Rust code dump

author: Rutger Broekhoff 2024-01-19 00:21:09 +0100
committer: Rutger Broekhoff 2024-01-19 00:21:09 +0100
commit: 5156228f18f08255a1f5c7e22097b8e367881e19 (patch)
tree: 8caccbf4d6d47b9f365d091d5b3426c4e6f7dafa /rs/git-lfs-authenticate
parent: b07332d62c347326baade26e3a3c281b83172615 (diff)
download: gitolfs3-5156228f18f08255a1f5c7e22097b8e367881e19.tar.gz
gitolfs3-5156228f18f08255a1f5c7e22097b8e367881e19.zip
2 files changed, 247 insertions, 0 deletions
diff --git a/rs/git-lfs-authenticate/Cargo.toml b/rs/git-lfs-authenticate/Cargo.toml
new file mode 100644
index 0000000..217250f
--- /dev/null
+++ b/rs/git-lfs-authenticate/Cargo.toml
@@ -0,0 +1,8 @@
+[package]
+name = "git-lfs-authenticate"
+version = "0.1.0"
+edition = "2021"
+[dependencies]
+chrono = "0.4"
+common = { path = "../common" }
diff --git a/rs/git-lfs-authenticate/src/main.rs b/rs/git-lfs-authenticate/src/main.rs
new file mode 100644
index 0000000..76f2edd
--- /dev/null
+++ b/rs/git-lfs-authenticate/src/main.rs
@@ -0,0 +1,239 @@
+use std::{fmt, process::ExitCode, time::Duration};
+use chrono::Utc;
+use common::{Operation, ParseOperationError};
+fn help() {
+    eprintln!("Usage: git-lfs-authenticate <REPO> upload/download");
+}
+#[derive(Debug, Eq, PartialEq, Copy, Clone)]
+enum RepoNameError {
+    TooLong,
+    UnresolvedPath,
+    AbsolutePath,
+    MissingGitSuffix,
+}
+impl fmt::Display for RepoNameError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            Self::TooLong => write!(f, "too long (more than 100 characters)"),
+            Self::UnresolvedPath => {
+                write!(f, "contains path one or more path elements '.' and '..'")
+            }
+            Self::AbsolutePath => {
+                write!(f, "starts with '/', which is not allowed")
+            }
+            Self::MissingGitSuffix => write!(f, "misses '.git' suffix"),
+        }
+    }
+}
+// Using `Result<(), E>` here instead of `Option<E>` because `None` typically signifies some error
+// state with no further details provided. If we were to return an `Option` type, the user would
+// have to first transform it into a `Result` type in order to use the `?` operator, meaning that
+// they would have to the following operation to get the type into the right shape:
+// `validate_repo_path(path).map_or(Ok(()), Err)`. That would not be very ergonomic.
+fn validate_repo_path(path: &str) -> Result<(), RepoNameError> {
+    if path.len() > 100 {
+        return Err(RepoNameError::TooLong);
+    }
+    if path.contains("//")
+        || path.contains("/./")
+        || path.contains("/../")
+        || path.starts_with("./")
+        || path.starts_with("../")
+    {
+        return Err(RepoNameError::UnresolvedPath);
+    }
+    if path.starts_with('/') {
+        return Err(RepoNameError::AbsolutePath);
+    }
+    if !path.ends_with(".git") {
+        return Err(RepoNameError::MissingGitSuffix);
+    }
+    Ok(())
+}
+#[derive(Debug, Eq, PartialEq, Copy, Clone)]
+enum ParseCmdlineError {
+    UnknownOperation(ParseOperationError),
+    InvalidRepoName(RepoNameError),
+    UnexpectedArgCount(ArgCountError),
+}
+impl From<RepoNameError> for ParseCmdlineError {
+    fn from(value: RepoNameError) -> Self {
+        Self::InvalidRepoName(value)
+    }
+}
+impl From<ParseOperationError> for ParseCmdlineError {
+    fn from(value: ParseOperationError) -> Self {
+        Self::UnknownOperation(value)
+    }
+}
+impl From<ArgCountError> for ParseCmdlineError {
+    fn from(value: ArgCountError) -> Self {
+        Self::UnexpectedArgCount(value)
+    }
+}
+impl fmt::Display for ParseCmdlineError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            Self::UnknownOperation(e) => write!(f, "unknown operation: {e}"),
+            Self::InvalidRepoName(e) => write!(f, "invalid repository name: {e}"),
+            Self::UnexpectedArgCount(e) => e.fmt(f),
+        }
+    }
+}
+#[derive(Debug, Eq, PartialEq, Copy, Clone)]
+struct ArgCountError {
+    provided: usize,
+    expected: usize,
+}
+impl fmt::Display for ArgCountError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(
+            f,
+            "got {} argument(s), expected {}",
+            self.provided, self.expected
+        )
+    }
+}
+fn get_cmdline_args<const N: usize>() -> Result<[String; N], ArgCountError> {
+    let args = std::env::args();
+    if args.len() - 1 != N {
+        return Err(ArgCountError {
+            provided: args.len() - 1,
+            expected: N,
+        });
+    }
+    // Does not allocate.
