refactor(bare): enhance security and performance optimizations

- Remove unnecessary sorting in advertise_refs for deterministic output - Add path traversal detection and validation in bare_dir construction - Implement symlink resolution checks to prevent security vulnerabilities - Refactor cache system with CRC validation and improved metrics - Integrate repo-specific cache invalidation using indexed keys - Add comprehensive unit tests for commit operations and diff functionality - Move configuration constants to centralized config module - Optimize string operations in disk cache random value generation - Enhance license detection algorithm with cleaner matching logic - Streamline argument processing in various git operations - Update dependencies including crc32fast and flate2 for performance - Add signal handling capability to tokio runtime configuration
2026-06-12 15:04:12 +08:00
parent e386f44ee2
commit 10a4398e81
41 changed files with 1373 additions and 365 deletions
@@ -27,7 +27,6 @@ impl GitBare {
            format!("{base}...{head}")
        };

-        // Build base rev-list args
        let mut base_args = vec![
            "--git-dir".to_string(),
            self.bare_dir.to_string_lossy().into_owned(),
@@ -38,10 +37,8 @@ impl GitBare {
        }
        base_args.push(range);

-        // 1. Total count
        let total = {
            let mut args = base_args.clone();
-            // Insert after "rev-list" (index 2)
            args.insert(3, "--count".into());
            let result = duct::cmd("git", &args)
                .stdout_capture()
@@ -60,7 +57,6 @@ impl GitBare {
                .unwrap_or(0)
        };

-        // 2. Git-side pagination
        let page_size = request
            .pagination
            .as_ref()
@@ -81,7 +77,6 @@ impl GitBare {
            .min(total);

        let mut fetch_args = base_args;
-        // Insert after "rev-list" (index 2)
        fetch_args.insert(3, format!("--skip={start_offset}"));
        fetch_args.insert(4, format!("-n{page_size}"));

@@ -104,7 +99,6 @@ impl GitBare {
            .map(ToOwned::to_owned)
            .collect();

-        // 3. Batch-read commits via gix (one repo open, no subprocess per commit)
        let mut commits = Vec::with_capacity(page_ids.len());
        for id in &page_ids {
            commits.push(read_commit_from_repo(self, &repo, id)?);