.github/workflows/ci.yaml

@@ -10,11 +10,11 @@ jobs:
       - name: Checkout sources
         uses: actions/checkout@v2
 
-      - name: Install stable toolchain
+      - name: Install nightly toolchain
         uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: nightly
           override: true
 
       - name: Run cargo check
@@ -29,11 +29,11 @@ jobs:
       - name: Checkout sources
         uses: actions/checkout@v2
 
-      - name: Install stable toolchain
+      - name: Install nightly toolchain
         uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: nightly
           override: true
 
       - name: Run cargo test
@@ -48,11 +48,11 @@ jobs:
       - name: Checkout sources
         uses: actions/checkout@v2
 
-      - name: Install stable toolchain
+      - name: Install nightly toolchain
         uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: stable
+          toolchain: nightly
           override: true
           components: rustfmt, clippy
 

Cargo.toml

@@ -23,7 +23,7 @@ serde_yaml = "0.8.17"
 sha2 = "0.9.3"
 
 [dependencies.rocket]
-version = "0.5.0-dev"
+version = "0.4.7"
 # don't need private-cookies
 default-features = false
 
@@ -31,6 +31,3 @@ default-features = false
 version = "2.33.3"
 # no need for suggestions or color with only one argument
 default-features = false
-
-[patch.crates-io]
-rocket = { git = "https://github.com/SergioBenitez/Rocket", rev = "2893ce754d6535e0a752586e60d7e292343016c0" }

README.md

@@ -26,7 +26,14 @@ truth is effectively removed from any mirror as well.
 `lohr` is [published on crates.io](https://crates.io/crates/lohr), so you can
 install it with `cargo install`:
 
-    $ cargo install lohr
+    $ cargo +nightly install lohr
+
+We currently require a nightly compiler because
+[Rocket](https://github.com/SergioBenitez/Rocket) needs one to compile (a 0.5.0
+which compiles on stable Rust is in the making, stay tuned!). You can install a
+nightly toolchain with the following command:
+
+    $ rustup install nightly
 
 ## Setup
 

flake.lock

@@ -31,6 +31,43 @@
         "type": "github"
       }
     },
+    "mozillapkgs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1603906276,
+        "narHash": "sha256-RsNPnEKd7BcogwkqhaV5kI/HuNC4flH/OQCC/4W5y/8=",
+        "owner": "mozilla",
+        "repo": "nixpkgs-mozilla",
+        "rev": "8c007b60731c07dd7a052cce508de3bb1ae849b4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mozilla",
+        "repo": "nixpkgs-mozilla",
+        "type": "github"
+      }
+    },
+    "naersk": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1614785451,
+        "narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=",
+        "owner": "nmattia",
+        "repo": "naersk",
+        "rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nmattia",
+        "ref": "master",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1616670887,
@@ -51,6 +88,8 @@
       "inputs": {
         "flake-compat": "flake-compat",
         "flake-utils": "flake-utils",
+        "mozillapkgs": "mozillapkgs",
+        "naersk": "naersk",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -1,5 +1,13 @@
 {
   inputs = {
+    naersk = {
+      url = "github:nmattia/naersk/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    mozillapkgs = {
+      url = "github:mozilla/nixpkgs-mozilla";
+      flake = false;
+    };
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     flake-utils.url = "github:numtide/flake-utils";
     flake-compat = {
@@ -8,19 +16,27 @@
     };
   };
 
-  outputs = { self, nixpkgs, flake-utils, ... }:
+  outputs = { self, naersk, mozillapkgs, nixpkgs, flake-utils, ... }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = import nixpkgs { inherit system; };
+
+        mozilla = pkgs.callPackage (mozillapkgs + "/package-set.nix") { };
+        rustNightly = (mozilla.rustChannelOf {
+          date = "2021-03-29";
+          channel = "nightly";
+          sha256 = "sha256-Y94CnslybZgiZlNVV6Cg0TUPV2OeDXakPev1kqdt9Kk=";
+        }).rust;
+
+        naersk-lib = pkgs.callPackage naersk {
+          cargo = rustNightly;
+          rustc = rustNightly;
+        };
       in
       {
-        defaultPackage = pkgs.rustPlatform.buildRustPackage {
-          pname = "lohr";
-          version = "0.3.1";
-
+        defaultPackage = naersk-lib.buildPackage {
           src = ./.;
-
-          cargoSha256 = "sha256-XnBvb13Pv7bNTLCL3WV+bxRK0/uMEKA1/Bk0Tfua3Rs=";
+          pname = "lohr";
 
           meta = with pkgs.lib; {
             description = "A Git mirroring tool";
@@ -36,12 +52,10 @@
 
         devShell = pkgs.mkShell {
           buildInputs = with pkgs; [
-            cargo
-            clippy
             nixpkgs-fmt
             pre-commit
             rustPackages.clippy
-            rustc
+            rustNightly
             rustfmt
           ];
 

rust-toolchain

@@ -1 +1 @@
-stable
+nightly

src/main.rs

@@ -1,3 +1,5 @@
+#![feature(proc_macro_hygiene, decl_macro)]
+
 use std::env;
 use std::fs::File;
 use std::path::{Path, PathBuf};
@@ -90,8 +92,7 @@ fn parse_config(home: &Path, flags: &clap::ArgMatches) -> anyhow::Result<GlobalS
     serde_yaml::from_reader(file).context("could not parse configuration file")
 }
 
