From d74de646d7c3c59e5167de6c3cbe5f8faa44a9fe Mon Sep 17 00:00:00 2001 From: YunZZY <1263206327@qq.com> Date: Fri, 15 Dec 2023 15:50:16 +0800 Subject: [PATCH] Revert "chore: release 6.19.0 (#1268)" This reverts commit d39aaa723f4e77415b58709efd1c9d7efbe32864. --- .github/workflows/schedule.yml | 4 +-- CHANGELOG.md | 6 ---- README.md | 12 ++++---- lib/common/object/asyncSignatureUrl.js | 13 +-------- lib/common/object/signatureUrl.js | 10 ++----- test/browser/browser.test.js | 40 +------------------------- test/node/object.test.js | 35 ---------------------- 7 files changed, 11 insertions(+), 109 deletions(-) diff --git a/.github/workflows/schedule.yml b/.github/workflows/schedule.yml index 8ae333faa..44c43be41 100644 --- a/.github/workflows/schedule.yml +++ b/.github/workflows/schedule.yml @@ -1,9 +1,9 @@ -# Regularly clean test buckets at GMT 01:00 every day. +# Regularly clean test buckets at GMT 20:00 every day name: 'Schdule Delete' on: schedule: - - cron: '0 1 1/1 * *' + - cron: '0 20 1/1 * *' jobs: cleanAllBucket: diff --git a/CHANGELOG.md b/CHANGELOG.md index c07b78c46..897cbca37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,6 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. -## [6.19.0](https://github.com/ali-sdk/ali-oss/compare/v6.18.1...v6.19.0) (2023-12-15) - -### Features - -* verify object names strictly when signing URLs and enabled by default ([#1265](https://github.com/ali-sdk/ali-oss/issues/1265)) ([ff03bbb](https://github.com/ali-sdk/ali-oss/pull/1265/commits/ff03bbb62b041dd34d30ca2503745ba5d7c0a216)) - ### [6.18.1](https://github.com/ali-sdk/ali-oss/compare/v6.18.0...v6.18.1) (2023-09-08) ### Features diff --git a/README.md b/README.md index a6e5834e8..c6e09a521 100644 --- a/README.md +++ b/README.md @@ -343,7 +343,7 @@ options: - [region] {String} the bucket data region location, please see [Data Regions](#data-regions), default is `oss-cn-hangzhou`. - [internal] {Boolean} access OSS with aliyun internal network or not, default is `false`. - If your servers are running on aliyun too, you can set `true` to save a lot of money. + If your servers are running on aliyun too, you can set `true` to save lot of money. - [secure] {Boolean} instruct OSS client to use HTTPS (secure: true) or HTTP (secure: false) protocol. - [timeout] {String|Number} instance level timeout for all operations, default is `60s`. - [cname] {Boolean}, default false, access oss with custom domain name. if true, you can fill `endpoint` field with your custom domain name, @@ -2579,7 +2579,7 @@ console.log(result.objects); console.log(result.deleteMarker); ``` -### .signatureUrl(name[, options, strictObjectNameValidation]) +### .signatureUrl(name[, options]) Create a signature url for download or upload object. When you put object with signatureUrl ,you need to pass `Content-Type`.Please look at the example. @@ -2605,7 +2605,6 @@ parameters: - body {String} set the body for callback - [contentType] {String} set the type for body - [customValue] {Object} set the custom value for callback,eg. {var1: value1,var2:value2} -- [strictObjectNameValidation] {boolean} the flag of verifying object name strictly, default is true Success will return signature url. @@ -2640,7 +2639,7 @@ const url = store.signatureUrl('ossdemo.txt', { 'content-type': 'text/custom', 'content-disposition': 'attachment' } -}, false); +}); console.log(url); // put operation @@ -2661,7 +2660,7 @@ const url = store.signatureUrl('ossdemo.png', { console.log(url); ``` -### .asyncSignatureUrl(name[, options, strictObjectNameValidation]) +### .asyncSignatureUrl(name[, options]) Basically the same as signatureUrl, if refreshSTSToken is configured asyncSignatureUrl will refresh stsToken @@ -2687,7 +2686,6 @@ parameters: - body {String} set the body for callback - [contentType] {String} set the type for body - [customValue] {Object} set the custom value for callback,eg. {var1: value1,var2:value2} -- [strictObjectNameValidation] {boolean} the flag of verifying object name strictly, default is true Success will return signature url. @@ -2719,7 +2717,7 @@ const url = await store.asyncSignatureUrl('ossdemo.txt', { 'content-type': 'text/custom', 'content-disposition': 'attachment' } -}, false); +}); console.log(url); // put operation ``` diff --git a/lib/common/object/asyncSignatureUrl.js b/lib/common/object/asyncSignatureUrl.js index de5a1ffd2..d153db90d 100644 --- a/lib/common/object/asyncSignatureUrl.js +++ b/lib/common/object/asyncSignatureUrl.js @@ -8,21 +8,10 @@ const { isFunction } = require('../utils/isFunction'); const proto = exports; -/** - * asyncSignatureUrl - * @param {String} name object name - * @param {Object} options options - * @param {boolean} [strictObjectNameValidation=true] the flag of verifying object name strictly - */ -proto.asyncSignatureUrl = async function asyncSignatureUrl(name, options, strictObjectNameValidation = true) { +proto.asyncSignatureUrl = async function asyncSignatureUrl(name, options) { if (isIP(this.options.endpoint.hostname)) { throw new Error('can not get the object URL when endpoint is IP'); } - - if (strictObjectNameValidation && /^\?/.test(name)) { - throw new Error(`Invalid object name ${name}`); - } - options = options || {}; name = this._objectName(name); options.method = options.method || 'GET'; diff --git a/lib/common/object/signatureUrl.js b/lib/common/object/signatureUrl.js index 70be565da..be41c7f81 100644 --- a/lib/common/object/signatureUrl.js +++ b/lib/common/object/signatureUrl.js @@ -10,18 +10,12 @@ const proto = exports; * signatureUrl * @deprecated will be deprecated in 7.x * @param {String} name object name - * @param {Object} options options - * @param {boolean} [strictObjectNameValidation=true] the flag of verifying object name strictly + * @param {Object} options options */ -proto.signatureUrl = function signatureUrl(name, options, strictObjectNameValidation = true) { +proto.signatureUrl = function signatureUrl(name, options) { if (isIP(this.options.endpoint.hostname)) { throw new Error('can not get the object URL when endpoint is IP'); } - - if (strictObjectNameValidation && /^\?/.test(name)) { - throw new Error(`Invalid object name ${name}`); - } - options = options || {}; name = this._objectName(name); options.method = options.method || 'GET'; diff --git a/test/browser/browser.test.js b/test/browser/browser.test.js index 53eefcc24..75c4ea897 100644 --- a/test/browser/browser.test.js +++ b/test/browser/browser.test.js @@ -981,7 +981,6 @@ describe('browser', () => { let store; let name; let needEscapeName; - const testSignatureObjectName = `?{测}\r\n[试];,/?:@&=+$<中>-_.!~*'(文)"¥#%!(字)^ \`符|\\${prefix}test.txt`; before(async () => { store = oss(ossConfig); name = `${prefix}ali-sdk/oss/signatureUrl.js`; @@ -1007,9 +1006,6 @@ describe('browser', () => { }); assert.equal(object.res.status, 200); // assert.equal(typeof object.res.headers['x-oss-request-id'], 'string'); - - const testSignatureObject = await store.put(testSignatureObjectName, Buffer.from('Hello World!', 'utf8')); - assert.equal(typeof testSignatureObject.res.headers['x-oss-request-id'], 'string'); }); it('should signature url get object ok', async () => { @@ -1019,40 +1015,6 @@ describe('browser', () => { assert.equal(urlRes.data.toString(), result.content.toString()); }); - it('should verify object name strictly by default', () => { - assert.throws(() => { - try { - store.signatureUrl(testSignatureObjectName); - } catch (err) { - assert.strictEqual(err.message, `Invalid object name ${testSignatureObjectName}`); - throw err; - } - }, Error); - - store - .asyncSignatureUrl(testSignatureObjectName) - .then(() => { - assert.fail('Expected asyncSignatureUrl to throw an error'); - }) - .catch(err => { - assert.strictEqual(err.message, `Invalid object name ${testSignatureObjectName}`); - }); - }); - - it('should verify object name loosely', async () => { - const testSignatureObjectFromGet = await store.get(testSignatureObjectName); - const testSignatureObjectUrl = store.signatureUrl(testSignatureObjectName, undefined, false); - const testSignatureObjectFromUrl = await urllib.request(testSignatureObjectUrl); - assert.strictEqual(testSignatureObjectFromUrl.data.toString(), testSignatureObjectFromGet.content.toString()); - - const testSignatureObjectUrlAsync = await store.asyncSignatureUrl(testSignatureObjectName, undefined, false); - const testSignatureObjectFromUrlAsync = await urllib.request(testSignatureObjectUrlAsync); - assert.strictEqual( - testSignatureObjectFromUrlAsync.data.toString(), - testSignatureObjectFromGet.content.toString() - ); - }); - // it('should signature url with image processed and get object ok', function* () { // var name = prefix + 'ali-sdk/oss/nodejs-test-signature-1024x768.png'; // var originImagePath = path.join(__dirname, 'nodejs-1024x768.png'); @@ -1095,7 +1057,7 @@ describe('browser', () => { assert.equal(urlRes.data.toString(), result.content.toString()); }); - it('should signature url with response limitation', async () => { + it('should signature url with reponse limitation', async () => { const response = { 'content-type': 'xml', 'content-language': 'zh-cn' diff --git a/test/node/object.test.js b/test/node/object.test.js index 57a3a2490..cdab68464 100644 --- a/test/node/object.test.js +++ b/test/node/object.test.js @@ -1025,7 +1025,6 @@ describe('test/object.test.js', () => { describe('signatureUrl()', () => { let name; let needEscapeName; - const testSignatureObjectName = `?{测}\r\n[试];,/?:@&=+$<中>-_.!~*'(文)"¥#%!(字)^ \`符|\\${prefix}test.txt`; before(async () => { name = `${prefix}ali-sdk/oss/signatureUrl.js`; let object = await store.put(name, __filename, { @@ -1046,9 +1045,6 @@ describe('test/object.test.js', () => { } }); assert.equal(typeof object.res.headers['x-oss-request-id'], 'string'); - - const testSignatureObject = await store.put(testSignatureObjectName, Buffer.from('Hello World!', 'utf8')); - assert.equal(testSignatureObject.res.status, 200); }); it('should signature url get object ok', async () => { @@ -1062,37 +1058,6 @@ describe('test/object.test.js', () => { } }); - it('should verify object name strictly by default', () => { - assert.throws(() => { - try { - store.signatureUrl(testSignatureObjectName); - } catch (err) { - assert.strictEqual(err.message, `Invalid object name ${testSignatureObjectName}`); - throw err; - } - }, Error); - - assert.rejects(store.asyncSignatureUrl(testSignatureObjectName), err => { - assert.strictEqual(err.message, `Invalid object name ${testSignatureObjectName}`); - - return true; - }); - }); - - it('should verify object name loosely', async () => { - const testSignatureObjectFromGet = await store.get(testSignatureObjectName); - const testSignatureObjectUrl = store.signatureUrl(testSignatureObjectName, undefined, false); - const testSignatureObjectFromUrl = await urllib.request(testSignatureObjectUrl); - assert.strictEqual(testSignatureObjectFromUrl.data.toString(), testSignatureObjectFromGet.content.toString()); - - const testSignatureObjectUrlAsync = await store.asyncSignatureUrl(testSignatureObjectName, undefined, false); - const testSignatureObjectFromUrlAsync = await urllib.request(testSignatureObjectUrlAsync); - assert.strictEqual( - testSignatureObjectFromUrlAsync.data.toString(), - testSignatureObjectFromGet.content.toString() - ); - }); - it('should signature url with response limitation', () => { try { const response = {