diff options
Diffstat (limited to 'rs/server')
| -rw-r--r-- | rs/server/src/main.rs | 45 |
1 files changed, 30 insertions, 15 deletions
diff --git a/rs/server/src/main.rs b/rs/server/src/main.rs index a8c6aa5..bdf38ef 100644 --- a/rs/server/src/main.rs +++ b/rs/server/src/main.rs | |||
| @@ -279,7 +279,7 @@ struct BatchRequest { | |||
| 279 | hash_algo: HashAlgo, | 279 | hash_algo: HashAlgo, |
| 280 | } | 280 | } |
| 281 | 281 | ||
| 282 | #[derive(Clone)] | 282 | #[derive(Debug, Clone)] |
| 283 | struct GitLfsJson<T>(Json<T>); | 283 | struct GitLfsJson<T>(Json<T>); |
| 284 | 284 | ||
| 285 | const LFS_MIME: &str = "application/vnd.git-lfs+json"; | 285 | const LFS_MIME: &str = "application/vnd.git-lfs+json"; |
| @@ -306,18 +306,6 @@ fn is_git_lfs_json_mimetype(mimetype: &str) -> bool { | |||
| 306 | let Ok(mime) = mimetype.parse::<mime::Mime>() else { | 306 | let Ok(mime) = mimetype.parse::<mime::Mime>() else { |
| 307 | return false; | 307 | return false; |
| 308 | }; | 308 | }; |
| 309 | println!( | ||
| 310 | "MIME type: {:?}; type: {}, subtype: {}, suffix: {}, charset: {}", | ||
| 311 | mime, | ||
| 312 | mime.type_(), | ||
| 313 | mime.subtype(), | ||
| 314 | mime.suffix() | ||
| 315 | .map(|name| name.to_string()) | ||
| 316 | .unwrap_or("<no suffix>".to_string()), | ||
| 317 | mime.get_param(mime::CHARSET) | ||
| 318 | .map(|name| name.to_string()) | ||
| 319 | .unwrap_or("<no charset>".to_string()) | ||
| 320 | ); | ||
| 321 | if mime.type_() != mime::APPLICATION | 309 | if mime.type_() != mime::APPLICATION |
| 322 | || mime.subtype() != "vnd.git-lfs" | 310 | || mime.subtype() != "vnd.git-lfs" |
| 323 | || mime.suffix() != Some(mime::JSON) | 311 | || mime.suffix() != Some(mime::JSON) |
| @@ -371,7 +359,7 @@ impl<T: Serialize> IntoResponse for GitLfsJson<T> { | |||
| 371 | } | 359 | } |
| 372 | } | 360 | } |
| 373 | 361 | ||
| 374 | #[derive(Serialize)] | 362 | #[derive(Debug, Serialize)] |
| 375 | struct GitLfsErrorData<'a> { | 363 | struct GitLfsErrorData<'a> { |
| 376 | message: &'a str, | 364 | message: &'a str, |
| 377 | } | 365 | } |
| @@ -841,7 +829,6 @@ pub struct VerifyClaimsInput<'a> { | |||
| 841 | pub repo_path: &'a str, | 829 | pub repo_path: &'a str, |
| 842 | } | 830 | } |
| 843 | 831 | ||
| 844 | // Note: expires_at is ignored. | ||
| 845 | fn verify_claims( | 832 | fn verify_claims( |
| 846 | conf: &AuthorizationConfig, | 833 | conf: &AuthorizationConfig, |
| 847 | claims: &VerifyClaimsInput, | 834 | claims: &VerifyClaimsInput, |
| @@ -992,3 +979,31 @@ fn test_deserialize() { | |||
| 992 | expected | 979 | expected |
| 993 | ); | 980 | ); |
| 994 | } | 981 | } |
| 982 | |||
| 983 | #[test] | ||
| 984 | fn test_validate_claims() { | ||
| 985 | let key = "00232f7a019bd34e3921ee6c5f04caf48a4489d1be5d1999038950a7054e0bfea369ce2becc0f13fd3c69f8af2384a25b7ac2d52eb52c33722f3c00c50d4c9c2"; | ||
| 986 | let key: common::Key = key.parse().unwrap(); | ||
| 987 | |||
| 988 | let expires_at = Utc::now() + std::time::Duration::from_secs(5 * 60); | ||
| 989 | let claims = common::Claims { | ||
| 990 | expires_at, | ||
| 991 | repo_path: "lfs-test.git", | ||
| 992 | specific_claims: common::SpecificClaims::BatchApi(common::Operation::Download), | ||
| 993 | }; | ||
| 994 | let tag = common::generate_tag(claims, &key).unwrap(); | ||
| 995 | let header_value = format!("Gitolfs3-Hmac-Sha256 {tag} {}", expires_at.timestamp()); | ||
| 996 | |||
| 997 | let conf = AuthorizationConfig { | ||
| 998 | key, | ||
| 999 | trusted_forwarded_hosts: HashSet::new(), | ||
| 1000 | }; | ||
| 1001 | let claims = VerifyClaimsInput { | ||
| 1002 | repo_path: "lfs-test.git", | ||
| 1003 | specific_claims: common::SpecificClaims::BatchApi(common::Operation::Download), | ||
| 1004 | }; | ||
| 1005 | let mut headers = HeaderMap::new(); | ||
| 1006 | headers.insert(header::AUTHORIZATION, header_value.try_into().unwrap()); | ||
| 1007 | |||
| 1008 | assert!(verify_claims(&conf, &claims, &headers).unwrap()); | ||
| 1009 | } | ||