From bec87757a37c13ad666b69ecbdee89e93efcee23 Mon Sep 17 00:00:00 2001 From: Ben McClelland Date: Tue, 6 Jun 2023 07:25:59 -0700 Subject: [PATCH] verify payload md5 when Content-Md5 set --- s3api/middlewares/md5.go | 43 ++++++++++++++++++++++++++++++++++++++++ s3api/server.go | 1 + 2 files changed, 44 insertions(+) create mode 100644 s3api/middlewares/md5.go diff --git a/s3api/middlewares/md5.go b/s3api/middlewares/md5.go new file mode 100644 index 00000000..33bdcdf7 --- /dev/null +++ b/s3api/middlewares/md5.go @@ -0,0 +1,43 @@ +// Copyright 2023 Versity Software +// This file is licensed under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package middlewares + +import ( + "crypto/md5" + "encoding/base64" + + "github.com/gofiber/fiber/v2" + "github.com/versity/versitygw/s3api/controllers" + "github.com/versity/versitygw/s3err" +) + +func VerifyMD5Body() fiber.Handler { + return func(ctx *fiber.Ctx) error { + incomingSum := ctx.Get("Content-Md5") + if incomingSum == "" { + return ctx.Next() + } + + sum := md5.Sum(ctx.Body()) + calculatedSum := base64.StdEncoding.EncodeToString(sum[:]) + + if incomingSum != calculatedSum { + return controllers.Responce[any](ctx, nil, s3err.GetAPIError(s3err.ErrInvalidDigest)) + } + + return ctx.Next() + + } +} diff --git a/s3api/server.go b/s3api/server.go index 75a278b6..adfcc791 100644 --- a/s3api/server.go +++ b/s3api/server.go @@ -46,6 +46,7 @@ func New(app *fiber.App, be backend.Backend, port string, adminUser middlewares. app.Use(middlewares.VerifyV4Signature(adminUser, iam)) app.Use(logger.New()) + app.Use(middlewares.VerifyMD5Body()) server.router.Init(app, be) return server, nil }