diff options
author | Alex Auvolat <alex@adnab.me> | 2024-02-13 11:24:56 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2024-02-13 11:36:28 +0100 |
commit | cf2af186fcc0c8f581a966454b6cd4720d3821f0 (patch) | |
tree | 37a978ba9ffb780fc828cff7b8ec93662d50884f /src/api/signature | |
parent | db48dd3d6c1f9e86a62e9b8edfce2c1620bcd5f3 (diff) | |
parent | 823078b4cdaf93e09de0847c5eaa75beb7b26b7f (diff) | |
download | garage-cf2af186fcc0c8f581a966454b6cd4720d3821f0.tar.gz garage-cf2af186fcc0c8f581a966454b6cd4720d3821f0.zip |
Merge branch 'main' into next-0.10
Diffstat (limited to 'src/api/signature')
-rw-r--r-- | src/api/signature/error.rs | 4 | ||||
-rw-r--r-- | src/api/signature/payload.rs | 8 | ||||
-rw-r--r-- | src/api/signature/streaming.rs | 34 |
3 files changed, 21 insertions, 25 deletions
diff --git a/src/api/signature/error.rs b/src/api/signature/error.rs index f0d7c816..2d92a072 100644 --- a/src/api/signature/error.rs +++ b/src/api/signature/error.rs @@ -18,10 +18,6 @@ pub enum Error { /// The request contained an invalid UTF-8 sequence in its path or in other parameters #[error(display = "Invalid UTF-8: {}", _0)] InvalidUtf8Str(#[error(source)] std::str::Utf8Error), - - /// The client sent a header with invalid value - #[error(display = "Invalid header value: {}", _0)] - InvalidHeader(#[error(source)] hyper::header::ToStrError), } impl<T> From<T> for Error diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs index b50fb3bb..423aad93 100644 --- a/src/api/signature/payload.rs +++ b/src/api/signature/payload.rs @@ -1,8 +1,8 @@ use std::collections::HashMap; -use chrono::{DateTime, Duration, NaiveDateTime, Utc}; +use chrono::{DateTime, Duration, NaiveDateTime, TimeZone, Utc}; use hmac::Mac; -use hyper::{Body, Method, Request}; +use hyper::{body::Incoming as IncomingBody, Method, Request}; use sha2::{Digest, Sha256}; use garage_table::*; @@ -20,7 +20,7 @@ use crate::signature::error::*; pub async fn check_payload_signature( garage: &Garage, service: &'static str, - request: &Request<Body>, + request: &Request<IncomingBody>, ) -> Result<(Option<Key>, Option<Hash>), Error> { let mut headers = HashMap::new(); for (key, val) in request.headers() { @@ -316,7 +316,7 @@ fn canonical_query_string(uri: &hyper::Uri) -> String { pub fn parse_date(date: &str) -> Result<DateTime<Utc>, Error> { let date: NaiveDateTime = NaiveDateTime::parse_from_str(date, LONG_DATETIME).ok_or_bad_request("Invalid date")?; - Ok(DateTime::from_utc(date, Utc)) + Ok(Utc.from_utc_datetime(&date)) } pub async fn verify_v4( diff --git a/src/api/signature/streaming.rs b/src/api/signature/streaming.rs index c8358c4f..39147ca0 100644 --- a/src/api/signature/streaming.rs +++ b/src/api/signature/streaming.rs @@ -1,26 +1,30 @@ use std::pin::Pin; -use chrono::{DateTime, NaiveDateTime, Utc}; +use chrono::{DateTime, NaiveDateTime, TimeZone, Utc}; use futures::prelude::*; use futures::task; use garage_model::key_table::Key; use hmac::Mac; -use hyper::body::Bytes; -use hyper::{Body, Request}; +use http_body_util::StreamBody; +use hyper::body::{Bytes, Incoming as IncomingBody}; +use hyper::Request; use garage_util::data::Hash; use super::{compute_scope, sha256sum, HmacSha256, LONG_DATETIME}; +use crate::helpers::*; use crate::signature::error::*; +pub type ReqBody = BoxBody<Error>; + pub fn parse_streaming_body( api_key: &Key, - req: Request<Body>, + req: Request<IncomingBody>, content_sha256: &mut Option<Hash>, region: &str, service: &str, -) -> Result<Request<Body>, Error> { +) -> Result<Request<ReqBody>, Error> { match req.headers().get("x-amz-content-sha256") { Some(header) if header == "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" => { let signature = content_sha256 @@ -40,26 +44,22 @@ pub fn parse_streaming_body( .to_str()?; let date: NaiveDateTime = NaiveDateTime::parse_from_str(date, LONG_DATETIME) .ok_or_bad_request("Invalid date")?; - let date: DateTime<Utc> = DateTime::from_utc(date, Utc); + let date: DateTime<Utc> = Utc.from_utc_datetime(&date); let scope = compute_scope(&date, region, service); let signing_hmac = crate::signature::signing_hmac(&date, secret_key, region, service) .ok_or_internal_error("Unable to build signing HMAC")?; Ok(req.map(move |body| { - Body::wrap_stream( - SignedPayloadStream::new( - body.map_err(Error::from), - signing_hmac, - date, - &scope, - signature, - ) - .map_err(Error::from), - ) + let stream = body_stream::<_, Error>(body); + let signed_payload_stream = + SignedPayloadStream::new(stream, signing_hmac, date, &scope, signature) + .map(|x| x.map(hyper::body::Frame::data)) + .map_err(Error::from); + ReqBody::new(StreamBody::new(signed_payload_stream)) })) } - _ => Ok(req), + _ => Ok(req.map(|body| ReqBody::new(http_body_util::BodyExt::map_err(body, Error::from)))), } } |