aboutsummaryrefslogtreecommitdiff
path: root/src/api/signature
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2024-02-13 11:24:56 +0100
committerAlex Auvolat <alex@adnab.me>2024-02-13 11:36:28 +0100
commitcf2af186fcc0c8f581a966454b6cd4720d3821f0 (patch)
tree37a978ba9ffb780fc828cff7b8ec93662d50884f /src/api/signature
parentdb48dd3d6c1f9e86a62e9b8edfce2c1620bcd5f3 (diff)
parent823078b4cdaf93e09de0847c5eaa75beb7b26b7f (diff)
downloadgarage-cf2af186fcc0c8f581a966454b6cd4720d3821f0.tar.gz
garage-cf2af186fcc0c8f581a966454b6cd4720d3821f0.zip
Merge branch 'main' into next-0.10
Diffstat (limited to 'src/api/signature')
-rw-r--r--src/api/signature/error.rs4
-rw-r--r--src/api/signature/payload.rs8
-rw-r--r--src/api/signature/streaming.rs34
3 files changed, 21 insertions, 25 deletions
diff --git a/src/api/signature/error.rs b/src/api/signature/error.rs
index f0d7c816..2d92a072 100644
--- a/src/api/signature/error.rs
+++ b/src/api/signature/error.rs
@@ -18,10 +18,6 @@ pub enum Error {
/// The request contained an invalid UTF-8 sequence in its path or in other parameters
#[error(display = "Invalid UTF-8: {}", _0)]
InvalidUtf8Str(#[error(source)] std::str::Utf8Error),
-
- /// The client sent a header with invalid value
- #[error(display = "Invalid header value: {}", _0)]
- InvalidHeader(#[error(source)] hyper::header::ToStrError),
}
impl<T> From<T> for Error
diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs
index b50fb3bb..423aad93 100644
--- a/src/api/signature/payload.rs
+++ b/src/api/signature/payload.rs
@@ -1,8 +1,8 @@
use std::collections::HashMap;
-use chrono::{DateTime, Duration, NaiveDateTime, Utc};
+use chrono::{DateTime, Duration, NaiveDateTime, TimeZone, Utc};
use hmac::Mac;
-use hyper::{Body, Method, Request};
+use hyper::{body::Incoming as IncomingBody, Method, Request};
use sha2::{Digest, Sha256};
use garage_table::*;
@@ -20,7 +20,7 @@ use crate::signature::error::*;
pub async fn check_payload_signature(
garage: &Garage,
service: &'static str,
- request: &Request<Body>,
+ request: &Request<IncomingBody>,
) -> Result<(Option<Key>, Option<Hash>), Error> {
let mut headers = HashMap::new();
for (key, val) in request.headers() {
@@ -316,7 +316,7 @@ fn canonical_query_string(uri: &hyper::Uri) -> String {
pub fn parse_date(date: &str) -> Result<DateTime<Utc>, Error> {
let date: NaiveDateTime =
NaiveDateTime::parse_from_str(date, LONG_DATETIME).ok_or_bad_request("Invalid date")?;
- Ok(DateTime::from_utc(date, Utc))
+ Ok(Utc.from_utc_datetime(&date))
}
pub async fn verify_v4(
diff --git a/src/api/signature/streaming.rs b/src/api/signature/streaming.rs
index c8358c4f..39147ca0 100644
--- a/src/api/signature/streaming.rs
+++ b/src/api/signature/streaming.rs
@@ -1,26 +1,30 @@
use std::pin::Pin;
-use chrono::{DateTime, NaiveDateTime, Utc};
+use chrono::{DateTime, NaiveDateTime, TimeZone, Utc};
use futures::prelude::*;
use futures::task;
use garage_model::key_table::Key;
use hmac::Mac;
-use hyper::body::Bytes;
-use hyper::{Body, Request};
+use http_body_util::StreamBody;
+use hyper::body::{Bytes, Incoming as IncomingBody};
+use hyper::Request;
use garage_util::data::Hash;
use super::{compute_scope, sha256sum, HmacSha256, LONG_DATETIME};
+use crate::helpers::*;
use crate::signature::error::*;
+pub type ReqBody = BoxBody<Error>;
+
pub fn parse_streaming_body(
api_key: &Key,
- req: Request<Body>,
+ req: Request<IncomingBody>,
content_sha256: &mut Option<Hash>,
region: &str,
service: &str,
-) -> Result<Request<Body>, Error> {
+) -> Result<Request<ReqBody>, Error> {
match req.headers().get("x-amz-content-sha256") {
Some(header) if header == "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" => {
let signature = content_sha256
@@ -40,26 +44,22 @@ pub fn parse_streaming_body(
.to_str()?;
let date: NaiveDateTime = NaiveDateTime::parse_from_str(date, LONG_DATETIME)
.ok_or_bad_request("Invalid date")?;
- let date: DateTime<Utc> = DateTime::from_utc(date, Utc);
+ let date: DateTime<Utc> = Utc.from_utc_datetime(&date);
let scope = compute_scope(&date, region, service);
let signing_hmac = crate::signature::signing_hmac(&date, secret_key, region, service)
.ok_or_internal_error("Unable to build signing HMAC")?;
Ok(req.map(move |body| {
- Body::wrap_stream(
- SignedPayloadStream::new(
- body.map_err(Error::from),
- signing_hmac,
- date,
- &scope,
- signature,
- )
- .map_err(Error::from),
- )
+ let stream = body_stream::<_, Error>(body);
+ let signed_payload_stream =
+ SignedPayloadStream::new(stream, signing_hmac, date, &scope, signature)
+ .map(|x| x.map(hyper::body::Frame::data))
+ .map_err(Error::from);
+ ReqBody::new(StreamBody::new(signed_payload_stream))
}))
}
- _ => Ok(req),
+ _ => Ok(req.map(|body| ReqBody::new(http_body_util::BodyExt::map_err(body, Error::from)))),
}
}