Stop using form files, use HTTP bodies instead.

cmd/cli/app/upload.go

@@ -26,12 +26,10 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
-	"path/filepath"
 	"strings"
 	"time"
 
 	"github.com/google/trillian"
-	homedir "github.com/mitchellh/go-homedir"
 	"github.com/projectrekor/rekor/pkg"
 	"github.com/projectrekor/rekor/pkg/log"
 	"github.com/spf13/cobra"
@@ -94,23 +92,6 @@ func hashGenerator(artifact string, fileObject []byte) string {
 	return sha
 }
 
-func generateRekorFile(generatedSha string) string {
-	log := log.Logger
-	home, err := homedir.Dir()
-	if err != nil {
-		log.Error("Error finding Home Directory: ", err)
-	}
-
-	rekorDir := filepath.Join(home, ".rekor")
-
-	if _, err := os.Stat(rekorDir); os.IsNotExist(err) {
-		if err := os.Mkdir(rekorDir, 0755); err != nil {
-			log.Error(".rekor directory creation failed: ", err)
-		}
-	}
-	return filepath.Join(rekorDir, generatedSha+".txt")
-}
-
 // uploadCmd represents the upload command
 var uploadCmd = &cobra.Command{
 	Use:   "upload",
@@ -202,15 +183,11 @@ of the release artifact and uploads it to the rekor server.`,
 		}
 		log.Info("Signature validation passed")
 
-		// Generate a file name based off the artifact hash
-		rekorFile := generateRekorFile(generatedSha)
-
-		log.Info("Building rekor file : ", rekorFile)
-
 		// Construct rekor json file
 		// We need to approach this in two ways
 		// as the public key and signature could be either
 		// armored or binary
+		var marshalledRekorEntry []byte
 		if isArmorProtected(sigkeyRingReader) || isArmorProtected(pubkeyRingReader) {
 			rekorArmorJSON := RekorArmorEntry{
 				URL:       artifactURL,
@@ -218,8 +195,10 @@ of the release artifact and uploads it to the rekor server.`,
 				Signature: sig,
 				PublicKey: pub_key,
 			}
-			file, _ := json.MarshalIndent(rekorArmorJSON, "", " ")
-			_ = ioutil.WriteFile(rekorFile, file, 0644)
+			marshalledRekorEntry, err = json.Marshal(rekorArmorJSON)
+			if err != nil {
+				log.Fatal(err)
+			}
 		} else {
 			pubKey, err := ioutil.ReadFile(publicKey)
 			if err != nil {
@@ -235,14 +214,10 @@ of the release artifact and uploads it to the rekor server.`,
 				Signature: sigKey,
 				PublicKey: pubKey,
 			}
-			file, err := json.Marshal(rekorJSON)
+			marshalledRekorEntry, err = json.Marshal(rekorJSON)
 			if err != nil {
 				log.Fatal("JSON Failed to Marshall: ", err)
 			}
-			err = ioutil.WriteFile(rekorFile, file, 0644)
-			if err != nil {
-				log.Fatal("Failed to write rekor file: ", err)
-			}
 		}
 
 		// Upload to the rekor service
@@ -255,14 +230,7 @@ of the release artifact and uploads it to the rekor server.`,
 			log.Fatal(err)
 		}
 
-		f, err := os.Open(rekorFile)
-		if err != nil {
-			log.Fatal(err)
-		}
-
-		if err := pkg.AddFileToRequest(request, f); err != nil {
-			log.Fatal(err)
-		}
+		request.Body = ioutil.NopCloser(bytes.NewReader(marshalledRekorEntry))
 		client := &http.Client{}
 		response, err := client.Do(request)
 
@@ -277,13 +245,13 @@ of the release artifact and uploads it to the rekor server.`,
 			log.Fatal(err)
 		}
 
-		Leafresp := getLeafResponse{}
+		leafresp := getLeafResponse{}
 
-		if err := json.Unmarshal(content, &Leafresp); err != nil {
+		if err := json.Unmarshal(content, &leafresp); err != nil {
 			log.Fatal(err)
 		}
 
