Compare commits
12 commits
8e7e0e9a84
...
8f60cfe836
Author | SHA1 | Date | |
---|---|---|---|
Bruno BELANYI | 8f60cfe836 | ||
Antoine Martin | 3fc96cd7a8 | ||
Antoine Martin | 535cfe0e65 | ||
Antoine Martin | e0fc69781a | ||
Antoine Martin | 6a79949e28 | ||
Antoine Martin | 933e164259 | ||
Antoine Martin | a516d841e1 | ||
Antoine Martin | 78194b69ad | ||
Antoine Martin | 54fafc6a46 | ||
Antoine Martin | aba153726b | ||
Antoine Martin | 422024d919 | ||
Antoine Martin | ff90b5fb2d |
12
.github/workflows/ci.yaml
vendored
12
.github/workflows/ci.yaml
vendored
|
@ -10,11 +10,11 @@ jobs:
|
||||||
- name: Checkout sources
|
- name: Checkout sources
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Install nightly toolchain
|
- name: Install stable toolchain
|
||||||
uses: actions-rs/toolchain@v1
|
uses: actions-rs/toolchain@v1
|
||||||
with:
|
with:
|
||||||
profile: minimal
|
profile: minimal
|
||||||
toolchain: nightly
|
toolchain: stable
|
||||||
override: true
|
override: true
|
||||||
|
|
||||||
- name: Run cargo check
|
- name: Run cargo check
|
||||||
|
@ -29,11 +29,11 @@ jobs:
|
||||||
- name: Checkout sources
|
- name: Checkout sources
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Install nightly toolchain
|
- name: Install stable toolchain
|
||||||
uses: actions-rs/toolchain@v1
|
uses: actions-rs/toolchain@v1
|
||||||
with:
|
with:
|
||||||
profile: minimal
|
profile: minimal
|
||||||
toolchain: nightly
|
toolchain: stable
|
||||||
override: true
|
override: true
|
||||||
|
|
||||||
- name: Run cargo test
|
- name: Run cargo test
|
||||||
|
@ -48,11 +48,11 @@ jobs:
|
||||||
- name: Checkout sources
|
- name: Checkout sources
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Install nightly toolchain
|
- name: Install stable toolchain
|
||||||
uses: actions-rs/toolchain@v1
|
uses: actions-rs/toolchain@v1
|
||||||
with:
|
with:
|
||||||
profile: minimal
|
profile: minimal
|
||||||
toolchain: nightly
|
toolchain: stable
|
||||||
override: true
|
override: true
|
||||||
components: rustfmt, clippy
|
components: rustfmt, clippy
|
||||||
|
|
||||||
|
|
1314
Cargo.lock
generated
1314
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
17
Cargo.toml
17
Cargo.toml
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "lohr"
|
name = "lohr"
|
||||||
version = "0.3.0"
|
version = "0.3.1"
|
||||||
authors = ["Antoine Martin <antoine@alarsyo.net>"]
|
authors = ["Antoine Martin <antoine@alarsyo.net>"]
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
license = "Apache-2.0 OR MIT"
|
license = "Apache-2.0 OR MIT"
|
||||||
|
@ -16,10 +16,21 @@ hex = "0.4.3"
|
||||||
hmac = "0.10.1"
|
hmac = "0.10.1"
|
||||||
log = "0.4.14"
|
log = "0.4.14"
|
||||||
regex = "1"
|
regex = "1"
|
||||||
rocket = "0.4.7"
|
|
||||||
rocket_contrib = { version = "0.4.7", features = [ "json" ] }
|
|
||||||
serde = { version = "1.0.125", features = [ "derive" ] }
|
serde = { version = "1.0.125", features = [ "derive" ] }
|
||||||
serde_json = "1.0.64"
|
serde_json = "1.0.64"
|
||||||
serde_regex = "1.1.0"
|
serde_regex = "1.1.0"
|
||||||
serde_yaml = "0.8.17"
|
serde_yaml = "0.8.17"
|
||||||
sha2 = "0.9.3"
|
sha2 = "0.9.3"
|
||||||
|
|
||||||
|
[dependencies.rocket]
|
||||||
|
version = "0.5.0-dev"
|
||||||
|
# don't need private-cookies
|
||||||
|
default-features = false
|
||||||
|
|
||||||
|
[dependencies.clap]
|
||||||
|
version = "2.33.3"
|
||||||
|
# no need for suggestions or color with only one argument
|
||||||
|
default-features = false
|
||||||
|
|
||||||
|
[patch.crates-io]
|
||||||
|
rocket = { git = "https://github.com/SergioBenitez/Rocket", rev = "2893ce754d6535e0a752586e60d7e292343016c0" }
|
||||||
|
|
16
README.org
16
README.org
|
@ -21,6 +21,14 @@ file at the repo root.
