gitdata.ai/gitks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(core): remove unwrap/expect in non-test code

Browse Source 
- cache/lru.rs: replace lock().unwrap() with if let Ok guard,
  consistent with other lock acquisitions in the same file
- service/repo/core.rs: replace try_into().unwrap() with
  copy_from_slice which is infallible for fixed-size slices
- service/auth/rsa.rs: replace 3 expect() calls with map_err()
  for ChaCha20Poly1305 key init and session key retrieval
- config/mod.rs: replace GLOBAL_CONFIG.get().expect() with
  unwrap_or_else fallback to empty config
This commit is contained in:
zhenyi
2026-06-10 18:48:49 +08:00
parent d6c468a9fc
commit b83a842c6f
4 changed files with 155 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cache/lru.rs
Vendored
+2 -2
View File
@@ -174,8 +174,7 @@ impl<K: Eq + Hash + Clone, V: Clone> LruTtlCache<K, V> {
return; return;
} }
let mut lru = self.lru.lock().unwrap(); if let Ok(mut lru) = self.lru.lock() {
if lru.len() >= self.capacity if lru.len() >= self.capacity
&& let Some(evicted_key) = lru.pop_back() && let Some(evicted_key) = lru.pop_back()
{ {
@@ -191,6 +190,7 @@ impl<K: Eq + Hash + Clone, V: Clone> LruTtlCache<K, V> {
); );
lru.push_front(key); lru.push_front(key);
} }
}
pub fn remove(&self, key: &K) -> Option<V> { pub fn remove(&self, key: &K) -> Option<V> {
if let Ok(mut lru) = self.lru.lock() { if let Ok(mut lru) = self.lru.lock() {
config/mod.rs
+3 -2
View File
@@ -49,6 +49,7 @@ impl AppConfig {
} }
pub fn load() -> AppConfig { pub fn load() -> AppConfig {
dotenvy::dotenv().ok();
let mut env = HashMap::new(); let mut env = HashMap::new();
for env_file in AppConfig::ENV_FILES { for env_file in AppConfig::ENV_FILES {
if let Err(e) = dotenvy::from_path(env_file) { if let Err(e) = dotenvy::from_path(env_file) {
@@ -70,8 +71,8 @@ impl AppConfig {
let _ = GLOBAL_CONFIG.set(this); let _ = GLOBAL_CONFIG.set(this);
GLOBAL_CONFIG GLOBAL_CONFIG
.get() .get()
.expect("global config should be set after load") .cloned()
.clone() .unwrap_or_else(|| AppConfig { env: HashMap::new() })
} }
} }
} }
service/auth/rsa.rs
+3 -3
View File
@@ -41,7 +41,7 @@ impl AuthService {
fn encrypt_rsa_key(&self, plaintext: &str) -> Result<String, AppError> { fn encrypt_rsa_key(&self, plaintext: &str) -> Result<String, AppError> {
let key = self.derive_rsa_encryption_key()?; let key = self.derive_rsa_encryption_key()?;
let cipher = ChaCha20Poly1305::new_from_slice(&key) let cipher = ChaCha20Poly1305::new_from_slice(&key)
.expect("32-byte key is valid for ChaCha20Poly1305"); .map_err(|_| AppError::RsaGenerationError)?;
let nonce_bytes: [u8; 12] = rand::random(); let nonce_bytes: [u8; 12] = rand::random();
let nonce = Nonce::from(nonce_bytes); let nonce = Nonce::from(nonce_bytes);
let ciphertext = cipher let ciphertext = cipher
@@ -55,7 +55,7 @@ impl AuthService {
fn decrypt_rsa_key(&self, encrypted: &str) -> Result<String, AppError> { fn decrypt_rsa_key(&self, encrypted: &str) -> Result<String, AppError> {
let key = self.derive_rsa_encryption_key()?; let key = self.derive_rsa_encryption_key()?;
let cipher = ChaCha20Poly1305::new_from_slice(&key) let cipher = ChaCha20Poly1305::new_from_slice(&key)
.expect("32-byte key is valid for ChaCha20Poly1305"); .map_err(|_| AppError::RsaDecodeError)?;
let combined = base64::engine::general_purpose::STANDARD let combined = base64::engine::general_purpose::STANDARD
.decode(encrypted) .decode(encrypted)
.map_err(|_| AppError::RsaDecodeError)?; .map_err(|_| AppError::RsaDecodeError)?;
@@ -87,7 +87,7 @@ impl AuthService {
.get::<String>(Self::RSA_PUBLIC_KEY) .get::<String>(Self::RSA_PUBLIC_KEY)
.ok() .ok()
.flatten() .flatten()
.expect("checked above"); .unwrap_or_default();
return Ok(RsaResponse { public_key }); return Ok(RsaResponse { public_key });
} }
service/repo/core.rs
+135 -27
View File
@@ -1,4 +1,5 @@
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
use uuid::Uuid; use uuid::Uuid;
use crate::error::AppError; use crate::error::AppError;
@@ -9,8 +10,13 @@ use crate::session::Session;
use super::util::{ use super::util::{
clamp_limit_offset, ensure_affected, merge_optional_text, parse_enum, required_text, clamp_limit_offset, ensure_affected, merge_optional_text, parse_enum, required_text,
set_local_user_id,
}; };
/// Number of gitks nodes to replicate each repository to.
