[fix-presigned] new function to merge identical logic in s3 and k2v api

4 files changed, 34 insertions, 33 deletions

diff --git a/src/api/k2v/api_server.rs b/src/api/k2v/api_server.rs
index 5ed7e286..fdb5db4c 100644
--- a/src/api/k2v/api_server.rs
+++ b/src/api/k2v/api_server.rs
@@ -15,8 +15,7 @@ use garage_model::garage::Garage;
 use crate::generic_server::*;
 use crate::k2v::error::*;
 
-use crate::signature::payload::check_payload_signature;
-use crate::signature::streaming::*;
+use crate::signature::verify_request;
 
 use crate::helpers::*;
 use crate::k2v::batch::*;
@@ -69,7 +68,7 @@ impl ApiHandler for K2VApiServer {
 
 	async fn handle(
 		&self,
-		mut req: Request<IncomingBody>,
+		req: Request<IncomingBody>,
 		endpoint: K2VApiEndpoint,
 	) -> Result<Response<ResBody>, Error> {
 		let K2VApiEndpoint {
@@ -86,18 +85,7 @@ impl ApiHandler for K2VApiServer {
 			return Ok(options_res.map(|_empty_body: EmptyBody| empty_body()));
 		}
 
-		let (api_key, mut content_sha256) =
-			check_payload_signature(&garage, "k2v", &mut req).await?;
-		let api_key = api_key
-			.ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))?;
-
-		let req = parse_streaming_body(
-			&api_key,
-			req,
-			&mut content_sha256,
-			&garage.config.s3_api.s3_region,
-			"k2v",
-		)?;
+		let (req, api_key, _content_sha256) = verify_request(&garage, req, "k2v").await?;
 
 		let bucket_id = garage
 			.bucket_helper()
diff --git a/src/api/s3/api_server.rs b/src/api/s3/api_server.rs
index fdfaf0a4..51f19554 100644
--- a/src/api/s3/api_server.rs
+++ b/src/api/s3/api_server.rs
@@ -17,8 +17,7 @@ use garage_model::key_table::Key;
 use crate::generic_server::*;
 use crate::s3::error::*;
 
-use crate::signature::payload::check_payload_signature;
-use crate::signature::streaming::*;
+use crate::signature::verify_request;
 
 use crate::helpers::*;
 use crate::s3::bucket::*;
@@ -107,7 +106,7 @@ impl ApiHandler for S3ApiServer {
 
 	async fn handle(
 		&self,
-		mut req: Request<IncomingBody>,
+		req: Request<IncomingBody>,
 		endpoint: S3ApiEndpoint,
 	) -> Result<Response<ResBody>, Error> {
 		let S3ApiEndpoint {
@@ -125,18 +124,7 @@ impl ApiHandler for S3ApiServer {
 			return Ok(options_res.map(|_empty_body: EmptyBody| empty_body()));
 		}
 
-		let (api_key, mut content_sha256) =
-			check_payload_signature(&garage, "s3", &mut req).await?;
-		let api_key = api_key
-			.ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))?;
-
-		let req = parse_streaming_body(
-			&api_key,
-			req,
-			&mut content_sha256,
-			&garage.config.s3_api.s3_region,
-			"s3",
-		)?;
+		let (req, api_key, content_sha256) = verify_request(&garage, req, "s3").await?;
 
 		let bucket_name = match bucket_name {
 			None => {
diff --git a/src/api/signature/mod.rs b/src/api/signature/mod.rs
index 4b8b990f..6514da43 100644
--- a/src/api/signature/mod.rs
+++ b/src/api/signature/mod.rs
@@ -2,19 +2,44 @@ use chrono::{DateTime, Utc};
 use hmac::{Hmac, Mac};
 use sha2::Sha256;
 
+use hyper::{body::Incoming as IncomingBody, Request};
+
+use garage_model::garage::Garage;
+use garage_model::key_table::Key;
 use garage_util::data::{sha256sum, Hash};
 
+use error::*;
+
 pub mod error;
 pub mod payload;
 pub mod streaming;
 
-use error::*;
-
 pub const SHORT_DATE: &str = "%Y%m%d";
 pub const LONG_DATETIME: &str = "%Y%m%dT%H%M%SZ";
 
 type HmacSha256 = Hmac<Sha256>;
 
+pub async fn verify_request(
+	garage: &Garage,
+	mut req: Request<IncomingBody>,
+	service: &'static str,
+) -> Result<(Request<streaming::ReqBody>, Key, Option<Hash>), Error> {
+	let (api_key, mut content_sha256) =
+		payload::check_payload_signature(&garage, &mut req, service).await?;
+	let api_key =
+		api_key.ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))?;
+
+	let req = streaming::parse_streaming_body(
+		&api_key,
+		req,
+		&mut content_sha256,
+		&garage.config.s3_api.s3_region,
+		service,
+	)?;
+
+	Ok((req, api_key, content_sha256))
+}
+
 pub fn verify_signed_content(expected_sha256: Hash, body: &[u8]) -> Result<(), Error> {
 	if expected_sha256 != sha256sum(body) {
 		return Err(Error::bad_request(
diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs
index 435b4206..5935724d 100644
--- a/src/api/signature/payload.rs
+++ b/src/api/signature/payload.rs
@@ -35,8 +35,8 @@ pub type QueryMap = HashMap<String, String>;
 
 pub async fn check_payload_signature(
 	garage: &Garage,
-	service: &'static str,
 	request: &mut Request<IncomingBody>,
+	service: &'static str,
 ) -> Result<(Option<Key>, Option<Hash>), Error> {
 	let query = parse_query_map(request.uri())?;