diff options
author | Alex Auvolat <alex@adnab.me> | 2024-02-28 10:51:08 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2024-02-28 12:24:21 +0100 |
commit | 90cab5b8f2b5212668975bf445a1e86f638fe1c7 (patch) | |
tree | 9bcc9569e7a8806efdf9d542e37ffa06a7689bca /src/api/signature/mod.rs | |
parent | e9f759d4cb9be28584ab511a0a2dc78b579475c8 (diff) | |
download | garage-90cab5b8f2b5212668975bf445a1e86f638fe1c7.tar.gz garage-90cab5b8f2b5212668975bf445a1e86f638fe1c7.zip |
[fix-presigned] add comments and reorganize
Diffstat (limited to 'src/api/signature/mod.rs')
-rw-r--r-- | src/api/signature/mod.rs | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/src/api/signature/mod.rs b/src/api/signature/mod.rs index 4b8b990f..6514da43 100644 --- a/src/api/signature/mod.rs +++ b/src/api/signature/mod.rs @@ -2,19 +2,44 @@ use chrono::{DateTime, Utc}; use hmac::{Hmac, Mac}; use sha2::Sha256; +use hyper::{body::Incoming as IncomingBody, Request}; + +use garage_model::garage::Garage; +use garage_model::key_table::Key; use garage_util::data::{sha256sum, Hash}; +use error::*; + pub mod error; pub mod payload; pub mod streaming; -use error::*; - pub const SHORT_DATE: &str = "%Y%m%d"; pub const LONG_DATETIME: &str = "%Y%m%dT%H%M%SZ"; type HmacSha256 = Hmac<Sha256>; +pub async fn verify_request( + garage: &Garage, + mut req: Request<IncomingBody>, + service: &'static str, +) -> Result<(Request<streaming::ReqBody>, Key, Option<Hash>), Error> { + let (api_key, mut content_sha256) = + payload::check_payload_signature(&garage, &mut req, service).await?; + let api_key = + api_key.ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))?; + + let req = streaming::parse_streaming_body( + &api_key, + req, + &mut content_sha256, + &garage.config.s3_api.s3_region, + service, + )?; + + Ok((req, api_key, content_sha256)) +} + pub fn verify_signed_content(expected_sha256: Hash, body: &[u8]) -> Result<(), Error> { if expected_sha256 != sha256sum(body) { return Err(Error::bad_request( |