X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=upload.go;h=c05370569a384634c8517e46ed0e1357534b1055;hb=d4dc050f024708f91e1c9ebb63595a86efda24f9;hp=a72d779257dcc5333465b3cb00c2524e34c1eb89;hpb=60834a0713d5dcc6a9911511cb8618ce7358c824;p=gocheese.git

diff --git a/upload.go b/upload.go
index a72d779..c053705 100644
--- a/upload.go
+++ b/upload.go
@@ -1,20 +1,18 @@
-/*
-GoCheese -- Python private package repository and caching proxy
-Copyright (C) 2019-2021 Sergey Matveev <stargrave@stargrave.org>
-              2019-2021 Elena Balakhonova <balakhonova_e@riseup.net>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
+// GoCheese -- Python private package repository and caching proxy
+// Copyright (C) 2019-2024 Sergey Matveev <stargrave@stargrave.org>
+//               2019-2024 Elena Balakhonova <balakhonova_e@riseup.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package main
 
@@ -24,7 +22,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -67,17 +64,25 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	pkgName := strings.ToLower(NormalizationRe.ReplaceAllString(pkgNames[0], "-"))
-	dirPath := filepath.Join(*Root, pkgName)
-	var digestExpected []byte
-	if digestExpectedHex, exists := r.MultipartForm.Value["sha256_digest"]; exists {
-		digestExpected, err = hex.DecodeString(digestExpectedHex[0])
+	dirPath := filepath.Join(Root, pkgName)
+	now := time.Now().UTC()
+
+	var digestSHA256Expected []byte
+	if digestSHA256ExpectedHex, exists := r.MultipartForm.Value["sha256_digest"]; exists {
+		digestSHA256Expected, err = hex.DecodeString(digestSHA256ExpectedHex[0])
 		if err != nil {
 			http.Error(w, "bad sha256_digest: "+err.Error(), http.StatusBadRequest)
 			return
 		}
 	}
-	gpgSigsExpected := make(map[string]struct{})
-	now := time.Now().UTC()
+	var digestBLAKE2b256Expected []byte
+	if digestBLAKE2b256ExpectedHex, exists := r.MultipartForm.Value["blake2_256_digest"]; exists {
+		digestBLAKE2b256Expected, err = hex.DecodeString(digestBLAKE2b256ExpectedHex[0])
+		if err != nil {
+			http.Error(w, "bad blake2_256_digest: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+	}
 
 	// Checking is it internal package
 	if _, err = os.Stat(filepath.Join(dirPath, InternalFlag)); err != nil {
@@ -88,7 +93,6 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 
 	for _, file := range r.MultipartForm.File["content"] {
 		filename := file.Filename
-		gpgSigsExpected[filename+GPGSigExt] = struct{}{}
 		log.Println(r.RemoteAddr, "put", filename, "by", username)
 		path := filepath.Join(dirPath, filename)
 		if _, err = os.Stat(path); err == nil {
@@ -100,12 +104,12 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		src, err := file.Open()
-		defer src.Close()
 		if err != nil {
 			log.Println("error", r.RemoteAddr, filename, err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
+		defer src.Close()
 		dst, err := TempFile(dirPath)
 		if err != nil {
 			log.Println("error", r.RemoteAddr, filename, err)
@@ -113,8 +117,9 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		dstBuf := bufio.NewWriter(dst)
-		hasher := sha256.New()
-		wr := io.MultiWriter(hasher, dst)
+		hasherSHA256 := sha256.New()
+		hasherBLAKE2b256 := blake2b256New()
+		wr := io.MultiWriter(hasherSHA256, hasherBLAKE2b256, dst)
 		if _, err = io.Copy(wr, src); err != nil {
 			log.Println("error", r.RemoteAddr, filename, err)
 			os.Remove(dst.Name())
@@ -139,17 +144,30 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 			}
 		}
 		dst.Close()
-		digest := hasher.Sum(nil)
-		if digestExpected != nil {
-			if bytes.Compare(digestExpected, digest) == 0 {
-				log.Println(r.RemoteAddr, filename, "good checksum received")
+
+		digestSHA256 := hasherSHA256.Sum(nil)
+		digestBLAKE2b256 := hasherBLAKE2b256.Sum(nil)
+		if digestSHA256Expected != nil {
+			if bytes.Equal(digestSHA256Expected, digestSHA256) {
+				log.Println(r.RemoteAddr, filename, "good SHA256 checksum received")
+			} else {
+				log.Println(r.RemoteAddr, filename, "bad SHA256 checksum received")
+				http.Error(w, "bad sha256 checksum", http.StatusBadRequest)
+				os.Remove(dst.Name())
+				return
+			}
+		}
+		if digestBLAKE2b256Expected != nil {
+			if bytes.Equal(digestBLAKE2b256Expected, digestBLAKE2b256) {
+				log.Println(r.RemoteAddr, filename, "good BLAKE2b-256 checksum received")
 			} else {
-				log.Println(r.RemoteAddr, filename, "bad checksum received")
-				http.Error(w, "bad checksum", http.StatusBadRequest)
+				log.Println(r.RemoteAddr, filename, "bad BLAKE2b-256 checksum received")
+				http.Error(w, "bad blake2b_256 checksum", http.StatusBadRequest)
 				os.Remove(dst.Name())
 				return
 			}
 		}
+
 		if err = os.Rename(dst.Name(), path); err != nil {
 			log.Println("error", r.RemoteAddr, path, err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -160,42 +178,13 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		if err = WriteFileSync(dirPath, path+"."+HashAlgoSHA256, digest, now); err != nil {
+		if err = WriteFileSync(dirPath, path+"."+HashAlgoSHA256, digestSHA256, now); err != nil {
 			log.Println("error", r.RemoteAddr, path+"."+HashAlgoSHA256, err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-	}
-	for _, file := range r.MultipartForm.File["gpg_signature"] {
-		filename := file.Filename
-		if _, exists := gpgSigsExpected[filename]; !exists {
-			log.Println(r.RemoteAddr, filename, "unexpected GPG signature filename")
-			http.Error(w, "unexpected GPG signature filename", http.StatusBadRequest)
-			return
-		}
-		delete(gpgSigsExpected, filename)
-		log.Println(r.RemoteAddr, "put", filename, "by", username)
-		path := filepath.Join(dirPath, filename)
-		if _, err = os.Stat(path); err == nil {
-			log.Println(r.RemoteAddr, filename, "already exists")
-			http.Error(w, "already exists", http.StatusBadRequest)
-			return
-		}
-		src, err := file.Open()
-		if err != nil {
-			log.Println("error", r.RemoteAddr, filename, err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		sig, err := ioutil.ReadAll(src)
-		src.Close()
-		if err != nil {
-			log.Println("error", r.RemoteAddr, filename, err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		if err = WriteFileSync(dirPath, path, sig, now); err != nil {
-			log.Println("error", r.RemoteAddr, path, err)
+		if err = WriteFileSync(dirPath, path+"."+HashAlgoBLAKE2b256, digestBLAKE2b256, now); err != nil {
+			log.Println("error", r.RemoteAddr, path+"."+HashAlgoBLAKE2b256, err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
@@ -203,49 +192,26 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 
 	var buf bytes.Buffer
 	wr := recfile.NewWriter(&buf)
-	for formField, recField := range map[string]string{
-		"name":                     MetadataFieldName,
-		"version":                  MetadataFieldVersion,
-		"platform":                 MetadataFieldPlatform,
-		"supported_platform":       MetadataFieldSupportedPlatform,
-		"summary":                  MetadataFieldSummary,
-		"description":              MetadataFieldDescription,
-		"description_content_type": MetadataFieldDescriptionContentType,
-		"keywords":                 MetadataFieldKeywords,
-		"home_page":                MetadataFieldHomePage,
-		"author":                   MetadataFieldAuthor,
-		"author_email":             MetadataFieldAuthorEmail,
-		"maintainer":               MetadataFieldMaintainer,
-		"maintainer_email":         MetadataFieldMaintainerEmail,
-		"license":                  MetadataFieldLicense,
-		"classifiers":              MetadataFieldClassifier,
-		"requires_dist":            MetadataFieldRequiresDist,
-		"requires_python":          MetadataFieldRequiresPython,
-		"requires_external":        MetadataFieldRequiresExternal,
-		"project_url":              MetadataFieldProjectURL,
-		"provides_extra":           MetadataFieldProvidesExtra,
-	} {
+	for _, m := range MDFormToRecField {
+		formField, recField := m[0], m[1]
 		if vs, exists := r.MultipartForm.Value[formField]; exists {
 			for _, v := range vs {
 				lines := strings.Split(v, "\n")
 				if len(lines) > 1 {
-					_, err = wr.WriteFieldMultiline(
-						metadataFieldToRecField(recField),
-						lines,
-					)
+					_, err = wr.WriteFieldMultiline(recField, lines)
 				} else {
 					_, err = wr.WriteFields(recfile.Field{
-						Name:  metadataFieldToRecField(recField),
+						Name:  recField,
 						Value: lines[0],
 					})
 				}
 				if err != nil {
-					log.Fatalln(err)
+					log.Fatal(err)
 				}
 			}
 		}
 	}
-	path := filepath.Join(dirPath, MetadataFile)
+	path := filepath.Join(dirPath, MDFile)
 	if err = WriteFileSync(dirPath, path, buf.Bytes(), now); err != nil {
 		log.Println("error", r.RemoteAddr, path, err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)