6 files changed, 63 insertions, 72 deletions
diff --git a/gitolfs3-server/Cargo.toml b/gitolfs3-server/Cargo.toml
index efea78b..5908770 100644
--- a/gitolfs3-server/Cargo.toml
+++ b/gitolfs3-server/Cargo.toml
@@ -1,20 +1,20 @@
 [package]
 name = "gitolfs3-server"
 version = "0.1.0"
-edition = "2021"
+edition = "2024"
 license = "MIT"
 [dependencies]
-aws-config = { version = "1.1.2" }
+aws-config = "1.6"
-aws-sdk-s3 = "1.12.0"
+aws-sdk-s3 = "1.82"
-axum = "0.7"
+axum = "0.8"
-base64 = "0.21"
+base64 = "0.22"
 chrono = { version = "0.4", features = ["serde"] }
 gitolfs3-common = { path = "../gitolfs3-common" }
 mime = "0.3"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-tokio = { version = "1.35", features = ["full"] }
+tokio = { version = "1.44", features = ["full"] }
 tokio-util = "0.7"
-tower = "0.4"
+tower = "0.5"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
diff --git a/gitolfs3-server/src/api.rs b/gitolfs3-server/src/api.rs
index d71d188..87c1856 100644
--- a/gitolfs3-server/src/api.rs
+++ b/gitolfs3-server/src/api.rs
@@ -1,15 +1,14 @@
 use std::collections::HashMap;
 use axum::{
-    async_trait,
+    Extension, Json,
-    extract::{rejection, FromRequest, FromRequestParts, Request},
+    extract::{FromRequest, FromRequestParts, Request, rejection},
    http,
    response::{IntoResponse, Response},
-    Extension, Json,
 };
 use chrono::{DateTime, Utc};
 use gitolfs3_common::{Oid, Operation};
-use serde::{de::DeserializeOwned, Deserialize, Serialize};
+use serde::{Deserialize, Serialize, de::DeserializeOwned};
 // ----------------------- Generic facilities ----------------------
@@ -20,7 +19,10 @@ pub struct GitLfsErrorData<'a> {
    pub message: &'a str,
 }
-pub const fn make_error_resp(code: http::StatusCode, message: &str) -> GitLfsErrorResponse {
+pub const fn make_error_resp<'a>(
+    code: http::StatusCode,
+    message: &'a str,
+) -> GitLfsErrorResponse<'a> {
    (code, GitLfsJson(Json(GitLfsErrorData { message })))
 }
@@ -76,7 +78,6 @@ fn has_git_lfs_json_content_type(req: &Request) -> bool {
    is_git_lfs_json_mimetype(content_type)
 }
-#[async_trait]
 impl<T, S> FromRequest<S> for GitLfsJson<T>
 where
    T: DeserializeOwned,
@@ -122,7 +123,6 @@ impl IntoResponse for RepositoryNameRejection {
    }
 }
-#[async_trait]
 impl<S: Send + Sync> FromRequestParts<S> for RepositoryName {
    type Rejection = RepositoryNameRejection;
diff --git a/gitolfs3-server/src/authz.rs b/gitolfs3-server/src/authz.rs
index 8a5f21f..c4cb6df 100644
--- a/gitolfs3-server/src/authz.rs
+++ b/gitolfs3-server/src/authz.rs
@@ -2,10 +2,10 @@ use std::collections::HashSet;
 use axum::http;
 use chrono::{DateTime, Utc};
-use gitolfs3_common::{generate_tag, Claims, Digest, Oid, Operation, SpecificClaims};
+use gitolfs3_common::{Claims, Digest, Oid, Operation, SpecificClaims, generate_tag};
 use crate::{
-    api::{make_error_resp, GitLfsErrorResponse, REPO_NOT_FOUND},
+    api::{GitLfsErrorResponse, REPO_NOT_FOUND, make_error_resp},
    config::AuthorizationConfig,
 };
diff --git a/gitolfs3-server/src/config.rs b/gitolfs3-server/src/config.rs
index c6a51a5..5167cca 100644
--- a/gitolfs3-server/src/config.rs
+++ b/gitolfs3-server/src/config.rs
@@ -1,6 +1,6 @@
 use std::collections::HashSet;
-use gitolfs3_common::{load_key, Key};
+use gitolfs3_common::{Key, load_key};
 pub struct Config {
    pub listen_addr: (String, u16),
@@ -18,19 +18,11 @@ pub struct AuthorizationConfig {
 impl Config {
