diff options
| author | Rutger Broekhoff | 2024-03-30 15:21:30 +0100 |
|---|---|---|
| committer | Rutger Broekhoff | 2024-03-30 15:21:30 +0100 |
| commit | db3dbc6aaa29f9d34514bac14dbcbd9918901205 (patch) | |
| tree | 74bb86d137d73fb1ab2cb5761d7fc918c4522b46 | |
| parent | 5e5cde1624b1b4ffd00efa73935c48e547a5a8d3 (diff) | |
| download | gitolfs3-db3dbc6aaa29f9d34514bac14dbcbd9918901205.tar.gz gitolfs3-db3dbc6aaa29f9d34514bac14dbcbd9918901205.zip | |
cargo fmt
| -rw-r--r-- | server/src/main.rs | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/server/src/main.rs b/server/src/main.rs index e615d19..514be39 100644 --- a/server/src/main.rs +++ b/server/src/main.rs | |||
| @@ -789,16 +789,16 @@ fn authorize_batch_unauthenticated( | |||
| 789 | StatusCode::FORBIDDEN, | 789 | StatusCode::FORBIDDEN, |
| 790 | "Authentication required to upload", | 790 | "Authentication required to upload", |
| 791 | )); | 791 | )); |
| 792 | }, | 792 | } |
| 793 | common::Operation::Download => { | 793 | common::Operation::Download => { |
| 794 | // Again, trusted users can see all repos. For untrusted users, we first need to check | 794 | // Again, trusted users can see all repos. For untrusted users, we first need to check |
| 795 | // whether the repo is public before we authorize. If the user is untrusted and the | 795 | // whether the repo is public before we authorize. If the user is untrusted and the |
| 796 | // repo isn't public, we just act like it doesn't even exist. | 796 | // repo isn't public, we just act like it doesn't even exist. |
| 797 | if !trusted { | 797 | if !trusted { |
| 798 | if !public { | 798 | if !public { |
| 799 | return Err(REPO_NOT_FOUND) | 799 | return Err(REPO_NOT_FOUND); |
| 800 | } | 800 | } |
| 801 | return Ok(Trusted(false)) | 801 | return Ok(Trusted(false)); |
| 802 | } | 802 | } |
| 803 | return Ok(Trusted(true)); | 803 | return Ok(Trusted(true)); |
| 804 | } | 804 | } |
| @@ -931,12 +931,13 @@ fn verify_claims( | |||
| 931 | return Ok(false); | 931 | return Ok(false); |
| 932 | }; | 932 | }; |
| 933 | let authz = authz.to_str().map_err(|_| INVALID_AUTHZ_HEADER)?; | 933 | let authz = authz.to_str().map_err(|_| INVALID_AUTHZ_HEADER)?; |
| 934 | let val = authz.strip_prefix("Gitolfs3-Hmac-Sha256 ").ok_or(INVALID_AUTHZ_HEADER)?; | 934 | let val = authz |
| 935 | .strip_prefix("Gitolfs3-Hmac-Sha256 ") | ||
| 936 | .ok_or(INVALID_AUTHZ_HEADER)?; | ||
| 935 | let (tag, expires_at) = val.split_once(' ').ok_or(INVALID_AUTHZ_HEADER)?; | 937 | let (tag, expires_at) = val.split_once(' ').ok_or(INVALID_AUTHZ_HEADER)?; |
| 936 | let tag: common::Digest<32> = tag.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; | 938 | let tag: common::Digest<32> = tag.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; |
| 937 | let expires_at: i64 = expires_at.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; | 939 | let expires_at: i64 = expires_at.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; |
| 938 | let expires_at = | 940 | let expires_at = DateTime::<Utc>::from_timestamp(expires_at, 0).ok_or(INVALID_AUTHZ_HEADER)?; |
| 939 | DateTime::<Utc>::from_timestamp(expires_at, 0).ok_or(INVALID_AUTHZ_HEADER)?; | ||
| 940 | let expected_tag = common::generate_tag( | 941 | let expected_tag = common::generate_tag( |
| 941 | common::Claims { | 942 | common::Claims { |
| 942 | specific_claims: claims.specific_claims, | 943 | specific_claims: claims.specific_claims, |
| @@ -944,10 +945,8 @@ fn verify_claims( | |||
| 944 | expires_at, | 945 | expires_at, |
| 945 | }, | 946 | }, |
| 946 | &conf.key, | 947 | &conf.key, |
| 947 | ).ok_or_else(|| make_error_resp( | 948 | ) |
| 948 | StatusCode::INTERNAL_SERVER_ERROR, | 949 | .ok_or_else(|| make_error_resp(StatusCode::INTERNAL_SERVER_ERROR, "Internal server error"))?; |
| 949 | "Internal server error", | ||
| 950 | ))?; | ||
| 951 | if tag != expected_tag { | 950 | if tag != expected_tag { |
| 952 | return Err(INVALID_AUTHZ_HEADER); | 951 | return Err(INVALID_AUTHZ_HEADER); |
| 953 | } | 952 | } |