X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=upload.go;h=a3daa9357e97cc336cf1c02f633b0be5aea3bdff;hb=f077359218864862f94290b582cb09a4a8fa1b9c;hp=0e7db6148aa044f1d525f543c44e16fe1b2ef9cc;hpb=b036ee436eb9bd8889734232a22d3f24be5c9ee2;p=gocheese.git diff --git a/upload.go b/upload.go index 0e7db61..a3daa93 100644 --- a/upload.go +++ b/upload.go @@ -1,7 +1,7 @@ /* GoCheese -- Python private package repository and caching proxy -Copyright (C) 2019 Sergey Matveev - 2019 Elena Balakhonova +Copyright (C) 2019-2021 Sergey Matveev + 2019-2021 Elena Balakhonova This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,8 +29,15 @@ import ( "net/http" "os" "path/filepath" + "regexp" + "strings" + "time" + + "go.cypherpunks.ru/recfile" ) +var NormalizationRe = regexp.MustCompilePOSIX("[-_.]+") + func serveUpload(w http.ResponseWriter, r *http.Request) { // Authentication username, password, ok := r.BasicAuth() @@ -39,7 +46,9 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { http.Error(w, "unauthenticated", http.StatusUnauthorized) return } - auther, ok := passwords[username] + PasswordsM.RLock() + auther, ok := Passwords[username] + PasswordsM.RUnlock() if !ok || !auther.Auth(password) { log.Println(r.RemoteAddr, "unauthenticated", username) http.Error(w, "unauthenticated", http.StatusUnauthorized) @@ -57,17 +66,27 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { http.Error(w, "single name is expected in request", http.StatusBadRequest) return } - pkgName := normalizationRe.ReplaceAllString(pkgNames[0], "-") - dirPath := filepath.Join(*root, pkgName) - var digestExpected []byte - if digestExpectedHex, exists := r.MultipartForm.Value["sha256_digest"]; exists { - digestExpected, err = hex.DecodeString(digestExpectedHex[0]) + pkgName := strings.ToLower(NormalizationRe.ReplaceAllString(pkgNames[0], "-")) + dirPath := filepath.Join(Root, pkgName) + gpgSigsExpected := make(map[string]struct{}) + now := time.Now().UTC() + + var digestSHA256Expected []byte + if digestSHA256ExpectedHex, exists := r.MultipartForm.Value["sha256_digest"]; exists { + digestSHA256Expected, err = hex.DecodeString(digestSHA256ExpectedHex[0]) if err != nil { http.Error(w, "bad sha256_digest: "+err.Error(), http.StatusBadRequest) return } } - gpgSigsExpected := make(map[string]struct{}) + var digestBLAKE2b256Expected []byte + if digestBLAKE2b256ExpectedHex, exists := r.MultipartForm.Value["blake2_256_digest"]; exists { + digestBLAKE2b256Expected, err = hex.DecodeString(digestBLAKE2b256ExpectedHex[0]) + if err != nil { + http.Error(w, "bad blake2_256_digest: "+err.Error(), http.StatusBadRequest) + return + } + } // Checking is it internal package if _, err = os.Stat(filepath.Join(dirPath, InternalFlag)); err != nil { @@ -82,7 +101,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { log.Println(r.RemoteAddr, "put", filename, "by", username) path := filepath.Join(dirPath, filename) if _, err = os.Stat(path); err == nil { - log.Println(r.RemoteAddr, "already exists", filename) + log.Println(r.RemoteAddr, filename, "already exists") http.Error(w, "already exists", http.StatusBadRequest) return } @@ -92,56 +111,85 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { src, err := file.Open() defer src.Close() if err != nil { + log.Println("error", r.RemoteAddr, filename, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } dst, err := TempFile(dirPath) if err != nil { + log.Println("error", r.RemoteAddr, filename, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } dstBuf := bufio.NewWriter(dst) - hasher := sha256.New() - wr := io.MultiWriter(hasher, dst) + hasherSHA256 := sha256.New() + hasherBLAKE2b256 := blake2b256New() + wr := io.MultiWriter(hasherSHA256, hasherBLAKE2b256, dst) if _, err = io.Copy(wr, src); err != nil { + log.Println("error", r.RemoteAddr, filename, err) os.Remove(dst.Name()) dst.Close() http.Error(w, err.Error(), http.StatusInternalServerError) return } if err = dstBuf.Flush(); err != nil { + log.Println("error", r.RemoteAddr, filename, err) os.Remove(dst.Name()) dst.Close() http.Error(w, err.Error(), http.StatusInternalServerError) return } - if err = dst.Sync(); err != nil { - os.Remove(dst.Name()) - dst.Close() - http.Error(w, err.Error(), http.StatusInternalServerError) - return + if !NoSync { + if err = dst.Sync(); err != nil { + log.Println("error", r.RemoteAddr, filename, err) + os.Remove(dst.Name()) + dst.Close() + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } } dst.Close() - digest := hasher.Sum(nil) - if digestExpected != nil { - if bytes.Compare(digestExpected, digest) == 0 { - log.Println(r.RemoteAddr, filename, "good checksum received") + + digestSHA256 := hasherSHA256.Sum(nil) + digestBLAKE2b256 := hasherBLAKE2b256.Sum(nil) + if digestSHA256Expected != nil { + if bytes.Compare(digestSHA256Expected, digestSHA256) == 0 { + log.Println(r.RemoteAddr, filename, "good SHA256 checksum received") + } else { + log.Println(r.RemoteAddr, filename, "bad SHA256 checksum received") + http.Error(w, "bad sha256 checksum", http.StatusBadRequest) + os.Remove(dst.Name()) + return + } + } + if digestBLAKE2b256Expected != nil { + if bytes.Compare(digestBLAKE2b256Expected, digestBLAKE2b256) == 0 { + log.Println(r.RemoteAddr, filename, "good BLAKE2b-256 checksum received") } else { - log.Println(r.RemoteAddr, filename, "bad checksum received") - http.Error(w, "bad checksum", http.StatusBadRequest) + log.Println(r.RemoteAddr, filename, "bad BLAKE2b-256 checksum received") + http.Error(w, "bad blake2_256 checksum", http.StatusBadRequest) os.Remove(dst.Name()) return } } + if err = os.Rename(dst.Name(), path); err != nil { + log.Println("error", r.RemoteAddr, path, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } if err = DirSync(dirPath); err != nil { + log.Println("error", r.RemoteAddr, dirPath, err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + if err = WriteFileSync(dirPath, path+"."+HashAlgoSHA256, digestSHA256, now); err != nil { + log.Println("error", r.RemoteAddr, path+"."+HashAlgoSHA256, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } - if err = WriteFileSync(dirPath, path+"."+HashAlgoSHA256, digest); err != nil { + if err = WriteFileSync(dirPath, path+"."+HashAlgoBLAKE2b256, digestBLAKE2b256, now); err != nil { + log.Println("error", r.RemoteAddr, path+"."+HashAlgoBLAKE2b256, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -149,6 +197,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { for _, file := range r.MultipartForm.File["gpg_signature"] { filename := file.Filename if _, exists := gpgSigsExpected[filename]; !exists { + log.Println(r.RemoteAddr, filename, "unexpected GPG signature filename") http.Error(w, "unexpected GPG signature filename", http.StatusBadRequest) return } @@ -156,24 +205,79 @@ func serveUpload(w http.ResponseWriter, r *http.Request) { log.Println(r.RemoteAddr, "put", filename, "by", username) path := filepath.Join(dirPath, filename) if _, err = os.Stat(path); err == nil { - log.Println(r.RemoteAddr, "already exists", filename) + log.Println(r.RemoteAddr, filename, "already exists") http.Error(w, "already exists", http.StatusBadRequest) return } src, err := file.Open() if err != nil { + log.Println("error", r.RemoteAddr, filename, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } sig, err := ioutil.ReadAll(src) src.Close() if err != nil { + log.Println("error", r.RemoteAddr, filename, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } - if err = WriteFileSync(dirPath, path, sig); err != nil { + if err = WriteFileSync(dirPath, path, sig, now); err != nil { + log.Println("error", r.RemoteAddr, path, err) http.Error(w, err.Error(), http.StatusInternalServerError) return } } + + var buf bytes.Buffer + wr := recfile.NewWriter(&buf) + for _, m := range [][2]string{ + {"name", MetadataFieldName}, + {"version", MetadataFieldVersion}, + {"platform", MetadataFieldPlatform}, + {"supported_platform", MetadataFieldSupportedPlatform}, + {"summary", MetadataFieldSummary}, + {"description", MetadataFieldDescription}, + {"description_content_type", MetadataFieldDescriptionContentType}, + {"keywords", MetadataFieldKeywords}, + {"home_page", MetadataFieldHomePage}, + {"author", MetadataFieldAuthor}, + {"author_email", MetadataFieldAuthorEmail}, + {"maintainer", MetadataFieldMaintainer}, + {"maintainer_email", MetadataFieldMaintainerEmail}, + {"license", MetadataFieldLicense}, + {"classifiers", MetadataFieldClassifier}, + {"requires_dist", MetadataFieldRequiresDist}, + {"requires_python", MetadataFieldRequiresPython}, + {"requires_external", MetadataFieldRequiresExternal}, + {"project_url", MetadataFieldProjectURL}, + {"provides_extra", MetadataFieldProvidesExtra}, + } { + formField, recField := m[0], m[1] + if vs, exists := r.MultipartForm.Value[formField]; exists { + for _, v := range vs { + lines := strings.Split(v, "\n") + if len(lines) > 1 { + _, err = wr.WriteFieldMultiline( + metadataFieldToRecField(recField), + lines, + ) + } else { + _, err = wr.WriteFields(recfile.Field{ + Name: metadataFieldToRecField(recField), + Value: lines[0], + }) + } + if err != nil { + log.Fatalln(err) + } + } + } + } + path := filepath.Join(dirPath, MetadataFile) + if err = WriteFileSync(dirPath, path, buf.Bytes(), now); err != nil { + log.Println("error", r.RemoteAddr, path, err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } }