From 83bdac1e3b2f350690add33a09a7727918bf850a Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 17 Jan 2019 12:43:29 +0100 Subject: [PATCH] api3/admin/datastore/upload_catar.rs: verify content type ("application/x-proxmox-backup-catar") --- src/api/router.rs | 3 ++- src/api3/admin/datastore/upload_catar.rs | 14 ++++++++++++-- src/bin/proxmox-backup-client.rs | 2 +- src/client/http_client.rs | 3 ++- src/server/rest.rs | 2 +- 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/api/router.rs b/src/api/router.rs index bdcc0295..67b8c483 100644 --- a/src/api/router.rs +++ b/src/api/router.rs @@ -7,12 +7,13 @@ use std::sync::Arc; use hyper::{Body, Response}; use hyper::rt::Future; +use hyper::http::request::Parts; pub type BoxFut = Box, Error = failure::Error> + Send>; type ApiHandlerFn = fn(Value, &ApiMethod) -> Result; -type ApiUploadHandlerFn = fn(hyper::Body, Value, &ApiUploadMethod) -> Result; +type ApiUploadHandlerFn = fn(Parts, Body, Value, &ApiUploadMethod) -> Result; pub struct ApiMethod { pub parameters: ObjectSchema, diff --git a/src/api3/admin/datastore/upload_catar.rs b/src/api3/admin/datastore/upload_catar.rs index c87b4c57..48661acc 100644 --- a/src/api3/admin/datastore/upload_catar.rs +++ b/src/api3/admin/datastore/upload_catar.rs @@ -12,8 +12,11 @@ use std::io::Write; use futures::*; use std::path::PathBuf; +use hyper::Body; +use hyper::http::request::Parts; + pub struct UploadCaTar { - stream: hyper::Body, + stream: Body, index: ArchiveIndexWriter, count: usize, } @@ -40,13 +43,20 @@ impl Future for UploadCaTar { } } -fn upload_catar(req_body: hyper::Body, param: Value, _info: &ApiUploadMethod) -> Result { +fn upload_catar(parts: Parts, req_body: Body, param: Value, _info: &ApiUploadMethod) -> Result { let store = tools::required_string_param(¶m, "name")?; let archive_name = tools::required_string_param(¶m, "archive_name")?; println!("Upload {}.catar to {} ({}.aidx)", archive_name, store, archive_name); + let content_type = parts.headers.get(http::header::CONTENT_TYPE) + .ok_or(format_err!("missing content-type header"))?; + + if content_type != "application/x-proxmox-backup-catar" { + bail!("got wrong content-type for catar archive upload"); + } + let chunk_size = 4*1024*1024; let datastore = DataStore::lookup_datastore(store)?; diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs index f75f1e25..f2773370 100644 --- a/src/bin/proxmox-backup-client.rs +++ b/src/bin/proxmox-backup-client.rs @@ -25,7 +25,7 @@ fn backup_directory(body: Body, store: &str, archive_name: &str) -> Result<(), E let path = format!("api3/json/admin/datastore/{}/upload_catar?archive_name={}", store, archive_name); - client.upload(body, &path)?; + client.upload("application/x-proxmox-backup-catar", body, &path)?; Ok(()) } diff --git a/src/client/http_client.rs b/src/client/http_client.rs index 18cca325..2ff36c76 100644 --- a/src/client/http_client.rs +++ b/src/client/http_client.rs @@ -17,7 +17,7 @@ impl HttpClient { } } - pub fn upload(&self, body: Body, path: &str) -> Result<(), Error> { + pub fn upload(&self, content_type: &str, body: Body, path: &str) -> Result<(), Error> { let client = Client::new(); @@ -30,6 +30,7 @@ impl HttpClient { .method("POST") .uri(url) .header("User-Agent", "proxmox-backup-client/1.0") + .header("Content-Type", content_type) .body(body)?; let future = client diff --git a/src/server/rest.rs b/src/server/rest.rs index 49f3f676..1bd724eb 100644 --- a/src/server/rest.rs +++ b/src/server/rest.rs @@ -208,7 +208,7 @@ fn handle_upload_api_request( } }; - match (info.handler)(req_body, params, info) { + match (info.handler)(parts, req_body, params, info) { Ok(future) => future, Err(err) => { let resp = (formatter.format_result)(Err(Error::from(err)));