    pub fn load() -> Result<Self, String> {
-        let env = match Env::load() {
+        let env = Env::load().map_err(|e| format!("failed to load configuration: {e}"))?;
-            Ok(env) => env,
+        let s3_client =
-            Err(e) => return Err(format!("failed to load configuration: {e}")),
+            create_s3_client(&env).map_err(|e| format!("failed to create S3 client: {e}"))?;
-        };
+        let key =
+            load_key(&env.key_path).map_err(|e| format!("failed to load Gitolfs3 key: {e}"))?;
-        let s3_client = match create_s3_client(&env) {
-            Ok(s3_client) => s3_client,
-            Err(e) => return Err(format!("failed to create S3 client: {e}")),
-        };
-        let key = match load_key(&env.key_path) {
-            Ok(key) => key,
-            Err(e) => return Err(format!("failed to load Gitolfs3 key: {e}")),
-        };
        let trusted_forwarded_hosts: HashSet<String> = env
            .trusted_forwarded_hosts
diff --git a/gitolfs3-server/src/handler.rs b/gitolfs3-server/src/handler.rs
index 64d5492..c5d4a61 100644
--- a/gitolfs3-server/src/handler.rs
+++ b/gitolfs3-server/src/handler.rs
@@ -2,24 +2,24 @@ use std::{collections::HashMap, sync::Arc};
 use aws_sdk_s3::{error::SdkError, operation::head_object::HeadObjectOutput};
 use axum::{
+    Json,
    extract::{Path, State},
    http,
    response::{IntoResponse, Response},
-    Json,
 };
-use base64::{prelude::BASE64_STANDARD, Engine};
+use base64::{Engine, prelude::BASE64_STANDARD};
 use chrono::Utc;
-use gitolfs3_common::{generate_tag, Claims, HexByte, Oid, Operation, SpecificClaims};
+use gitolfs3_common::{Claims, HexByte, Oid, Operation, SpecificClaims, generate_tag};
-use serde::{de, Deserialize};
+use serde::{Deserialize, de};
 use tokio::sync::Mutex;
 use crate::{
    api::{
-        is_git_lfs_json_mimetype, make_error_resp, BatchRequest, BatchRequestObject, BatchResponse,
+        BatchRequest, BatchRequestObject, BatchResponse, BatchResponseObject,
-        BatchResponseObject, BatchResponseObjectAction, BatchResponseObjectActions, GitLfsJson,
+        BatchResponseObjectAction, BatchResponseObjectActions, GitLfsJson, HashAlgo, LFS_MIME,
-        HashAlgo, RepositoryName, TransferAdapter, LFS_MIME, REPO_NOT_FOUND,
+        REPO_NOT_FOUND, RepositoryName, TransferAdapter, is_git_lfs_json_mimetype, make_error_resp,
    },
-    authz::{authorize_batch, authorize_get, Trusted},
+    authz::{Trusted, authorize_batch, authorize_get},
    config::AuthorizationConfig,
    dlimit::DownloadLimiter,
 };
@@ -144,31 +144,31 @@ async fn handle_download_object(
        };
    }
-    if let Some(content_length) = content_length {
+    if let Some(content_length) = content_length
-        if content_length > 0 {
+        && content_length > 0
-            match state
+    {
-                .dl_limiter
+        match state
-                .lock()
+            .dl_limiter
-                .await
+            .lock()
-                .request(content_length as u64)
+            .await
-                .await
+            .request(content_length as u64)
-            {
+            .await
-                Ok(true) => {}
+        {
-                Ok(false) => {
+            Ok(true) => {}
-                    return BatchResponseObject::error(
+            Ok(false) => {
-                        obj,
+                return BatchResponseObject::error(
-                        http::StatusCode::SERVICE_UNAVAILABLE,