|
||||||
This is a very destructive process: anything removed from the single source of
|
This is a very destructive process: anything removed from the single source of
|
||||||
truth is effectively removed from any mirror as well.
|
truth is effectively removed from any mirror as well.
|
||||||
|
|
||||||
|
** Installing
|
||||||
|
|
||||||
|
=lohr= is [[https://crates.io/crates/lohr][published on crates.io]], so you can install it with ~cargo install~:
|
||||||
|
|
||||||
|
#+begin_src sh
|
||||||
|
$ cargo install lohr
|
||||||
|
#+end_src
|
||||||
|
|
||||||
** Setup
|
** Setup
|
||||||
|
|
||||||
*** Quickstart
|
*** Quickstart
|
||||||
|
@ -73,8 +81,12 @@ variable.
|
||||||
|
|
||||||
**** Extra remote configuration
|
**** Extra remote configuration
|
||||||
|
|
||||||
=lohr= looks for a =lohr-config.yaml= file in its =LOHR_HOME= directory. The
|
You can provide =lohr= with a YAML file containing additional configuration. You
|
||||||
=LOHR_CONFIG= variable takes precedence over looking into the state directory.
|
can pass its path to the =--config= flag when launching =lohr=. If no
|
||||||
|
configuration is provided via a CLI flag, =lohr= will check the =LOHR_CONFIG=
|
||||||
|
environment variable. If the environment variable isn't set either, it will
|
||||||
|
check in =LOHR_HOME= is a =lohr-config.yaml= file exists, and try to load it.
|
||||||
|
|
||||||
This file takes the following format:
|
This file takes the following format:
|
||||||
|
|
||||||
#+begin_src yaml
|
#+begin_src yaml
|
||||||
|
|
39
flake.lock
39
flake.lock
|
@ -31,43 +31,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"mozillapkgs": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1603906276,
|
|
||||||
"narHash": "sha256-RsNPnEKd7BcogwkqhaV5kI/HuNC4flH/OQCC/4W5y/8=",
|
|
||||||
"owner": "mozilla",
|
|
||||||
"repo": "nixpkgs-mozilla",
|
|
||||||
"rev": "8c007b60731c07dd7a052cce508de3bb1ae849b4",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "mozilla",
|
|
||||||
"repo": "nixpkgs-mozilla",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"naersk": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1614785451,
|
|
||||||
"narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=",
|
|
||||||
"owner": "nmattia",
|
|
||||||
"repo": "naersk",
|
|
||||||
"rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nmattia",
|
|
||||||
"ref": "master",
|
|
||||||
"repo": "naersk",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1616670887,
|
"lastModified": 1616670887,
|
||||||
|
@ -88,8 +51,6 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"mozillapkgs": "mozillapkgs",
|
|
||||||
"naersk": "naersk",
|
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
34
flake.nix
34
flake.nix
|
@ -1,13 +1,5 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
naersk = {
|
|
||||||
url = "github:nmattia/naersk/master";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
mozillapkgs = {
|
|
||||||
url = "github:mozilla/nixpkgs-mozilla";
|
|
||||||
flake = false;
|
|
||||||
};
|
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||||
flake-utils.url = "github:numtide/flake-utils";
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
flake-compat = {
|
flake-compat = {
|
||||||
|
@ -16,27 +8,19 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, naersk, mozillapkgs, nixpkgs, flake-utils, ... }:
|
outputs = { self, nixpkgs, flake-utils, ... }:
|
||||||
flake-utils.lib.eachDefaultSystem (system:
|
flake-utils.lib.eachDefaultSystem (system:
|
||||||
let
|
let
|
||||||
pkgs = import nixpkgs { inherit system; };
|
pkgs = import nixpkgs { inherit system; };
|
||||||
|
|
||||||
mozilla = pkgs.callPackage (mozillapkgs + "/package-set.nix") { };
|
|
||||||
rustNightly = (mozilla.rustChannelOf {
|
|
||||||
date = "2021-03-29";
|
|
||||||
channel = "nightly";
|
|
||||||
sha256 = "sha256-Y94CnslybZgiZlNVV6Cg0TUPV2OeDXakPev1kqdt9Kk=";
|
|
||||||
}).rust;
|
|
||||||
|
|
||||||
naersk-lib = pkgs.callPackage naersk {
|
|
||||||
cargo = rustNightly;
|
|
||||||
rustc = rustNightly;
|
|
||||||
};
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
defaultPackage = naersk-lib.buildPackage {
|
defaultPackage = pkgs.rustPlatform.buildRustPackage {
|
||||||
src = ./.;
|
|
||||||
pname = "lohr";
|
pname = "lohr";
|
||||||
|
version = "0.3.1";
|
||||||
|
|
||||||
|
src = ./.;
|
||||||
|
|
||||||
|
cargoSha256 = "sha256-XnBvb13Pv7bNTLCL3WV+bxRK0/uMEKA1/Bk0Tfua3Rs=";
|
||||||
|
|
||||||
meta = with pkgs.lib; {
|
meta = with pkgs.lib; {
|
||||||
description = "A Git mirroring tool";
|
description = "A Git mirroring tool";
|
||||||
|
@ -52,10 +36,12 @@
|
||||||
|
|
||||||
devShell = pkgs.mkShell {
|
devShell = pkgs.mkShell {
|
||||||
buildInputs = with pkgs; [
|
buildInputs = with pkgs; [
|
||||||
|
cargo
|
||||||
|
clippy
|
||||||
nixpkgs-fmt
|
nixpkgs-fmt
|
||||||
pre-commit
|
pre-commit
|
||||||
rustPackages.clippy
|
rustPackages.clippy
|
||||||
rustNightly
|
rustc
|
||||||
rustfmt
|
rustfmt
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
nightly
|
stable
|
||||||
|
|
|
@ -190,13 +190,6 @@ impl Job {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn run(&mut self, homedir: &Path, config: &GlobalSettings) -> anyhow::Result<()> {
|
pub(crate) fn run(&mut self, homedir: &Path, config: &GlobalSettings) -> anyhow::Result<()> {
|
||||||
if config
|
|
||||||
.blacklist
|
|
||||||
.iter()
|
|
||||||
.any(|re| re.is_match(&self.repo.full_name))
|
|
||||||
{
|
|
||||||
return Ok(());
|
|
||||||
}
|
|
||||||
let local_path = homedir.join(&self.repo.full_name);
|
let local_path = homedir.join(&self.repo.full_name);
|
||||||
assert!(local_path.is_absolute());
|
assert!(local_path.is_absolute());
|
||||||
self.local_path = Some(local_path);
|
self.local_path = Some(local_path);
|
||||||
|
|
86
src/main.rs
86
src/main.rs
|
@ -1,18 +1,17 @@
|
||||||
#![feature(proc_macro_hygiene, decl_macro)]
|
|
||||||
|
|
||||||
use std::env;
|
use std::env;
|
||||||
use std::fs::File;
|
use std::fs::File;
|
||||||
use std::path::PathBuf;
|
use std::path::{Path, PathBuf};
|
||||||
use std::sync::{
|
use std::sync::{
|
||||||
mpsc::{channel, Receiver, Sender},
|
mpsc::{channel, Receiver, Sender},
|
||||||
Mutex,
|
Mutex,
|
||||||
};
|
};
|
||||||
use std::thread;
|
use std::thread;
|
||||||
|
|
||||||
|
use anyhow::Context;
|
||||||
|
use clap::{App, Arg};
|
||||||
|
use log::{error, info};
|
||||||
use rocket::{http::Status, post, routes, State};
|
use rocket::{http::Status, post, routes, State};
|
||||||
|
|
||||||
use log::error;
|
|
||||||
|
|
||||||
mod gitea;
|
mod gitea;
|
||||||
use gitea::GiteaWebHook;
|
use gitea::GiteaWebHook;
|
||||||
|
|
||||||
|
@ -29,7 +28,23 @@ struct JobSender(Mutex<Sender<Job>>);
|
||||||
struct Secret(String);
|
struct Secret(String);
|
||||||
|
|
||||||
#[post("/", data = "<payload>")]
|
#[post("/", data = "<payload>")]
|
||||||
fn gitea_webhook(payload: SignedJson<GiteaWebHook>, sender: State<JobSender>) -> Status {
|
fn gitea_webhook(
|
||||||
|
payload: SignedJson<GiteaWebHook>,
|
||||||
|
sender: State<JobSender>,
|
||||||
|
config: State<GlobalSettings>,
|
||||||
|
) -> Status {
|
||||||
|
if config
|
||||||
|
.blacklist
|
||||||
|
.iter()
|
||||||
|
.any(|re| re.is_match(&payload.repository.full_name))
|
||||||
|
{
|
||||||
|
info!(
|
||||||
|
"Ignoring webhook for repo {} which is blacklisted",
|
||||||
|
payload.repository.full_name
|
||||||
|
);
|
||||||
|
return Status::Ok;
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
let sender = sender.0.lock().unwrap();
|
let sender = sender.0.lock().unwrap();
|
||||||
let repo = &payload.repository;
|
let repo = &payload.repository;
|
||||||
|
@ -49,21 +64,47 @@ fn repo_updater(rx: Receiver<Job>, homedir: PathBuf, config: GlobalSettings) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn parse_config(mut path: PathBuf) -> anyhow::Result<GlobalSettings> {
|
fn parse_config(home: &Path, flags: &clap::ArgMatches) -> anyhow::Result<GlobalSettings> {
|
||||||
path.push("lohr-config");
|
// prioritize CLI flag, then env var
|
||||||
path.set_extension("yaml");
|
let config_path = flags.value_of("config").map(PathBuf::from);
|
||||||
let path = env::var("LOHR_CONFIG")
|
let config_path = config_path.or_else(|| env::var("LOHR_CONFIG").map(PathBuf::from).ok());
|
||||||
.map(Into::into)
|
|
||||||
.unwrap_or_else(|_| path);
|
let file = match config_path {
|
||||||
let config = if let Ok(file) = File::open(path.as_path()) {
|
Some(config_path) => File::open(&config_path).with_context(|| {
|
||||||
serde_yaml::from_reader(file)?
|
format!(
|
||||||
} else {
|
"could not open provided configuration file at {}",
|
||||||
Default::default()
|
config_path.display()
|
||||||
};
|
)
|
||||||
Ok(config)
|
})?,
|
||||||
|
None => {
|
||||||
|
// check if file exists in lohr home
|
||||||
|
let config_path = home.join("lohr-config.yaml");
|
||||||
|
if !config_path.is_file() {
|
||||||
|
return Ok(Default::default());
|
||||||
}
|
}
|
||||||
|
|
||||||
fn main() -> anyhow::Result<()> {
|
File::open(config_path).context("failed to open configuration file in LOHR_HOME")?
