diff options
author | Rutger Broekhoff | 2024-03-30 15:21:30 +0100 |
---|---|---|
committer | Rutger Broekhoff | 2024-03-30 15:21:30 +0100 |
commit | db3dbc6aaa29f9d34514bac14dbcbd9918901205 (patch) | |
tree | 74bb86d137d73fb1ab2cb5761d7fc918c4522b46 /server/src | |
parent | 5e5cde1624b1b4ffd00efa73935c48e547a5a8d3 (diff) | |
download | gitolfs3-db3dbc6aaa29f9d34514bac14dbcbd9918901205.tar.gz gitolfs3-db3dbc6aaa29f9d34514bac14dbcbd9918901205.zip |
cargo fmt
Diffstat (limited to 'server/src')
-rw-r--r-- | server/src/main.rs | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/server/src/main.rs b/server/src/main.rs index e615d19..514be39 100644 --- a/server/src/main.rs +++ b/server/src/main.rs | |||
@@ -789,16 +789,16 @@ fn authorize_batch_unauthenticated( | |||
789 | StatusCode::FORBIDDEN, | 789 | StatusCode::FORBIDDEN, |
790 | "Authentication required to upload", | 790 | "Authentication required to upload", |
791 | )); | 791 | )); |
792 | }, | 792 | } |
793 | common::Operation::Download => { | 793 | common::Operation::Download => { |
794 | // Again, trusted users can see all repos. For untrusted users, we first need to check | 794 | // Again, trusted users can see all repos. For untrusted users, we first need to check |
795 | // whether the repo is public before we authorize. If the user is untrusted and the | 795 | // whether the repo is public before we authorize. If the user is untrusted and the |
796 | // repo isn't public, we just act like it doesn't even exist. | 796 | // repo isn't public, we just act like it doesn't even exist. |
797 | if !trusted { | 797 | if !trusted { |
798 | if !public { | 798 | if !public { |
799 | return Err(REPO_NOT_FOUND) | 799 | return Err(REPO_NOT_FOUND); |
800 | } | 800 | } |
801 | return Ok(Trusted(false)) | 801 | return Ok(Trusted(false)); |
802 | } | 802 | } |
803 | return Ok(Trusted(true)); | 803 | return Ok(Trusted(true)); |
804 | } | 804 | } |
@@ -931,12 +931,13 @@ fn verify_claims( | |||
931 | return Ok(false); | 931 | return Ok(false); |
932 | }; | 932 | }; |
933 | let authz = authz.to_str().map_err(|_| INVALID_AUTHZ_HEADER)?; | 933 | let authz = authz.to_str().map_err(|_| INVALID_AUTHZ_HEADER)?; |
934 | let val = authz.strip_prefix("Gitolfs3-Hmac-Sha256 ").ok_or(INVALID_AUTHZ_HEADER)?; | 934 | let val = authz |
935 | .strip_prefix("Gitolfs3-Hmac-Sha256 ") | ||
936 | .ok_or(INVALID_AUTHZ_HEADER)?; | ||
935 | let (tag, expires_at) = val.split_once(' ').ok_or(INVALID_AUTHZ_HEADER)?; | 937 | let (tag, expires_at) = val.split_once(' ').ok_or(INVALID_AUTHZ_HEADER)?; |
936 | let tag: common::Digest<32> = tag.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; | 938 | let tag: common::Digest<32> = tag.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; |
937 | let expires_at: i64 = expires_at.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; | 939 | let expires_at: i64 = expires_at.parse().map_err(|_| INVALID_AUTHZ_HEADER)?; |
938 | let expires_at = | 940 | let expires_at = DateTime::<Utc>::from_timestamp(expires_at, 0).ok_or(INVALID_AUTHZ_HEADER)?; |
939 | DateTime::<Utc>::from_timestamp(expires_at, 0).ok_or(INVALID_AUTHZ_HEADER)?; | ||
940 | let expected_tag = common::generate_tag( | 941 | let expected_tag = common::generate_tag( |
941 | common::Claims { | 942 | common::Claims { |
942 | specific_claims: claims.specific_claims, | 943 | specific_claims: claims.specific_claims, |
@@ -944,10 +945,8 @@ fn verify_claims( | |||
944 | expires_at, | 945 | expires_at, |
945 | }, | 946 | }, |
946 | &conf.key, | 947 | &conf.key, |
947 | ).ok_or_else(|| make_error_resp( | 948 | ) |
948 | StatusCode::INTERNAL_SERVER_ERROR, | 949 | .ok_or_else(|| make_error_resp(StatusCode::INTERNAL_SERVER_ERROR, "Internal server error"))?; |
949 | "Internal server error", | ||
950 | ))?; | ||
951 | if tag != expected_tag { | 950 | if tag != expected_tag { |
952 | return Err(INVALID_AUTHZ_HEADER); | 951 | return Err(INVALID_AUTHZ_HEADER); |
953 | } | 952 | } |