refactor(bare): enhance security and performance optimizations

- Remove unnecessary sorting in advertise_refs for deterministic output
- Add path traversal detection and validation in bare_dir construction
- Implement symlink resolution checks to prevent security vulnerabilities
- Refactor cache system with CRC validation and improved metrics
- Integrate repo-specific cache invalidation using indexed keys
- Add comprehensive unit tests for commit operations and diff functionality
- Move configuration constants to centralized config module
- Optimize string operations in disk cache random value generation
- Enhance license detection algorithm with cleaner matching logic
- Streamline argument processing in various git operations
- Update dependencies including crc32fast and flate2 for performance
- Add signal handling capability to tokio runtime configuration

refs/find_refs.rs

@@ -72,19 +72,16 @@ impl GitBare {
             "--format=%(refname)%00%(objectname)%00%(symref)".to_string(),
         ];
 
-        // Sort direction
         let sort_prefix = match SortDirection::try_from(request.sort_direction) {
             Ok(SortDirection::Asc) => "",
             _ => "-",
         };
         args.push(format!("--sort={sort_prefix}refname"));
 
-        // Containing OIDs filter
         if let Some(first_oid) = request.containing_oids.first() {
             args.push(format!("--points-at={first_oid}"));
         }
 
-        // Prefix or pattern
         if !request.prefixes.is_empty() {
             for prefix in &request.prefixes {
                 args.push(prefix.clone());
@@ -115,7 +112,6 @@ impl GitBare {
                 let oid = parts[1].to_string();
                 let symref = parts.get(2).map(|s| s.to_string()).unwrap_or_default();
 
-                // Apply glob pattern filter if set
                 if !request.pattern.is_empty() && !simple_glob_match(&request.pattern, &ref_name) {
                     continue;
                 }

refs/update_refs.rs

@@ -15,7 +15,7 @@ impl GitBare {
             if !update.old_oid.is_empty() {
                 crate::sanitize::validate_revision(&update.old_oid)?;
                 stdin_input.push_str(&format!(
-                    "update {} {}\0{}\n",
+                    "update {} {} {}\n",
                     update.ref_name, update.new_oid, update.old_oid
                 ));
             } else {
@@ -32,7 +32,6 @@ impl GitBare {
                 &self.bare_dir.to_string_lossy(),
                 "update-ref",
                 "--stdin",
-                "-z",
             ])
             .stdin(std::process::Stdio::piped())
             .stdout(std::process::Stdio::piped())