Add option to disable integrity check on upload

cmd/rest-server/main.go

@@ -45,6 +45,8 @@ func init() {
 	flags.StringVar(&server.TLSCert, "tls-cert", server.TLSCert, "TLS certificate path")
 	flags.StringVar(&server.TLSKey, "tls-key", server.TLSKey, "TLS key path")
 	flags.BoolVar(&server.NoAuth, "no-auth", server.NoAuth, "disable .htpasswd authentication")
+	flags.BoolVar(&server.NoVerifyUpload, "no-verify-upload", server.NoVerifyUpload,
+		"do not verify the integrity of uploaded data. DO NOT enable unless the rest-server runs on a very low-power device")
 	flags.BoolVar(&server.AppendOnly, "append-only", server.AppendOnly, "enable append only mode")
 	flags.BoolVar(&server.PrivateRepos, "private-repos", server.PrivateRepos, "users can only access their private repo")
 	flags.BoolVar(&server.Prometheus, "prometheus", server.Prometheus, "enable Prometheus metrics")

handlers.go

@@ -29,6 +29,7 @@ type Server struct {
 	Debug            bool
 	MaxRepoSize      int64
 	PanicOnError     bool
+	NoVerifyUpload   bool
 
 	htpasswdFile *HtpasswdFile
 	quotaManager *quota.Manager
@@ -84,10 +85,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	// Pass the request to the repo.Handler
 	opt := repo.Options{
-		AppendOnly:   s.AppendOnly,
+		AppendOnly:     s.AppendOnly,
-		Debug:        s.Debug,
+		Debug:          s.Debug,
-		QuotaManager: s.quotaManager, // may be nil
+		QuotaManager:   s.quotaManager, // may be nil
-		PanicOnError: s.PanicOnError,
+		PanicOnError:   s.PanicOnError,
+		NoVerifyUpload: s.NoVerifyUpload,
 	}
 	if s.Prometheus {
 		opt.BlobMetricFunc = makeBlobMetricFunc(username, folderPath)

repo/repo.go

@@ -21,10 +21,11 @@ import (
 
 // Options are options for the Handler accepted by New
 type Options struct {
-	AppendOnly bool // if set, delete actions are not allowed
+	AppendOnly     bool // if set, delete actions are not allowed
-	Debug      bool
+	Debug          bool
-	DirMode    os.FileMode
+	DirMode        os.FileMode
-	FileMode   os.FileMode
+	FileMode       os.FileMode
+	NoVerifyUpload bool
 
 	// If set, we will panic when an internal server error happens. This
 	// makes it easier to debug such errors.
@@ -571,13 +572,20 @@ func (h *Handler) saveBlob(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// calculate hash for current request
+	var written int64
-	hasher := sha256.New()
-	written, err := io.Copy(outFile, io.TeeReader(r.Body, hasher))
 
-	// reject if file content doesn't match file name
+	if h.opt.NoVerifyUpload {
-	if err == nil && hex.EncodeToString(hasher.Sum(nil)) != objectID {
+		// just write the file without checking the contents
-		err = fmt.Errorf("file content does not match hash")
+		written, err = io.Copy(outFile, r.Body)
+	} else {
+		// calculate hash for current request
+		hasher := sha256.New()
+		written, err = io.Copy(outFile, io.TeeReader(r.Body, hasher))
+
+		// reject if file content doesn't match file name
+		if err == nil && hex.EncodeToString(hasher.Sum(nil)) != objectID {
+			err = fmt.Errorf("file content does not match hash")
+		}
 	}
 
 	if err != nil {