Compare commits

..

No commits in common. "041760f9e9fcd4345d3623f2ef6335afe2bf7ae9" and "3e4260f6e16060d0aebe87ad1a95290b536f0879" have entirely different histories.

5 changed files with 43 additions and 123 deletions

107
src/cache/disk.rs vendored
View file

@ -13,7 +13,6 @@ use futures::StreamExt;
use log::LevelFilter;
use md5::digest::generic_array::GenericArray;
use md5::{Digest, Md5};
use sodiumoxide::hex;
use sqlx::sqlite::SqliteConnectOptions;
use sqlx::{ConnectOptions, Sqlite, SqlitePool, Transaction};
use tokio::fs::{remove_file, rename, File};
@ -186,34 +185,12 @@ async fn db_listener(
for item in items {
debug!("deleting file due to exceeding cache size");
size_freed += item.size as u64;
tokio::spawn(remove_file_handler(item.id));
}
cache.disk_cur_size.fetch_sub(size_freed, Ordering::Release);
}
}
}
/// Returns if a file was successfully deleted.
async fn remove_file_handler(key: String) -> bool {
let error = if let Err(e) = remove_file(&key).await {
e
} else {
return true;
};
if error.kind() != std::io::ErrorKind::NotFound {
warn!("Failed to delete file `{}` from cache: {}", &key, error);
return false;
}
if let Ok(bytes) = hex::decode(&key) {
if bytes.len() != 16 {
warn!("Failed to delete file `{}`; invalid hash size.", &key);
return false;
}
let hash = Md5Hash(*GenericArray::from_slice(&bytes));
tokio::spawn(async move {
let key = item.id;
if let Err(e) = remove_file(key.clone()).await {
match e.kind() {
std::io::ErrorKind::NotFound => {
let hash = Md5Hash(*GenericArray::from_slice(key.as_bytes()));
let path: PathBuf = hash.into();
if let Err(e) = remove_file(&path).await {
warn!(
@ -221,13 +198,18 @@ async fn remove_file_handler(key: String) -> bool {
path.to_string_lossy(),
e
);
false
} else {
true
}
} else {
warn!("Failed to delete file `{}`; not a md5hash.", &key);
false
}
_ => {
warn!("Failed to delete file `{}` from cache: {}", &key, e);
}
}
}
});
}
cache.disk_cur_size.fetch_sub(size_freed, Ordering::Release);
}
}
}
@ -402,61 +384,6 @@ impl CallbackCache for DiskCache {
}
}
#[cfg(test)]
mod remove_file_handler {
use std::error::Error;
use tempfile::tempdir;
use tokio::fs::{create_dir_all, remove_dir_all};
use super::*;
#[tokio::test]
async fn should_not_panic_on_invalid_path() {
assert!(!remove_file_handler("/this/is/a/non-existent/path/".to_string()).await);
}
#[tokio::test]
async fn should_not_panic_on_invalid_hash() {
assert!(!remove_file_handler("68b329da9893e34099c7d8ad5cb9c940".to_string()).await);
}
#[tokio::test]
async fn should_not_panic_on_malicious_hashes() {
assert!(!remove_file_handler("68b329da9893e34".to_string()).await);
assert!(
!remove_file_handler("68b329da9893e34099c7d8ad5cb9c940aaaaaaaaaaaaaaaaaa".to_string())
.await
);
}
#[tokio::test]
async fn should_delete_existing_file() -> Result<(), Box<dyn Error>> {
let temp_dir = tempdir()?;
let mut dir_path = temp_dir.path().to_path_buf();
dir_path.push("abc123.png");
// create a file, it can be empty
File::create(&dir_path).await?;
assert!(remove_file_handler(dir_path.to_string_lossy().into_owned()).await);
Ok(())
}
#[tokio::test]
async fn should_delete_existing_hash() -> Result<(), Box<dyn Error>> {
create_dir_all("b/8/6").await?;
File::create("b/8/6/68b329da9893e34099c7d8ad5cb9c900").await?;
assert!(remove_file_handler("68b329da9893e34099c7d8ad5cb9c900".to_string()).await);
remove_dir_all("b").await?;
Ok(())
}
}
#[cfg(test)]
mod disk_cache {
use std::error::Error;

