diff options
| author | Alex Auvolat <alex@adnab.me> | 2024-02-26 15:11:11 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2024-02-27 10:15:17 +0100 |
| commit | a0632a8e6db094b17fd3bba2a7b4bf4caf59abb6 (patch) | |
| tree | d710c30c565e05f746cbe271a9cc04899f3ffb11 /src/api/s3/multipart.rs | |
| parent | ea5533265cb87c3dff2d8e8858e9d131a79e1328 (diff) | |
| download | garage-a0632a8e6db094b17fd3bba2a7b4bf4caf59abb6.tar.gz garage-a0632a8e6db094b17fd3bba2a7b4bf4caf59abb6.zip | |
[sse-c] hook encryption in header handling and make stuff compile
Diffstat (limited to 'src/api/s3/multipart.rs')
| -rw-r--r-- | src/api/s3/multipart.rs | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/src/api/s3/multipart.rs b/src/api/s3/multipart.rs index 5959bcd6..a7c549f6 100644 --- a/src/api/s3/multipart.rs +++ b/src/api/s3/multipart.rs @@ -17,6 +17,7 @@ use garage_model::s3::version_table::*; use crate::helpers::*; use crate::s3::api_server::{ReqBody, ResBody}; +use crate::s3::encryption::EncryptionParams; use crate::s3::error::*; use crate::s3::put::*; use crate::s3::xml as s3_xml; @@ -38,13 +39,21 @@ pub async fn handle_create_multipart_upload( let headers = get_headers(req.headers())?; + // Determine whether object should be encrypted, and if so the key + let encryption = EncryptionParams::new_from_req(&garage, &req)?; + if encryption.is_encrypted() { + // TODO + unimplemented!("multipart upload encryption"); + } + let object_encryption = encryption.encrypt_headers(headers)?; + // Create object in object table let object_version = ObjectVersion { uuid: upload_id, timestamp, state: ObjectVersionState::Uploading { multipart: true, - headers, + encryption: object_encryption, }, }; let object = Object::new(bucket_id, key.to_string(), vec![object_version]); @@ -87,14 +96,30 @@ pub async fn handle_put_part( // Read first chuck, and at the same time try to get object to see if it exists let key = key.to_string(); - let stream = body_stream(req.into_body()); + let (req_head, req_body) = req.into_parts(); + let stream = body_stream(req_body); let mut chunker = StreamChunker::new(stream, garage.config.block_size); - let ((_, _, mut mpu), first_block) = futures::try_join!( + let ((_, object_version, mut mpu), first_block) = futures::try_join!( get_upload(&garage, &bucket_id, &key, &upload_id), chunker.next(), )?; + // Check encryption params + let object_encryption = match object_version.state { + ObjectVersionState::Uploading { encryption, .. } => encryption, + _ => unreachable!(), + }; + let (encryption, _) = EncryptionParams::check_decrypt_for_get( + &garage, + &Request::from_parts(req_head, empty_body::<Error>()), + &object_encryption, + )?; + if encryption.is_encrypted() { + // TODO + unimplemented!("encryption for mpu"); + } + // Check object is valid and part can be accepted let first_block = first_block.ok_or_bad_request("Empty body")?; @@ -235,8 +260,8 @@ pub async fn handle_complete_multipart_upload( return Err(Error::bad_request("No data was uploaded")); } - let headers = match object_version.state { - ObjectVersionState::Uploading { headers, .. } => headers, + let object_encryption = match object_version.state { + ObjectVersionState::Uploading { encryption, .. } => encryption, _ => unreachable!(), }; @@ -338,7 +363,7 @@ pub async fn handle_complete_multipart_upload( // Write final object version object_version.state = ObjectVersionState::Complete(ObjectVersionData::FirstBlock( ObjectVersionMeta { - headers, + encryption: object_encryption, size: total_size, etag: etag.clone(), }, |