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
serde_yaml::from_reader(file).context("could not parse configuration file")
|
||||||
|
}
|
||||||
|
|
||||||
|
#[rocket::main]
|
||||||
|
async fn main() -> anyhow::Result<()> {
|
||||||
|
let matches = App::new("lohr")
|
||||||
|
.version("0.3.1")
|
||||||
|
.about("Git mirroring daemon")
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("config")
|
||||||
|
.short("c")
|
||||||
|
.long("config")
|
||||||
|
.value_name("FILE")
|
||||||
|
.help("Use a custom config file")
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.get_matches();
|
||||||
|
|
||||||
let (sender, receiver) = channel();
|
let (sender, receiver) = channel();
|
||||||
|
|
||||||
let homedir = env::var("LOHR_HOME").unwrap_or_else(|_| "./".to_string());
|
let homedir = env::var("LOHR_HOME").unwrap_or_else(|_| "./".to_string());
|
||||||
|
@ -73,7 +114,8 @@ fn main() -> anyhow::Result<()> {
|
||||||
let secret = env::var("LOHR_SECRET")
|
let secret = env::var("LOHR_SECRET")
|
||||||
.expect("please provide a secret, otherwise anyone can send you a malicious webhook");
|
.expect("please provide a secret, otherwise anyone can send you a malicious webhook");
|
||||||
|
|
||||||
let config = parse_config(homedir.clone())?;
|
let config = parse_config(&homedir, &matches)?;
|
||||||
|
let config_state = config.clone();
|
||||||
|
|
||||||
thread::spawn(move || {
|
thread::spawn(move || {
|
||||||
repo_updater(receiver, homedir, config);
|
repo_updater(receiver, homedir, config);
|
||||||
|
@ -83,7 +125,9 @@ fn main() -> anyhow::Result<()> {
|
||||||
.mount("/", routes![gitea_webhook])
|
.mount("/", routes![gitea_webhook])
|
||||||
.manage(JobSender(Mutex::new(sender)))
|
.manage(JobSender(Mutex::new(sender)))
|
||||||
.manage(Secret(secret))
|
.manage(Secret(secret))
|
||||||
.launch();
|
.manage(config_state)
|
||||||
|
.launch()
|
||||||
|
.await?;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@ use serde::Deserialize;
|
||||||
|
|
||||||
pub(crate) type RepoUrl = String; // FIXME: probably needs a better type than this
|
pub(crate) type RepoUrl = String; // FIXME: probably needs a better type than this
|
||||||
|
|
||||||
#[derive(Default, Deserialize)]
|
#[derive(Clone, Default, Deserialize)]
|
||||||
pub(crate) struct GlobalSettings {
|
pub(crate) struct GlobalSettings {
|
||||||
/// List of remote stems to use when no `.lohr` file is found
|
/// List of remote stems to use when no `.lohr` file is found
|
||||||
#[serde(default)]
|
#[serde(default)]
|
||||||
|
|
|
@ -1,20 +1,17 @@
|
||||||
use std::{
|
use std::{
|
||||||
io::Read,
|
io,
|
||||||
ops::{Deref, DerefMut},
|
ops::{Deref, DerefMut},
|
||||||
};
|
};
|
||||||
|
|
||||||
use rocket::{
|
use rocket::{
|
||||||
data::{FromData, Outcome},
|
data::{ByteUnit, FromData, Outcome},
|
||||||
http::ContentType,
|
http::ContentType,
|
||||||
State,
|
State,
|
||||||
};
|
};
|
||||||
use rocket::{
|
use rocket::{http::Status, local_cache};
|
||||||
data::{Transform, Transformed},
|
|
||||||
http::Status,
|
|
||||||
};
|
|
||||||
use rocket::{Data, Request};
|
use rocket::{Data, Request};
|
||||||
|
|
||||||
use anyhow::anyhow;
|
use anyhow::{anyhow, Context};
|
||||||
use serde::Deserialize;
|
use serde::Deserialize;
|
||||||
|
|
||||||
use crate::Secret;
|
use crate::Secret;
|
||||||
|
@ -53,37 +50,29 @@ impl<T> DerefMut for SignedJson<T> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const LIMIT: u64 = 1 << 20;
|
const LIMIT: ByteUnit = ByteUnit::Mebibyte(1);
|
||||||
|
|
||||||
|
impl<'r, T: Deserialize<'r>> SignedJson<T> {
|
||||||
|
fn from_str(s: &'r str) -> anyhow::Result<Self> {
|
||||||
|
serde_json::from_str(s)
|
||||||
|
.map(SignedJson)
|
||||||
|
.context("could not parse json")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// This is a one to one implementation of request_contrib::Json's FromData, but with HMAC
|
// This is a one to one implementation of request_contrib::Json's FromData, but with HMAC
|
||||||
// validation.
