fixup! fix(download): verify etags for resumed requests

Signed-off-by: Marcel Guzik <[email protected]>

Author: Bravo555

crates/common/download/src/download.rs

@@ -1,11 +1,11 @@
 pub mod partial_response;
+use crate::download::partial_response::PartialResponse;
 use crate::error::DownloadError;
 use crate::error::ErrContext;
 use anyhow::anyhow;
 use backoff::future::retry_notify;
 use backoff::ExponentialBackoff;
 use certificate::CloudHttpConfig;
-use hyper::header;
 use log::debug;
 use log::info;
 use log::warn;
@@ -198,14 +198,17 @@ impl Downloader {
         mut prev_response: Response,
     ) -> Result<(), DownloadError> {
         loop {
-            let offset = next_request_offset(&prev_response, file);
-            let mut response = self.request_range_from(url, offset).await?;
-            if was_resource_modified(&response, &prev_response) {
-                file.seek(SeekFrom::Start(0)).unwrap();
-                prev_response = response;
-                continue;
-            }
-            let offset = partial_response::response_range_start(&response)?;
+            let request_offset = next_request_offset(&prev_response, file)?;
+            let mut response = self.request_range_from(url, request_offset).await?;
+            let offset = match partial_response::response_range_start(&response, &prev_response)? {
+                PartialResponse::CompleteContent => 0,
+                PartialResponse::PartialContent(pos) => pos,
+                PartialResponse::ResourceModified => {
+                    file.seek(SeekFrom::Start(0))
+                        .context("failed to seek in file".to_string())?;
+                    continue;
+                }
+            };
 
             if offset != 0 {
                 info!("Resuming file download at position={offset}");
@@ -357,46 +360,6 @@ impl Downloader {
     }
 }
 
-/// Checks if the resource was modified between the current and previous response.
-///
-/// If the resource was updated, we should restart download and request full range of the new
-/// resource. Otherwise, a partial request can be used to resume the download.
-fn was_resource_modified(response: &Response, prev_response: &Response) -> bool {
-    // etags in current and previous request must match
-    let etag = response
-        .headers()
-        .get(header::ETAG)
-        .and_then(|h| h.to_str().ok());
-    let prev_etag = prev_response
-        .headers()
-        .get(header::ETAG)
-        .and_then(|h| h.to_str().ok());
-
-    match (etag, prev_etag) {
-        (None, None) => {
-            // no etags in either request, assume resource is unchanged
-            false
-        }
-        (None, Some(_)) | (Some(_), None) => {
-            // previous request didn't have etag and this does or vice versa, abort
-            true
-        }
-        (Some(etag), Some(prev_etag)) => {
-            // Examples:
-            // ETag: "xyzzy"
-            // ETag: W/"xyzzy"
-            // ETag: ""
-            if etag.starts_with("W/") {
-                // validator is weak, but in range requests tags must match using strong comparison
-                // https://www.rfc-editor.org/rfc/rfc9110#entity.tag.comparison
-                return true;
-            }
-
-            etag != prev_etag
-        }
-    }
-}
-
 /// Decides whether HTTP request error is retryable.
 fn reqwest_err_to_backoff(err: reqwest::Error) -> backoff::Error<reqwest::Error> {
     if err.is_timeout() || err.is_connect() {
@@ -469,20 +432,22 @@ pub fn try_pre_allocate_space(
     Ok(())
 }
 
-fn next_request_offset(prev_response: &Response, file: &mut File) -> u64 {
+fn next_request_offset(prev_response: &Response, file: &mut File) -> Result<u64, DownloadError> {
     use hyper::header;
     use hyper::StatusCode;
     use std::io::Seek;
-    let pos = file.stream_position().unwrap();
+    let pos = file
+        .stream_position()
+        .context("failed to get cursor position".to_string())?;
     if prev_response.status() == StatusCode::PARTIAL_CONTENT
         || prev_response
             .headers()
             .get(header::ACCEPT_RANGES)
             .is_some_and(|unit| unit == "bytes")
     {
-        pos
+        Ok(pos)
     } else {
-        0
+        Ok(0)
     }
 }
 

crates/common/download/src/download/partial_response.rs

@@ -1,8 +1,19 @@
 //! Utilities related to parsing responses to partial requests.
 