-#[rocket::main]
-async fn main() -> anyhow::Result<()> {
+fn main() -> anyhow::Result<()> {
     let matches = App::new("lohr")
         .version(crate_version!())
         .about("Git mirroring daemon")
@@ -126,8 +127,7 @@ async fn main() -> anyhow::Result<()> {
         .manage(JobSender(Mutex::new(sender)))
         .manage(Secret(secret))
         .manage(config_state)
-        .launch()
-        .await?;
+        .launch();
 
     Ok(())
 }

src/signature.rs

@@ -1,17 +1,20 @@
 use std::{
-    io,
+    io::Read,
     ops::{Deref, DerefMut},
 };
 
 use rocket::{
-    data::{ByteUnit, FromData, Outcome},
+    data::{FromData, Outcome},
     http::ContentType,
     State,
 };
-use rocket::{http::Status, local_cache};
+use rocket::{
+    data::{Transform, Transformed},
+    http::Status,
+};
 use rocket::{Data, Request};
 
-use anyhow::{anyhow, Context};
+use anyhow::anyhow;
 use serde::Deserialize;
 
 use crate::Secret;
@@ -50,29 +53,37 @@ impl<T> DerefMut for SignedJson<T> {
     }
 }
 
-const LIMIT: ByteUnit = ByteUnit::Mebibyte(1);
-
-impl<'r, T: Deserialize<'r>> SignedJson<T> {
-    fn from_str(s: &'r str) -> anyhow::Result<Self> {
-        serde_json::from_str(s)
-            .map(SignedJson)
-            .context("could not parse json")
-    }
-}
+const LIMIT: u64 = 1 << 20;
 
 // This is a one to one implementation of request_contrib::Json's FromData, but with HMAC
 // validation.
 //
 // Tracking issue for chaining Data guards to avoid this:
 // https://github.com/SergioBenitez/Rocket/issues/775
-#[rocket::async_trait]
-impl<'r, T> FromData<'r> for SignedJson<T>
+impl<'a, T> FromData<'a> for SignedJson<T>
 where
-    T: Deserialize<'r>,
+    T: Deserialize<'a>,
 {
     type Error = anyhow::Error;
+    type Owned = String;
+    type Borrowed = str;
 
-    async fn from_data(request: &'r Request<'_>, data: Data) -> Outcome<Self, Self::Error> {
+    fn transform(
+        request: &Request,
+        data: Data,
+    ) -> rocket::data::Transform<Outcome<Self::Owned, Self::Error>> {
+        let size_limit = request.limits().get("json").unwrap_or(LIMIT);
+        let mut s = String::with_capacity(512);
+        match data.open().take(size_limit).read_to_string(&mut s) {
+            Ok(_) => Transform::Borrowed(Outcome::Success(s)),
+            Err(e) => Transform::Borrowed(Outcome::Failure((
+                Status::BadRequest,
+                anyhow!("couldn't read json: {}", e),
+            ))),
+        }
+    }
+
+    fn from_data(request: &Request, o: Transformed<'a, Self>) -> Outcome<Self, Self::Error> {
         let json_ct = ContentType::new("application", "json");
         if request.content_type() != Some(&json_ct) {
             return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
@@ -86,31 +97,26 @@ where
             ));
         }
 
-        let size_limit = request.limits().get("json").unwrap_or(LIMIT);
-        let content = match data.open(size_limit).into_string().await {
-            Ok(s) if s.is_complete() => s.into_inner(),
-            Ok(_) => {
-                let eof = io::ErrorKind::UnexpectedEof;
-                return Outcome::Failure((
-                    Status::PayloadTooLarge,
-                    io::Error::new(eof, "data limit exceeded").into(),
-                ));
-            }
-            Err(e) => return Outcome::Failure((Status::BadRequest, e.into())),
-        };
-
         let signature = signatures[0];
-        let secret = request.guard::<State<Secret>>().await.unwrap();
 
-        if !validate_signature(&secret.0, &signature, &content) {
+        let content = o.borrowed()?;
+
+        let secret = request.guard::<State<Secret>>().unwrap();
+
+        if !validate_signature(&secret.0, &signature, content) {
             return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
         }
 
-        let content = match Self::from_str(local_cache!(request, content)) {
-            Ok(content) => Outcome::Success(content),
-            Err(e) => Outcome::Failure((Status::BadRequest, e)),
+        let content = match serde_json::from_str(content) {
+            Ok(content) => content,
+            Err(e) => {
+                return Outcome::Failure((
+                    Status::BadRequest,
+                    anyhow!("couldn't parse json: {}", e),
+                ))
+            }
         };
 
-        content
+        Outcome::Success(SignedJson(content))
     }
 }