|
// validation.
|
||||||
//
|
//
|
||||||
// Tracking issue for chaining Data guards to avoid this:
|
// Tracking issue for chaining Data guards to avoid this:
|
||||||
// https://github.com/SergioBenitez/Rocket/issues/775
|
// https://github.com/SergioBenitez/Rocket/issues/775
|
||||||
impl<'a, T> FromData<'a> for SignedJson<T>
|
#[rocket::async_trait]
|
||||||
|
impl<'r, T> FromData<'r> for SignedJson<T>
|
||||||
where
|
where
|
||||||
T: Deserialize<'a>,
|
T: Deserialize<'r>,
|
||||||
{
|
{
|
||||||
type Error = anyhow::Error;
|
type Error = anyhow::Error;
|
||||||
type Owned = String;
|
|
||||||
type Borrowed = str;
|
|
||||||
|
|
||||||
fn transform(
|
async fn from_data(request: &'r Request<'_>, data: Data) -> Outcome<Self, Self::Error> {
|
||||||
request: &Request,
|
|
||||||
data: Data,
|
|
||||||
) -> rocket::data::Transform<Outcome<Self::Owned, Self::Error>> {
|
|
||||||
let size_limit = request.limits().get("json").unwrap_or(LIMIT);
|
|
||||||
let mut s = String::with_capacity(512);
|
|
||||||
match data.open().take(size_limit).read_to_string(&mut s) {
|
|
||||||
Ok(_) => Transform::Borrowed(Outcome::Success(s)),
|
|
||||||
Err(e) => Transform::Borrowed(Outcome::Failure((
|
|
||||||
Status::BadRequest,
|
|
||||||
anyhow!("couldn't read json: {}", e),
|
|
||||||
))),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fn from_data(request: &Request, o: Transformed<'a, Self>) -> Outcome<Self, Self::Error> {
|
|
||||||
let json_ct = ContentType::new("application", "json");
|
let json_ct = ContentType::new("application", "json");
|
||||||
if request.content_type() != Some(&json_ct) {
|
if request.content_type() != Some(&json_ct) {
|
||||||
return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
|
return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
|
||||||
|
@ -97,26 +86,31 @@ where
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let size_limit = request.limits().get("json").unwrap_or(LIMIT);
|
||||||
|
let content = match data.open(size_limit).into_string().await {
|
||||||
|
Ok(s) if s.is_complete() => s.into_inner(),
|
||||||
|
Ok(_) => {
|
||||||
|
let eof = io::ErrorKind::UnexpectedEof;
|
||||||
|
return Outcome::Failure((
|
||||||
|
Status::PayloadTooLarge,
|
||||||
|
io::Error::new(eof, "data limit exceeded").into(),
|
||||||
|
));
|
||||||
|
}
|
||||||
|
Err(e) => return Outcome::Failure((Status::BadRequest, e.into())),
|
||||||
|
};
|
||||||
|
|
||||||
let signature = signatures[0];
|
let signature = signatures[0];
|
||||||
|
let secret = request.guard::<State<Secret>>().await.unwrap();
|
||||||
|
|
||||||
let content = o.borrowed()?;
|
if !validate_signature(&secret.0, &signature, &content) {
|
||||||
|
|
||||||
let secret = request.guard::<State<Secret>>().unwrap();
|
|
||||||
|
|
||||||
if !validate_signature(&secret.0, &signature, content) {
|
|
||||||
return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
|
return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
|
||||||
}
|
}
|
||||||
|
|
||||||
let content = match serde_json::from_str(content) {
|
let content = match Self::from_str(local_cache!(request, content)) {
|
||||||
Ok(content) => content,
|
Ok(content) => Outcome::Success(content),
|
||||||
Err(e) => {
|
Err(e) => Outcome::Failure((Status::BadRequest, e)),
|
||||||
return Outcome::Failure((
|
|
||||||
Status::BadRequest,
|
|
||||||
anyhow!("couldn't parse json: {}", e),
|
|
||||||
))
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
Outcome::Success(SignedJson(content))
|
content
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue