KokaKiwi/garage
1
0
Fork 0
forked from Deuxfleurs/garage
Code Issues Pull requests Projects Releases Wiki Activity

[fix-presigned] PostObject: verify X-Amz-Algorithm

Browse source
This commit is contained in:
Alex 2024-02-27 22:59:30 +01:00
parent a8cb8e8a8b
commit 2efa9c5a1a
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/api/signature/payload.rs
View file

@ -449,6 +449,16 @@ impl Authorization {
} }
pub(crate) fn parse_form(params: &HeaderMap) -> Result<Self, Error> { pub(crate) fn parse_form(params: &HeaderMap) -> Result<Self, Error> {
let algorithm = params
.get(X_AMZ_ALGORITHM)
.ok_or_bad_request("Missing X-Amz-Algorithm header")?
.to_str()?;
if algorithm != AWS4_HMAC_SHA256 {
return Err(Error::bad_request(
"Unsupported authorization method".to_string(),
));
}
let credential = params let credential = params
.get(X_AMZ_CREDENTIAL) .get(X_AMZ_CREDENTIAL)
.ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))? .ok_or_else(|| Error::forbidden("Garage does not support anonymous access yet"))?