Compare commits

..

No commits in common. "main" and "rocket-stable" have entirely different histories.

13 changed files with 684 additions and 870 deletions

View file

@ -1,20 +0,0 @@
name: "Cachix build"
on:
workflow_dispatch:
push:
paths:
- 'flake.nix'
- 'flake.lock'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
- uses: cachix/cachix-action@v12
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: |
nix build --verbose

View file

@ -1,4 +1,4 @@
on: [push, pull_request, workflow_dispatch] on: [push, pull_request]
name: CI name: CI
@ -8,34 +8,62 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v4 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- run: cargo check - name: Run cargo check
uses: actions-rs/cargo@v1
with:
command: check
test: test:
name: Test Suite name: Test Suite
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v4 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- run: cargo test - name: Run cargo test
uses: actions-rs/cargo@v1
with:
command: test
lints: lints:
name: Lints name: Lints
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v4 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
components: rustfmt, clippy
- run: cargo fmt --all -- --check - name: Run cargo fmt
- run: cargo clippy --all-features -- -D warnings uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
- name: Run cargo clippy
uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: --all-features -- -D warnings

1391
Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -1,13 +1,12 @@
[package] [package]
name = "lohr" name = "lohr"
version = "0.4.5" version = "0.3.3"
authors = ["Antoine Martin <antoine@alarsyo.net>"] authors = ["Antoine Martin <antoine@alarsyo.net>"]
edition = "2018" edition = "2018"
license = "Apache-2.0 OR MIT" license = "Apache-2.0 OR MIT"
description = "A Git mirroring daemon" description = "A Git mirroring daemon"
homepage = "https://github.com/alarsyo/lohr" homepage = "https://github.com/alarsyo/lohr"
repository = "https://github.com/alarsyo/lohr" repository = "https://github.com/alarsyo/lohr"
resolver = "2"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@ -24,7 +23,7 @@ serde_yaml = "0.8.17"
sha2 = "0.9.3" sha2 = "0.9.3"
[dependencies.rocket] [dependencies.rocket]
version = "0.5.0" version = "0.5.0-dev"
# don't need private-cookies # don't need private-cookies
default-features = false default-features = false
@ -32,3 +31,6 @@ default-features = false
version = "2.33.3" version = "2.33.3"
# no need for suggestions or color with only one argument # no need for suggestions or color with only one argument
default-features = false default-features = false
[patch.crates-io]
rocket = { git = "https://github.com/SergioBenitez/Rocket", rev = "2893ce754d6535e0a752586e60d7e292343016c0" }

View file

@ -28,10 +28,6 @@ install it with `cargo install`:
$ cargo install lohr $ cargo install lohr
Note: currently this method won't get you the latest version of `lohr`, as it
depends on Rocket v0.5.0, which isn't released yet. Updated versions of `lohr`
will be published on crates.io as soon as Rocket v0.5.0 releases.
## Setup ## Setup
### Quickstart ### Quickstart

View file

@ -3,11 +3,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1606424373,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -17,15 +17,12 @@
} }
}, },
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1614513358,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,11 +33,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1702272962, "lastModified": 1616670887,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "narHash": "sha256-wn+l9qJfR5sj5Gq4DheJHAcBDfOs9K2p9seW2f35xzs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "rev": "c0e881852006b132236cbf0301bd1939bb50867e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -56,21 +53,6 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -16,11 +16,11 @@
{ {
defaultPackage = pkgs.rustPlatform.buildRustPackage { defaultPackage = pkgs.rustPlatform.buildRustPackage {
pname = "lohr"; pname = "lohr";
version = "0.4.5"; version = "0.3.1";
src = ./.; src = ./.;
cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk="; cargoSha256 = "sha256-XnBvb13Pv7bNTLCL3WV+bxRK0/uMEKA1/Bk0Tfua3Rs=";
meta = with pkgs.lib; { meta = with pkgs.lib; {
description = "A Git mirroring tool"; description = "A Git mirroring tool";
@ -43,7 +43,6 @@
rustPackages.clippy rustPackages.clippy
rustc rustc
rustfmt rustfmt
rust-analyzer
]; ];
RUST_SRC_PATH = pkgs.rustPlatform.rustLibSrc; RUST_SRC_PATH = pkgs.rustPlatform.rustLibSrc;

1
rust-toolchain Normal file
View file

@ -0,0 +1 @@
stable

View file

@ -1,2 +0,0 @@
[toolchain]
channel = "stable"

