diff options
author | Alex Auvolat <alex@adnab.me> | 2022-05-13 15:04:53 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-05-13 15:04:53 +0200 |
commit | 96b11524d53b3616a28f33e2b057655be1639f6f (patch) | |
tree | 324a8a9624c5b861fb5a09b0ae0e0c07f6b9614c /src/api/signature | |
parent | c0fb9fd0fe553e5eda39dcb1a09f059bcd631b6c (diff) | |
download | garage-96b11524d53b3616a28f33e2b057655be1639f6f.tar.gz garage-96b11524d53b3616a28f33e2b057655be1639f6f.zip |
Error refactoring
Diffstat (limited to 'src/api/signature')
-rw-r--r-- | src/api/signature/mod.rs | 2 | ||||
-rw-r--r-- | src/api/signature/payload.rs | 14 | ||||
-rw-r--r-- | src/api/signature/streaming.rs | 6 |
3 files changed, 12 insertions, 10 deletions
diff --git a/src/api/signature/mod.rs b/src/api/signature/mod.rs index 5646f4fa..e3554080 100644 --- a/src/api/signature/mod.rs +++ b/src/api/signature/mod.rs @@ -16,7 +16,7 @@ type HmacSha256 = Hmac<Sha256>; pub fn verify_signed_content(expected_sha256: Hash, body: &[u8]) -> Result<(), Error> { if expected_sha256 != sha256sum(body) { - return Err(Error::BadRequest( + return Err(Error::bad_request( "Request content hash does not match signed hash".to_string(), )); } diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs index 9137dd2d..52c4d401 100644 --- a/src/api/signature/payload.rs +++ b/src/api/signature/payload.rs @@ -105,7 +105,7 @@ fn parse_authorization( let (auth_kind, rest) = authorization.split_at(first_space); if auth_kind != "AWS4-HMAC-SHA256" { - return Err(Error::BadRequest("Unsupported authorization method".into())); + return Err(Error::bad_request("Unsupported authorization method")); } let mut auth_params = HashMap::new(); @@ -129,10 +129,11 @@ fn parse_authorization( let date = headers .get("x-amz-date") .ok_or_bad_request("Missing X-Amz-Date field") + .map_err(Error::from) .and_then(|d| parse_date(d))?; if Utc::now() - date > Duration::hours(24) { - return Err(Error::BadRequest("Date is too old".to_string())); + return Err(Error::bad_request("Date is too old".to_string())); } let auth = Authorization { @@ -156,7 +157,7 @@ fn parse_query_authorization( headers: &HashMap<String, String>, ) -> Result<Authorization, Error> { if algorithm != "AWS4-HMAC-SHA256" { - return Err(Error::BadRequest( + return Err(Error::bad_request( "Unsupported authorization method".to_string(), )); } @@ -179,10 +180,10 @@ fn parse_query_authorization( .get("x-amz-expires") .ok_or_bad_request("X-Amz-Expires not found in query parameters")? .parse() - .map_err(|_| Error::BadRequest("X-Amz-Expires is not a number".to_string()))?; + .map_err(|_| Error::bad_request("X-Amz-Expires is not a number".to_string()))?; if duration > 7 * 24 * 3600 { - return Err(Error::BadRequest( + return Err(Error::bad_request( "X-Amz-Exprires may not exceed a week".to_string(), )); } @@ -190,10 +191,11 @@ fn parse_query_authorization( let date = headers .get("x-amz-date") .ok_or_bad_request("Missing X-Amz-Date field") + .map_err(Error::from) .and_then(|d| parse_date(d))?; if Utc::now() - date > Duration::seconds(duration) { - return Err(Error::BadRequest("Date is too old".to_string())); + return Err(Error::bad_request("Date is too old".to_string())); } Ok(Authorization { diff --git a/src/api/signature/streaming.rs b/src/api/signature/streaming.rs index ded9d993..6c326c54 100644 --- a/src/api/signature/streaming.rs +++ b/src/api/signature/streaming.rs @@ -87,7 +87,7 @@ fn compute_streaming_payload_signature( let mut hmac = signing_hmac.clone(); hmac.update(string_to_sign.as_bytes()); - Hash::try_from(&hmac.finalize().into_bytes()).ok_or_internal_error("Invalid signature") + Ok(Hash::try_from(&hmac.finalize().into_bytes()).ok_or_internal_error("Invalid signature")?) } mod payload { @@ -163,10 +163,10 @@ impl From<SignedPayloadStreamError> for Error { match err { SignedPayloadStreamError::Stream(e) => e, SignedPayloadStreamError::InvalidSignature => { - Error::BadRequest("Invalid payload signature".into()) + Error::bad_request("Invalid payload signature") } SignedPayloadStreamError::Message(e) => { - Error::BadRequest(format!("Chunk format error: {}", e)) + Error::bad_request(format!("Chunk format error: {}", e)) } } } |