gitdata.ai/gitks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
66afd932edfe5d657da0fb9006ac92a522d1294c
gitks/actor/sync.rs
T
zhenyi d243dce027 refactor(server): replace custom remote clients with macro-based implementation 
- Replaced manual remote client functions with remote_client! macro for archive, blame, branch, commit, and diff services
- Simplified remote client creation logic using declarative macro approach
- Maintained same functionality while reducing code duplication across services

security(bare): enhance path traversal protection with comprehensive validation

- Added early relative_path validation to prevent path traversal attacks
- Implemented unified path validation to avoid TOCTOU race conditions
- Enhanced canonicalization checks for both existing and non-existent paths
- Added detailed logging for path traversal detection attempts

feat(cache): migrate from CLruCache to Moka with TTL and invalidation support

- Replaced clru dependency with moka for improved caching capabilities
- Added 300-second time-to-live for cache entries
- Implemented repository-specific cache invalidation mechanism
- Enhanced cache operations with thread-safe async support

refactor(commit): improve security validation for commit operations

- Added ref name validation to prevent command injection in cherry_pick_commit
- Implemented revision validation for commit selectors
- Added comprehensive input validation for create_commit parameters
- Enhanced file path validation to prevent traversal
2026-06-08 09:43:57 +08:00

256 lines
8.0 KiB
Rust
Raw Blame History

use crate::actor::message::RefUpdateEvent;
use crate::pb::Oid;
use std::path::{Path, PathBuf};
pub struct BundleApplicator {
pub repo_path: PathBuf,
}
impl BundleApplicator {
pub fn new(repo_path: PathBuf) -> Self {
Self { repo_path }
}
pub fn apply_bundle(&self, data: &[u8]) -> Result<(), String> {
let mut child = std::process::Command::new("git")
.args([
"--git-dir",
&self.repo_path.to_string_lossy(),
"bundle",
"unbundle",
"-",
])
.stdin(std::process::Stdio::piped())
.stdout(std::process::Stdio::piped())
.stderr(std::process::Stdio::piped())
.spawn()
.map_err(|e| format!("spawn git bundle unbundle: {e}"))?;
use std::io::Write;
if let Some(ref mut stdin) = child.stdin {
stdin
.write_all(data)
.map_err(|e| format!("write bundle: {e}"))?;
}
let output = child
.wait_with_output()
.map_err(|e| format!("wait bundle: {e}"))?;
if !output.status.success() {
return Err(String::from_utf8_lossy(&output.stderr).into_owned());
}
Ok(())
}
}
pub fn collect_local_haves(repo_path: &Path) -> Result<Vec<Oid>, String> {
let result = std::process::Command::new("git")
.args([
"--git-dir",
&repo_path.to_string_lossy(),
"for-each-ref",
"--format=%(objectname)",
])
.stdout(std::process::Stdio::piped())
.stderr(std::process::Stdio::piped())
.output()
.map_err(|e| format!("git for-each-ref: {e}"))?;
if !result.status.success() {
return Err(String::from_utf8_lossy(&result.stderr).into_owned());
}
let stdout = String::from_utf8_lossy(&result.stdout);
let haves: Vec<Oid> = stdout
.lines()
.filter(|line| !line.trim().is_empty() && line.trim() != crate::oid::ZERO_OID)
.map(|hex| {
let hex = hex.trim().to_string();
Oid {
value: crate::oid::hex_to_bytes(&hex).unwrap_or_default(),
hex,
format: crate::pb::ObjectFormat::Sha1 as i32,
}
})
.collect();
tracing::debug!(
repo = %repo_path.display(),
haves_count = haves.len(),
"collected local haves from refs"
);
Ok(haves)
}
pub async fn sync_from_primary(event: RefUpdateEvent, local_repo_path: PathBuf) {
tracing::info!(
relative_path = %event.relative_path,
ref_name = %event.ref_name,
primary = %event.primary_grpc_addr,
"replica sync starting"
);
let grpc_addr = event.primary_grpc_addr.clone();
let relative_path = event.relative_path.clone();
let repo_for_haves = local_repo_path.clone();
match tokio::task::spawn_blocking(move || {
sync_via_pack_service(&grpc_addr, &relative_path, &repo_for_haves)
})
.await
{
Ok(Ok(pack_data)) if !pack_data.is_empty() => {
let pack_len = pack_data.len();
let repo = local_repo_path.clone();
match tokio::task::spawn_blocking(move || apply_pack_data(&repo, &pack_data)).await {
Ok(Ok(())) => {
update_local_ref(&local_repo_path, &event.ref_name, &event.new_oid);
tracing::info!(
relative_path = %event.relative_path,
bytes = pack_len,
"replica sync done"
);
}
Ok(Err(e)) => {
tracing::error!(relative_path = %event.relative_path, error = %e, "pack apply failed")
}
Err(e) => {
tracing::error!(relative_path = %event.relative_path, error = %e, "apply task failed")
}
}
}
Ok(Ok(_)) => {
tracing::warn!(relative_path = %event.relative_path, "empty pack data from primary")
}
Ok(Err(e)) => {
tracing::error!(relative_path = %event.relative_path, error = %e, "pack fetch failed")
}
Err(e) => {
tracing::error!(relative_path = %event.relative_path, error = %e, "sync task failed")
}
}
}
fn sync_via_pack_service(
grpc_addr: &str,
relative_path: &str,
local_repo_path: &Path,
) -> Result<Vec<u8>, String> {
let haves = collect_local_haves(local_repo_path)?;
let rt = tokio::runtime::Handle::current();
rt.block_on(async {
use crate::pb::pack_service_client::PackServiceClient;
use crate::pb::{
AdvertiseRefsRequest, PackObjectsOptions, PackObjectsRequest, RepositoryHeader,
};
use tokio_stream::StreamExt;
let endpoint = crate::server::remote_endpoint(grpc_addr)
.await
.map_err(|e| e.to_string())?;
let mut client = PackServiceClient::connect(endpoint)
.await
.map_err(|e| format!("connect to primary: {e}"))?;
let header = RepositoryHeader {
storage_name: String::new(),
relative_path: relative_path.to_string(),
storage_path: String::new(),
};
let refs_resp = client
.advertise_refs(AdvertiseRefsRequest {
repository: Some(header.clone()),
protocol: None,
service: "upload-pack".to_string(),
})
.await
.map_err(|e| format!("AdvertiseRefs: {e}"))?;
let refs = refs_resp.into_inner().references;
if refs.is_empty() {
return Ok(Vec::new());
}
let wants: Vec<Oid> = refs.iter().filter_map(|r| r.target_oid.clone()).collect();
let want_count = wants.len();
let have_count = haves.len();
tracing::info!(
relative_path = %relative_path,
want_count,
have_count,
"requesting incremental pack from primary"
);
let options = PackObjectsOptions {
wants,
haves,
shallow_revisions: Vec::new(),
deepen: 0,
thin_pack: false,
include_tag: true,
use_bitmaps: true,
delta_base_offset: true,
pathspec: Vec::new(),
};
let req = PackObjectsRequest {
repository: Some(header.clone()),
options: Some(options),
};
let resp = client
.pack_objects(req)
.await
.map_err(|e| format!("PackObjects: {e}"))?;
let mut stream = resp.into_inner();
let mut pack_data = Vec::new();
while let Some(chunk) = stream.next().await {
match chunk {
Ok(msg) => pack_data.extend_from_slice(&msg.data),
Err(e) => return Err(format!("pack stream: {e}")),
}
}
tracing::info!(
relative_path = %relative_path,
pack_bytes = pack_data.len(),
"received pack data from primary"
);
Ok(pack_data)
})
}
fn apply_pack_data(repo_path: &Path, pack_data: &[u8]) -> Result<(), String> {
let applicator = BundleApplicator::new(repo_path.to_path_buf());
applicator.apply_bundle(pack_data)
}
fn update_local_ref(repo_path: &Path, ref_name: &str, new_oid: &str) {
if ref_name.is_empty() || new_oid.is_empty() {
return;
}
match std::process::Command::new("git")
.args([
"--git-dir",
&repo_path.to_string_lossy(),
"update-ref",
ref_name,
new_oid,
])
.output()
{
Ok(o) if o.status.success() => {
tracing::info!(ref_name = %ref_name, new_oid = %new_oid, "ref updated")
}
Ok(o) => {
tracing::error!(ref_name = %ref_name, error = %String::from_utf8_lossy(&o.stderr), "update-ref failed")
}
Err(e) => tracing::error!(ref_name = %ref_name, error = %e, "update-ref spawn failed"),
}
}
Reference in New Issue View Git Blame Copy Permalink