]> Cypherpunks.ru repositories - gocheese.git/commitdiff
projects / gocheese.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4284b75)
Explicitly check stored digest
authorSergey Matveev <stargrave@stargrave.org>
Mon, 27 Sep 2021 20:01:39 +0000 (23:01 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Mon, 27 Sep 2021 20:01:39 +0000 (23:01 +0300)
main.go patch | blob | history
refresh.go patch | blob | history

diff --git a/main.go b/main.go
index 83bde1b64f43ed8cfc7cc5c2a34849e45e6b19fc..772d3bf08681beade12b3065d65dce3fba993b67 100644 (file)
--- a/main.go
+++ b/main.go
@@ -44,7 +44,7 @@ import (
 )
 
 const (
 )
 
 const (
-       Version   = "3.1.0"
+       Version   = "3.2.0"
        UserAgent = "GoCheese/" + Version
 )
 
        UserAgent = "GoCheese/" + Version
 )
 
diff --git a/refresh.go b/refresh.go
index 59c8ceb9f5dd7c2b6288e27eb1d1cc0c9f6574e9..0138e7ddfbf6f93e29e13f318ee025064ac6b640 100644 (file)
--- a/refresh.go
+++ b/refresh.go
@@ -25,6 +25,7 @@ import (
        "crypto/sha512"
        "encoding/hex"
        "encoding/json"
        "crypto/sha512"
        "encoding/hex"
        "encoding/json"
+       "errors"
        "hash"
        "io"
        "io/ioutil"
        "hash"
        "io"
        "io/ioutil"
@@ -427,6 +428,15 @@ func refreshDir(
                                http.Error(w, "digest mismatch", http.StatusBadGateway)
                                return false
                        }
                                http.Error(w, "digest mismatch", http.StatusBadGateway)
                                return false
                        }
+                       if digestStored, err := ioutil.ReadFile(path + "." + hashAlgo); err == nil &&
+                               bytes.Compare(digest, digestStored) != 0 {
+                               err = errors.New("stored digest mismatch")
+                               log.Println("error", r.RemoteAddr, "pypi", filename, err)
+                               os.Remove(dst.Name())
+                               dst.Close()
+                               http.Error(w, err.Error(), http.StatusInternalServerError)
+                               return false
+                       }
                        if !NoSync {
                                if err = dst.Sync(); err != nil {
                                        os.Remove(dst.Name())
                        if !NoSync {
                                if err = dst.Sync(); err != nil {
                                        os.Remove(dst.Name())
Python private package repository and caching proxy