Stowage/rest-server
2
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-10-19 07:33:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

Verify uploaded files

Browse source 
Restic uses the sha256 hash to calculate filenames based on the file
content. Check on the rest-server side that the uploaded file is intact
and reject it otherwise.
This commit is contained in:
Michael Eischer 2021-08-09 15:35:13 +02:00 committed by Alexander Neumann
parent 96a6f0a5c4
commit 54adcb1fc7
3 changed files with 66 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

12
repo/repo.go
View file

@ -1,6 +1,8 @@
package repo
import (
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"io"
@ -569,7 +571,15 @@ func (h *Handler) saveBlob(w http.ResponseWriter, r *http.Request) {
return
}
written, err := io.Copy(outFile, r.Body)
// calculate hash for current request
hasher := sha256.New()
written, err := io.Copy(outFile, io.TeeReader(r.Body, hasher))
// reject if file content doesn't match file name
if err == nil && hex.EncodeToString(hasher.Sum(nil)) != objectID {
err = fmt.Errorf("file content does not match hash")
}
if err != nil {
_ = tf.Close()
_ = os.Remove(path)