diff options
author | Alex Auvolat <alex@adnab.me> | 2024-03-04 15:56:10 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2024-03-04 15:56:10 +0100 |
commit | bbde9bc91225ac41ea6e8def61c5b7044bb186a0 (patch) | |
tree | 6e2bb951b1efb104c61d6e56aae84d7a6b036342 /src/api/signature/mod.rs | |
parent | d0d95fd53f3d4a6fd5adcfbb4cbb031826fd64a4 (diff) | |
parent | 3168bb34a0082480660e945f7390a5ecab26c665 (diff) | |
download | garage-bbde9bc91225ac41ea6e8def61c5b7044bb186a0.tar.gz garage-bbde9bc91225ac41ea6e8def61c5b7044bb186a0.zip |
Merge branch 'main' into next-0.10
Diffstat (limited to 'src/api/signature/mod.rs')
-rw-r--r-- | src/api/signature/mod.rs | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/src/api/signature/mod.rs b/src/api/signature/mod.rs index 4b8b990f..6514da43 100644 --- a/src/api/signature/mod.rs +++ b/src/api/signature/mod.rs @@ -2,19 +2,44 @@ use chrono::{DateTime, Utc}; use hmac::{Hmac, Mac}; use sha2::Sha256; +use hyper::{body::Incoming as IncomingBody, Request}; + +use garage_model::garage::Garage; +use garage_model::key_table::Key; use garage_util::data::{sha256sum, Hash}; +use error::*; + pub mod error; pub mod payload; pub mod streaming; -use error::*; - pub const SHORT_DATE: &str = "%Y%m%d"; pub const LONG_DATETIME: &str = "%Y%m%dT%H%M%SZ"; type HmacSha256 = Hmac<Sha256>; +pub async fn verify_request( + garage: &Garage, + mut req: Request<IncomingBody>, + service: &'static str, +) -> Result<(Request<streaming::ReqBody>, Key, Option<Hash>), Error> { + let (api_key, mut content_sha256) = + payload::check_payload_signature(&garage, &mut req, service).await?; + let api_key = + api_key.ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))?; + + let req = streaming::parse_streaming_body( + &api_key, + req, + &mut content_sha256, + &garage.config.s3_api.s3_region, + service, + )?; + + Ok((req, api_key, content_sha256)) +} + pub fn verify_signed_content(expected_sha256: Hash, body: &[u8]) -> Result<(), Error> { if expected_sha256 != sha256sum(body) { return Err(Error::bad_request( |