+    const EMPTY_STRING: String = String::new();
+    let mut values = [EMPTY_STRING; N];
+    // Skip the first element; we do not care about the program name.
+    for (i, arg) in args.skip(1).enumerate() {
+        values[i] = arg
+    }
+    Ok(values)
+}
+fn parse_cmdline() -> Result<(String, Operation), ParseCmdlineError> {
+    let [repo_path, op_str] = get_cmdline_args::<2>()?;
+    let op: Operation = op_str.parse()?;
+    validate_repo_path(&repo_path)?;
+    Ok((repo_path.to_string(), op))
+}
+fn repo_exists(name: &str) -> bool {
+    match std::fs::metadata(name) {
+        Ok(metadata) => metadata.is_dir(),
+        _ => false,
+    }
+}
+struct Config {
+    href_base: String,
+    key_path: String,
+}
+#[derive(Debug, Eq, PartialEq, Copy, Clone)]
+enum LoadConfigError {
+    BaseUrlMissing,
+    BaseUrlSlashSuffixMissing,
+    KeyPathMissing,
+}
+impl fmt::Display for LoadConfigError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::BaseUrlMissing => write!(f, "base URL not provided"),
+            Self::BaseUrlSlashSuffixMissing => write!(f, "base URL does not end with slash"),
+            Self::KeyPathMissing => write!(f, "key path not provided"),
+        }
+    }
+}
+fn load_config() -> Result<Config, LoadConfigError> {
+    let Ok(href_base) = std::env::var("GITOLFS3_HREF_BASE") else {
+        return Err(LoadConfigError::BaseUrlMissing);
+    };
+    if !href_base.ends_with('/') {
+        return Err(LoadConfigError::BaseUrlSlashSuffixMissing);
+    }
+    let Ok(key_path) = std::env::var("GITOLFS3_KEY_PATH") else {
+        return Err(LoadConfigError::KeyPathMissing);
+    };
+    Ok(Config {
+        href_base,
+        key_path,
+    })
+}
+fn main() -> ExitCode {
+    let config = match load_config() {
+        Ok(config) => config,
+        Err(e) => {
+            eprintln!("Failed to load config: {e}");
+            return ExitCode::FAILURE;
+        }
+    };
+    let key = match common::load_key(&config.key_path) {
+        Ok(key) => key,
+        Err(e) => {
+            eprintln!("Failed to load key: {e}");
+            return ExitCode::FAILURE;
+        }
+    };
+    let (repo_name, op) = match parse_cmdline() {
+        Ok(args) => args,
+        Err(e) => {
+            eprintln!("Error: {e}\n");
+            help();
+            // Exit code 2 signifies bad usage of CLI.
+            return ExitCode::from(2);
+        }
+    };
+    if !repo_exists(&repo_name) {
+        eprintln!("Error: repository does not exist");
+        return ExitCode::FAILURE;
+    }
+    let expires_in = Duration::from_secs(5 * 60);
+    let expires_at = Utc::now() + expires_in;
+    let Some(tag) = common::generate_tag(
+        common::Claims {
+            auth_type: common::AuthType::GitLfsAuthenticate,
+            repo_path: &repo_name,
+            expires_at,
+            operation: op,
+        },
+        key,
+    ) else {
+        eprintln!("Failed to generate validation tag");
+        return ExitCode::FAILURE;
+    };
+    println!(
+        "{{\"header\":{{\"Authorization\":\"Gitolfs3-Hmac-Sha256 {tag}\"}},\
+        \"expires_at\":\"{}\",\"href\":\"{}{}/info/lfs?p=1&te={}\"}}",
+        common::EscJsonFmt(&expires_at.to_rfc3339_opts(chrono::SecondsFormat::Secs, true)),
+        common::EscJsonFmt(&config.href_base),
+        common::EscJsonFmt(&repo_name),
+        expires_at.timestamp()
+    );
+    ExitCode::SUCCESS
+}
author	Rutger Broekhoff	2024-01-19 00:21:09 +0100
committer	Rutger Broekhoff	2024-01-19 00:21:09 +0100
commit	5156228f18f08255a1f5c7e22097b8e367881e19 (patch)
tree	8caccbf4d6d47b9f365d091d5b3426c4e6f7dafa /rs/git-lfs-authenticate
parent	b07332d62c347326baade26e3a3c281b83172615 (diff)
download	gitolfs3-5156228f18f08255a1f5c7e22097b8e367881e19.tar.gz gitolfs3-5156228f18f08255a1f5c7e22097b8e367881e19.zip

diff --git a/rs/git-lfs-authenticate/Cargo.toml b/rs/git-lfs-authenticate/Cargo.toml new file mode 100644 index 0000000..217250f --- /dev/null +++ b/rs/git-lfs-authenticate/Cargo.toml
