diff --git a/src/errors.rs b/src/errors.rs index 7029d7f7..336463bf 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -17,6 +17,9 @@ pub enum UpubError { #[error("fetch error: {0}")] Reqwest(#[from] reqwest::Error), + + #[error("invalid base64 string: {0}")] + Base64(#[from] base64::DecodeError), } impl UpubError { diff --git a/src/server/auth.rs b/src/server/auth.rs index 61291809..27a8744e 100644 --- a/src/server/auth.rs +++ b/src/server/auth.rs @@ -89,9 +89,9 @@ where fn verify_control_text(txt: &str, key: &str, control: &str) -> crate::Result { let pubkey = PKey::public_key_from_pem(key.as_bytes())?; - let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap(); - verifier.update(txt.as_bytes())?; - Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(control).unwrap_or_default())?) + let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey)?; + let signature = base64::prelude::BASE64_URL_SAFE.decode(control)?; + Ok(verifier.verify_oneshot(&signature, txt.as_bytes())?) }