search

awslabs / aws-sigv4-proxy

This project signs and proxies HTTP requests with Sigv4
Apache License 2.0
360 stars 100 forks source link

Uploading file to S3 (proxied) `http: ContentLength=... with Body length 0` #225

Open adri opened 1 month ago

adri commented 1 month ago

Our goal is to use this library in a container to proxy file upload requests to S3. When doing so, we run into an error http: ContentLength=... with Body length 0. Any tips on how to resolve this?

Steps to reproduce

  1. Start image 

    docker run --rm -ti \
   -v ~/.aws:/root/.aws \
   -p 8080:8080 \
   -e 'AWS_SDK_LOAD_CONFIG=true' \
   -e 'AWS_PROFILE=...' \
   public.ecr.aws/aws-observability/aws-sigv4-proxy:1.9

  2. Send image 

    curl 'http://127.0.0.1:8080/some-bucket/some-image.jpeg' --request PUT -H 'host: s3.us-west-1.amazonaws.com' -H 'Content-Type: image/jpeg' -d '@some-image.jpeg' -v

    Responds with

    http: ContentLength=6396 with Body length 0

  3. View debug logs

    DEBU[0279] Initial request dump:                         request="PUT /some-bucket/some-image.jpeg HTTP/1.1\r\nHost: s3.us-west-1.amazonaws.com\r\nAccept: */*\r\nContent-Length: 6396\r\nContent-Type: image/jpeg\r\nUser-Agent: curl/8.7.1\r\n\r\n\xff\xd8\xff\xe0\x10JFIF\x01\x01\x01\x01\xff\xfe>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\xff\xdbC\b\x06\x06\a\x06\x05\b\a\a\a\t\t\b\f\x14\f\v\v\f\x19\x12\x13\x0f\x14\x1d\x1a\x1f\x1e\x1d\x1a\x1c\x1c $.' \",#\x1c\x1c(7),01444\x1f'9=82<.342\xff\xdbC\x01\t\t\t\f\v\f\x18\x1...."
INFO[0279] DEBUG: Request Signature:
---[ CANONICAL STRING  ]-----------------------------
PUT
/some-bucket/some-image.jpeg
X-Amz-Algorithm=.....3D&X-Amz-SignedHeaders=host
host:s3.us-west-1.amazonaws.com

host
UNSIGNED-PAYLOAD
---[ STRING TO SIGN ]--------------------------------
AWS4-HMAC-SHA256
20240806T150733Z
20240806/us-west-1/s3/aws4_request
680fc63663aeeda666951559c7e4a2a80ac1a603ecd4507ef11d94ae626f65a3
---[ SIGNED URL ]------------------------------------
https://s3.us-west-1.amazonaws.com/some-bucket/some-image.jpeg?X-Amz-Algorithm=.....3D&X-Amz-SignedHeaders=host&X-Amz-Signature=0f3783db1114899233f73bfe158f2ae959fe9cb52b2073cd8ecaeea0cdb55fac
-----------------------------------------------------
DEBU[0279] signed request                                region=us-west-1 service=s3
DEBU[0279] Stripping Header:                             StripHeader=Authorization
DEBU[0279] proxying request                              request="PUT /some-bucket/some-image.jpeg?X-Amz-Algorithm=.....3D&X-Amz-SignedHeaders=host&X-Amz-Signature=0f3783db1114899233f73bfe158f2ae959fe9cb52b2073cd8ecaeea0cdb55fac HTTP/1.1\r\nHost: s3.us-west-1.amazonaws.com\r\nTransfer-Encoding: identity\r\nAccept: */*\r\nContent-Length: 6396\r\nContent-Type: image/jpeg\r\nUser-Agent: curl/8.7.1\r\n\r\n"
ERRO[0279] unable to proxy request                       error="Put \"https://s3.us-west-1.amazonaws.com/some-bucket/some-image.jpeg?X-Amz-Algorithm=.....3D&X-Amz-SignedHeaders=host&X-Amz-Signature=0f3783db1114899233f73bfe158f2ae959fe9cb52b2073cd8ecaeea0cdb55fac\": http: ContentLength=6396 with Body length 0"
janavenkat commented 1 month ago

cc @rapphil it would be great, if we get some help here.

janavenkat commented 3 weeks ago

@rapphil We tried to understand the problem.

What We Did

  1. Checked Body Reading: We ensured that the request body was read and reset correctly using readDownStreamRequestBody.

  2. Verified Header Handling: We made sure that Content-Length was set correctly based on the actual body length and that Transfer-Encoding was handled properly.

  3. Reviewed Signing Process:

    We examined the sign method to ensure it didn’t alter the request body or headers in a way that could cause the mismatch.

  4. Verified Request Handling:

    We looked into how the ProxyClient was creating and sending requests to ensure consistent body and header handling. Conclusion

Issue: The mismatch between Content-Length and the actual body length remains unresolved.

janavenkat commented 2 weeks ago

cc @alvinlin123