[ https://issues.apache.org/jira/browse/COUCHDB-558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Filipe Manana updated COUCHDB-558: ---------------------------------- Attachment: jira-couchdb-558-for-trunk-3rd-try.patch Hi again Paul, I already improved on some of the points you made: * check_integrity should probably throw an error or return the body -> DONE * You should still be recording stats even when validation fails -> DONE * There are alot of variable assignments where they aren't necessary -> DONE * keep lines less than 80 characters -> DONE * really_long_function_names_are_hard_to_read - The functions for trailers could be made more generic. -> DONE * The check for Content-MD5 appears to be case sensitive -> DONE * ...having your hash matching function just throw an error that will get caught by the try/catch around the HandleReq() call -> DONE * "the only thing I'm a bit concerned about is the trailier parsing. The current bits are a bit awkard. In a perfect world id prefer to see that as a patch to mochiweb, but having it in CouchDB is fine if they rejected that patch or during the time it takes to get into upstream." Well, the read_length(0) function from mochiweb_request.erl is awkard, as it gives us the trailer as a list of binaries. In mochiweb_headers.erl, we can create a Mochiweb Headers structure only from [ {key(), value()} ] lists. Therefore, in this patch, I added this little function to couch_httpd.erl: %% @spec to_mochiweb_headers([binary()]) -> headers() %% %% Transforms the given binary list into a Mochiweb %% headers structure. Each binary is a raw HTTP header %% line (e.g. <<"Content-Lengh: 345\r\n">>). %% to_mochiweb_headers(BinaryList) -> {ok, R} = re:compile("^(.*?):\s+(.*?)\r\n$"), F = fun(Bin, Acc) -> {match, [_, H, V]} = re:run(Bin, R, [{capture, all, list}]), [ {H, V} | Acc ] end, mochiweb_headers:make(lists:foldr(F, [], BinaryList)). Then I can get values from it like a normal header: "mochiweb_headers:get_value("Content-MD5", Trailer)". This is case insensitive. I would like to know you point of views for: 1) I think I'll submit a patch to Mochiweb, where I add that little function to mochiweb_utils.erl or mochiweb_headers.erl. 2) Look into the self explanatory comment of the function update_req/2 that I added. What do you think? I will write the Erlang test suite soon :) thanks Best regards, Filipe Manana > Validate Content-MD5 request headers on uploads > ----------------------------------------------- > > Key: COUCHDB-558 > URL: https://issues.apache.org/jira/browse/COUCHDB-558 > Project: CouchDB > Issue Type: Improvement > Components: Database Core, HTTP Interface > Reporter: Adam Kocoloski > Fix For: 0.11 > > Attachments: jira-couchdb-558-for-trunk-2nd-try.patch, > jira-couchdb-558-for-trunk-3rd-try.patch, jira-couchdb-558-for-trunk.patch > > > We could detect in-flight data corruption if a client sends a Content-MD5 > header along with the data and Couch validates the MD5 on arrival. > RFC1864 - The Content-MD5 Header Field > http://www.faqs.org/rfcs/rfc1864.html -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.