[fix-presigned] PostObject: verify X-Amz-Algorithm

This commit is contained in:
Alex 2024-02-27 22:59:30 +01:00
parent a8cb8e8a8b
commit 2efa9c5a1a
Signed by: lx
GPG key ID: 0E496D15096376BE

View file

@ -449,6 +449,16 @@ impl Authorization {
} }
pub(crate) fn parse_form(params: &HeaderMap) -> Result<Self, Error> { pub(crate) fn parse_form(params: &HeaderMap) -> Result<Self, Error> {
let algorithm = params
.get(X_AMZ_ALGORITHM)
.ok_or_bad_request("Missing X-Amz-Algorithm header")?
.to_str()?;
if algorithm != AWS4_HMAC_SHA256 {
return Err(Error::bad_request(
"Unsupported authorization method".to_string(),
));
}
let credential = params let credential = params
.get(X_AMZ_CREDENTIAL) .get(X_AMZ_CREDENTIAL)
.ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))? .ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))?