Add option to disable integrity check on upload

2025-10-19 07:33:21 +00:00 · 2021-08-09 15:40:50 +02:00 · 2021-08-09 15:40:50 +02:00 · 16889717c6
commit 16889717c6
parent 54adcb1fc7
3 changed files with 26 additions and 14 deletions
--- a/cmd/rest-server/main.go
+++ b/cmd/rest-server/main.go
@ -45,6 +45,8 @@ func init() {
 	flags.StringVar(&server.TLSCert, "tls-cert", server.TLSCert, "TLS certificate path")
 	flags.StringVar(&server.TLSKey, "tls-key", server.TLSKey, "TLS key path")
 	flags.BoolVar(&server.NoAuth, "no-auth", server.NoAuth, "disable .htpasswd authentication")
+	flags.BoolVar(&server.NoVerifyUpload, "no-verify-upload", server.NoVerifyUpload,
+		"do not verify the integrity of uploaded data. DO NOT enable unless the rest-server runs on a very low-power device")
 	flags.BoolVar(&server.AppendOnly, "append-only", server.AppendOnly, "enable append only mode")
 	flags.BoolVar(&server.PrivateRepos, "private-repos", server.PrivateRepos, "users can only access their private repo")
 	flags.BoolVar(&server.Prometheus, "prometheus", server.Prometheus, "enable Prometheus metrics")
--- a/handlers.go
+++ b/handlers.go
@ -29,6 +29,7 @@ type Server struct {
 	Debug            bool
 	MaxRepoSize      int64
 	PanicOnError     bool
+	NoVerifyUpload   bool

 	htpasswdFile *HtpasswdFile
 	quotaManager *quota.Manager
@ -84,10 +85,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {

 	// Pass the request to the repo.Handler
 	opt := repo.Options{
-		AppendOnly:   s.AppendOnly,
-		Debug:        s.Debug,
-		QuotaManager: s.quotaManager, // may be nil
-		PanicOnError: s.PanicOnError,
+		AppendOnly:     s.AppendOnly,
+		Debug:          s.Debug,
+		QuotaManager:   s.quotaManager, // may be nil
+		PanicOnError:   s.PanicOnError,
+		NoVerifyUpload: s.NoVerifyUpload,
 	}
 	if s.Prometheus {
 		opt.BlobMetricFunc = makeBlobMetricFunc(username, folderPath)
--- a/repo/repo.go
+++ b/repo/repo.go
@ -21,10 +21,11 @@ import (

 // Options are options for the Handler accepted by New
 type Options struct {
-	AppendOnly bool // if set, delete actions are not allowed
-	Debug      bool
-	DirMode    os.FileMode
-	FileMode   os.FileMode
+	AppendOnly     bool // if set, delete actions are not allowed
+	Debug          bool
+	DirMode        os.FileMode
+	FileMode       os.FileMode
+	NoVerifyUpload bool

 	// If set, we will panic when an internal server error happens. This
 	// makes it easier to debug such errors.
@ -571,13 +572,20 @@ func (h *Handler) saveBlob(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	// calculate hash for current request
-	hasher := sha256.New()
-	written, err := io.Copy(outFile, io.TeeReader(r.Body, hasher))
+	var written int64

-	// reject if file content doesn't match file name
-	if err == nil && hex.EncodeToString(hasher.Sum(nil)) != objectID {
-		err = fmt.Errorf("file content does not match hash")
+	if h.opt.NoVerifyUpload {
+		// just write the file without checking the contents
+		written, err = io.Copy(outFile, r.Body)
+	} else {
+		// calculate hash for current request
+		hasher := sha256.New()
+		written, err = io.Copy(outFile, io.TeeReader(r.Body, hasher))
+
+		// reject if file content doesn't match file name
+		if err == nil && hex.EncodeToString(hasher.Sum(nil)) != objectID {
+			err = fmt.Errorf("file content does not match hash")
+		}
 	}

 	if err != nil {