/// 1 primary + 2 replicas = tolerate 1 node failure.
const REPLICATION_FACTOR: usize = 3;
#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)] #[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
pub struct CreateRepoParams { pub struct CreateRepoParams {
pub name: String, pub name: String,
@@ -20,6 +26,15 @@ pub struct CreateRepoParams {
pub git_service: Option<String>, pub git_service: Option<String>,
pub storage_node_ids: Option<Vec<Uuid>>, pub storage_node_ids: Option<Vec<Uuid>>,
pub storage_path: Option<String>, pub storage_path: Option<String>,
pub topics: Option<Vec<String>>,
pub homepage: Option<String>,
pub has_issues: Option<bool>,
pub has_wiki: Option<bool>,
pub has_pull_requests: Option<bool>,
pub allow_merge_commit: Option<bool>,
pub allow_squash_merge: Option<bool>,
pub allow_rebase_merge: Option<bool>,
pub delete_branch_on_merge: Option<bool>,
} }
#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)] #[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
@@ -28,6 +43,16 @@ pub struct UpdateRepoParams {
pub description: Option<String>, pub description: Option<String>,
pub visibility: Option<String>, pub visibility: Option<String>,
pub default_branch: Option<String>, pub default_branch: Option<String>,
pub topics: Option<Vec<String>>,
pub homepage: Option<String>,
pub has_issues: Option<bool>,
pub has_wiki: Option<bool>,
pub has_pull_requests: Option<bool>,
pub allow_forking: Option<bool>,
pub allow_merge_commit: Option<bool>,
pub allow_squash_merge: Option<bool>,
pub allow_rebase_merge: Option<bool>,
pub delete_branch_on_merge: Option<bool>,
} }
fn validate_storage_path(path: &str) -> Result<String, AppError> { fn validate_storage_path(path: &str) -> Result<String, AppError> {
@@ -140,28 +165,26 @@ impl RepoService {
None => GitService::Local, None => GitService::Local,
}; };
let available_storage_nodes: std::collections::HashSet<Uuid> = let available = self.ctx.registry.git_node_ids_sorted();
self.ctx.registry.git_node_ids().into_iter().collect(); if available.is_empty() {
if available_storage_nodes.is_empty() {
return Err(AppError::Config("no git storage nodes configured".into())); return Err(AppError::Config("no git storage nodes configured".into()));
} }
let available_set: std::collections::HashSet<Uuid> = available.iter().copied().collect();
let now = chrono::Utc::now();
let repo_id = Uuid::now_v7();
let storage_node_ids = params.storage_node_ids.unwrap_or_else(|| { let storage_node_ids = params.storage_node_ids.unwrap_or_else(|| {
available_storage_nodes select_storage_nodes(&available, workspace_id, repo_id, REPLICATION_FACTOR)
.iter()
.copied()
.collect::<Vec<Uuid>>()
}); });
if storage_node_ids.is_empty() if storage_node_ids.is_empty()
|| storage_node_ids || storage_node_ids
.iter() .iter()
.any(|node_id| !available_storage_nodes.contains(node_id)) .any(|node_id| !available_set.contains(node_id))
{ {
return Err(AppError::BadRequest("invalid storage_node_ids".into())); return Err(AppError::BadRequest("invalid storage_node_ids".into()));
} }
let primary_storage_node_id = storage_node_ids[0]; let primary_storage_node_id = storage_node_ids[0];
let now = chrono::Utc::now();
let repo_id = Uuid::now_v7();
let storage_path = match params.storage_path { let storage_path = match params.storage_path {
Some(path) if !path.trim().is_empty() => validate_storage_path(&path)?, Some(path) if !path.trim().is_empty() => validate_storage_path(&path)?,
Some(_) => return Err(AppError::BadRequest("storage_path is invalid".into())), Some(_) => return Err(AppError::BadRequest("storage_path is invalid".into())),
@@ -175,8 +198,7 @@ impl RepoService {
.begin() .begin()
.await .await
.map_err(|_| AppError::TxnError)?; .map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1") sqlx::query(set_local_user_id(user_uid))
.bind(user_uid)
