2

I'm trying to use the v3 api to create a pre signed url for uploading. I am able to use this config to access other parts of the api just fine.

I'm running minio in a docker container and my code is running in another container.

Below is how I'm generating a presigned url:

import { PutObjectCommand, S3, S3Client } from "@aws-sdk/client-s3"
import { getSignedUrl } from "@aws-sdk/s3-request-presigner"


const config = {
  endpoint: "http://minio:9000",
  forcePathStyle: true,
  region: 'us-east-1',
  credentials: {
    accessKeyId: '...',
    secretAccessKey: '...',
  }
}

const client = new S3Client(config)
const command = new PutObjectCommand({
  Bucket: 'uploads',
  Key: 'test123',

});
const url = await getSignedUrl(this.client, command, { expiresIn: 3600 });

And then that produces a url such as:

http://minio:9000/uploads/test123?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AjAOk2gNRU%2F20210727%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210727T182833Z&X-Amz-Expires=3600&X-Amz-Signature=3e7407384dd87e2715d3daa2c58e53e1bfb619ec0b495009558fbe3094add5ef&X-Amz-SignedHeaders=host&x-id=PutObject

I swap minio:9000 to localhost but set the Host to minio then make the request via curl like so:

curl -H "Host: minio:9000" -X PUT "$URL" --upload-file ~/Desktop/hello.txt -v

Its giving me this error:

The request signature we calculated does not match the signature you provided. Check your key and signing method.

*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 9000 (#0)
> PUT /uploads/test123?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AjAOk2gNRU%2F20210727%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210727T184545Z&X-Amz-Expires=3600&X-Amz-Signature=44058eebea8e31afb60a5993f9d26b644c40bebda24004b63225a51d227e7723&X-Amz-SignedHeaders=host&x-id=PutObject HTTP/1.1
> Host: minio:9000
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Length: 252
> Expect: 100-continue
> 
< HTTP/1.1 403 Forbidden
< Accept-Ranges: bytes
< Content-Length: 399
< Content-Security-Policy: block-all-mixed-content
< Content-Type: application/xml
< Server: MinIO
< Vary: Origin
< X-Amz-Request-Id: 1695BA2F941F436A
< X-Xss-Protection: 1; mode=block
< Date: Tue, 27 Jul 2021 18:45:53 GMT
< Connection: close
< 
<?xml version="1.0" encoding="UTF-8"?>
* Closing connection 0
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><Key>test123</Key><BucketName>uploads</BucketName><Resource>/uploads/test123</Resource><RequestId>1695BA2F941F436A</RequestId><HostId>fb52d19a-7b70-4620-9a52-726ba6fd9df5</HostId></Error>

I've tried sending more or less headers via curl it seems to have no effect. I dont' know why it thinks the signatures don't match either.

justin.m.chase
  • 13,061
  • 8
  • 52
  • 100

1 Answers1

0

the signature is generated using the parameters this.client, command, { expiresIn: 3600 }, this.client includes S3Client(config), config includes endpoint: "http://minio:9000" and you are modifying the endpoint after the signature is generated thereby invalidating the signature, as the error suggests.

peanutz
  • 11
  • 2
  • Which line is "modifying the endpoint"? When is the signature generated? I am providing the endpoint in the original configuration, not modifying it and using the URL verbatim later, so I'm not sure where the modification is happening? – justin.m.chase Jan 31 '22 at 17:11