refactor(bare): enhance security and performance optimizations

- Remove unnecessary sorting in advertise_refs for deterministic output
- Add path traversal detection and validation in bare_dir construction
- Implement symlink resolution checks to prevent security vulnerabilities
- Refactor cache system with CRC validation and improved metrics
- Integrate repo-specific cache invalidation using indexed keys
- Add comprehensive unit tests for commit operations and diff functionality
- Move configuration constants to centralized config module
- Optimize string operations in disk cache random value generation
- Enhance license detection algorithm with cleaner matching logic
- Streamline argument processing in various git operations
- Update dependencies including crc32fast and flate2 for performance
- Add signal handling capability to tokio runtime configuration

commit/create_commit.rs

@@ -8,9 +8,7 @@ use crate::pb::{
 
 impl GitBare {
     pub fn create_commit(&self, request: CreateCommitRequest) -> GitResult<CreateCommitResponse> {
-        // Validate branch name to prevent command injection
         crate::sanitize::validate_ref_name(&request.branch)?;
-        // Validate start_revision if provided
         if let Some(rev) = request.start_revision.as_ref() {
             match rev.selector.as_ref() {
                 Some(object_selector::Selector::Revision(name)) => {
@@ -23,11 +21,11 @@ impl GitBare {
             }
         }
 
-        const MAX_ACTIONS_PER_COMMIT: usize = 10_000;
-        if request.actions.len() > MAX_ACTIONS_PER_COMMIT {
+        if request.actions.len() > crate::config::MAX_ACTIONS_PER_COMMIT {
             return Err(GitError::InvalidArgument(format!(
-                "too many commit actions ({} > max {MAX_ACTIONS_PER_COMMIT})",
-                request.actions.len()
+                "too many commit actions ({} > max {})",
+                request.actions.len(),
+                crate::config::MAX_ACTIONS_PER_COMMIT,
             )));
         }
 
@@ -168,15 +166,14 @@ impl GitBare {
         index_path: &str,
         action: &crate::pb::CreateCommitAction,
     ) -> GitResult<()> {
-        const MAX_ACTION_CONTENT_BYTES: usize = 100 * 1024 * 1024;
-        if action.content.len() > MAX_ACTION_CONTENT_BYTES {
+        if action.content.len() > crate::config::MAX_ACTION_CONTENT_BYTES {
             return Err(GitError::InvalidArgument(format!(
-                "action content too large ({} bytes, max {MAX_ACTION_CONTENT_BYTES})",
-                action.content.len()
+                "action content too large ({} bytes, max {})",
+                action.content.len(),
+                crate::config::MAX_ACTION_CONTENT_BYTES,
             )));
         }
 
-        // Validate file paths to prevent command injection / traversal
         if !action.file_path.is_empty() {
             crate::sanitize::validate_file_path(&action.file_path)?;
         }
@@ -341,11 +338,11 @@ impl GitBare {
         author: Option<&crate::pb::Signature>,
         committer: Option<&crate::pb::Signature>,
     ) -> GitResult<String> {
-        const MAX_COMMIT_MESSAGE_BYTES: usize = 10 * 1024 * 1024;
-        if message.len() > MAX_COMMIT_MESSAGE_BYTES {
+        if message.len() > crate::config::MAX_COMMIT_MESSAGE_BYTES {
             return Err(GitError::InvalidArgument(format!(
-                "commit message too large ({} bytes, max {MAX_COMMIT_MESSAGE_BYTES})",
-                message.len()
+                "commit message too large ({} bytes, max {})",
+                message.len(),
+                crate::config::MAX_COMMIT_MESSAGE_BYTES,
             )));
         }