Add Request Not Ready error when presigned date request is not valid (#2646)

8 years ago · 11785529fc
parent 32201a18ab
commit 11785529fc
2 changed files with 10 additions and 0 deletions
--- a/cmd/api-errors.go
+++ b/cmd/api-errors.go
@ -103,6 +103,7 @@ const (
 	ErrNegativeExpires
 	ErrAuthHeaderEmpty
 	ErrExpiredPresignRequest
+	ErrRequestNotReadyYet
 	ErrUnsignedHeaders
 	ErrMissingDateHeader
 	ErrInvalidQuerySignatureAlgo
@ -448,6 +449,11 @@ var errorCodeResponse = map[APIErrorCode]APIError{
 		Description:    "Request has expired",
 		HTTPStatusCode: http.StatusForbidden,
 	},
+	ErrRequestNotReadyYet: {
+		Code:           "AccessDenied",
+		Description:    "Request is not valid yet",
+		HTTPStatusCode: http.StatusForbidden,
+	},
 	// FIXME: Actual XML error response also contains the header which missed in lsit of signed header parameters.
 	ErrUnsignedHeaders: {
 		Code:           "AccessDenied",
--- a/cmd/signature-v4.go
+++ b/cmd/signature-v4.go
@ -246,6 +246,10 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, validate

 	query.Set("X-Amz-Algorithm", signV4Algorithm)

+	if pSignValues.Date.After(time.Now().UTC()) {
+		return ErrRequestNotReadyYet
+	}
+
 	if time.Now().UTC().Sub(pSignValues.Date) > time.Duration(pSignValues.Expires) {
 		return ErrExpiredPresignRequest
 	}