From 085ae0fde9752b41cd911d265ff1232b3283d3ee Mon Sep 17 00:00:00 2001
From: hanbing0715 <hanbing0715@gmail.com>
Date: Tue, 17 Oct 2023 03:54:16 +0800
Subject: [PATCH] fix: Add x-amz-content-sha256 to CanonicalHeaders (#179)

---
 common/etc/nginx/include/awssig4.js | 3 ++-
 test/unit/awssig4_test.js           | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/etc/nginx/include/awssig4.js b/common/etc/nginx/include/awssig4.js
index 6af15a55..fb7be86f 100644
--- a/common/etc/nginx/include/awssig4.js
+++ b/common/etc/nginx/include/awssig4.js
@@ -28,7 +28,7 @@ const mod_hmac = require('crypto');
  * Constant defining the headers being signed.
  * @type {string}
  */
-const DEFAULT_SIGNED_HEADERS = 'host;x-amz-date';
+const DEFAULT_SIGNED_HEADERS = 'host;x-amz-content-sha256;x-amz-date';
 
 /**
  * Create HTTP Authorization header for authenticating with an AWS compatible
@@ -76,6 +76,7 @@ function _buildCanonicalRequest(r,
     method, uri, queryParams, host, amzDatetime, sessionToken) {
     const payloadHash = awsHeaderPayloadHash(r);
     let canonicalHeaders = 'host:' + host + '\n' +
+                           'x-amz-content-sha256:' + payloadHash + '\n' +
                            'x-amz-date:' + amzDatetime + '\n';
 
     if (sessionToken && sessionToken.length > 0) {
diff --git a/test/unit/awssig4_test.js b/test/unit/awssig4_test.js
index 351aed4c..b1f3612c 100644
--- a/test/unit/awssig4_test.js
+++ b/test/unit/awssig4_test.js
@@ -74,7 +74,7 @@ function _runSignatureV4(r) {
     const canonicalRequest = awssig4._buildCanonicalRequest(r, 
         r.method, req.uri, req.queryParams, req.host, amzDatetime, creds.sessionToken);
 
-    var expected = '600721cacc21e3de14416de7517868381831f4709e5c5663bbf2b738e4d5abe4';
+    var expected = 'cf4dd9e1d28c74e2284f938011efc8230d0c20704f56f67e4a3bfc2212026bec';
     var signature = awssig4._buildSignatureV4(r, 
         amzDatetime, eightDigitDate, creds, region, service, canonicalRequest);