Update uploadCsHandler to use the original imageHash as storage key allow...

Update uploadCsHandler to use the original imageHash as storage key allow detection of images already stored

Update uploadCsHandler to use the original imageHash as storage key allow...
3340cf7f · Quoc Huy Nguyen Dinh · f1c008bf · 3340cf7f
Commit 3340cf7f authored 3 years ago by Quoc Huy Nguyen Dinh
--- a/src/upload.ts
+++ b/src/upload.ts
@@ -231,22 +231,29 @@ export async function uploadCsHandler(ctx: KoaContext) {
        .update(fileData)
        .digest()

-        // extra check if client manges to lie about the content-length
+    // extra check if client manages to lie about the content-length
    APIError.assert((file.stream as any).truncated !== true,
        APIError.Code.PayloadTooLarge)

-    const imageHash = createHash('sha256')
+    // Expecting the signature to be based on the integrity checksum of the image
+    const expectedSignature = createHash('sha256')
        .update('ImageSigningChallenge')
        .update(fileHash)
        .digest()

+    // Used to generate the image storage key
+    const imageHash = createHash('sha256')
+        .update('ImageSigningChallenge')
+        .update(fileData)
+        .digest()
+
    const [account] = await rpcClient.database.getAccounts([ctx.params['username']])
    APIError.assert(account, APIError.Code.NoSuchAccount)

    let validSignature = false
    let publicKey
    try {
-        publicKey = signature.recover(imageHash).toString()
+        publicKey = signature.recover(expectedSignature).toString()
    } catch (cause) {
        throw new APIError({code: APIError.Code.InvalidSignature, cause})
    }