kotovalexarian-likes-gitlab/hagrid-keyserver--hagrid
1
0
Fork 0
mirror of https://gitlab.com/hagrid-keyserver/hagrid.git synced 2023-02-13 20:55:02 -05:00
Code Releases Activity

db+web: remove x-accel optimization

Browse source 
This removes a shortcut to serve certificates from nginx by including an
X-Accel-Redirect header in the response.
This commit is contained in:
Vincent Breitmoser 2022-01-04 13:33:03 +01:00
parent 77407e03cc
commit 23880d1386
5 changed files with 7 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
database/src/fs.rs
View file

@ -492,24 +492,6 @@ impl Database for Filesystem {
.and_then(|link_path| Filesystem::path_to_fingerprint(&link_path))
}
/// Gets the path to the underlying file, if any.
fn lookup_path(&self, term: &Query) -> Option<PathBuf> {
use super::Query::*;
let path = match term {
ByFingerprint(ref fp) => self.link_by_fingerprint(fp),
ByKeyID(ref keyid) => self.link_by_keyid(keyid),
ByEmail(ref email) => self.link_by_email(email),
_ => return None
};
if path.exists() {
let x = diff_paths(&path, &self.keys_external_dir).expect("related paths");
Some(x)
} else {
None
}
}
fn link_email(&self, email: &Email, fpr: &Fingerprint) -> Result<()> {
if self.dry_run {
return Ok(());

7
database/src/lib.rs
View file

@ -1,7 +1,6 @@
#![recursion_limit = "1024"]
use std::convert::TryFrom;
use std::path::PathBuf;
use std::str::FromStr;
use openpgp::serialize::SerializeInto;
@ -186,12 +185,6 @@ pub trait Database: Sync + Send {
}
}
/// Gets the path to the underlying file, if any.
fn lookup_path(&self, term: &Query) -> Option<PathBuf> {
let _ = term;
None
}
/// Complex operation that updates a Cert in the database.
///
/// 1. Merge new Cert with old, full Cert

5
src/web/hkp.rs
View file

@ -20,7 +20,7 @@ use crate::tokens;
use crate::web;
use crate::mail;
use crate::web::{HagridState, RequestOrigin, MyResponse, vks_web};
use crate::web::{RequestOrigin, MyResponse, vks_web};
use crate::web::vks::response::UploadResponse;
use crate::web::vks::response::EmailStatus;
@ -198,7 +198,6 @@ fn send_welcome_mail(
#[get("/pks/lookup")]
pub fn pks_lookup(
state: rocket::State<HagridState>,
db: rocket::State<KeyDatabase>,
i18n: I18n,
key: Hkp
@ -222,7 +221,7 @@ pub fn pks_lookup(
if index {
key_to_hkp_index(db, i18n, query)
} else {
web::key_to_response_plain(state, db, i18n, query)
web::key_to_response_plain(db, i18n, query)
}
}

