Skip to content

drive: add block upload verifier token and revision verification endpoint#2

Open
lmwashere wants to merge 1 commit intorclone:masterfrom
lmwashere:master
Open

drive: add block upload verifier token and revision verification endpoint#2
lmwashere wants to merge 1 commit intorclone:masterfrom
lmwashere:master

Conversation

@lmwashere
Copy link

@lmwashere lmwashere commented Feb 25, 2026

Proton's storage backend now requires a Verifier.Token per block when
requesting block upload URLs (POST /drive/blocks). Without it, the storage
server rejects uploads with HTTP 422 / Code=200501 "Operation failed:
Please retry".

This commit adds:

  • RevisionVerification type and BlockUploadVerifier type in block_types.go
  • Verifier field (omitempty) on BlockUploadInfo
  • GetRevisionVerification() method calling the v2 API endpoint:
    GET /drive/v2/volumes/{volumeID}/links/{linkID}/revisions/{revisionID}/verification

The VerificationCode returned by that endpoint is XOR'd with the leading
bytes of each block's ciphertext in Proton-API-Bridge to produce the
per-block token (matching the algorithm in the official Proton Drive JS SDK
in ProtonDriveApps/sdk).

Note: the JS SDK also decrypts each block as a client-side integrity check
before computing the XOR. That step is not implemented here; the server-side
manifest signature still provides end-to-end integrity verification.

Reproducer: rclone copy <file> proton: --verbose
Expected: upload succeeds
Actual: 422 POST fra-storage.proton.me/storage/blocks: Operation failed: Please retry (Code=200501, Status=422)

This fix was identified and generated with Claude Code (AI assistant) by a
non-programmer user. It has not been independently reviewed by a Go or
cryptography expert. Expert review before merging is strongly recommended.

drive: add block upload verifier token and revision verification endp…
27a9a37 
…oint

Proton's storage backend now requires a Verifier.Token per block when
requesting block upload URLs (POST /drive/blocks). Without it, the storage
server rejects uploads with HTTP 422 / Code=200501 "Operation failed:
Please retry".

This commit adds:

- RevisionVerification type and BlockUploadVerifier type in block_types.go
- Verifier field (omitempty) on BlockUploadInfo
- GetRevisionVerification() method calling the v2 API endpoint:
  GET /drive/v2/volumes/{volumeID}/links/{linkID}/revisions/{revisionID}/verification

The VerificationCode returned by that endpoint is XOR'd with the leading
bytes of each block's ciphertext in Proton-API-Bridge to produce the
per-block token (matching the algorithm in the official Proton Drive JS SDK).

Note: the JS SDK also decrypts each block as a client-side integrity check
before computing the XOR. That step is not implemented here; the server-side
manifest signature still provides end-to-end integrity verification.

This fix was identified and generated with Claude Code (AI assistant) by a
non-programmer user. It has not been independently reviewed by a Go or
cryptography expert. Expert review before merging is strongly recommended.

Fixes uploads failing with: 422 POST fra-storage.proton.me/storage/blocks:
Operation failed: Please retry (Code=200501, Status=422)
@lmwashere lmwashere mentioned this pull request Feb 25, 2026
Open
@tomholford tomholford mentioned this pull request Mar 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lmwashere