Summary

This PR addresses critical issues with CRC32C checksum calculation and significantly enhances the authentication system with improved IP handling and condition value processing.

Changes Made

🔧 CRC32C Checksum Fix

• Fixed CRC32C implementation in crates/rio/src/checksum.rs and crates/rio/src/hash_reader.rs
• Replaced crc32fast dependency with crc32c crate for proper CRC32C (Castagnoli) algorithm
• Simplified Crc32CastagnoliHasher implementation using crc32c::crc32c_append() function
• Updated dependency in Cargo.toml files across multiple crates

🔐 Authentication System Enhancements

• Enhanced authentication logic in rustfs/src/auth.rs with comprehensive auth type detection
• Added support for multiple authentication methods:
  • JWT Bearer tokens
  • AWS Signature V2 and V4
  • Presigned URLs (V2 and V4)
  • Post policy authentication
  • Streaming signed/unsigned payloads
  • STS tokens
• New IP handling module in crates/utils/src/http/ip.rs:
  • Proper X-Forwarded-For header processing
  • RFC7239 Forwarded header support
  • Source IP extraction with proxy awareness
  • Configurable XFF header processing via environment variables

🛠️ Storage and Access Improvements

• Enhanced storage options in rustfs/src/storage/options.rs:
  • Added support for unsigned payload handling
  • Improved content SHA256 processing
  • Better integration with authentication system
• Updated access control in rustfs/src/storage/access.rs and rustfs/src/storage/ecfs.rs
• Admin interface improvements in authentication handlers

📦 Dependency Updates

• Updated crates/policy/Cargo.toml, crates/rio/Cargo.toml, crates/utils/Cargo.toml
• Added new dependencies for CRC32C and IP processing functionality

Technical Details

CRC32C Implementation

// Before: Using crc32fast with manual implementation
pub struct Crc32CastagnoliHasher {
    hasher: crc32fast::Hasher,
}

// After: Simplified using crc32c crate
#[derive(Default)]
pub struct Crc32CastagnoliHasher(u32);

Authentication Types

Added comprehensive authentication type detection supporting:

• Anonymous access
• Presigned URLs (V2/V4)
• Signed requests (V2/V4)
• JWT tokens
• STS tokens
• Streaming payloads

IP Processing

New module handles complex proxy scenarios:

• X-Forwarded-For header parsing
• RFC7239 Forwarded header support
• Environment-configurable processing
• Proper source IP extraction

Files Changed

• 16 files modified with 767 additions, 116 deletions
• Key files: rustfs/src/auth.rs, crates/rio/src/checksum.rs, crates/utils/src/http/ip.rs
• New file: rustfs/src/storage/options.rs

Testing

• All existing tests should pass
• CRC32C checksum calculations now use proper Castagnoli algorithm
• Authentication system supports broader range of AWS-compatible scenarios
• IP handling works correctly behind proxies and load balancers

Breaking Changes

None - this is a bug fix and enhancement that maintains backward compatibility.

Related Issues

Fixes CRC32C checksum calculation issues and enhances authentication robustness for production deployments.

#666