-		log.Info("Status: ", Leafresp.Status)
+		log.Info("Status: ", leafresp.Status)
 	},
 }
 

pkg/api/api.go

@@ -47,9 +47,8 @@ type addResponse struct {
 }
 
 type getResponse struct {
-	Status       RespStatusCode
-	FileRecieved FileRecieved
-	Leaves       []*trillian.LogLeaf
+	Status RespStatusCode
+	Leaves []*trillian.LogLeaf
 }
 
 type getLatestResponse struct {
@@ -59,10 +58,9 @@ type getLatestResponse struct {
 }
 
 type getProofResponse struct {
-	Status       string
-	FileRecieved FileRecieved
-	Proof        *trillian.GetInclusionProofByHashResponse
-	Key          []byte
+	Status string
+	Proof  *trillian.GetInclusionProofByHashResponse
+	Key    []byte
 }
 
 type getLeafResponse struct {
@@ -75,10 +73,6 @@ type RespStatusCode struct {
 	Code string `json:"file_recieved"`
 }
 
-type FileRecieved struct {
-	File string `json:"file_recieved"`
-}
-
 func NewAPI() (*API, error) {
 	logRpcServer := fmt.Sprintf("%s:%d",
 		viper.GetString("trillian_log_server.address"),
@@ -143,15 +137,8 @@ func (api *API) ping(w http.ResponseWriter, r *http.Request) {
 }
 
 func (api *API) getHandler(r *http.Request) (interface{}, error) {
-	file, header, err := r.FormFile("fileupload")
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	log.RequestIDLogger(r).Info("Received file: ", header.Filename)
-
-	leaf, err := types.ParseRekorLeaf(file)
+	defer r.Body.Close()
+	leaf, err := types.ParseRekorLeaf(r.Body)
 	if err != nil {
 		log.RequestIDLogger(r).Errorf("Not a valid rekor entry: %s", err)
 		return nil, err
@@ -172,22 +159,14 @@ func (api *API) getHandler(r *http.Request) (interface{}, error) {
 	logResults := resp.getLeafResult.GetLeaves()
 
 	return getResponse{
-		Status:       RespStatusCode{Code: getGprcCode(resp.status)},
-		FileRecieved: FileRecieved{File: header.Filename},
-		Leaves:       logResults,
+		Status: RespStatusCode{Code: getGprcCode(resp.status)},
+		Leaves: logResults,
 	}, nil
 }
 
 func (api *API) getProofHandler(r *http.Request) (interface{}, error) {
-	file, header, err := r.FormFile("fileupload")
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	log.RequestIDLogger(r).Info("Received file : ", header.Filename)
-
-	leaf, err := types.ParseRekorLeaf(file)
+	defer r.Body.Close()
+	leaf, err := types.ParseRekorLeaf(r.Body)
 	if err != nil || leaf.SHA == "" {
 		if err == nil {
 			err = errors.New("missing SHA sum")
@@ -218,25 +197,18 @@ func (api *API) getProofHandler(r *http.Request) (interface{}, error) {
 	log.RequestIDLogger(r).Info("Return Proof Result: ", string(proofResultsJSON))
 
 	return getProofResponse{
-		Status:       getGprcCode(resp.status),
-		FileRecieved: FileRecieved{File: header.Filename},
-		Proof:        proofResults,
-		Key:          api.pubkey.Der,
+		Status: getGprcCode(resp.status),
+		Proof:  proofResults,
+		Key:    api.pubkey.Der,
 	}, nil
 
 }
 
 func (api *API) addHandler(r *http.Request) (interface{}, error) {
-	file, header, err := r.FormFile("fileupload")
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	log.RequestIDLogger(r).Info("Received file : ", header.Filename)
+	defer r.Body.Close()
 
 	var byteEntry bytes.Buffer
-	tee := io.TeeReader(file, &byteEntry)
+	tee := io.TeeReader(r.Body, &byteEntry)
 
 	// See if this is a valid RekorLeaf
 	rekorLeaf, err := types.ParseRekorLeaf(tee)

pkg/client.go

@@ -35,9 +35,7 @@ func DoGet(url string, rekorEntry []byte) {
 		log.Fatal(err)
 	}
 
-	if err := AddFileToRequest(request, bytes.NewReader(rekorEntry)); err != nil {
-		log.Fatal(err)
-	}
+	request.Body = ioutil.NopCloser(bytes.NewReader(rekorEntry))
 
 	client := &http.Client{}
 	response, err := client.Do(request)

pkg/file.go

-package pkg
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"mime/multipart"
-	"net/http"
-)
-
-func AddFileToRequest(request *http.Request, r io.Reader) error {
-
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	defer writer.Close()
-	part, err := writer.CreateFormFile("fileupload", "linkfile")
-	if err != nil {
-		return err
-	}
-
-	if _, err := io.Copy(part, r); err != nil {
-		return err
-	}
-
-	request.Body = ioutil.NopCloser(body)
-	request.Header.Add("Content-Type", writer.FormDataContentType())
-	return nil
-}