@@ -0,0 +1,8 @@
	1	[package]
	2	name = "git-lfs-authenticate"
	3	version = "0.1.0"
	4	edition = "2021"
	5
	6	[dependencies]
	7	chrono = "0.4"
	8	common = { path = "../common" }


diff --git a/rs/git-lfs-authenticate/src/main.rs b/rs/git-lfs-authenticate/src/main.rs new file mode 100644 index 0000000..76f2edd --- /dev/null +++ b/rs/git-lfs-authenticate/src/main.rs
@@ -0,0 +1,239 @@
	1	use std::{fmt, process::ExitCode, time::Duration};
	2
	3	use chrono::Utc;
	4	use common::{Operation, ParseOperationError};
	5
	6	fn help() {
	7	eprintln!("Usage: git-lfs-authenticate <REPO> upload/download");
	8	}
	9
	10	#[derive(Debug, Eq, PartialEq, Copy, Clone)]
	11	enum RepoNameError {
	12	TooLong,
	13	UnresolvedPath,
	14	AbsolutePath,
	15	MissingGitSuffix,
	16	}
	17
	18	impl fmt::Display for RepoNameError {
	19	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	20	match self {
	21	Self::TooLong => write!(f, "too long (more than 100 characters)"),
	22	Self::UnresolvedPath => {
	23	write!(f, "contains path one or more path elements '.' and '..'")
	24	}
	25	Self::AbsolutePath => {
	26	write!(f, "starts with '/', which is not allowed")
	27	}
	28	Self::MissingGitSuffix => write!(f, "misses '.git' suffix"),
	29	}
	30	}
	31	}
	32
	33	// Using `Result<(), E>` here instead of `Option<E>` because `None` typically signifies some error
	34	// state with no further details provided. If we were to return an `Option` type, the user would
	35	// have to first transform it into a `Result` type in order to use the `?` operator, meaning that
	36	// they would have to the following operation to get the type into the right shape:
	37	// `validate_repo_path(path).map_or(Ok(()), Err)`. That would not be very ergonomic.
	38	fn validate_repo_path(path: &str) -> Result<(), RepoNameError> {
	39	if path.len() > 100 {
	40	return Err(RepoNameError::TooLong);
	41	}
	42	if path.contains("//")
	43	\|\| path.contains("/./")
	44	\|\| path.contains("/../")
	45	\|\| path.starts_with("./")
	46	\|\| path.starts_with("../")
	47	{
	48	return Err(RepoNameError::UnresolvedPath);
	49	}
	50	if path.starts_with('/') {
	51	return Err(RepoNameError::AbsolutePath);
	52	}
	53	if !path.ends_with(".git") {
	54	return Err(RepoNameError::MissingGitSuffix);
	55	}
	56	Ok(())
	57	}
	58
	59	#[derive(Debug, Eq, PartialEq, Copy, Clone)]
	60	enum ParseCmdlineError {
	61	UnknownOperation(ParseOperationError),
	62	InvalidRepoName(RepoNameError),
	63	UnexpectedArgCount(ArgCountError),
	64	}
	65
	66	impl From<RepoNameError> for ParseCmdlineError {
	67	fn from(value: RepoNameError) -> Self {
	68	Self::InvalidRepoName(value)
	69	}
	70	}
	71
	72	impl From<ParseOperationError> for ParseCmdlineError {
	73	fn from(value: ParseOperationError) -> Self {
	74	Self::UnknownOperation(value)
	75	}
	76	}
	77
	78	impl From<ArgCountError> for ParseCmdlineError {
	79	fn from(value: ArgCountError) -> Self {
	80	Self::UnexpectedArgCount(value)
	81	}
	82	}
	83
	84	impl fmt::Display for ParseCmdlineError {
	85	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	86	match self {
	87	Self::UnknownOperation(e) => write!(f, "unknown operation: {e}"),
	88	Self::InvalidRepoName(e) => write!(f, "invalid repository name: {e}"),
	89	Self::UnexpectedArgCount(e) => e.fmt(f),
	90	}
	91	}
	92	}
	93
	94	#[derive(Debug, Eq, PartialEq, Copy, Clone)]
	95	struct ArgCountError {
	96	provided: usize,
	97	expected: usize,
	98	}
	99
	100	impl fmt::Display for ArgCountError {
	101	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
	102	write!(
	103	f,
	104	"got {} argument(s), expected {}",
	105	self.provided, self.expected
	106	)
	107	}
	108	}
	109
	110	fn get_cmdline_args<const N: usize>() -> Result<[String; N], ArgCountError> {
	111	let args = std::env::args();
	112	if args.len() - 1 != N {
	113	return Err(ArgCountError {
	114	provided: args.len() - 1,
	115	expected: N,
	116	});
	117	}
	118
	119	// Does not allocate.
