From bb91b265d83dcce83b24285aa729d76c7f9af9b8 Mon Sep 17 00:00:00 2001 From: Vladislav Ivanov Date: Sat, 22 Feb 2025 22:23:54 +0100 Subject: [PATCH] Don't output whole timers map; hash headers in rust --- Cargo.lock | 2 ++ Cargo.toml | 1 + josh-core/Cargo.toml | 2 +- josh-proxy/Cargo.toml | 2 ++ josh-proxy/src/auth.rs | 33 ++++++++++++++++++++------------- 5 files changed, 26 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f10d0c92..8179e91e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1851,6 +1851,7 @@ dependencies = [ "futures", "git2", "gix", + "hex", "hyper 0.14.31", "hyper-reverse-proxy", "hyper-staticfile", @@ -1874,6 +1875,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", + "sha2", "tempfile", "tokio", "tokio-util", diff --git a/Cargo.toml b/Cargo.toml index 7141fd30..bf63c210 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,6 +34,7 @@ serde_yaml = "0.9.34" toml = "0.8.19" tracing-subscriber = { version = "0.3.19", features = ["env-filter"] } tempfile = "3.14.0" +hex = "0.4.3" [workspace.dependencies.git2] default-features = false diff --git a/josh-core/Cargo.toml b/josh-core/Cargo.toml index 133a9f80..64eaa59c 100644 --- a/josh-core/Cargo.toml +++ b/josh-core/Cargo.toml @@ -17,7 +17,7 @@ git-version = "0.3.9" git2 = { workspace = true } gix-object = "0.46.0" glob = "0.3.1" -hex = "0.4.3" +hex = { workspace = true } indoc = "2.0.5" itertools = "0.13.0" lazy_static = { workspace = true } diff --git a/josh-proxy/Cargo.toml b/josh-proxy/Cargo.toml index 9b371b92..4debad12 100644 --- a/josh-proxy/Cargo.toml +++ b/josh-proxy/Cargo.toml @@ -10,6 +10,8 @@ repository = "https://github.com/josh-project/josh" version = "22.4.15" [dependencies] +sha2 = "0.10.8" +hex = { workspace = true } base64 = { workspace = true } clap = { workspace = true } futures = { workspace = true } diff --git a/josh-proxy/src/auth.rs b/josh-proxy/src/auth.rs index 137a547e..5a4ec9dc 100644 --- a/josh-proxy/src/auth.rs +++ b/josh-proxy/src/auth.rs @@ -98,16 +98,25 @@ impl Handle { } } +fn hash_header(header: &hyper::http::HeaderValue) -> String { + use sha2::{Digest, Sha256}; + + let mut hasher = Sha256::new(); + hasher.update(header.as_bytes()); + let result = hasher.finalize(); + hex::encode(result) +} + pub fn add_auth(token: &str) -> josh::JoshResult { let header = hyper::header::HeaderValue::from_str(&format!("Basic {}", BASE64.encode(token)))?; - let hp = Handle { - hash: Some(git2::Oid::hash_object(git2::ObjectType::Blob, header.as_bytes())?.to_string()), + let handle = Handle { + hash: Some(hash_header(&header)), }; - let p = Header { + let header_wrapper = Header { header: Some(header), }; - AUTH.lock()?.insert(hp.clone(), p); - Ok(hp) + AUTH.lock()?.insert(handle.clone(), header_wrapper); + Ok(handle) } #[tracing::instrument()] @@ -180,7 +189,7 @@ pub async fn check_http_auth(url: &str, auth: &Handle, required: bool) -> josh:: } tracing::info!( - auth_timers = ?auth_timers, + auth_timers_count = auth_timers.len(), "check_http_auth: no valid cached auth" ); @@ -237,16 +246,14 @@ pub fn strip_auth( req.headers_mut().remove(hyper::header::AUTHORIZATION); if let Some(header) = header { - let hp = Handle { - hash: Some( - git2::Oid::hash_object(git2::ObjectType::Blob, header.as_bytes())?.to_string(), - ), + let handle = Handle { + hash: Some(hash_header(&header)), }; - let p = Header { + let header_wrapper = Header { header: Some(header), }; - AUTH.lock()?.insert(hp.clone(), p); - return Ok((hp, req)); + AUTH.lock()?.insert(handle.clone(), header_wrapper); + return Ok((handle, req)); } Ok((Handle { hash: None }, req))