+                    obj,
-                        "Public LFS downloads temporarily unavailable".to_string(),
+                    http::StatusCode::SERVICE_UNAVAILABLE,
-                    );
+                    "Public LFS downloads temporarily unavailable".to_string(),
-                }
+                );
-                Err(e) => {
+            }
-                    println!("Failed to request {content_length} bytes from download limiter: {e}");
+            Err(e) => {
-                    return BatchResponseObject::error(
+                println!("Failed to request {content_length} bytes from download limiter: {e}");
-                        obj,
+                return BatchResponseObject::error(
-                        http::StatusCode::INTERNAL_SERVER_ERROR,
+                    obj,
-                        "Internal server error".to_string(),
+                    http::StatusCode::INTERNAL_SERVER_ERROR,
-                    );
+                    "Internal server error".to_string(),
-                }
+                );
            }
        }
    }
@@ -433,12 +433,11 @@ fn s3_encode_checksum(oid: Oid) -> String {
 }
 fn s3_validate_checksum(oid: Oid, obj: &HeadObjectOutput) -> bool {
-    if let Some(checksum) = obj.checksum_sha256() {
+    if let Some(checksum) = obj.checksum_sha256()
-        if let Ok(checksum) = BASE64_STANDARD.decode(checksum) {
+        && let Ok(checksum) = BASE64_STANDARD.decode(checksum)
-            if let Ok(checksum32b) = TryInto::<[u8; 32]>::try_into(checksum) {
+        && let Ok(checksum32b) = TryInto::<[u8; 32]>::try_into(checksum)
-                return Oid::from(checksum32b) == oid;
+    {
-            }
+        return Oid::from(checksum32b) == oid;
-        }
    }
    true
 }
diff --git a/gitolfs3-server/src/main.rs b/gitolfs3-server/src/main.rs
index 46e840a..c88de76 100644
--- a/gitolfs3-server/src/main.rs
+++ b/gitolfs3-server/src/main.rs
@@ -9,12 +9,12 @@ use config::Config;
 use dlimit::DownloadLimiter;
 use axum::{
+    Router, ServiceExt,
    extract::OriginalUri,
    http::{self, Uri},
    routing::{get, post},
-    Router, ServiceExt,
 };
-use handler::{handle_batch, handle_obj_download, AppState};
+use handler::{AppState, handle_batch, handle_obj_download};
 use std::{process::ExitCode, sync::Arc};
 use tokio::net::TcpListener;
 use tower::Layer;
@@ -41,7 +41,7 @@ async fn main() -> ExitCode {
    });
    let app = Router::new()
        .route("/batch", post(handle_batch))
-        .route("/:oid0/:oid1/:oid", get(handle_obj_download))
+        .route("/{oid0}/{oid1}/{oid}", get(handle_obj_download))
        .with_state(shared_state);
    let middleware = axum::middleware::map_request(rewrite_url);

diff --git a/gitolfs3-server/Cargo.toml b/gitolfs3-server/Cargo.toml index efea78b..5908770 100644 --- a/gitolfs3-server/Cargo.toml +++ b/gitolfs3-server/Cargo.toml
@@ -1,20 +1,20 @@
1	[package]	1	[package]
2	name = "gitolfs3-server"	2	name = "gitolfs3-server"
3	version = "0.1.0"	3	version = "0.1.0"
4	edition = "2021"	4	edition = "2024"
5	license = "MIT"	5	license = "MIT"
6		6
7	[dependencies]	7	[dependencies]
8	aws-config = { version = "1.1.2" }	8	aws-config = "1.6"
9	aws-sdk-s3 = "1.12.0"	9	aws-sdk-s3 = "1.82"
10	axum = "0.7"	10	axum = "0.8"
11	base64 = "0.21"	11	base64 = "0.22"
12	chrono = { version = "0.4", features = ["serde"] }	12	chrono = { version = "0.4", features = ["serde"] }
13	gitolfs3-common = { path = "../gitolfs3-common" }	13	gitolfs3-common = { path = "../gitolfs3-common" }
14	mime = "0.3"	14	mime = "0.3"
15	serde = { version = "1", features = ["derive"] }	15	serde = { version = "1", features = ["derive"] }
16	serde_json = "1"	16	serde_json = "1"
17	tokio = { version = "1.35", features = ["full"] }	17	tokio = { version = "1.44", features = ["full"] }
18	tokio-util = "0.7"	18	tokio-util = "0.7"
19	tower = "0.4"	19	tower = "0.5"
20	tracing-subscriber = { version = "0.3", features = ["env-filter"] }	20	tracing-subscriber = { version = "0.3", features = ["env-filter"] }


diff --git a/gitolfs3-server/src/api.rs b/gitolfs3-server/src/api.rs index d71d188..87c1856 100644 --- a/gitolfs3-server/src/api.rs +++ b/gitolfs3-server/src/api.rs
@@ -1,15 +1,14 @@
1	use std::collections::HashMap;	1	use std::collections::HashMap;
2		2
3	use axum::{	3	use axum::{
4	async_trait,	4	Extension, Json,
5	extract::{rejection, FromRequest, FromRequestParts, Request},	5	extract::{FromRequest, FromRequestParts, Request, rejection},
6	http,	6	http,
7	response::{IntoResponse, Response},	7	response::{IntoResponse, Response},
8	Extension, Json,
9	};	8	};
10	use chrono::{DateTime, Utc};	9	use chrono::{DateTime, Utc};
11	use gitolfs3_common::{Oid, Operation};	10	use gitolfs3_common::{Oid, Operation};
12	use serde::{de::DeserializeOwned, Deserialize, Serialize};	11	use serde::{Deserialize, Serialize, de::DeserializeOwned};
13		12
14	// ----------------------- Generic facilities ----------------------	13	// ----------------------- Generic facilities ----------------------
15		14
@@ -20,7 +19,10 @@ pub struct GitLfsErrorData<'a> {
20	pub message: &'a str,	19	pub message: &'a str,
21	}	20	}
22		21
23	pub const fn make_error_resp(code: http::StatusCode, message: &str) -> GitLfsErrorResponse {	22	pub const fn make_error_resp<'a>(
		23	code: http::StatusCode,
		24	message: &'a str,
		25	) -> GitLfsErrorResponse<'a> {
24	(code, GitLfsJson(Json(GitLfsErrorData { message })))	26	(code, GitLfsJson(Json(GitLfsErrorData { message })))
25	}	27	}
26		28
@@ -76,7 +78,6 @@ fn has_git_lfs_json_content_type(req: &Request) -> bool {
76	is_git_lfs_json_mimetype(content_type)	78	is_git_lfs_json_mimetype(content_type)
77	}	79	}
78		80
79	#[async_trait]
80	impl<T, S> FromRequest<S> for GitLfsJson<T>	81	impl<T, S> FromRequest<S> for GitLfsJson<T>
81	where	82	where
82	T: DeserializeOwned,	83	T: DeserializeOwned,
@@ -122,7 +123,6 @@ impl IntoResponse for RepositoryNameRejection {
122	}	123	}
123	}	124	}
124		125
125	#[async_trait]
126	impl<S: Send + Sync> FromRequestParts<S> for RepositoryName {	126	impl<S: Send + Sync> FromRequestParts<S> for RepositoryName {
127	type Rejection = RepositoryNameRejection;	127	type Rejection = RepositoryNameRejection;
128		128


diff --git a/gitolfs3-server/src/authz.rs b/gitolfs3-server/src/authz.rs index 8a5f21f..c4cb6df 100644 --- a/gitolfs3-server/src/authz.rs +++ b/gitolfs3-server/src/authz.rs
@@ -2,10 +2,10 @@ use std::collections::HashSet;
2		2
3	use axum::http;	3	use axum::http;
4	use chrono::{DateTime, Utc};	4	use chrono::{DateTime, Utc};
5	use gitolfs3_common::{generate_tag, Claims, Digest, Oid, Operation, SpecificClaims};	5	use gitolfs3_common::{Claims, Digest, Oid, Operation, SpecificClaims, generate_tag};
6		6
7	use crate::{	7	use crate::{
8	api::{make_error_resp, GitLfsErrorResponse, REPO_NOT_FOUND},	8	api::{GitLfsErrorResponse, REPO_NOT_FOUND, make_error_resp},
9	config::AuthorizationConfig,	9	config::AuthorizationConfig,
