|
5 | 5 | package lfs |
6 | 6 |
|
7 | 7 | import ( |
| 8 | + "crypto/sha256" |
8 | 9 | "encoding/base64" |
| 10 | + "encoding/hex" |
9 | 11 | "errors" |
10 | 12 | "fmt" |
11 | 13 | "io" |
@@ -214,14 +216,22 @@ func BatchHandler(ctx *context.Context) { |
214 | 216 | } |
215 | 217 | } |
216 | 218 |
|
217 | | - if exists { |
218 | | - if meta == nil { |
| 219 | + if exists && meta == nil { |
| 220 | + accessible, err := models.LFSObjectAccessible(ctx.User, p.Oid) |
| 221 | + if err != nil { |
| 222 | + log.Error("Unable to check if LFS MetaObject [%s] is accessible. Error: %v", p.Oid, err) |
| 223 | + writeStatus(ctx, http.StatusInternalServerError) |
| 224 | + return |
| 225 | + } |
| 226 | + if accessible { |
219 | 227 | _, err := models.NewLFSMetaObject(&models.LFSMetaObject{Pointer: p, RepositoryID: repository.ID}) |
220 | 228 | if err != nil { |
221 | 229 | log.Error("Unable to create LFS MetaObject [%s] for %s/%s. Error: %v", p.Oid, rc.User, rc.Repo, err) |
222 | 230 | writeStatus(ctx, http.StatusInternalServerError) |
223 | 231 | return |
224 | 232 | } |
| 233 | + } else { |
| 234 | + exists = false |
225 | 235 | } |
226 | 236 | } |
227 | 237 |
|
@@ -271,29 +281,50 @@ func UploadHandler(ctx *context.Context) { |
271 | 281 | return |
272 | 282 | } |
273 | 283 |
|
274 | | - meta, err := models.NewLFSMetaObject(&models.LFSMetaObject{Pointer: p, RepositoryID: repository.ID}) |
275 | | - if err != nil { |
276 | | - log.Error("Unable to create LFS MetaObject [%s] for %s/%s. Error: %v", p.Oid, rc.User, rc.Repo, err) |
277 | | - writeStatus(ctx, http.StatusInternalServerError) |
278 | | - return |
279 | | - } |
280 | | - |
281 | 284 | contentStore := lfs_module.NewContentStore() |
282 | | - |
283 | 285 | exists, err := contentStore.Exists(p) |
284 | 286 | if err != nil { |
285 | 287 | log.Error("Unable to check if LFS OID[%s] exist. Error: %v", p.Oid, err) |
286 | 288 | writeStatus(ctx, http.StatusInternalServerError) |
287 | 289 | return |
288 | 290 | } |
289 | | - if meta.Existing || exists { |
290 | | - ctx.Resp.WriteHeader(http.StatusOK) |
291 | | - return |
| 291 | + |
| 292 | + uploadOrVerify := func() error { |
| 293 | + if exists { |
| 294 | + accessible, err := models.LFSObjectAccessible(ctx.User, p.Oid) |
| 295 | + if err != nil { |
| 296 | + log.Error("Unable to check if LFS MetaObject [%s] is accessible. Error: %v", p.Oid, err) |
| 297 | + return err |
| 298 | + } |
| 299 | + if !accessible { |
| 300 | + // The file exists but the user has no access to it. |
| 301 | + // The upload gets verified by hashing and size comparison to prove access to it. |
| 302 | + hash := sha256.New() |
| 303 | + written, err := io.Copy(hash, ctx.Req.Body) |
| 304 | + if err != nil { |
| 305 | + log.Error("Error creating hash. Error: %v", err) |
| 306 | + return err |
| 307 | + } |
| 308 | + |
| 309 | + if written != p.Size { |
| 310 | + return lfs_module.ErrSizeMismatch |
| 311 | + } |
| 312 | + if hex.EncodeToString(hash.Sum(nil)) != p.Oid { |
| 313 | + return lfs_module.ErrHashMismatch |
| 314 | + } |
| 315 | + } |
| 316 | + } else if err := contentStore.Put(p, ctx.Req.Body); err != nil { |
| 317 | + log.Error("Error putting LFS MetaObject [%s] into content store. Error: %v", p.Oid, err) |
| 318 | + return err |
| 319 | + } |
| 320 | + _, err := models.NewLFSMetaObject(&models.LFSMetaObject{Pointer: p, RepositoryID: repository.ID}) |
| 321 | + return err |
292 | 322 | } |
293 | 323 |
|
294 | 324 | defer ctx.Req.Body.Close() |
295 | | - if err := contentStore.Put(meta.Pointer, ctx.Req.Body); err != nil { |
| 325 | + if err := uploadOrVerify(); err != nil { |
296 | 326 | if errors.Is(err, lfs_module.ErrSizeMismatch) || errors.Is(err, lfs_module.ErrHashMismatch) { |
| 327 | + log.Error("Upload does not match LFS MetaObject [%s]. Error: %v", p.Oid, err) |
297 | 328 | writeStatusMessage(ctx, http.StatusUnprocessableEntity, err.Error()) |
298 | 329 | } else { |
299 | 330 | writeStatus(ctx, http.StatusInternalServerError) |
|
0 commit comments