api3/admin/datastore/upload_catar.rs: verify content type ("application/x-proxmox-backup-catar")

src/api/router.rs

@@ -7,12 +7,13 @@ use std::sync::Arc;
 
 use hyper::{Body, Response};
 use hyper::rt::Future;
+use hyper::http::request::Parts;
 
 pub type BoxFut = Box<Future<Item = Response<Body>, Error = failure::Error> + Send>;
 
 type ApiHandlerFn = fn(Value, &ApiMethod) -> Result<Value, Error>;
 
-type ApiUploadHandlerFn = fn(hyper::Body, Value, &ApiUploadMethod) -> Result<BoxFut, Error>;
+type ApiUploadHandlerFn = fn(Parts, Body, Value, &ApiUploadMethod) -> Result<BoxFut, Error>;
 
 pub struct ApiMethod {
     pub parameters: ObjectSchema,

src/api3/admin/datastore/upload_catar.rs

@@ -12,8 +12,11 @@ use std::io::Write;
 use futures::*;
 use std::path::PathBuf;
 
+use hyper::Body;
+use hyper::http::request::Parts;
+
 pub struct UploadCaTar {
-    stream: hyper::Body,
+    stream: Body,
     index: ArchiveIndexWriter,
     count: usize,
 }
@@ -40,13 +43,20 @@ impl Future for UploadCaTar {
     }
 }
 
-fn upload_catar(req_body: hyper::Body, param: Value, _info: &ApiUploadMethod) -> Result<BoxFut, Error> {
+fn upload_catar(parts: Parts, req_body: Body, param: Value, _info: &ApiUploadMethod) -> Result<BoxFut, Error> {
 
     let store = tools::required_string_param(&param, "name")?;
     let archive_name = tools::required_string_param(&param, "archive_name")?;
 
     println!("Upload {}.catar to {} ({}.aidx)", archive_name, store, archive_name);
 
+    let content_type = parts.headers.get(http::header::CONTENT_TYPE)
+        .ok_or(format_err!("missing content-type header"))?;
+
+    if content_type != "application/x-proxmox-backup-catar" {
+        bail!("got wrong content-type for catar archive upload");
+    }
+
     let chunk_size = 4*1024*1024;
 
     let datastore = DataStore::lookup_datastore(store)?;

src/bin/proxmox-backup-client.rs

@@ -25,7 +25,7 @@ fn backup_directory(body: Body, store: &str, archive_name: &str) -> Result<(), E
 
     let path = format!("api3/json/admin/datastore/{}/upload_catar?archive_name={}", store, archive_name);
 
-    client.upload(body, &path)?;
+    client.upload("application/x-proxmox-backup-catar", body, &path)?;
 
     Ok(())
 }

src/client/http_client.rs

@@ -17,7 +17,7 @@ impl HttpClient {
         }
     }
 
-    pub fn upload(&self, body: Body, path: &str) -> Result<(), Error> {
+    pub fn upload(&self, content_type: &str, body: Body, path: &str) -> Result<(), Error> {
 
         let client = Client::new();
 
@@ -30,6 +30,7 @@ impl HttpClient {
             .method("POST")
             .uri(url)
             .header("User-Agent", "proxmox-backup-client/1.0")
+            .header("Content-Type", content_type)
             .body(body)?;
 
         let future = client

src/server/rest.rs

@@ -208,7 +208,7 @@ fn handle_upload_api_request(
         }
     };
 
-    match (info.handler)(req_body, params, info) {
+    match (info.handler)(parts, req_body, params, info) {
         Ok(future) => future,
         Err(err) => {
             let resp = (formatter.format_result)(Err(Error::from(err)));