github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/client-s3-trace_v4.go

github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/client-s3-trace_v4.go (about)

     1  // Copyright (c) 2015-2022 MinIO, Inc.
     2  //
     3  // This file is part of MinIO Object Storage stack
     4  //
     5  // This program is free software: you can redistribute it and/or modify
     6  // it under the terms of the GNU Affero General Public License as published by
     7  // the Free Software Foundation, either version 3 of the License, or
     8  // (at your option) any later version.
     9  //
    10  // This program is distributed in the hope that it will be useful
    11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  // GNU Affero General Public License for more details.
    14  //
    15  // You should have received a copy of the GNU Affero General Public License
    16  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17  
    18  package cmd
    19  
    20  import (
    21  	"net/http"
    22  	"net/http/httputil"
    23  	"regexp"
    24  	"strings"
    25  
    26  	"github.com/minio/mc/pkg/httptracer"
    27  	"github.com/minio/pkg/v2/console"
    28  )
    29  
    30  // traceV4 - tracing structure for signature version '4'.
    31  type traceV4 struct{}
    32  
    33  // newTraceV4 - initialize Trace structure
    34  func newTraceV4() httptracer.HTTPTracer {
    35  	return traceV4{}
    36  }
    37  
    38  // Request - Trace HTTP Request
    39  func (t traceV4) Request(req *http.Request) (err error) {
    40  	origAuth := req.Header.Get("Authorization")
    41  
    42  	printTrace := func() error {
    43  		reqTrace, rerr := httputil.DumpRequestOut(req, false) // Only display header
    44  		if rerr == nil {
    45  			console.Debug(string(reqTrace))
    46  		}
    47  		return rerr
    48  	}
    49  
    50  	if strings.TrimSpace(origAuth) != "" {
    51  		// Authorization (S3 v4 signature) Format:
    52  		// Authorization: AWS4-HMAC-SHA256 Credential=AKIAJNACEGBGMXBHLEZA/20150524/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=bbfaa693c626021bcb5f911cd898a1a30206c1fad6bad1e0eb89e282173bd24c
    53  
    54  		// Strip out accessKeyID from: Credential=<access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request
    55  		regCred := regexp.MustCompile("Credential=([A-Z0-9]+)/")
    56  		newAuth := regCred.ReplaceAllString(origAuth, "Credential=**REDACTED**/")
    57  
    58  		// Strip out 256-bit signature from: Signature=<256-bit signature>
    59  		regSign := regexp.MustCompile("Signature=([[0-9a-f]+)")
    60  		newAuth = regSign.ReplaceAllString(newAuth, "Signature=**REDACTED**")
    61  
    62  		// Set a temporary redacted auth
    63  		req.Header.Set("Authorization", newAuth)
    64  
    65  		err = printTrace()
    66  
    67  		// Undo
    68  		req.Header.Set("Authorization", origAuth)
    69  	} else {
    70  		err = printTrace()
    71  	}
    72  	return err
    73  }
    74  
    75  // Response - Trace HTTP Response
    76  func (t traceV4) Response(resp *http.Response) (err error) {
    77  	var respTrace []byte
    78  	// For errors we make sure to dump response body as well.
    79  	if resp.StatusCode != http.StatusOK &&
    80  		resp.StatusCode != http.StatusPartialContent &&
    81  		resp.StatusCode != http.StatusNoContent {
    82  		respTrace, err = httputil.DumpResponse(resp, true)
    83  	} else {
    84  		respTrace, err = httputil.DumpResponse(resp, false)
    85  	}
    86  	if err == nil {
    87  		console.Debug(string(respTrace))
    88  	}
    89  
    90  	if resp.TLS != nil {
    91  		printTLSCertInfo(resp.TLS)
    92  	}
    93  
    94  	return err
    95  }