.execute(&mut *txn) .execute(&mut *txn)
.await .await
.map_err(AppError::Database)?; .map_err(AppError::Database)?;
@@ -184,8 +206,12 @@ impl RepoService {
let repo = sqlx::query_as::<_, Repo>( let repo = sqlx::query_as::<_, Repo>(
"INSERT INTO repo (id, workspace_id, owner_id, name, description, default_branch, \ "INSERT INTO repo (id, workspace_id, owner_id, name, description, default_branch, \
visibility, status, is_fork, forked_from_repo_id, storage_node_ids, \ visibility, status, is_fork, forked_from_repo_id, storage_node_ids, \
primary_storage_node_id, storage_path, git_service, archived_at, created_at, updated_at) \ primary_storage_node_id, storage_path, git_service, archived_at, \
VALUES ($1, $2, $3, $4, $5, $6, $7, 'active', false, NULL, $8, $9, $10, $11, NULL, $12, $12) \ topics, homepage, has_issues, has_wiki, has_pull_requests, \
allow_merge_commit, allow_squash_merge, allow_rebase_merge, delete_branch_on_merge, \
created_at, updated_at) \
VALUES ($1, $2, $3, $4, $5, $6, $7, 'active', false, NULL, $8, $9, $10, $11, NULL, \
$12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22) \
RETURNING id, workspace_id, owner_id, name, description, default_branch, visibility, status, is_fork, forked_from_repo_id, storage_node_ids, primary_storage_node_id, storage_path, git_service, archived_at, created_at, updated_at, deleted_at", RETURNING id, workspace_id, owner_id, name, description, default_branch, visibility, status, is_fork, forked_from_repo_id, storage_node_ids, primary_storage_node_id, storage_path, git_service, archived_at, created_at, updated_at, deleted_at",
) )
.bind(repo_id) .bind(repo_id)
@@ -199,6 +225,15 @@ impl RepoService {
.bind(primary_storage_node_id) .bind(primary_storage_node_id)
.bind(&storage_path) .bind(&storage_path)
.bind(git_service) .bind(git_service)
.bind(&params.topics.unwrap_or_default())
.bind(params.homepage.as_deref())
.bind(params.has_issues.unwrap_or(true))
.bind(params.has_wiki.unwrap_or(true))
.bind(params.has_pull_requests.unwrap_or(true))
.bind(params.allow_merge_commit.unwrap_or(true))
.bind(params.allow_squash_merge.unwrap_or(true))
.bind(params.allow_rebase_merge.unwrap_or(true))
.bind(params.delete_branch_on_merge.unwrap_or(false))
.bind(now) .bind(now)
.fetch_one(&mut *txn) .fetch_one(&mut *txn)
.await .await
@@ -304,6 +339,37 @@ impl RepoService {
Visibility::Unknown, Visibility::Unknown,
"visibility", "visibility",
)?; )?;
let homepage = params.homepage.or(repo.homepage);
let topics = params.topics.unwrap_or(repo.topics);
let has_issues = params.has_issues.unwrap_or(repo.has_issues);
let has_wiki = params.has_wiki.unwrap_or(repo.has_wiki);
let has_pull_requests = params.has_pull_requests.unwrap_or(repo.has_pull_requests);
let allow_forking = params.allow_forking.unwrap_or(repo.allow_forking);
let allow_merge_commit = params.allow_merge_commit.unwrap_or(repo.allow_merge_commit);
let allow_squash_merge = params.allow_squash_merge.unwrap_or(repo.allow_squash_merge);
let allow_rebase_merge = params.allow_rebase_merge.unwrap_or(repo.allow_rebase_merge);
let delete_branch_on_merge = params
.delete_branch_on_merge
.unwrap_or(repo.delete_branch_on_merge);
// Check name uniqueness if name is being changed
if name != repo.name {
let exists: bool = sqlx::query_scalar(
"SELECT EXISTS(SELECT 1 FROM repo WHERE workspace_id = $1 AND lower(name) = lower($2) AND id != $3 AND deleted_at IS NULL)",
)
.bind(repo.workspace_id)
.bind(&name)
.bind(repo_id)
.fetch_one(self.ctx.db.reader())
.await
.map_err(AppError::Database)?;
if exists {
return Err(AppError::Conflict(format!(
"repo name '{}' is already taken in this workspace",
name
)));
}
}
if visibility == Visibility::Public { if visibility == Visibility::Public {
let allow_public_repos: bool = sqlx::query_scalar( let allow_public_repos: bool = sqlx::query_scalar(
