From b2c61aa43c08395b0d38fd6def46f369e0366e9b Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 6 Dec 2019 17:44:04 +0300
Subject: [PATCH] Explicitly required SHA256 digest information

---
 gocheese.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gocheese.go b/gocheese.go
index 2ba14d6..655908d 100644
--- a/gocheese.go
+++ b/gocheese.go
@@ -151,6 +151,11 @@ func refreshDir(
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return false
 		}
+		if !strings.HasPrefix(pkgURL.Fragment, SHA256Prefix) {
+			log.Println(r.RemoteAddr, "pypi", filename, "no SHA256 digest provided")
+			http.Error(w, "no SHA256 digest provided", http.StatusBadGateway)
+			return false
+		}
 		digest, err = hex.DecodeString(strings.TrimPrefix(pkgURL.Fragment, SHA256Prefix))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadGateway)
-- 
2.44.0