@@ -205,15 +205,15 @@ func OSSCallbackAuth() gin.HandlerFunc {
 		// 验证key并查找用户
 		resp, _ := uploadCallbackCheck(c)
 		if resp.Code != 0 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: resp.Msg})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
 			c.Abort()
 			return
 		}
 
 		err := oss.VerifyCallbackSignature(c.Request)
 		if err != nil {
 			util.Log().Debug("回调签名验证失败，%s", err)
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: "回调签名验证失败"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "回调签名验证失败"})
 			c.Abort()
 			return
 		}
@@ -228,7 +228,7 @@ func UpyunCallbackAuth() gin.HandlerFunc {
 		// 验证key并查找用户
 		resp, user := uploadCallbackCheck(c)
 		if resp.Code != 0 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: resp.Msg})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
 			c.Abort()
 			return
 		}
@@ -237,7 +237,7 @@ func UpyunCallbackAuth() gin.HandlerFunc {
 		body, err := ioutil.ReadAll(c.Request.Body)
 		c.Request.Body.Close()
 		if err != nil {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: err.Error()})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: err.Error()})
 			c.Abort()
 			return
 		}
@@ -253,7 +253,7 @@ func UpyunCallbackAuth() gin.HandlerFunc {
 		// 计算正文MD5
 		actualContentMD5 := fmt.Sprintf("%x", md5.Sum(body))
 		if actualContentMD5 != contentMD5 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: "MD5不一致"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "MD5不一致"})
 			c.Abort()
 			return
 		}
@@ -268,7 +268,7 @@ func UpyunCallbackAuth() gin.HandlerFunc {
 
 		// 对比签名
 		if signature != actualSignature {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: "鉴权失败"})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: "鉴权失败"})
 			c.Abort()
 			return
 		}
@@ -284,7 +284,7 @@ func OneDriveCallbackAuth() gin.HandlerFunc {
 		// 验证key并查找用户
 		resp, _ := uploadCallbackCheck(c)
 		if resp.Code != 0 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: resp.Msg})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
 			c.Abort()
 			return
 		}
@@ -303,7 +303,7 @@ func COSCallbackAuth() gin.HandlerFunc {
 		// 验证key并查找用户
 		resp, _ := uploadCallbackCheck(c)
 		if resp.Code != 0 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: resp.Msg})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
 			c.Abort()
 			return
 		}
@@ -318,7 +318,7 @@ func S3CallbackAuth() gin.HandlerFunc {
 		// 验证key并查找用户
 		resp, _ := uploadCallbackCheck(c)
 		if resp.Code != 0 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: resp.Msg})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: resp.Msg})
 			c.Abort()
 			return
 		}

diff --git a/middleware/auth_test.go b/middleware/auth_test.go
@@ -747,3 +747,47 @@ func TestIsAdmin(t *testing.T) {
 		asserts.False(c.IsAborted())
 	}
 }
+
+func TestS3CallbackAuth(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	AuthFunc := S3CallbackAuth()
+
+	// Callback Key 相关验证失败
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testUpyunBackRemote"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testUpyunBackRemote", nil)
+		AuthFunc(c)
+		asserts.True(c.IsAborted())
+	}
+
+	// 成功
+	{
+		cache.Set(
+			"callback_testCallBackUpyun",
+			serializer.UploadSession{
+				UID:         1,
+				PolicyID:    512,
+				VirtualPath: "/",
+			},
+			0,
+		)
+		cache.Deletes([]string{"1"}, "policy_")
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
+		mock.ExpectQuery("SELECT(.+)groups(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[702]"))
+		mock.ExpectQuery("SELECT(.+)policies(.+)").
+			WillReturnRows(sqlmock.NewRows([]string{"id", "access_key", "secret_key"}).AddRow(2, "123", "123"))
+		c, _ := gin.CreateTestContext(rec)
+		c.Params = []gin.Param{
+			{"key", "testCallBackUpyun"},
+		}
+		c.Request, _ = http.NewRequest("POST", "/api/v3/callback/upyun/testCallBackUpyun", ioutil.NopCloser(strings.NewReader("1")))
+		AuthFunc(c)
+		asserts.False(c.IsAborted())
+	}
+}
diff --git a/models/policy_test.go b/models/policy_test.go
@@ -209,6 +209,28 @@ func TestPolicy_GetUploadURL(t *testing.T) {
 		asserts.Equal("http://127.0.0.1", policy.GetUploadURL())
 	}
 
+	// S3 未填写自动生成
+	{
+		policy := Policy{
+			Type:              "s3",
+			Server:            "",
+			BucketName:        "bucket",
+			OptionsSerialized: PolicyOption{Region: "us-east"},
+		}
+		asserts.Equal("https://bucket.s3.us-east.amazonaws.com/", policy.GetUploadURL())
+	}
+
+	// s3 自己指定
+	{
+		policy := Policy{
+			Type:              "s3",
+			Server:            "https://s3.us-east.amazonaws.com/",
+			BucketName:        "bucket",
+			OptionsSerialized: PolicyOption{Region: "us-east"},
+		}
+		asserts.Equal("https://s3.us-east.amazonaws.com/bucket", policy.GetUploadURL())
+	}
+
 }
 
 func TestPolicy_IsPathGenerateNeeded(t *testing.T) {

diff --git a/pkg/filesystem/filesystem_test.go b/pkg/filesystem/filesystem_test.go
@@ -102,6 +102,10 @@ func TestDispatchHandler(t *testing.T) {
 	fs.Policy = &model.Policy{Type: "onedrive"}
 	err = fs.DispatchHandler()
 	asserts.NoError(err)
+
+	fs.Policy = &model.Policy{Type: "s3"}
+	err = fs.DispatchHandler()
+	asserts.NoError(err)
 }
 
 func TestNewFileSystemFromCallback(t *testing.T) {

diff --git a/pkg/serializer/upload.go b/pkg/serializer/upload.go
@@ -46,8 +46,8 @@ type UploadCallback struct {
 	Size       uint64 `json:"size"`
 }
 
-// QiniuCallbackFailed 七牛存储策略上传回调失败响应
-type QiniuCallbackFailed struct {
+// GeneralUploadCallbackFailed 存储策略上传回调失败响应
+type GeneralUploadCallbackFailed struct {
 	Error string `json:"error"`
 }
 

diff --git a/routers/controllers/callback.go b/routers/controllers/callback.go
@@ -27,7 +27,7 @@ func QiniuCallback(c *gin.Context) {
 	if err := c.ShouldBindJSON(&callbackBody); err == nil {
 		res := callback.ProcessCallback(callbackBody, c)
 		if res.Code != 0 {
-			c.JSON(401, serializer.QiniuCallbackFailed{Error: res.Msg})
+			c.JSON(401, serializer.GeneralUploadCallbackFailed{Error: res.Msg})
 		} else {
 			c.JSON(200, res)
 		}