From 0bbd1fb43bbd9f878a2aa326ef06f2dc503a3b3f Mon Sep 17 00:00:00 2001
From: zousar <2936246+zousar@users.noreply.github.com>
Date: Wed, 26 Feb 2025 11:49:05 -0700
Subject: Enforce Overwrite Prevention According To Cache Policy

Overwrite with differing value should be denied if QueryLocal is not present and StoreLocal is present.  Overwrite with equal value should succeed regardless of policy flags.
---
 src/zenserver/cache/httpstructuredcache.cpp | 88 +++++++++++++++++++----------
 1 file changed, 59 insertions(+), 29 deletions(-)

(limited to 'src/zenserver/cache/httpstructuredcache.cpp')

diff --git a/src/zenserver/cache/httpstructuredcache.cpp b/src/zenserver/cache/httpstructuredcache.cpp
index b9a9ca380..d5dd28f68 100644
--- a/src/zenserver/cache/httpstructuredcache.cpp
+++ b/src/zenserver/cache/httpstructuredcache.cpp
@@ -996,8 +996,12 @@ HttpStructuredCacheService::HandleGetCacheRecord(HttpServerRequest& Request, con
 
 				if (Success && StoreLocal)
 				{
-					m_CacheStore.Put(RequestContext, Ref.Namespace, Ref.BucketSegment, Ref.HashKey, ClientResultValue, {}, nullptr);
-					m_CacheStats.WriteCount++;
+					const bool Overwrite = !EnumHasAllFlags(PolicyFromUrl, CachePolicy::QueryLocal);
+					if (m_CacheStore
+							.Put(RequestContext, Ref.Namespace, Ref.BucketSegment, Ref.HashKey, ClientResultValue, {}, Overwrite, nullptr))
+					{
+						m_CacheStats.WriteCount++;
+					}
 				}
 			}
 			else if (AcceptType == ZenContentType::kCbPackage)
@@ -1082,30 +1086,34 @@ HttpStructuredCacheService::HandleGetCacheRecord(HttpServerRequest& Request, con
 
 						if (StoreLocal)
 						{
-							m_CacheStore.Put(RequestContext,
-											 Ref.Namespace,
-											 Ref.BucketSegment,
-											 Ref.HashKey,
-											 CacheValue,
-											 ReferencedAttachments,
-											 nullptr);
-							m_CacheStats.WriteCount++;
-
-							if (!WriteAttachmentBuffers.empty())
+							const bool Overwrite = !EnumHasAllFlags(PolicyFromUrl, CachePolicy::QueryLocal);
+							if (m_CacheStore.Put(RequestContext,
+												 Ref.Namespace,
+												 Ref.BucketSegment,
+												 Ref.HashKey,
+												 CacheValue,
+												 ReferencedAttachments,
+												 Overwrite,
+												 nullptr))
 							{
-								std::vector<CidStore::InsertResult> InsertResults =
-									m_CidStore.AddChunks(WriteAttachmentBuffers, WriteRawHashes);
-								for (const CidStore::InsertResult& Result : InsertResults)
+								m_CacheStats.WriteCount++;
+
+								if (!WriteAttachmentBuffers.empty())
 								{
-									if (Result.New)
+									std::vector<CidStore::InsertResult> InsertResults =
+										m_CidStore.AddChunks(WriteAttachmentBuffers, WriteRawHashes);
+									for (const CidStore::InsertResult& Result : InsertResults)
 									{
-										Count.New++;
+										if (Result.New)
+										{
+											Count.New++;
+										}
 									}
 								}
-							}
 
-							WriteAttachmentBuffers = {};
-							WriteRawHashes		   = {};
+								WriteAttachmentBuffers = {};
+								WriteRawHashes		   = {};
+							}
 						}
 
 						BinaryWriter MemStream;
@@ -1224,13 +1232,18 @@ HttpStructuredCacheService::HandlePutCacheRecord(HttpServerRequest& Request, con
 		{
 			RawHash = IoHash::HashBuffer(SharedBuffer(Body));
 		}
-		m_CacheStore.Put(RequestContext,
-						 Ref.Namespace,
-						 Ref.BucketSegment,
-						 Ref.HashKey,
-						 {.Value = Body, .RawSize = RawSize, .RawHash = RawHash},
-						 {},
-						 nullptr);
+		const bool Overwrite = !EnumHasAllFlags(PolicyFromUrl, CachePolicy::QueryLocal);
+		if (!m_CacheStore.Put(RequestContext,
+							  Ref.Namespace,
+							  Ref.BucketSegment,
+							  Ref.HashKey,
+							  {.Value = Body, .RawSize = RawSize, .RawHash = RawHash},
+							  {},
+							  Overwrite,
+							  nullptr))
+		{
+			return Request.WriteResponse(HttpResponseCode::Conflict);
+		}
 		m_CacheStats.WriteCount++;
 
 		if (HasUpstream && EnumHasAllFlags(PolicyFromUrl, CachePolicy::StoreRemote))
@@ -1279,7 +1292,19 @@ HttpStructuredCacheService::HandlePutCacheRecord(HttpServerRequest& Request, con
 			TotalCount++;
 		});
 
-		m_CacheStore.Put(RequestContext, Ref.Namespace, Ref.BucketSegment, Ref.HashKey, {.Value = Body}, ReferencedAttachments, nullptr);
+		const bool Overwrite = !EnumHasAllFlags(PolicyFromUrl, CachePolicy::QueryLocal);
+
+		if (!m_CacheStore.Put(RequestContext,
+							  Ref.Namespace,
+							  Ref.BucketSegment,
+							  Ref.HashKey,
+							  {.Value = Body},
+							  ReferencedAttachments,
+							  Overwrite,
+							  nullptr))
+		{
+			return Request.WriteResponse(HttpResponseCode::Conflict);
+		}
 		m_CacheStats.WriteCount++;
 
 		ZEN_DEBUG("PUTCACHERECORD - '{}/{}/{}' {} '{}' attachments '{}/{}' (valid/total) in {}",
@@ -1372,10 +1397,15 @@ HttpStructuredCacheService::HandlePutCacheRecord(HttpServerRequest& Request, con
 			return Request.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid attachment(s)"sv);
 		}
 
+		const bool Overwrite = !EnumHasAllFlags(Policy, CachePolicy::QueryLocal);
+
 		ZenCacheValue CacheValue;
 		CacheValue.Value = CacheRecord.GetBuffer().AsIoBuffer();
 		CacheValue.Value.SetContentType(ZenContentType::kCbObject);
-		m_CacheStore.Put(RequestContext, Ref.Namespace, Ref.BucketSegment, Ref.HashKey, CacheValue, ReferencedAttachments);
+		if (!m_CacheStore.Put(RequestContext, Ref.Namespace, Ref.BucketSegment, Ref.HashKey, CacheValue, ReferencedAttachments, Overwrite))
+		{
+			return Request.WriteResponse(HttpResponseCode::Conflict);
+		}
 		m_CacheStats.WriteCount++;
 
 		if (!WriteAttachmentBuffers.empty())
-- 
cgit v1.2.3