From 10b983b8e7076b385f28f9c79cae19882b1db951 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sat, 20 Feb 2021 00:13:07 +0100
Subject: Add verification of part numbers in CompleteMultipartUpload (WIP #30)

---
 src/api/signature.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/api/signature.rs')

diff --git a/src/api/signature.rs b/src/api/signature.rs
index 0ee47961..a9876462 100644
--- a/src/api/signature.rs
+++ b/src/api/signature.rs
@@ -6,7 +6,7 @@ use hyper::{Body, Method, Request};
 use sha2::{Digest, Sha256};
 
 use garage_table::*;
-use garage_util::data::Hash;
+use garage_util::data::{hash, Hash};
 
 use garage_model::garage::Garage;
 use garage_model::key_table::*;
@@ -293,3 +293,11 @@ fn canonical_query_string(uri: &hyper::Uri) -> String {
 		"".to_string()
 	}
 }
+
+pub fn verify_signed_content(content_sha256: Option<Hash>, body: &[u8]) -> Result<(), Error> {
+	let expected_sha256 = content_sha256.ok_or_bad_request("Request content hash not signed, aborting.")?;
+	if expected_sha256 != hash(body) {
+		return Err(Error::BadRequest(format!("Request content hash does not match signed hash")));
+	}
+	Ok(())
+}
-- 
cgit v1.2.3