zhenyi
d243dce027
- Replaced manual remote client functions with remote_client! macro for archive, blame, branch, commit, and diff services - Simplified remote client creation logic using declarative macro approach - Maintained same functionality while reducing code duplication across services security(bare): enhance path traversal protection with comprehensive validation - Added early relative_path validation to prevent path traversal attacks - Implemented unified path validation to avoid TOCTOU race conditions - Enhanced canonicalization checks for both existing and non-existent paths - Added detailed logging for path traversal detection attempts feat(cache): migrate from CLruCache to Moka with TTL and invalidation support - Replaced clru dependency with moka for improved caching capabilities - Added 300-second time-to-live for cache entries - Implemented repository-specific cache invalidation mechanism - Enhanced cache operations with thread-safe async support refactor(commit): improve security validation for commit operations - Added ref name validation to prevent command injection in cherry_pick_commit - Implemented revision validation for commit selectors - Added comprehensive input validation for create_commit parameters - Enhanced file path validation to prevent traversal
425 lines
17 KiB
Rust
425 lines
17 KiB
Rust
use crate::pb::repository_service_client::RepositoryServiceClient;
|
|
use crate::pb::*;
|
|
|
|
use super::{GitksService, git_cmd, into_status, repository_maint};
|
|
|
|
remote_client!(remote_repository_client, RepositoryServiceClient<tonic::transport::Channel>, "repository");
|
|
|
|
fn default_branch_name(gb: &crate::bare::GitBare) -> String {
|
|
git_cmd(gb, &["symbolic-ref", "HEAD"])
|
|
.ok()
|
|
.and_then(|o| {
|
|
String::from_utf8_lossy(&o.stdout)
|
|
.trim()
|
|
.strip_prefix("refs/heads/")
|
|
.map(|b| b.to_string())
|
|
})
|
|
.unwrap_or_default()
|
|
}
|
|
|
|
#[tonic::async_trait]
|
|
impl repository_service_server::RepositoryService for GitksService {
|
|
async fn get_repository(
|
|
&self,
|
|
request: tonic::Request<GetRepositoryRequest>,
|
|
) -> Result<tonic::Response<Repository>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.get_repository", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), false).await?
|
|
{
|
|
return client.get_repository(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
let bare = gb.bare_dir.join("HEAD").exists();
|
|
let object_format = gb.object_format();
|
|
Ok(tonic::Response::new(Repository {
|
|
header: inner.repository,
|
|
bare,
|
|
object_format: object_format as i32,
|
|
default_branch: default_branch_name(&gb),
|
|
..Default::default()
|
|
}))
|
|
}
|
|
|
|
async fn init_repository(
|
|
&self,
|
|
request: tonic::Request<InitRepositoryRequest>,
|
|
) -> Result<tonic::Response<Repository>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.init_repository", %repo);
|
|
let _enter = span.enter();
|
|
let bare_dir = self.resolve_for_init(inner.repository.as_ref())?;
|
|
let gb = crate::bare::GitBare::new(bare_dir);
|
|
gb.init_repository(inner.bare).map_err(into_status)?;
|
|
tracing::info!(%repo, bare = inner.bare, "repository initialized");
|
|
self.notify_ref_update(&repo, "HEAD", "", "");
|
|
Ok(tonic::Response::new(Repository {
|
|
header: inner.repository,
|
|
bare: inner.bare,
|
|
..Default::default()
|
|
}))
|
|
}
|
|
|
|
async fn delete_repository(
|
|
&self,
|
|
request: tonic::Request<DeleteRepositoryRequest>,
|
|
) -> Result<tonic::Response<()>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.delete_repository", %repo);
|
|
let _enter = span.enter();
|
|
let bare_dir = self.resolve_for_init(inner.repository.as_ref())?;
|
|
if !bare_dir.exists()
|
|
&& let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), true).await?
|
|
{
|
|
return client.delete_repository(inner).await;
|
|
}
|
|
tracing::warn!(%repo, path = %bare_dir.display(), "deleting repository");
|
|
std::fs::remove_dir_all(&bare_dir).map_err(|e| tonic::Status::internal(e.to_string()))?;
|
|
tracing::info!(%repo, "repository deleted");
|
|
self.notify_ref_update(&repo, "", "", "");
|
|
Ok(tonic::Response::new(()))
|
|
}
|
|
|
|
async fn repository_exists(
|
|
&self,
|
|
request: tonic::Request<RepositoryExistsRequest>,
|
|
) -> Result<tonic::Response<RepositoryExistsResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.repository_exists", %repo);
|
|
let _enter = span.enter();
|
|
let bare_dir = self.resolve_for_init(inner.repository.as_ref())?;
|
|
let exists = bare_dir.exists() && bare_dir.is_dir() && bare_dir.join("HEAD").exists();
|
|
if !exists
|
|
&& let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), false).await?
|
|
{
|
|
return client.repository_exists(inner).await;
|
|
}
|
|
Ok(tonic::Response::new(RepositoryExistsResponse { exists }))
|
|
}
|
|
|
|
async fn get_object_format(
|
|
&self,
|
|
request: tonic::Request<RepositoryObjectFormatRequest>,
|
|
) -> Result<tonic::Response<RepositoryObjectFormatResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.get_object_format", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), false).await?
|
|
{
|
|
return client.get_object_format(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
Ok(tonic::Response::new(RepositoryObjectFormatResponse {
|
|
object_format: gb.object_format() as i32,
|
|
}))
|
|
}
|
|
|
|
async fn get_default_branch(
|
|
&self,
|
|
request: tonic::Request<GetDefaultBranchRequest>,
|
|
) -> Result<tonic::Response<GetDefaultBranchResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.get_default_branch", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), false).await?
|
|
{
|
|
return client.get_default_branch(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
Ok(tonic::Response::new(GetDefaultBranchResponse {
|
|
name: default_branch_name(&gb),
|
|
}))
|
|
}
|
|
|
|
async fn set_default_branch(
|
|
&self,
|
|
request: tonic::Request<SetDefaultBranchRequest>,
|
|
) -> Result<tonic::Response<()>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let name = inner.name.clone();
|
|
let span = tracing::info_span!("repo.set_default_branch", %repo, %name);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), true).await?
|
|
{
|
|
return client.set_default_branch(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
let refname = format!("refs/heads/{}", inner.name);
|
|
let out = git_cmd(&gb, &["symbolic-ref", "HEAD", &refname])?;
|
|
if !out.status.success() {
|
|
return Err(tonic::Status::internal(
|
|
String::from_utf8_lossy(&out.stderr).trim().to_string(),
|
|
));
|
|
}
|
|
tracing::info!(%repo, %name, "default branch set");
|
|
self.notify_ref_update(&repo, &refname, "", "");
|
|
Ok(tonic::Response::new(()))
|
|
}
|
|
|
|
async fn get_repository_config(
|
|
&self,
|
|
request: tonic::Request<GetRepositoryConfigRequest>,
|
|
) -> Result<tonic::Response<GetRepositoryConfigResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.get_repository_config", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), false).await?
|
|
{
|
|
return client.get_repository_config(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
let mut entries = Vec::new();
|
|
if inner.keys.is_empty() {
|
|
let out = git_cmd(&gb, &["config", "--list"])?;
|
|
if !out.status.success() {
|
|
return Err(tonic::Status::internal(
|
|
String::from_utf8_lossy(&out.stderr).trim().to_string(),
|
|
));
|
|
}
|
|
for line in String::from_utf8_lossy(&out.stdout).lines() {
|
|
if let Some((k, v)) = line.split_once('=') {
|
|
entries.push(RepositoryConfigEntry {
|
|
key: k.trim().to_string(),
|
|
values: vec![v.trim().to_string()],
|
|
});
|
|
}
|
|
}
|
|
} else {
|
|
for key in &inner.keys {
|
|
crate::sanitize::validate_config_key(key)
|
|
.map_err(|e| tonic::Status::invalid_argument(e.to_string()))?;
|
|
let out = git_cmd(&gb, &["config", "--get-all", key])?;
|
|
if out.status.success() {
|
|
let vals: Vec<String> = String::from_utf8_lossy(&out.stdout)
|
|
.lines()
|
|
.map(|l| l.trim().to_string())
|
|
.filter(|l| !l.is_empty())
|
|
.collect();
|
|
if !vals.is_empty() {
|
|
entries.push(RepositoryConfigEntry {
|
|
key: key.clone(),
|
|
values: vals,
|
|
});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
Ok(tonic::Response::new(GetRepositoryConfigResponse {
|
|
entries,
|
|
}))
|
|
}
|
|
|
|
async fn set_repository_config(
|
|
&self,
|
|
request: tonic::Request<SetRepositoryConfigRequest>,
|
|
) -> Result<tonic::Response<()>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.set_repository_config", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), true).await?
|
|
{
|
|
return client.set_repository_config(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
for entry in &inner.entries {
|
|
crate::sanitize::validate_config_key(&entry.key)
|
|
.map_err(|e| tonic::Status::invalid_argument(e.to_string()))?;
|
|
if entry.values.is_empty() {
|
|
git_cmd(&gb, &["config", "--unset-all", &entry.key])?;
|
|
} else {
|
|
let _ = git_cmd(
|
|
&gb,
|
|
&["config", "--replace-all", &entry.key, &entry.values[0]],
|
|
);
|
|
for v in entry.values.iter().skip(1) {
|
|
let _ = git_cmd(&gb, &["config", "--add", &entry.key, v]);
|
|
}
|
|
}
|
|
}
|
|
self.notify_ref_update(&repo, "", "", "");
|
|
Ok(tonic::Response::new(()))
|
|
}
|
|
|
|
async fn get_repository_statistics(
|
|
&self,
|
|
request: tonic::Request<RepositoryStatisticsRequest>,
|
|
) -> Result<tonic::Response<RepositoryStatistics>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.get_repository_statistics", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), false).await?
|
|
{
|
|
return client.get_repository_statistics(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
Ok(tonic::Response::new(repository_maint::get_statistics(&gb)))
|
|
}
|
|
|
|
async fn check_repository_health(
|
|
&self,
|
|
request: tonic::Request<RepositoryHealthRequest>,
|
|
) -> Result<tonic::Response<RepositoryHealthResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.check_repository_health", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), false).await?
|
|
{
|
|
return client.check_repository_health(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
let resp = repository_maint::check_health(&gb, inner.connectivity_only)?;
|
|
tracing::info!(%repo, ok = resp.ok, errors = resp.errors.len(), warnings = resp.warnings.len(), "health check done");
|
|
Ok(tonic::Response::new(resp))
|
|
}
|
|
|
|
async fn garbage_collect(
|
|
&self,
|
|
request: tonic::Request<GarbageCollectRequest>,
|
|
) -> Result<tonic::Response<RepositoryMaintenanceResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.garbage_collect", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), true).await?
|
|
{
|
|
return client.garbage_collect(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
let resp = repository_maint::run_gc(&gb, inner.prune, inner.aggressive)?;
|
|
tracing::info!(%repo, ok = resp.ok, "gc done");
|
|
Ok(tonic::Response::new(resp))
|
|
}
|
|
|
|
async fn repack(
|
|
&self,
|
|
request: tonic::Request<RepackRequest>,
|
|
) -> Result<tonic::Response<RepositoryMaintenanceResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.repack", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), true).await?
|
|
{
|
|
return client.repack(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
let resp = repository_maint::run_repack(
|
|
&gb,
|
|
inner.full,
|
|
inner.write_bitmaps,
|
|
inner.write_multi_pack_index,
|
|
)?;
|
|
tracing::info!(%repo, ok = resp.ok, "repack done");
|
|
Ok(tonic::Response::new(resp))
|
|
}
|
|
|
|
async fn write_commit_graph(
|
|
&self,
|
|
request: tonic::Request<WriteCommitGraphRequest>,
|
|
) -> Result<tonic::Response<RepositoryMaintenanceResponse>, tonic::Status> {
|
|
let inner = request.into_inner();
|
|
let repo = self.repo_label(inner.repository.as_ref());
|
|
let span = tracing::info_span!("repo.write_commit_graph", %repo);
|
|
let _enter = span.enter();
|
|
let gb = match self.resolve(inner.repository.as_ref()) {
|
|
Ok(gb) => gb,
|
|
Err(err) if err.code() == tonic::Code::NotFound => {
|
|
if let Some(mut client) =
|
|
remote_repository_client(self, inner.repository.as_ref(), true).await?
|
|
{
|
|
return client.write_commit_graph(inner).await;
|
|
}
|
|
return Err(err);
|
|
}
|
|
Err(err) => return Err(err),
|
|
};
|
|
let resp = repository_maint::run_commit_graph_write(&gb, inner.split, inner.replace)?;
|
|
tracing::info!(%repo, ok = resp.ok, "commit-graph write done");
|
|
Ok(tonic::Response::new(resp))
|
|
}
|
|
}
|