	120	const EMPTY_STRING: String = String::new();
	121	let mut values = [EMPTY_STRING; N];
	122
	123	// Skip the first element; we do not care about the program name.
	124	for (i, arg) in args.skip(1).enumerate() {
	125	values[i] = arg
	126	}
	127	Ok(values)
	128	}
	129
	130	fn parse_cmdline() -> Result<(String, Operation), ParseCmdlineError> {
	131	let [repo_path, op_str] = get_cmdline_args::<2>()?;
	132	let op: Operation = op_str.parse()?;
	133	validate_repo_path(&repo_path)?;
	134	Ok((repo_path.to_string(), op))
	135	}
	136
	137	fn repo_exists(name: &str) -> bool {
	138	match std::fs::metadata(name) {
	139	Ok(metadata) => metadata.is_dir(),
	140	_ => false,
	141	}
	142	}
	143
	144	struct Config {
	145	href_base: String,
	146	key_path: String,
	147	}
	148
	149	#[derive(Debug, Eq, PartialEq, Copy, Clone)]
	150	enum LoadConfigError {
	151	BaseUrlMissing,
	152	BaseUrlSlashSuffixMissing,
	153	KeyPathMissing,
	154	}
	155
	156	impl fmt::Display for LoadConfigError {
	157	fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
	158	match self {
	159	Self::BaseUrlMissing => write!(f, "base URL not provided"),
	160	Self::BaseUrlSlashSuffixMissing => write!(f, "base URL does not end with slash"),
	161	Self::KeyPathMissing => write!(f, "key path not provided"),
	162	}
	163	}
	164	}
	165
	166	fn load_config() -> Result<Config, LoadConfigError> {
	167	let Ok(href_base) = std::env::var("GITOLFS3_HREF_BASE") else {
	168	return Err(LoadConfigError::BaseUrlMissing);
	169	};
	170	if !href_base.ends_with('/') {
	171	return Err(LoadConfigError::BaseUrlSlashSuffixMissing);
	172	}
	173	let Ok(key_path) = std::env::var("GITOLFS3_KEY_PATH") else {
	174	return Err(LoadConfigError::KeyPathMissing);
	175	};
	176	Ok(Config {
	177	href_base,
	178	key_path,
	179	})
	180	}
	181
	182	fn main() -> ExitCode {
	183	let config = match load_config() {
	184	Ok(config) => config,
	185	Err(e) => {
	186	eprintln!("Failed to load config: {e}");
	187	return ExitCode::FAILURE;
	188	}
	189	};
	190	let key = match common::load_key(&config.key_path) {
	191	Ok(key) => key,
	192	Err(e) => {
	193	eprintln!("Failed to load key: {e}");
	194	return ExitCode::FAILURE;
	195	}
	196	};
	197
	198	let (repo_name, op) = match parse_cmdline() {
	199	Ok(args) => args,
	200	Err(e) => {
	201	eprintln!("Error: {e}\n");
	202	help();
	203	// Exit code 2 signifies bad usage of CLI.
	204	return ExitCode::from(2);
	205	}
	206	};
	207
	208	if !repo_exists(&repo_name) {
	209	eprintln!("Error: repository does not exist");
	210	return ExitCode::FAILURE;
	211	}
	212
	213	let expires_in = Duration::from_secs(5 * 60);
	214	let expires_at = Utc::now() + expires_in;
	215
	216	let Some(tag) = common::generate_tag(
	217	common::Claims {
	218	auth_type: common::AuthType::GitLfsAuthenticate,
	219	repo_path: &repo_name,
	220	expires_at,
	221	operation: op,
	222	},
	223	key,
	224	) else {
	225	eprintln!("Failed to generate validation tag");
	226	return ExitCode::FAILURE;
	227	};
	228
	229	println!(
	230	"{{\"header\":{{\"Authorization\":\"Gitolfs3-Hmac-Sha256 {tag}\"}},\
	231	\"expires_at\":\"{}\",\"href\":\"{}{}/info/lfs?p=1&te={}\"}}",
	232	common::EscJsonFmt(&expires_at.to_rfc3339_opts(chrono::SecondsFormat::Secs, true)),
	233	common::EscJsonFmt(&config.href_base),
	234	common::EscJsonFmt(&repo_name),
	235	expires_at.timestamp()
	236	);
	237
	238	ExitCode::SUCCESS
	239	}