Write claim validation test

2 files changed, 42 insertions, 19 deletions

diff --git a/rs/common/src/lib.rs b/rs/common/src/lib.rs
index 27205bd..89c3286 100644
--- a/rs/common/src/lib.rs
+++ b/rs/common/src/lib.rs
@@ -136,9 +136,9 @@ fn parse_hex_exact(value: &str, buf: &mut [u8]) -> Result<(), ParseHexError> {
     for (i, c) in value.bytes().enumerate() {
         if let Some(b) = decode_nibble(c) {
             if i % 2 == 0 {
-                buf[i / 2] |= b;
+                buf[i / 2] |= b << 4;
             } else {
-                buf[i / 2] = b << 4;
+                buf[i / 2] |= b;
             }
         } else {
             return Err(ParseHexError::InvalidCharacter);
@@ -236,8 +236,16 @@ impl<B: AsRef<[u8]>> fmt::Display for HexFmt<B> {
         let HexFmt(buf) = self;
         for b in buf.as_ref() {
             let (high, low) = (b >> 4, b & 0xF);
-            let highc = if high < 10 { b'0' + high } else { b'a' + high };
-            let lowc = if low < 10 { b'0' + low } else { b'a' + low };
+            let highc = if high < 10 {
+                high + b'0'
+            } else {
+                high - 10 + b'a'
+            };
+            let lowc = if low < 10 {
+                low + b'0'
+            } else {
+                low - 10 + b'a'
+            };
             f.write_char(highc as char)?;
             f.write_char(lowc as char)?;
         }
diff --git a/rs/server/src/main.rs b/rs/server/src/main.rs
index a8c6aa5..bdf38ef 100644
--- a/rs/server/src/main.rs
+++ b/rs/server/src/main.rs
@@ -279,7 +279,7 @@ struct BatchRequest {
     hash_algo: HashAlgo,
 }
 
-#[derive(Clone)]
+#[derive(Debug, Clone)]
 struct GitLfsJson<T>(Json<T>);
 
 const LFS_MIME: &str = "application/vnd.git-lfs+json";
@@ -306,18 +306,6 @@ fn is_git_lfs_json_mimetype(mimetype: &str) -> bool {
     let Ok(mime) = mimetype.parse::<mime::Mime>() else {
         return false;
     };
-    println!(
-        "MIME type: {:?}; type: {}, subtype: {}, suffix: {}, charset: {}",
-        mime,
-        mime.type_(),
-        mime.subtype(),
-        mime.suffix()
-            .map(|name| name.to_string())
-            .unwrap_or("<no suffix>".to_string()),
-        mime.get_param(mime::CHARSET)
-            .map(|name| name.to_string())
-            .unwrap_or("<no charset>".to_string())
-    );
     if mime.type_() != mime::APPLICATION
         || mime.subtype() != "vnd.git-lfs"
         || mime.suffix() != Some(mime::JSON)
@@ -371,7 +359,7 @@ impl<T: Serialize> IntoResponse for GitLfsJson<T> {
     }
 }
 
-#[derive(Serialize)]
+#[derive(Debug, Serialize)]
 struct GitLfsErrorData<'a> {
     message: &'a str,
 }
@@ -841,7 +829,6 @@ pub struct VerifyClaimsInput<'a> {
     pub repo_path: &'a str,
 }
 
-// Note: expires_at is ignored.
 fn verify_claims(
     conf: &AuthorizationConfig,
     claims: &VerifyClaimsInput,
@@ -992,3 +979,31 @@ fn test_deserialize() {
         expected
     );
 }
+
+#[test]
+fn test_validate_claims() {
+    let key = "00232f7a019bd34e3921ee6c5f04caf48a4489d1be5d1999038950a7054e0bfea369ce2becc0f13fd3c69f8af2384a25b7ac2d52eb52c33722f3c00c50d4c9c2";
+    let key: common::Key = key.parse().unwrap();
+
+    let expires_at = Utc::now() + std::time::Duration::from_secs(5 * 60);
+    let claims = common::Claims {
+        expires_at,
+        repo_path: "lfs-test.git",
+        specific_claims: common::SpecificClaims::BatchApi(common::Operation::Download),
+    };
+    let tag = common::generate_tag(claims, &key).unwrap();
+    let header_value = format!("Gitolfs3-Hmac-Sha256 {tag} {}", expires_at.timestamp());
+
+    let conf = AuthorizationConfig {
+        key,
+        trusted_forwarded_hosts: HashSet::new(),
+    };
+    let claims = VerifyClaimsInput {
+        repo_path: "lfs-test.git",
+        specific_claims: common::SpecificClaims::BatchApi(common::Operation::Download),
+    };
+    let mut headers = HeaderMap::new();
+    headers.insert(header::AUTHORIZATION, header_value.try_into().unwrap());
+
+    assert!(verify_claims(&conf, &claims, &headers).unwrap());
+}