add verifiyServerRequest/change verify to WASM-friendly type
All checks were successful
AWS-Zig Build / build-zig-0.11.0-amd64-host (push) Successful in 8m20s
All checks were successful
AWS-Zig Build / build-zig-0.11.0-amd64-host (push) Successful in 8m20s
This commit is contained in:
parent
ed96e2ff66
commit
825d93720a
|
@ -284,7 +284,23 @@ pub fn freeSignedRequest(allocator: std.mem.Allocator, request: *base.Request, c
|
||||||
}
|
}
|
||||||
|
|
||||||
pub const credentialsFn = *const fn ([]const u8) ?Credentials;
|
pub const credentialsFn = *const fn ([]const u8) ?Credentials;
|
||||||
pub fn verify(allocator: std.mem.Allocator, request: std.http.Server.Request, request_body_reader: anytype, credentials_fn: credentialsFn) !bool {
|
|
||||||
|
pub fn verifyServerRequest(allocator: std.mem.Allocator, request: std.http.Server.Request, request_body_reader: anytype, credentials_fn: credentialsFn) !bool {
|
||||||
|
const unverified_request = UnverifiedRequest{
|
||||||
|
.headers = request.headers,
|
||||||
|
.target = request.target,
|
||||||
|
.method = request.method,
|
||||||
|
};
|
||||||
|
return verify(allocator, unverified_request, request_body_reader, credentials_fn);
|
||||||
|
}
|
||||||
|
|
||||||
|
pub const UnverifiedRequest = struct {
|
||||||
|
headers: std.http.Headers,
|
||||||
|
target: []const u8,
|
||||||
|
method: std.http.Method,
|
||||||
|
};
|
||||||
|
|
||||||
|
pub fn verify(allocator: std.mem.Allocator, request: UnverifiedRequest, request_body_reader: anytype, credentials_fn: credentialsFn) !bool {
|
||||||
// Authorization: AWS4-HMAC-SHA256 Credential=ACCESS/20230908/us-west-2/s3/aws4_request, SignedHeaders=accept;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class, Signature=fcc43ce73a34c9bd1ddf17e8a435f46a859812822f944f9eeb2aabcd64b03523
|
// Authorization: AWS4-HMAC-SHA256 Credential=ACCESS/20230908/us-west-2/s3/aws4_request, SignedHeaders=accept;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class, Signature=fcc43ce73a34c9bd1ddf17e8a435f46a859812822f944f9eeb2aabcd64b03523
|
||||||
const auth_header = request.headers.getFirstValue("Authorization").?;
|
const auth_header = request.headers.getFirstValue("Authorization").?;
|
||||||
if (!std.mem.startsWith(u8, auth_header, "AWS4-HMAC-SHA256")) return error.UnsupportedAuthorizationType;
|
if (!std.mem.startsWith(u8, auth_header, "AWS4-HMAC-SHA256")) return error.UnsupportedAuthorizationType;
|
||||||
|
@ -323,7 +339,7 @@ pub fn verify(allocator: std.mem.Allocator, request: std.http.Server.Request, re
|
||||||
|
|
||||||
fn verifyParsedAuthorization(
|
fn verifyParsedAuthorization(
|
||||||
allocator: std.mem.Allocator,
|
allocator: std.mem.Allocator,
|
||||||
request: std.http.Server.Request,
|
request: UnverifiedRequest,
|
||||||
request_body_reader: anytype,
|
request_body_reader: anytype,
|
||||||
credential: []const u8,
|
credential: []const u8,
|
||||||
signed_headers: []const u8,
|
signed_headers: []const u8,
|
||||||
|
@ -1029,7 +1045,7 @@ test "can sign" {
|
||||||
}
|
}
|
||||||
|
|
||||||
var test_credential: ?Credentials = null;
|
var test_credential: ?Credentials = null;
|
||||||
test "can verify" {
|
test "can verify server request" {
|
||||||
const allocator = std.testing.allocator;
|
const allocator = std.testing.allocator;
|
||||||
|
|
||||||
const access_key = try allocator.dupe(u8, "ACCESS");
|
const access_key = try allocator.dupe(u8, "ACCESS");
|
||||||
|
@ -1064,7 +1080,7 @@ test "can verify" {
|
||||||
};
|
};
|
||||||
|
|
||||||
// std.testing.log_level = .debug;
|
// std.testing.log_level = .debug;
|
||||||
try std.testing.expect(try verify(allocator, request, fis.reader(), struct {
|
try std.testing.expect(try verifyServerRequest(allocator, request, fis.reader(), struct {
|
||||||
cred: Credentials,
|
cred: Credentials,
|
||||||
|
|
||||||
const Self = @This();
|
const Self = @This();
|
||||||
|
|
Loading…
Reference in New Issue
Block a user