7 år sedan · 36ca85fa1c
--- a/swarm/api/http/server.go
+++ b/swarm/api/http/server.go
@@ -484,7 +484,8 @@ func (s *Server) HandlePostFeed(w http.ResponseWriter, r *http.Request) {
 
				 		return
			
 
				 	}
			
 
				 
			
 
				-	if updateRequest.IsUpdate() {
			
 
				+	switch {
			
 
				+	case updateRequest.IsUpdate():
			
 
				 		// Verify that the signature is intact and that the signer is authorized
			
 
				 		// to update this feed
			
 
				 		// Check this early, to avoid creating a feed and then not being able to set its first update.
			
@@ -497,9 +498,8 @@ func (s *Server) HandlePostFeed(w http.ResponseWriter, r *http.Request) {
 
				 			respondError(w, r, err.Error(), http.StatusInternalServerError)
			
 
				 			return
			
 
				 		}
			
 
				-	}
			
 
				-
			
 
				-	if query.Get("manifest") == "1" {
			
 
				+		fallthrough
			
 
				+	case query.Get("manifest") == "1":
			
 
				 		// we create a manifest so we can retrieve feed updates with bzz:// later
			
 
				 		// this manifest has a special "feed type" manifest, and saves the
			
 
				 		// feed identification used to retrieve feed updates later
			
@@ -519,6 +519,8 @@ func (s *Server) HandlePostFeed(w http.ResponseWriter, r *http.Request) {
 
				 		fmt.Fprint(w, string(outdata))
			
 
				 
			
 
				 		w.Header().Add("Content-type", "application/json")
			
 
				+	default:
			
 
				+		respondError(w, r, "Missing signature in feed update request", http.StatusBadRequest)
			
 
				 	}
			
 
				 }
			
 
				 
			
--- a/swarm/api/http/server_test.go
+++ b/swarm/api/http/server_test.go
@@ -333,15 +333,45 @@ func TestBzzFeed(t *testing.T) {
 
				 	}
			
 
				 	urlQuery = testUrl.Query()
			
 
				 	body = updateRequest.AppendValues(urlQuery) // this adds all query parameters
			
 
				+	goodQueryParameters := urlQuery.Encode()    // save the query parameters for a second attempt
			
 
				+
			
 
				+	// create bad query parameters in which the signature is missing
			
 
				+	urlQuery.Del("signature")
			
 
				 	testUrl.RawQuery = urlQuery.Encode()
			
 
				 
			
 
				+	// 1st attempt with bad query parameters in which the signature is missing
			
 
				 	resp, err = http.Post(testUrl.String(), "application/octet-stream", bytes.NewReader(body))
			
 
				 	if err != nil {
			
 
				 		t.Fatal(err)
			
 
				 	}
			
 
				 	defer resp.Body.Close()
			
 
				-	if resp.StatusCode != http.StatusOK {
			
 
				-		t.Fatalf("Update returned %s", resp.Status)
			
 
				+	expectedCode := http.StatusBadRequest
			
 
				+	if resp.StatusCode != expectedCode {
			
 
				+		t.Fatalf("Update returned %s. Expected %d", resp.Status, expectedCode)
			
 
				+	}
			
 
				+
			
 
				+	// 2nd attempt with bad query parameters in which the signature is of incorrect length
			
 
				+	urlQuery.Set("signature", "0xabcd") // should be 130 hex chars
			
 
				+	resp, err = http.Post(testUrl.String(), "application/octet-stream", bytes.NewReader(body))
			
 
				+	if err != nil {
			
 
				+		t.Fatal(err)
			
 
				+	}
			
 
				+	defer resp.Body.Close()
			
 
				+	expectedCode = http.StatusBadRequest
			
 
				+	if resp.StatusCode != expectedCode {
			
 
				+		t.Fatalf("Update returned %s. Expected %d", resp.Status, expectedCode)
			
 
				+	}
			
 
				+
			
 
				+	// 3rd attempt, with good query parameters:
			
 
				+	testUrl.RawQuery = goodQueryParameters
			
 
				+	resp, err = http.Post(testUrl.String(), "application/octet-stream", bytes.NewReader(body))
			
 
				+	if err != nil {
			
 
				+		t.Fatal(err)
			
 
				+	}
			
 
				+	defer resp.Body.Close()
			
 
				+	expectedCode = http.StatusOK
			
 
				+	if resp.StatusCode != expectedCode {
			
 
				+		t.Fatalf("Update returned %s. Expected %d", resp.Status, expectedCode)
			
 
				 	}
			
 
				 
			
 
				 	// get latest update through bzz-feed directly