Make missing x-dbp-signature header the primary check -> return HTTP_UNAUTHORIZED

(required by deployment of API gateway)

src/Controller/CreateFileDataAction.php

@@ -32,11 +32,14 @@ final class CreateFileDataAction extends BaseBlobController
     public function __invoke(Request $request): FileData
     {
         $sig = $request->headers->get('x-dbp-signature','');
+        if (!$sig) {
+            throw ApiError::withDetails(Response::HTTP_UNAUTHORIZED, 'Signature missing', 'blob:createFileData-missing-sig');
+        }
         $bucketId = (string) $request->query->get('bucketID', '');
         $creationTime = (string) $request->query->get('creationTime', '');
         $prefix = $request->query->get('prefix', '');
 
-        if (!$sig || !$bucketId || !$creationTime) {
+        if (!$bucketId || !$creationTime) {
             throw ApiError::withDetails(Response::HTTP_FORBIDDEN, 'Signature cannot checked', 'blob:createFileData-unset-sig-params');
         }
 

src/Controller/DeleteFileDatasByPrefix.php

@@ -25,11 +25,14 @@ class DeleteFileDatasByPrefix extends BaseBlobController
     public function __invoke(Request $request)
     {
         $sig = $request->headers->get('x-dbp-signature', '');
+        if (!$sig) {
+            throw ApiError::withDetails(Response::HTTP_UNAUTHORIZED, 'Signature missing', 'blob:createFileData-missing-sig');
+        }
         $bucketId = $request->query->get('bucketID', '');
         $creationTime = $request->query->get('creationTime', '');
         $prefix = $request->query->get('prefix', '');
 
-        if (!$sig || !$bucketId || !$creationTime || !$prefix) {
+        if (!$bucketId || !$creationTime || !$prefix) {
             throw ApiError::withDetails(Response::HTTP_FORBIDDEN, 'Signature cannot checked', 'blob:delete-files-per-prefix-unset-sig-params');
         }
 

src/DataProvider/FileDataDataProvider.php

@@ -53,6 +53,10 @@ class FileDataDataProvider extends AbstractDataProvider
 
     protected function getFileDataById($id, array $filters): object
     {
+        $sig = $this->requestStack->getCurrentRequest()->headers->get('x-dbp-signature','');
+        if (!$sig) {
+            throw ApiError::withDetails(Response::HTTP_UNAUTHORIZED, 'Signature missing', 'blob:createFileData-missing-sig');
+        }
         $bucketId = $filters['bucketID'] ?? '';
         if (!$bucketId) {
             throw ApiError::withDetails(Response::HTTP_BAD_REQUEST, 'BucketID is missing', 'blob:get-files-by-prefix-missing-bucketID');
@@ -85,6 +89,10 @@ class FileDataDataProvider extends AbstractDataProvider
 
     protected function getPage(int $currentPageNumber, int $maxNumItemsPerPage, array $filters = [], array $options = []): array
     {
+        $sig = $this->requestStack->getCurrentRequest()->headers->get('x-dbp-signature','');
+        if (!$sig) {
+            throw ApiError::withDetails(Response::HTTP_UNAUTHORIZED, 'Signature missing', 'blob:createFileData-missing-sig');
+        }
         $bucketId = $filters['bucketID'] ?? '';
         if (!$bucketId) {
             throw ApiError::withDetails(Response::HTTP_BAD_REQUEST, 'BucketID is missing', 'blob:get-files-by-prefix-missing-bucketID');
@@ -126,10 +134,13 @@ class FileDataDataProvider extends AbstractDataProvider
     private function checkSignature(string $secret, array $filters): void
     {
         $sig = $this->requestStack->getCurrentRequest()->headers->get('x-dbp-signature','');
+        if (!$sig) {
+            throw ApiError::withDetails(Response::HTTP_UNAUTHORIZED, 'Signature missing', 'blob:createFileData-missing-sig');
+        }
         $bucketId = $filters['bucketID'] ?? '';
         $creationTime = $filters['creationTime'] ?? '0';
 
-        if (!$sig || !$bucketId || !$creationTime) {
+        if (!$bucketId || !$creationTime) {
             throw ApiError::withDetails(Response::HTTP_FORBIDDEN, 'Signature parameter missing', 'blob:dataprovider-missing-signature-params');
         }