feat(auth,policy): add AWS SigV4 authentication and S3 bucket policy support

2026-02-17 16:28:50 +00:00
parent 0b9d8c4a72
commit eb232b6e8e
18 changed files with 2616 additions and 55 deletions
--- a/rust/src/s3_error.rs
+++ b/rust/src/s3_error.rs
@@ -51,6 +51,54 @@ impl S3Error {
        Self::new("InvalidRequest", msg, StatusCode::BAD_REQUEST)
    }

+    pub fn signature_does_not_match() -> Self {
+        Self::new(
+            "SignatureDoesNotMatch",
+            "The request signature we calculated does not match the signature you provided.",
+            StatusCode::FORBIDDEN,
+        )
+    }
+
+    pub fn invalid_access_key_id() -> Self {
+        Self::new(
+            "InvalidAccessKeyId",
+            "The AWS Access Key Id you provided does not exist in our records.",
+            StatusCode::FORBIDDEN,
+        )
+    }
+
+    pub fn request_time_too_skewed() -> Self {
+        Self::new(
+            "RequestTimeTooSkewed",
+            "The difference between the request time and the current time is too large.",
+            StatusCode::FORBIDDEN,
+        )
+    }
+
+    pub fn authorization_header_malformed() -> Self {
+        Self::new(
+            "AuthorizationHeaderMalformed",
+            "The authorization header is malformed.",
+            StatusCode::BAD_REQUEST,
+        )
+    }
+
+    pub fn missing_security_header(msg: &str) -> Self {
+        Self::new("MissingSecurityHeader", msg, StatusCode::BAD_REQUEST)
+    }
+
+    pub fn no_such_bucket_policy() -> Self {
+        Self::new(
+            "NoSuchBucketPolicy",
+            "The bucket policy does not exist.",
+            StatusCode::NOT_FOUND,
+        )
+    }
+
+    pub fn malformed_policy(msg: &str) -> Self {
+        Self::new("MalformedPolicy", msg, StatusCode::BAD_REQUEST)
+    }
+
    pub fn to_xml(&self) -> String {
        format!(
            "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>{}</Code><Message>{}</Message></Error>",