10	};	10	};
11		11


diff --git a/gitolfs3-server/src/config.rs b/gitolfs3-server/src/config.rs index c6a51a5..5167cca 100644 --- a/gitolfs3-server/src/config.rs +++ b/gitolfs3-server/src/config.rs
@@ -1,6 +1,6 @@
1	use std::collections::HashSet;	1	use std::collections::HashSet;
2		2
3	use gitolfs3_common::{load_key, Key};	3	use gitolfs3_common::{Key, load_key};
4		4
5	pub struct Config {	5	pub struct Config {
6	pub listen_addr: (String, u16),	6	pub listen_addr: (String, u16),
@@ -18,19 +18,11 @@ pub struct AuthorizationConfig {
18		18
19	impl Config {	19	impl Config {
20	pub fn load() -> Result<Self, String> {	20	pub fn load() -> Result<Self, String> {
21	let env = match Env::load() {	21	let env = Env::load().map_err(\|e\| format!("failed to load configuration: {e}"))?;
22	Ok(env) => env,	22	let s3_client =
23	Err(e) => return Err(format!("failed to load configuration: {e}")),	23	create_s3_client(&env).map_err(\|e\| format!("failed to create S3 client: {e}"))?;
24	};	24	let key =
25		25	load_key(&env.key_path).map_err(\|e\| format!("failed to load Gitolfs3 key: {e}"))?;
26	let s3_client = match create_s3_client(&env) {
27	Ok(s3_client) => s3_client,
28	Err(e) => return Err(format!("failed to create S3 client: {e}")),
29	};
30	let key = match load_key(&env.key_path) {
31	Ok(key) => key,
32	Err(e) => return Err(format!("failed to load Gitolfs3 key: {e}")),
33	};
34		26
35	let trusted_forwarded_hosts: HashSet<String> = env	27	let trusted_forwarded_hosts: HashSet<String> = env
36	.trusted_forwarded_hosts	28	.trusted_forwarded_hosts


diff --git a/gitolfs3-server/src/handler.rs b/gitolfs3-server/src/handler.rs index 64d5492..c5d4a61 100644 --- a/gitolfs3-server/src/handler.rs +++ b/gitolfs3-server/src/handler.rs
@@ -2,24 +2,24 @@ use std::{collections::HashMap, sync::Arc};
2		2
3	use aws_sdk_s3::{error::SdkError, operation::head_object::HeadObjectOutput};	3	use aws_sdk_s3::{error::SdkError, operation::head_object::HeadObjectOutput};
4	use axum::{	4	use axum::{
		5	Json,
5	extract::{Path, State},	6	extract::{Path, State},
6	http,	7	http,
7	response::{IntoResponse, Response},	8	response::{IntoResponse, Response},
8	Json,
9	};	9	};
10	use base64::{prelude::BASE64_STANDARD, Engine};	10	use base64::{Engine, prelude::BASE64_STANDARD};
11	use chrono::Utc;	11	use chrono::Utc;
12	use gitolfs3_common::{generate_tag, Claims, HexByte, Oid, Operation, SpecificClaims};	12	use gitolfs3_common::{Claims, HexByte, Oid, Operation, SpecificClaims, generate_tag};
13	use serde::{de, Deserialize};	13	use serde::{Deserialize, de};
14	use tokio::sync::Mutex;	14	use tokio::sync::Mutex;
15		15
16	use crate::{	16	use crate::{
17	api::{	17	api::{
18	is_git_lfs_json_mimetype, make_error_resp, BatchRequest, BatchRequestObject, BatchResponse,	18	BatchRequest, BatchRequestObject, BatchResponse, BatchResponseObject,
19	BatchResponseObject, BatchResponseObjectAction, BatchResponseObjectActions, GitLfsJson,	19	BatchResponseObjectAction, BatchResponseObjectActions, GitLfsJson, HashAlgo, LFS_MIME,
20	HashAlgo, RepositoryName, TransferAdapter, LFS_MIME, REPO_NOT_FOUND,	20	REPO_NOT_FOUND, RepositoryName, TransferAdapter, is_git_lfs_json_mimetype, make_error_resp,
21	},	21	},
22	authz::{authorize_batch, authorize_get, Trusted},	22	authz::{Trusted, authorize_batch, authorize_get},
23	config::AuthorizationConfig,	23	config::AuthorizationConfig,
24	dlimit::DownloadLimiter,	24	dlimit::DownloadLimiter,
25	};	25	};
