gitdata.ai/gitks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(bare): enhance security and performance optimizations

Browse Source 
- Remove unnecessary sorting in advertise_refs for deterministic output
- Add path traversal detection and validation in bare_dir construction
- Implement symlink resolution checks to prevent security vulnerabilities
- Refactor cache system with CRC validation and improved metrics
- Integrate repo-specific cache invalidation using indexed keys
- Add comprehensive unit tests for commit operations and diff functionality
- Move configuration constants to centralized config module
- Optimize string operations in disk cache random value generation
- Enhance license detection algorithm with cleaner matching logic
- Streamline argument processing in various git operations
- Update dependencies including crc32fast and flate2 for performance
- Add signal handling capability to tokio runtime configuration
This commit is contained in:
zhenyi
2026-06-12 15:04:12 +08:00
parent e386f44ee2
commit 10a4398e81
41 changed files with 1373 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pack/receive_pack.rs
+1 -9
View File
@@ -1,5 +1,4 @@
use std::process::Stdio;
use std::time::Duration;
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio::process::Command;
@@ -8,13 +7,9 @@ use tokio_stream::wrappers::ReceiverStream;
use super::CancellableReceiverStream;
use crate::bare::GitBare;
use crate::config::{MAX_RECEIVE_PACKET_BYTES, MAX_RECEIVE_STDERR_BYTES, RECEIVE_PACK_TIMEOUT};
use crate::pb::ReceivePackResponse;
/// Maximum time allowed for a git receive-pack process before it is killed.
const RECEIVE_PACK_TIMEOUT: Duration = Duration::from_secs(1800); // 30 minutes
const MAX_RECEIVE_PACKET_BYTES: usize = 16 * 1024 * 1024;
const MAX_RECEIVE_STDERR_BYTES: u64 = 64 * 1024;
impl GitBare {
/// Receive pack data using git-receive-pack with true concurrent streaming.
///
@@ -41,7 +36,6 @@ impl GitBare {
let (tx, rx) = tokio::sync::mpsc::channel(16);
// Use a cancellation token to track client disconnect
let cancel_token = tokio_util::sync::CancellationToken::new();
let cancel_token_clone = cancel_token.clone();
@@ -154,7 +148,6 @@ impl GitBare {
}
};
// Run all three concurrently with timeout
let _process_future = tokio::join!(stdin_task, stdout_task, stderr_task);
match tokio::time::timeout(RECEIVE_PACK_TIMEOUT, child.wait()).await {
@@ -189,7 +182,6 @@ impl GitBare {
}
});
// When the ReceiverStream is dropped (client disconnect), cancel the background task
let rx_stream = ReceiverStream::new(rx);
let cancel_guard = cancel_token_clone.clone().drop_guard();