diff options
Diffstat (limited to 'src/api')
-rw-r--r-- | src/api/s3_put.rs | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/api/s3_put.rs b/src/api/s3_put.rs index 07ab5a03..2ab67884 100644 --- a/src/api/s3_put.rs +++ b/src/api/s3_put.rs @@ -82,6 +82,7 @@ pub async fn handle_put( ) .await?; + // Validate MD5 sum against content-md5 header and sha256sum against signed content-sha256 if let Some(expected_sha256) = content_sha256 { if expected_sha256 != sha256sum { return Err(Error::Message(format!( @@ -351,12 +352,7 @@ pub async fn handle_put_part( ) .await?; - if let Some(expected_md5) = content_md5 { - if expected_md5.trim_matches('"') != md5sum { - return Err(Error::Message(format!("Unable to validate content-md5"))); - } - } - + // Validate MD5 sum against content-md5 header and sha256sum against signed content-sha256 if let Some(expected_sha256) = content_sha256 { if expected_sha256 != sha256sum { return Err(Error::Message(format!( @@ -364,6 +360,11 @@ pub async fn handle_put_part( ))); } } + if let Some(expected_md5) = content_md5 { + if expected_md5.trim_matches('"') != md5sum { + return Err(Error::Message(format!("Unable to validate content-md5"))); + } + } Ok(Response::new(Body::from(vec![]))) } @@ -413,6 +414,8 @@ pub async fn handle_complete_multipart_upload( }; // TODO: check that all the parts that they pretend they gave us are indeed there + // TODO: when we read the XML from _req, remember to check the sha256 sum of the payload + // against the signed x-amz-content-sha256 // TODO: check MD5 sum of all uploaded parts? but that would mean we have to store them somewhere... let total_size = version |