refactor(bare): enhance security and performance optimizations

- Remove unnecessary sorting in advertise_refs for deterministic output - Add path traversal detection and validation in bare_dir construction - Implement symlink resolution checks to prevent security vulnerabilities - Refactor cache system with CRC validation and improved metrics - Integrate repo-specific cache invalidation using indexed keys - Add comprehensive unit tests for commit operations and diff functionality - Move configuration constants to centralized config module - Optimize string operations in disk cache random value generation - Enhance license detection algorithm with cleaner matching logic - Streamline argument processing in various git operations - Update dependencies including crc32fast and flate2 for performance - Add signal handling capability to tokio runtime configuration
2026-06-12 15:04:12 +08:00
parent e386f44ee2
commit 10a4398e81
41 changed files with 1373 additions and 365 deletions
@@ -41,11 +41,9 @@ impl GitBare {

        let (tx, rx) = tokio::sync::mpsc::channel(16);

-        // Use a cancellation token to track client disconnect
        let cancel_token = tokio_util::sync::CancellationToken::new();
        let cancel_token_clone = cancel_token.clone();

-        // Move input into the spawned task to make it 'static
        let stream = Box::pin(input);
        tokio::spawn(async move {
            let stream = stream;
@@ -77,7 +75,6 @@ impl GitBare {
            let mut stdout = child.stdout.take();
            let mut stderr = child.stderr.take();

-            // Concurrent: write stdin packets, read stdout chunks, read stderr
            let stdin_task = {
                let mut stream = stream;
                let cancel = cancel_token.clone();
@@ -102,7 +99,6 @@ impl GitBare {
                                Err(_) => break,
                            }
                        }
-                        // Close stdin to signal end-of-input
                        drop(stdin);
                    }
                }
@@ -157,7 +153,6 @@ impl GitBare {
                }
            };

-            // Run all three concurrently with timeout
            let _process_future = tokio::join!(stdin_task, stdout_task, stderr_task);

            match tokio::time::timeout(UPLOAD_PACK_TIMEOUT, child.wait()).await {
@@ -192,7 +187,6 @@ impl GitBare {
            }
        });

-        // When the ReceiverStream is dropped (client disconnect), cancel the background task
        let rx_stream = ReceiverStream::new(rx);
        let cancel_guard = cancel_token_clone.clone().drop_guard();