4
src/cache/fs.rs vendored
View file

@ -48,8 +48,8 @@ use super::{CacheKey, CacheStream, ImageMetadata, ENCRYPTION_KEY};
pub(super) async fn read_file(
file: File,
) -> Option<Result<(CacheStream, Option<XNonce>, ImageMetadata), std::io::Error>> {
let mut file_0 = file.try_clone().await.ok()?;
let file_1 = file.try_clone().await.ok()?;
let mut file_0 = file.try_clone().await.unwrap();
let file_1 = file.try_clone().await.unwrap();
// Try reading decrypted header first...
let mut deserializer = serde_json::Deserializer::from_reader(file.into_std().await);

View file

@ -73,11 +73,11 @@ pub fn load_config() -> Result<Config, ConfigError> {
Ordering::Release,
);
if let Some(socket) = config.proxy.clone() {
config.proxy.clone().map(|socket| {
USE_PROXY
.set(socket)
.expect("USE_PROXY to be set only by this function");
}
});
DISABLE_CERT_VALIDATION.store(
config

View file

@ -104,20 +104,20 @@ pub async fn load_geo_ip_data(license_key: ClientSecret) -> Result<(), DbLoadErr
// Check date of db
let db_date_created = metadata(DB_PATH)
.ok()
.and_then(|metadata| {
if let Ok(time) = metadata.created() {
Some(time)
} else {
.and_then(|metadata| match metadata.created() {
Ok(time) => Some(time),
Err(_) => {
debug("fs didn't report birth time, fall back to last modified instead");
metadata.modified().ok()
}
})
.unwrap_or(SystemTime::UNIX_EPOCH);
let duration = if let Ok(time) = SystemTime::now().duration_since(db_date_created) {
Duration::from_std(time).expect("duration to fit")
} else {
let duration = match SystemTime::now().duration_since(db_date_created) {
Ok(time) => Duration::from_std(time).expect("duration to fit"),
Err(_) => {
warn!("Clock may have gone backwards?");
Duration::max_value()
}
};
// DB expired, fetch a new one
@ -172,12 +172,14 @@ async fn fetch_db(license_key: ClientSecret) -> Result<(), DbLoadError> {
}
pub fn record_country_visit(country: Option<Country>) {
let iso_code = country.map_or("unknown", |country| {
let iso_code = if let Some(country) = country {
country
.country
.and_then(|c| c.iso_code)
.unwrap_or("unknown")
});
} else {
"unknown"
};
COUNTRY_VISIT_COUNTER
.get_metric_with_label_values(&[iso_code])

View file

@ -146,10 +146,9 @@ impl ServerState {
pub fn init_offline() -> Self {
assert!(OFFLINE_MODE.load(Ordering::Acquire));
Self {
precomputed_key: PrecomputedKey::from_slice(&[41; PRECOMPUTEDKEYBYTES])
.expect("expect offline config to work"),
image_server: Url::from_file_path("/dev/null").expect("expect offline config to work"),
url: Url::from_str("http://localhost").expect("expect offline config to work"),
precomputed_key: PrecomputedKey::from_slice(&[41; PRECOMPUTEDKEYBYTES]).unwrap(),
image_server: Url::from_file_path("/dev/null").unwrap(),
url: Url::from_str("http://localhost").unwrap(),
url_overridden: false,
}
}
@ -164,16 +163,8 @@ impl ResolvesServerCert for DynamicServerCert {
// TODO: wait for actix-web to use a new version of rustls so we can
// remove cloning the certs all the time
Some(CertifiedKey {
cert: TLS_CERTS
.get()
.expect("tls cert to exist")
.load()
.as_ref()
.clone(),
key: TLS_SIGNING_KEY
.get()
.expect("tls signing key to exist")
.load_full(),
cert: TLS_CERTS.get().unwrap().load().as_ref().clone(),
key: TLS_SIGNING_KEY.get().unwrap().load_full(),
ocsp: None,
sct_list: None,
})