-use reqwest::header;
 use reqwest::header::HeaderValue;
 use reqwest::StatusCode;
+use reqwest::{header, Response};
+
+pub(super) enum PartialResponse {
+    /// Server returned a partial content response starting at given position
+    PartialContent(u64),
+
+    /// Server returned regular OK response, resume writing at 0
+    CompleteContent,
+
+    /// Server returned partial content but resource was modified, request needs to be retried
+    ResourceModified,
+}
 
 /// Returns the position of the partial response in the resource.
 ///
@@ -11,26 +22,77 @@ use reqwest::StatusCode;
 /// Content-Range header. The server could also just ignore the Range header and
 /// respond with 200 OK, in which case we need to download the entire resource
 /// all over again.
-pub fn response_range_start(response: &reqwest::Response) -> Result<u64, InvalidResponseError> {
-    let chunk_pos = match response.status() {
+pub(super) fn response_range_start(
+    response: &reqwest::Response,
+    prev_response: &Response,
+) -> Result<PartialResponse, InvalidResponseError> {
+    match response.status() {
         // Complete response, seek to the beginning of the file
-        StatusCode::OK => 0,
+        StatusCode::OK => Ok(PartialResponse::CompleteContent),
 
         // Partial response, the range might be different from what we
         // requested, so we need to parse it. Because we only request a single
         // range from the current position to the end of the document, we can
         // ignore multipart/byteranges media type.
-        StatusCode::PARTIAL_CONTENT => partial_response_start_range(response)?,
+        StatusCode::PARTIAL_CONTENT => {
+            if was_resource_modified(response, prev_response) {
+                return Ok(PartialResponse::ResourceModified);
+            }
+            let pos = partial_response_start_range(response)?;
+            Ok(PartialResponse::PartialContent(pos))
+        }
 
         // We don't expect to receive any other 200-299 status code, but if we
         // do, treat it the same as OK
-        status_code if status_code.is_success() => 0,
+        status_code if status_code.is_success() => Ok(PartialResponse::CompleteContent),
+
+        status_code => Err(InvalidResponseError::UnexpectedStatus(status_code)),
+    }
+}
+
+/// Checks if the resource was modified between the current and previous response.
+///
+/// If the resource was updated, we should restart download and request full range of the new
+/// resource. Otherwise, a partial request can be used to resume the download.
+fn was_resource_modified(response: &Response, prev_response: &Response) -> bool {
+    if response.status() != hyper::StatusCode::PARTIAL_CONTENT {
+        // not using a partial request, don't care if it's modified or not
+        return false;
+    }
+
+    // etags in current and previous request must match
+    let etag = response
+        .headers()
+        .get(header::ETAG)
+        .and_then(|h| h.to_str().ok());
+    let prev_etag = prev_response
+        .headers()
+        .get(header::ETAG)
+        .and_then(|h| h.to_str().ok());
 
-        status_code => {
-            return Err(InvalidResponseError::UnexpectedStatus(status_code));
+    match (etag, prev_etag) {
+        (None, None) => {
+            // no etags in either request, assume resource is unchanged
+            false
         }
-    };
-    Ok(chunk_pos)
+        (None, Some(_)) | (Some(_), None) => {
+            // previous request didn't have etag and this does or vice versa, abort
+            true
+        }
+        (Some(etag), Some(prev_etag)) => {
+            // Examples:
+            // ETag: "xyzzy"
+            // ETag: W/"xyzzy"
+            // ETag: ""
+            if etag.starts_with("W/") {
+                // validator is weak, but in range requests tags must match using strong comparison
+                // https://www.rfc-editor.org/rfc/rfc9110#entity.tag.comparison
+                return true;
+            }
+
+            etag != prev_etag
+        }
+    }
 }
 
