forked from TrueCloudLab/distribution
Merge pull request #1945 from stevvooe/better-report-on-invalid-secret
handlers: provide better log message on mismatched secret
This commit is contained in:
commit
5e8d18f615
1 changed files with 4 additions and 2 deletions
|
@ -26,6 +26,8 @@ type blobUploadState struct {
|
||||||
|
|
||||||
type hmacKey string
|
type hmacKey string
|
||||||
|
|
||||||
|
var errInvalidSecret = fmt.Errorf("invalid secret")
|
||||||
|
|
||||||
// unpackUploadState unpacks and validates the blob upload state from the
|
// unpackUploadState unpacks and validates the blob upload state from the
|
||||||
// token, using the hmacKey secret.
|
// token, using the hmacKey secret.
|
||||||
func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
|
func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
|
||||||
|
@ -38,7 +40,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
|
||||||
mac := hmac.New(sha256.New, []byte(secret))
|
mac := hmac.New(sha256.New, []byte(secret))
|
||||||
|
|
||||||
if len(tokenBytes) < mac.Size() {
|
if len(tokenBytes) < mac.Size() {
|
||||||
return state, fmt.Errorf("Invalid token")
|
return state, errInvalidSecret
|
||||||
}
|
}
|
||||||
|
|
||||||
macBytes := tokenBytes[:mac.Size()]
|
macBytes := tokenBytes[:mac.Size()]
|
||||||
|
@ -46,7 +48,7 @@ func (secret hmacKey) unpackUploadState(token string) (blobUploadState, error) {
|
||||||
|
|
||||||
mac.Write(messageBytes)
|
mac.Write(messageBytes)
|
||||||
if !hmac.Equal(mac.Sum(nil), macBytes) {
|
if !hmac.Equal(mac.Sum(nil), macBytes) {
|
||||||
return state, fmt.Errorf("Invalid token")
|
return state, errInvalidSecret
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := json.Unmarshal(messageBytes, &state); err != nil {
|
if err := json.Unmarshal(messageBytes, &state); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue