alarsyo/lohr
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: alarsyo:3fedfa3342bf8bfd55a0abd2de291d1d178ec757
Branches Tags
alarsyo:main
alarsyo:ci-cachix
alarsyo:fix-flake
alarsyo:rocket-stable
alarsyo:v0.4.5
alarsyo:v0.4.4
alarsyo:v0.4.3
alarsyo:v0.4.2
alarsyo:v0.4.1
alarsyo:v0.4.0
alarsyo:v0.3.3
alarsyo:v0.3.2
alarsyo:v0.3.1
alarsyo:v0.3.0
alarsyo:v0.2.1
alarsyo:v0.2.0
..
compare: alarsyo:da20e2c9ac27aa5c359e8edf18cbfc40d9819af9
Branches Tags
alarsyo:main
alarsyo:ci-cachix
alarsyo:fix-flake
alarsyo:rocket-stable
alarsyo:v0.4.5
alarsyo:v0.4.4
alarsyo:v0.4.3
alarsyo:v0.4.2
alarsyo:v0.4.1
alarsyo:v0.4.0
alarsyo:v0.3.3
alarsyo:v0.3.2
alarsyo:v0.3.1
alarsyo:v0.3.0
alarsyo:v0.2.1
alarsyo:v0.2.0

No commits in common. "3fedfa3342bf8bfd55a0abd2de291d1d178ec757" and "da20e2c9ac27aa5c359e8edf18cbfc40d9819af9" have entirely different histories.
3fedfa3342 ... da20e2c9ac

9 changed files with 312 additions and 1014 deletions
Show stats Expand all files Collapse all files

12
.github/workflows/ci.yaml vendored
View file

@ -10,11 +10,11 @@ jobs:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install nightly toolchain
uses: actions-rs/toolchain@v1 uses: actions-rs/toolchain@v1
with: with:
profile: minimal profile: minimal
toolchain: stable toolchain: nightly
override: true override: true
- name: Run cargo check - name: Run cargo check
@ -29,11 +29,11 @@ jobs:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install nightly toolchain
uses: actions-rs/toolchain@v1 uses: actions-rs/toolchain@v1
with: with:
profile: minimal profile: minimal
toolchain: stable toolchain: nightly
override: true override: true
- name: Run cargo test - name: Run cargo test
@ -48,11 +48,11 @@ jobs:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install nightly toolchain
uses: actions-rs/toolchain@v1 uses: actions-rs/toolchain@v1
with: with:
profile: minimal profile: minimal
toolchain: stable toolchain: nightly
override: true override: true
components: rustfmt, clippy components: rustfmt, clippy

1139
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

5
Cargo.toml
View file

@ -23,7 +23,7 @@ serde_yaml = "0.8.17"
sha2 = "0.9.3" sha2 = "0.9.3"
[dependencies.rocket] [dependencies.rocket]
version = "0.5.0-dev" version = "0.4.7"
# don't need private-cookies # don't need private-cookies
default-features = false default-features = false
@ -31,6 +31,3 @@ default-features = false
version = "2.33.3" version = "2.33.3"
# no need for suggestions or color with only one argument # no need for suggestions or color with only one argument
default-features = false default-features = false
[patch.crates-io]
rocket = { git = "https://github.com/SergioBenitez/Rocket", rev = "2893ce754d6535e0a752586e60d7e292343016c0" }

9
README.md
View file

@ -26,7 +26,14 @@ truth is effectively removed from any mirror as well.
`lohr` is [published on crates.io](https://crates.io/crates/lohr), so you can `lohr` is [published on crates.io](https://crates.io/crates/lohr), so you can
install it with `cargo install`: install it with `cargo install`:
$ cargo install lohr $ cargo +nightly install lohr
We currently require a nightly compiler because
[Rocket](https://github.com/SergioBenitez/Rocket) needs one to compile (a 0.5.0
which compiles on stable Rust is in the making, stay tuned!). You can install a
nightly toolchain with the following command:
$ rustup install nightly
## Setup ## Setup

39
flake.lock
View file

@ -31,6 +31,43 @@
"type": "github" "type": "github"
} }
}, },
"mozillapkgs": {
"flake": false,
"locked": {
"lastModified": 1603906276,
"narHash": "sha256-RsNPnEKd7BcogwkqhaV5kI/HuNC4flH/OQCC/4W5y/8=",
"owner": "mozilla",
"repo": "nixpkgs-mozilla",
"rev": "8c007b60731c07dd7a052cce508de3bb1ae849b4",
"type": "github"
},
"original": {
"owner": "mozilla",
"repo": "nixpkgs-mozilla",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1614785451,
"narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=",
"owner": "nmattia",
"repo": "naersk",
"rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9",
"type": "github"
},
"original": {
"owner": "nmattia",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1616670887, "lastModified": 1616670887,
@ -51,6 +88,8 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"mozillapkgs": "mozillapkgs",
"naersk": "naersk",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
} }

34
flake.nix
View file

@ -1,5 +1,13 @@
{ {
inputs = { inputs = {
naersk = {
url = "github:nmattia/naersk/master";
inputs.nixpkgs.follows = "nixpkgs";
};
mozillapkgs = {
url = "github:mozilla/nixpkgs-mozilla";
flake = false;
};
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
flake-compat = { flake-compat = {
@ -8,19 +16,27 @@
}; };
}; };
outputs = { self, nixpkgs, flake-utils, ... }: outputs = { self, naersk, mozillapkgs, nixpkgs, flake-utils, ... }:
flake-utils.lib.eachDefaultSystem (system: flake-utils.lib.eachDefaultSystem (system:
let let
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; };
mozilla = pkgs.callPackage (mozillapkgs + "/package-set.nix") { };
rustNightly = (mozilla.rustChannelOf {
date = "2021-03-29";
channel = "nightly";
sha256 = "sha256-Y94CnslybZgiZlNVV6Cg0TUPV2OeDXakPev1kqdt9Kk=";
}).rust;
naersk-lib = pkgs.callPackage naersk {
cargo = rustNightly;
rustc = rustNightly;
};
in in
{ {
defaultPackage = pkgs.rustPlatform.buildRustPackage { defaultPackage = naersk-lib.buildPackage {
pname = "lohr";
version = "0.3.1";
src = ./.; src = ./.;
pname = "lohr";
cargoSha256 = "sha256-XnBvb13Pv7bNTLCL3WV+bxRK0/uMEKA1/Bk0Tfua3Rs=";
meta = with pkgs.lib; { meta = with pkgs.lib; {
description = "A Git mirroring tool"; description = "A Git mirroring tool";
@ -36,12 +52,10 @@
devShell = pkgs.mkShell { devShell = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
cargo
clippy
nixpkgs-fmt nixpkgs-fmt
pre-commit pre-commit
rustPackages.clippy rustPackages.clippy
rustc rustNightly
rustfmt rustfmt
]; ];

2
rust-toolchain
View file

@ -1 +1 @@
stable nightly

8
src/main.rs
View file

@ -1,3 +1,5 @@
#![feature(proc_macro_hygiene, decl_macro)]
use std::env; use std::env;
use std::fs::File; use std::fs::File;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
@ -90,8 +92,7 @@ fn parse_config(home: &Path, flags: &clap::ArgMatches) -> anyhow::Result<GlobalS
serde_yaml::from_reader(file).context("could not parse configuration file") serde_yaml::from_reader(file).context("could not parse configuration file")
} }
#[rocket::main] fn main() -> anyhow::Result<()> {
async fn main() -> anyhow::Result<()> {
let matches = App::new("lohr") let matches = App::new("lohr")
.version(crate_version!()) .version(crate_version!())
.about("Git mirroring daemon") .about("Git mirroring daemon")
@ -126,8 +127,7 @@ async fn main() -> anyhow::Result<()> {
.manage(JobSender(Mutex::new(sender))) .manage(JobSender(Mutex::new(sender)))
.manage(Secret(secret)) .manage(Secret(secret))
.manage(config_state) .manage(config_state)
.launch() .launch();
.await?;
Ok(()) Ok(())
} }

