From 9e03b916d84bfbb9f5f46d2b7ecbbe40b4afa5e6 Mon Sep 17 00:00:00 2001
From: julor <julor@qq.com>
Date: Fri, 17 Nov 2023 08:36:21 +0800
Subject: [PATCH] verify content-md5 in header

if upload content by s3 client and set content-md5 in header,then will verify recived and saved content,if not equal delete thos chunks
---
 weed/server/filer_server_handlers_write_autochunk.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/weed/server/filer_server_handlers_write_autochunk.go b/weed/server/filer_server_handlers_write_autochunk.go
index a87c8aab8..831451685 100644
--- a/weed/server/filer_server_handlers_write_autochunk.go
+++ b/weed/server/filer_server_handlers_write_autochunk.go
@@ -99,6 +99,11 @@ func (fs *FilerServer) doPostAutoChunk(ctx context.Context, w http.ResponseWrite
 	}
 
 	md5bytes = md5Hash.Sum(nil)
+	headerMd5 := r.Header.Get("Content-Md5")
+	if headerMd5 != "" && !(util.Base64Encode(md5bytes) == headerMd5 || fmt.Sprintf("%x", md5bytes) == headerMd5) {
+		fs.filer.DeleteChunks(fileChunks)
+		return nil, nil, errors.New("The Content-Md5 you specified did not match what we received.")
+	}
 	filerResult, replyerr = fs.saveMetaData(ctx, r, fileName, contentType, so, md5bytes, fileChunks, chunkOffset, smallContent)
 	if replyerr != nil {
 		fs.filer.DeleteChunks(fileChunks)
@@ -121,6 +126,11 @@ func (fs *FilerServer) doPutAutoChunk(ctx context.Context, w http.ResponseWriter
 	}
 
 	md5bytes = md5Hash.Sum(nil)
+	headerMd5 := r.Header.Get("Content-Md5")
+	if headerMd5 != "" && !(util.Base64Encode(md5bytes) == headerMd5 || fmt.Sprintf("%x", md5bytes) == headerMd5) {
+		fs.filer.DeleteChunks(fileChunks)
+		return nil, nil, errors.New("The Content-Md5 you specified did not match what we received.")
+	}
 	filerResult, replyerr = fs.saveMetaData(ctx, r, fileName, contentType, so, md5bytes, fileChunks, chunkOffset, smallContent)
 	if replyerr != nil {
 		fs.filer.DeleteChunks(fileChunks)