 #[derive(Debug, thiserror::Error)]
@@ -88,3 +150,31 @@ pub struct ContentRangeParseError {
     reason: &'static str,
     value: header::HeaderValue,
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test_case::test_case(Some(r#""xyzzy""#), Some(r#""xyzzy""#), false)]
+    #[test_case::test_case(Some(r#"W/"xyzzy""#), Some(r#""xyzzy""#), true)]
+    #[test_case::test_case(Some(r#""xyzzy""#), Some(r#"W/"xyzzy""#), true)]
+    #[test_case::test_case(Some(r#""xyzzy1""#), Some(r#""xyzzy2""#), true)]
+    #[test_case::test_case(None, None, false)]
+    #[test_case::test_case(Some(r#""xyzzy1""#), None, true)]
+    #[test_case::test_case(None, Some(r#""xyzzy2""#), true)]
+    fn verifies_etags(etag1: Option<&'static str>, etag2: Option<&'static str>, modified: bool) {
+        let mut response1 = http::Response::builder().status(StatusCode::PARTIAL_CONTENT);
+        if let Some(etag) = etag1 {
+            response1 = response1.header(http::header::ETAG, etag);
+        }
+        let response1 = response1.body("").unwrap().into();
+
+        let mut response2 = http::Response::builder().status(StatusCode::PARTIAL_CONTENT);
+        if let Some(etag) = etag2 {
+            response2 = response2.header(http::header::ETAG, etag);
+        }
+        let response2 = response2.body("").unwrap().into();
+
+        assert_eq!(was_resource_modified(&response1, &response2), modified);
+    }
+}

crates/common/download/src/download/tests.rs

@@ -1,6 +1,5 @@
 use super::*;
 use axum::Router;
-use http::StatusCode;
 use hyper::header::AUTHORIZATION;
 use rustls::pki_types::pem::PemObject;
 use rustls::pki_types::PrivateKeyDer;
@@ -434,29 +433,6 @@ async fn downloader_error_shows_certificate_required_error_when_appropriate() {
     assert!(dbg!(format!("{err:#}")).contains("received fatal alert: CertificateRequired"));
 }
 
-#[test_case::test_case(Some(r#""xyzzy""#), Some(r#""xyzzy""#), false)]
-#[test_case::test_case(Some(r#"W/"xyzzy""#), Some(r#""xyzzy""#), true)]
-#[test_case::test_case(Some(r#""xyzzy""#), Some(r#"W/"xyzzy""#), true)]
-#[test_case::test_case(Some(r#""xyzzy1""#), Some(r#""xyzzy2""#), true)]
-#[test_case::test_case(None, None, false)]
-#[test_case::test_case(Some(r#""xyzzy1""#), None, true)]
-#[test_case::test_case(None, Some(r#""xyzzy2""#), true)]
-fn verifies_etags(etag1: Option<&'static str>, etag2: Option<&'static str>, modified: bool) {
-    let mut response1 = http::Response::builder().status(StatusCode::PARTIAL_CONTENT);
-    if let Some(etag) = etag1 {
-        response1 = response1.header(http::header::ETAG, etag);
-    }
-    let response1 = response1.body("").unwrap().into();
-
-    let mut response2 = http::Response::builder().status(StatusCode::PARTIAL_CONTENT);
-    if let Some(etag) = etag2 {
-        response2 = response2.header(http::header::ETAG, etag);
-    }
-    let response2 = response2.body("").unwrap().into();
-
-    assert_eq!(was_resource_modified(&response1, &response2), modified);
-}
-
 fn create_file_with_size(size: usize) -> Result<NamedTempFile, anyhow::Error> {
     let mut file = NamedTempFile::new().unwrap();
     let data: String = "Some data!".into();