78
src/signature.rs
View file

@ -1,17 +1,20 @@
use std::{ use std::{
io, io::Read,
ops::{Deref, DerefMut}, ops::{Deref, DerefMut},
}; };
use rocket::{ use rocket::{
data::{ByteUnit, FromData, Outcome}, data::{FromData, Outcome},
http::ContentType, http::ContentType,
State, State,
}; };
use rocket::{http::Status, local_cache}; use rocket::{
data::{Transform, Transformed},
http::Status,
};
use rocket::{Data, Request}; use rocket::{Data, Request};
use anyhow::{anyhow, Context}; use anyhow::anyhow;
use serde::Deserialize; use serde::Deserialize;
use crate::Secret; use crate::Secret;
@ -50,29 +53,37 @@ impl<T> DerefMut for SignedJson<T> {
} }
} }
const LIMIT: ByteUnit = ByteUnit::Mebibyte(1); const LIMIT: u64 = 1 << 20;
impl<'r, T: Deserialize<'r>> SignedJson<T> {
fn from_str(s: &'r str) -> anyhow::Result<Self> {
serde_json::from_str(s)
.map(SignedJson)
.context("could not parse json")
}
}
// This is a one to one implementation of request_contrib::Json's FromData, but with HMAC // This is a one to one implementation of request_contrib::Json's FromData, but with HMAC
// validation. // validation.
// //
// Tracking issue for chaining Data guards to avoid this: // Tracking issue for chaining Data guards to avoid this:
// https://github.com/SergioBenitez/Rocket/issues/775 // https://github.com/SergioBenitez/Rocket/issues/775
#[rocket::async_trait] impl<'a, T> FromData<'a> for SignedJson<T>
impl<'r, T> FromData<'r> for SignedJson<T>
where where
T: Deserialize<'r>, T: Deserialize<'a>,
{ {
type Error = anyhow::Error; type Error = anyhow::Error;
type Owned = String;
type Borrowed = str;
async fn from_data(request: &'r Request<'_>, data: Data) -> Outcome<Self, Self::Error> { fn transform(
request: &Request,
data: Data,
) -> rocket::data::Transform<Outcome<Self::Owned, Self::Error>> {
let size_limit = request.limits().get("json").unwrap_or(LIMIT);
let mut s = String::with_capacity(512);
match data.open().take(size_limit).read_to_string(&mut s) {
Ok(_) => Transform::Borrowed(Outcome::Success(s)),
Err(e) => Transform::Borrowed(Outcome::Failure((
Status::BadRequest,
anyhow!("couldn't read json: {}", e),
))),
}
}
fn from_data(request: &Request, o: Transformed<'a, Self>) -> Outcome<Self, Self::Error> {
let json_ct = ContentType::new("application", "json"); let json_ct = ContentType::new("application", "json");
if request.content_type() != Some(&json_ct) { if request.content_type() != Some(&json_ct) {
return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type"))); return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
@ -86,31 +97,26 @@ where
)); ));
} }
let size_limit = request.limits().get("json").unwrap_or(LIMIT);
let content = match data.open(size_limit).into_string().await {
Ok(s) if s.is_complete() => s.into_inner(),
Ok(_) => {
let eof = io::ErrorKind::UnexpectedEof;
return Outcome::Failure((
Status::PayloadTooLarge,
io::Error::new(eof, "data limit exceeded").into(),
));
}
Err(e) => return Outcome::Failure((Status::BadRequest, e.into())),
};
let signature = signatures[0]; let signature = signatures[0];
let secret = request.guard::<State<Secret>>().await.unwrap();
if !validate_signature(&secret.0, &signature, &content) { let content = o.borrowed()?;
let secret = request.guard::<State<Secret>>().unwrap();
if !validate_signature(&secret.0, &signature, content) {
return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature"))); return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
} }
let content = match Self::from_str(local_cache!(request, content)) { let content = match serde_json::from_str(content) {
Ok(content) => Outcome::Success(content), Ok(content) => content,
Err(e) => Outcome::Failure((Status::BadRequest, e)), Err(e) => {
return Outcome::Failure((
Status::BadRequest,
anyhow!("couldn't parse json: {}", e),
))
}
}; };
content Outcome::Success(SignedJson(content))
} }
} }