Address round 2 review feedback from Aneurysm9

- Remove .sisyphus/handoff/no-proxy-regression-analysis.md (not part of PR)
- Delete unused getProxyAddress/getProxyURL and their tests (dead code)
- Simplify Rewrite comment (Director deprecation detail in commit history)
- Read from r.In.Body instead of r.Out.Body for hash computation

Author: mitali-salvi

.sisyphus/handoff/no-proxy-regression-analysis.md

@@ -10,7 +10,6 @@ import (
 	"errors"
 	"net/http"
 	"net/url"
-	"os"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -57,34 +56,6 @@ func newHTTPClient(logger *zap.Logger, maxIdle, requestTimeout int, noVerify boo
 	return http, err
 }
 
-// getProxyAddress returns the proxy address from the provided value or HTTPS_PROXY environment variable.
-func getProxyAddress(proxyAddress string) string {
-	var finalProxyAddress string
-	switch {
-	case proxyAddress != "":
-		finalProxyAddress = proxyAddress
-
-	case proxyAddress == "" && os.Getenv("HTTPS_PROXY") != "":
-		finalProxyAddress = os.Getenv("HTTPS_PROXY")
-	default:
-		finalProxyAddress = ""
-	}
-	return finalProxyAddress
-}
-
-// getProxyURL parses and returns the proxy URL from the provided address.
-func getProxyURL(finalProxyAddress string) (*url.URL, error) {
-	var proxyURL *url.URL
-	var err error
-	if finalProxyAddress != "" {
-		proxyURL, err = url.Parse(finalProxyAddress)
-	} else {
-		proxyURL = nil
-		err = nil
-	}
-	return proxyURL, err
-}
-
 // GetProxyFunc returns a proxy function for use in http.Transport.
 // When an explicit proxy address is configured, it returns http.ProxyURL.
 // Otherwise, it returns http.ProxyFromEnvironment which respects NO_PROXY.

internal/aws/awsutil/conn.go

@@ -179,125 +179,6 @@ func TestNewHTTPClientWithCustomTimeout(t *testing.T) {
 	assert.Equal(t, 60*time.Second, client.Timeout)
 }
 
-// Test getProxyAddress function
-func TestGetProxyAddress(t *testing.T) {
-	testCases := []struct {
-		name         string
-		proxyAddress string
-		envProxy     string
-		expected     string
-	}{
-		{
-			name:         "Explicit proxy address",
-			proxyAddress: "http://explicit.proxy.com",
-			envProxy:     "http://env.proxy.com",
-			expected:     "http://explicit.proxy.com",
-		},
-		{
-			name:         "Environment proxy address",
-			proxyAddress: "",
-			envProxy:     "http://env.proxy.com",
-			expected:     "http://env.proxy.com",
-		},
-		{
-			name:         "No proxy address",
-			proxyAddress: "",
-			envProxy:     "",
-			expected:     "",
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			if tc.envProxy != "" {
-				t.Setenv("HTTPS_PROXY", tc.envProxy)
-			} else {
-				t.Setenv("HTTPS_PROXY", "")
-			}
-
-			result := getProxyAddress(tc.proxyAddress)
-			assert.Equal(t, tc.expected, result)
-		})
-	}
-}
-
-// Test getProxyURL function
-func TestGetProxyURL(t *testing.T) {
-	testCases := []struct {
-		name        string
-		proxyAddr   string
-		expectError bool
-		expectNil   bool
-	}{
-		{
-			name:        "Valid proxy URL",
-			proxyAddr:   "http://proxy.example.com:8080",
-			expectError: false,
-			expectNil:   false,
-		},
-		{
-			name:        "Valid proxy URL with IPv6",
-			proxyAddr:   "http://[::1]:8080",
-			expectError: false,
-			expectNil:   false,
-		},
-		{
-			name:        "Valid proxy URL with full IPv6",
-			proxyAddr:   "http://[2001:db8::1]:3128",
-			expectError: false,
-			expectNil:   false,
-		},
-		{
-			name:        "Empty proxy address",
-			proxyAddr:   "",
-			expectError: false,
-			expectNil:   true,
-		},
-		{
-			name:        "Invalid proxy URL - missing scheme",
-			proxyAddr:   "://invalid",
-			expectError: true,
-			expectNil:   false,
-		},
-		{
-			name:        "Invalid proxy URL - bad IPv6",
-			proxyAddr:   "http://[%10::1]",
-			expectError: true,
-			expectNil:   false,
-		},
-		{
-			name:        "Invalid proxy URL - bad escape",
-			proxyAddr:   "http://%41:8080/",
-			expectError: true,
-			expectNil:   false,
-		},
-		{
-			name:        "Invalid proxy URL - space in host",
-			proxyAddr:   "http://a b.com/",
-			expectError: true,
-			expectNil:   false,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			url, err := getProxyURL(tc.proxyAddr)
-
-			if tc.expectError {
-				assert.Error(t, err)
-			} else {
-				assert.NoError(t, err)
-			}
-
-			if tc.expectNil {
-				assert.Nil(t, url)
-			} else if !tc.expectError {
-				assert.NotNil(t, url)
-			}
-		})
-	}
-}
-
 func TestNoProxyIsRespectedWhenUsingEnvProxy(t *testing.T) {
 	t.Setenv("HTTPS_PROXY", "http://mitmproxy:8080")
 	t.Setenv("NO_PROXY", ".amazonaws.com,localhost,127.0.0.1")

internal/aws/awsutil/conn_test.go

@@ -76,7 +76,7 @@ func NewServer(cfg *Config, logger *zap.Logger) (Server, error) {
 	region := awsCfg.Region
 	serviceName := cfg.ServiceName
 
-	// Reverse proxy handler using Rewrite (Director is deprecated and insecure)
+	// Reverse proxy handler
 	handler := &httputil.ReverseProxy{
 		Transport: transport,
 
@@ -91,7 +91,7 @@ func NewServer(cfg *Config, logger *zap.Logger) (Server, error) {
 			r.Out.Host = awsURL.Host
 
 			// Consume body and calculate payload hash for signing
-			body, payloadHash, err := consumeBody(r.Out.Body)
+			body, payloadHash, err := consumeBody(r.In.Body)
 			if err != nil {
 				logger.Error("Unable to consume request body", zap.Error(err))
 				return