View file

@ -2,8 +2,9 @@ use serde::Deserialize;
#[derive(Clone, Deserialize)] #[derive(Clone, Deserialize)]
pub(crate) struct Repository { pub(crate) struct Repository {
pub(crate) name: String,
pub(crate) full_name: String, pub(crate) full_name: String,
pub(crate) ssh_url: String, pub(crate) clone_url: String,
} }
#[derive(Deserialize)] #[derive(Deserialize)]

View file

@ -38,7 +38,7 @@ impl Job {
let output = Command::new("git") let output = Command::new("git")
.arg("clone") .arg("clone")
.arg("--mirror") .arg("--mirror")
.arg(&self.repo.ssh_url) .arg(&self.repo.clone_url)
.arg(format!("{}", self.local_path.as_ref().unwrap().display())) .arg(format!("{}", self.local_path.as_ref().unwrap().display()))
.output()?; .output()?;

View file

@ -30,8 +30,8 @@ struct Secret(String);
#[post("/", data = "<payload>")] #[post("/", data = "<payload>")]
fn gitea_webhook( fn gitea_webhook(
payload: SignedJson<GiteaWebHook>, payload: SignedJson<GiteaWebHook>,
sender: &State<JobSender>, sender: State<JobSender>,
config: &State<GlobalSettings>, config: State<GlobalSettings>,
) -> Status { ) -> Status {
if config if config
.blacklist .blacklist
@ -121,7 +121,7 @@ async fn main() -> anyhow::Result<()> {
repo_updater(receiver, homedir, config); repo_updater(receiver, homedir, config);
}); });
rocket::build() rocket::ignite()
.mount("/", routes![gitea_webhook]) .mount("/", routes![gitea_webhook])
.manage(JobSender(Mutex::new(sender))) .manage(JobSender(Mutex::new(sender)))
.manage(Secret(secret)) .manage(Secret(secret))

View file

@ -8,7 +8,7 @@ use rocket::{
http::ContentType, http::ContentType,
State, State,
}; };
use rocket::{http::Status, request::local_cache}; use rocket::{http::Status, local_cache};
use rocket::{Data, Request}; use rocket::{Data, Request};
use anyhow::{anyhow, Context}; use anyhow::{anyhow, Context};
@ -72,15 +72,15 @@ where
{ {
type Error = anyhow::Error; type Error = anyhow::Error;
async fn from_data(request: &'r Request<'_>, data: Data<'r>) -> Outcome<'r, Self> { async fn from_data(request: &'r Request<'_>, data: Data) -> Outcome<Self, Self::Error> {
let json_ct = ContentType::new("application", "json"); let json_ct = ContentType::new("application", "json");
if request.content_type() != Some(&json_ct) { if request.content_type() != Some(&json_ct) {
return Outcome::Error((Status::BadRequest, anyhow!("wrong content type"))); return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
} }
let signatures = request.headers().get(X_GITEA_SIGNATURE).collect::<Vec<_>>(); let signatures = request.headers().get(X_GITEA_SIGNATURE).collect::<Vec<_>>();
if signatures.len() != 1 { if signatures.len() != 1 {
return Outcome::Error(( return Outcome::Failure((
Status::BadRequest, Status::BadRequest,
anyhow!("request header needs exactly one signature"), anyhow!("request header needs exactly one signature"),
)); ));
@ -91,24 +91,26 @@ where
Ok(s) if s.is_complete() => s.into_inner(), Ok(s) if s.is_complete() => s.into_inner(),
Ok(_) => { Ok(_) => {
let eof = io::ErrorKind::UnexpectedEof; let eof = io::ErrorKind::UnexpectedEof;
return Outcome::Error(( return Outcome::Failure((
Status::PayloadTooLarge, Status::PayloadTooLarge,
io::Error::new(eof, "data limit exceeded").into(), io::Error::new(eof, "data limit exceeded").into(),
)); ));
} }
Err(e) => return Outcome::Error((Status::BadRequest, e.into())), Err(e) => return Outcome::Failure((Status::BadRequest, e.into())),
}; };
let signature = signatures[0]; let signature = signatures[0];
let secret = request.guard::<&State<Secret>>().await.unwrap(); let secret = request.guard::<State<Secret>>().await.unwrap();
if !validate_signature(&secret.0, signature, &content) { if !validate_signature(&secret.0, &signature, &content) {
return Outcome::Error((Status::BadRequest, anyhow!("couldn't verify signature"))); return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
} }
match Self::from_str(local_cache!(request, content)) { let content = match Self::from_str(local_cache!(request, content)) {
Ok(content) => Outcome::Success(content), Ok(content) => Outcome::Success(content),
Err(e) => Outcome::Error((Status::BadRequest, e)), Err(e) => Outcome::Failure((Status::BadRequest, e)),
} };
content
} }
} }