@@ -144,31 +144,31 @@ async fn handle_download_object(
144	};	144	};
145	}	145	}
146		146
147	if let Some(content_length) = content_length {	147	if let Some(content_length) = content_length
148	if content_length > 0 {	148	&& content_length > 0
149	match state	149	{
150	.dl_limiter	150	match state
151	.lock()	151	.dl_limiter
152	.await	152	.lock()
153	.request(content_length as u64)	153	.await
154	.await	154	.request(content_length as u64)
155	{	155	.await
156	Ok(true) => {}	156	{
157	Ok(false) => {	157	Ok(true) => {}
158	return BatchResponseObject::error(	158	Ok(false) => {
159	obj,	159	return BatchResponseObject::error(
160	http::StatusCode::SERVICE_UNAVAILABLE,	160	obj,
161	"Public LFS downloads temporarily unavailable".to_string(),	161	http::StatusCode::SERVICE_UNAVAILABLE,
162	);	162	"Public LFS downloads temporarily unavailable".to_string(),
163	}	163	);
164	Err(e) => {	164	}
165	println!("Failed to request {content_length} bytes from download limiter: {e}");	165	Err(e) => {
166	return BatchResponseObject::error(	166	println!("Failed to request {content_length} bytes from download limiter: {e}");
167	obj,	167	return BatchResponseObject::error(
168	http::StatusCode::INTERNAL_SERVER_ERROR,	168	obj,
169	"Internal server error".to_string(),	169	http::StatusCode::INTERNAL_SERVER_ERROR,
170	);	170	"Internal server error".to_string(),
171	}	171	);
172	}	172	}
173	}	173	}
174	}	174	}
@@ -433,12 +433,11 @@ fn s3_encode_checksum(oid: Oid) -> String {
433	}	433	}
434		434
435	fn s3_validate_checksum(oid: Oid, obj: &HeadObjectOutput) -> bool {	435	fn s3_validate_checksum(oid: Oid, obj: &HeadObjectOutput) -> bool {
436	if let Some(checksum) = obj.checksum_sha256() {	436	if let Some(checksum) = obj.checksum_sha256()
437	if let Ok(checksum) = BASE64_STANDARD.decode(checksum) {	437	&& let Ok(checksum) = BASE64_STANDARD.decode(checksum)
438	if let Ok(checksum32b) = TryInto::<[u8; 32]>::try_into(checksum) {	438	&& let Ok(checksum32b) = TryInto::<[u8; 32]>::try_into(checksum)
439	return Oid::from(checksum32b) == oid;	439	{
440	}	440	return Oid::from(checksum32b) == oid;
441	}
442	}	441	}
443	true	442	true
444	}	443	}


diff --git a/gitolfs3-server/src/main.rs b/gitolfs3-server/src/main.rs index 46e840a..c88de76 100644 --- a/gitolfs3-server/src/main.rs +++ b/gitolfs3-server/src/main.rs
@@ -9,12 +9,12 @@ use config::Config;
9	use dlimit::DownloadLimiter;	9	use dlimit::DownloadLimiter;
10		10
11	use axum::{	11	use axum::{
		12	Router, ServiceExt,
12	extract::OriginalUri,	13	extract::OriginalUri,
13	http::{self, Uri},	14	http::{self, Uri},
14	routing::{get, post},	15	routing::{get, post},
15	Router, ServiceExt,
16	};	16	};
17	use handler::{handle_batch, handle_obj_download, AppState};	17	use handler::{AppState, handle_batch, handle_obj_download};
18	use std::{process::ExitCode, sync::Arc};	18	use std::{process::ExitCode, sync::Arc};
19	use tokio::net::TcpListener;	19	use tokio::net::TcpListener;
20	use tower::Layer;	20	use tower::Layer;
@@ -41,7 +41,7 @@ async fn main() -> ExitCode {
41	});	41	});
42	let app = Router::new()	42	let app = Router::new()
43	.route("/batch", post(handle_batch))	43	.route("/batch", post(handle_batch))
44	.route("/:oid0/:oid1/:oid", get(handle_obj_download))	44	.route("/{oid0}/{oid1}/{oid}", get(handle_obj_download))
45	.with_state(shared_state);	45	.with_state(shared_state);
46		46
47	let middleware = axum::middleware::map_request(rewrite_url);	47	let middleware = axum::middleware::map_request(rewrite_url);