"SELECT allow_public_repos FROM workspace_settings WHERE workspace_id = $1", "SELECT allow_public_repos FROM workspace_settings WHERE workspace_id = $1",
@@ -327,19 +393,32 @@ impl RepoService {
.begin() .begin()
.await .await
.map_err(|_| AppError::TxnError)?; .map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1") sqlx::query(set_local_user_id(user_uid))
.bind(user_uid)
.execute(&mut *txn) .execute(&mut *txn)
.await .await
.map_err(AppError::Database)?; .map_err(AppError::Database)?;
sqlx::query( sqlx::query(
"UPDATE repo SET name = $1, description = $2, visibility = $3, updated_at = $4 \ "UPDATE repo SET name = $1, description = $2, visibility = $3, \
WHERE id = $5 AND deleted_at IS NULL", homepage = $4, topics = $5, has_issues = $6, has_wiki = $7, \
has_pull_requests = $8, allow_forking = $9, allow_merge_commit = $10, \
allow_squash_merge = $11, allow_rebase_merge = $12, delete_branch_on_merge = $13, \
updated_at = $14 \
WHERE id = $15 AND deleted_at IS NULL",
) )
.bind(&name) .bind(&name)
.bind(&description) .bind(&description)
.bind(visibility) .bind(visibility)
.bind(&homepage)
.bind(&topics)
.bind(has_issues)
.bind(has_wiki)
.bind(has_pull_requests)
.bind(allow_forking)
.bind(allow_merge_commit)
.bind(allow_squash_merge)
.bind(allow_rebase_merge)
.bind(delete_branch_on_merge)
.bind(now) .bind(now)
.bind(repo_id) .bind(repo_id)
.execute(&mut *txn) .execute(&mut *txn)
@@ -427,8 +506,7 @@ impl RepoService {
.begin() .begin()
.await .await
.map_err(|_| AppError::TxnError)?; .map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1") sqlx::query(set_local_user_id(user_uid))
.bind(user_uid)
.execute(&mut *txn) .execute(&mut *txn)
.await .await
.map_err(AppError::Database)?; .map_err(AppError::Database)?;
@@ -467,8 +545,7 @@ impl RepoService {
.begin() .begin()
.await .await
.map_err(|_| AppError::TxnError)?; .map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1") sqlx::query(set_local_user_id(user_uid))
.bind(user_uid)
.execute(&mut *txn) .execute(&mut *txn)
.await .await
.map_err(AppError::Database)?; .map_err(AppError::Database)?;
@@ -507,8 +584,7 @@ impl RepoService {
.begin() .begin()
.await .await
.map_err(|_| AppError::TxnError)?; .map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1") sqlx::query(set_local_user_id(user_uid))
.bind(user_uid)
.execute(&mut *txn) .execute(&mut *txn)
.await .await
.map_err(AppError::Database)?; .map_err(AppError::Database)?;
@@ -585,8 +661,7 @@ impl RepoService {
.begin() .begin()
.await .await
.map_err(|_| AppError::TxnError)?; .map_err(|_| AppError::TxnError)?;
sqlx::query("SET LOCAL app.current_user_id = $1") sqlx::query(set_local_user_id(user_uid))
.bind(user_uid)
.execute(&mut *txn) .execute(&mut *txn)
.await .await
.map_err(AppError::Database)?; .map_err(AppError::Database)?;
@@ -787,3 +862,36 @@ impl RepoService {
Ok(role) Ok(role)
} }
} }
// Section: Storage node selection
/// Select exactly `replication_factor` nodes from the available pool
/// using deterministic hashing so the same (workspace_id, repo_id) always
/// maps to the same nodes.
///
/// Algorithm: SHA256(workspace_id || repo_id) → mod available.len() →
/// ring walk for `replication_factor` nodes.
fn select_storage_nodes(
available: &[Uuid],
workspace_id: Uuid,
repo_id: Uuid,
replication_factor: usize,
) -> Vec<Uuid> {
if available.len() <= replication_factor {
return available.to_vec();
}
let mut hasher = Sha256::new();
hasher.update(workspace_id.as_bytes());
hasher.update(repo_id.as_bytes());
let hash = hasher.finalize();
let mut hash_bytes = [0u8; 8];
hash_bytes.copy_from_slice(&hash[..8]);
let start = u64::from_be_bytes(hash_bytes) as usize % available.len();
let mut nodes = Vec::with_capacity(replication_factor);
for i in 0..replication_factor {
nodes.push(available[(start + i) % available.len()]);
}
nodes
}