49
src/web/mod.rs
View file

@ -1,11 +1,10 @@
use rocket;
use rocket::http::{Header, Status};
use rocket::http::Status;
use rocket::request;
use rocket::outcome::Outcome;
use rocket::response::{NamedFile, Responder, Response};
use rocket::config::Config;
use rocket_contrib::templates::{Template, Engines};
use rocket::http::uri::Uri;
use rocket_contrib::json::JsonValue;
use rocket::response::status::Custom;
use rocket_i18n::I18n;
@ -73,8 +72,6 @@ pub enum MyResponse {
Xml(HagridTemplate),
#[response(status = 200, content_type = "application/pgp-keys")]
Key(String, ContentDisposition),
#[response(status = 200, content_type = "application/pgp-keys")]
XAccelRedirect(&'static str, Header<'static>, ContentDisposition),
#[response(status = 500, content_type = "html")]
ServerError(Template),
#[response(status = 404, content_type = "html")]
@ -127,23 +124,6 @@ impl MyResponse {
})
}
pub fn x_accel_redirect(x_accel_path: String, fp: &Fingerprint) -> Self {
use rocket::http::hyper::header::{DispositionType, DispositionParam, Charset};
// nginx expects percent-encoded URIs
let x_accel_path = Uri::percent_encode(&x_accel_path).into_owned();
MyResponse::XAccelRedirect(
"",
Header::new("X-Accel-Redirect", x_accel_path),
ContentDisposition {
disposition: DispositionType::Attachment,
parameters: vec![
DispositionParam::Filename(
Charset::Us_Ascii, None,
(fp.to_string() + ".asc").into_bytes()),
],
})
}
pub fn ise(e: anyhow::Error) -> Self {
eprintln!("Internal error: {:?}", e);
let ctx = templates::FiveHundred {
@ -235,16 +215,9 @@ pub struct HagridState {
/// Assets directory, mounted to /assets, served by hagrid or nginx
assets_dir: PathBuf,
/// The keys directory, where keys are located, served by hagrid or nginx
keys_external_dir: PathBuf,
/// XXX
base_uri: String,
base_uri_onion: String,
///
x_accel_redirect: bool,
x_accel_prefix: Option<PathBuf>,
}
#[derive(Debug)]
@ -276,7 +249,6 @@ impl RequestOrigin {
}
pub fn key_to_response_plain(
state: rocket::State<HagridState>,
db: rocket::State<KeyDatabase>,
i18n: I18n,
query: Query,
@ -291,18 +263,6 @@ pub fn key_to_response_plain(
return MyResponse::not_found_plain(describe_query_error(&i18n, &query));
};
if state.x_accel_redirect {
if let Some(key_path) = db.lookup_path(&query) {
let mut x_accel_path = state.keys_external_dir.join(&key_path);
if let Some(prefix) = state.x_accel_prefix.as_ref() {
x_accel_path = x_accel_path.strip_prefix(&prefix).unwrap().to_path_buf();
}
// prepend a / to make path relative to nginx root
let x_accel_path = format!("/{}", x_accel_path.to_string_lossy());
return MyResponse::x_accel_redirect(x_accel_path, &fp);
}
}
return match db.by_fpr(&fp) {
Some(armored) => MyResponse::key(armored, &fp.into()),
None => MyResponse::not_found_plain(describe_query_error(&i18n, &query)),
@ -493,9 +453,6 @@ fn configure_db_service(config: &Config) -> Result<KeyDatabase> {
fn configure_hagrid_state(config: &Config) -> Result<HagridState> {
let assets_dir: PathBuf = config.get_str("assets_dir")?.into();
let keys_external_dir: PathBuf = config.get_str("keys_external_dir")?.into();
let x_accel_prefix: Option<PathBuf> =
config.get_string("x_accel_prefix").map(|prefix| prefix.into()).ok();
// State
let base_uri = config.get_str("base-URI")?.to_string();
@ -504,11 +461,8 @@ fn configure_hagrid_state(config: &Config) -> Result<HagridState> {
.unwrap_or(base_uri.clone());
Ok(HagridState {
assets_dir,
keys_external_dir: keys_external_dir,
base_uri,
base_uri_onion,
x_accel_redirect: config.get_bool("x-accel-redirect")?,
x_accel_prefix,
})
}
@ -636,7 +590,6 @@ pub mod tests {
.extra("token_validity", 3600)
.extra("filemail_into", filemail.into_os_string().into_string()
.expect("path is valid UTF8"))
.extra("x-accel-redirect", false)
.finalize()?;
Ok((root, config))
}

11
src/web/vks_api.rs
View file

@ -13,7 +13,7 @@ use crate::tokens;
use crate::rate_limiter::RateLimiter;
use crate::web;
use crate::web::{HagridState, RequestOrigin, MyResponse};
use crate::web::{RequestOrigin, MyResponse};
use crate::web::vks;
use crate::web::vks::response::*;
@ -141,7 +141,6 @@ pub fn request_verify_fallback(
#[get("/vks/v1/by-fingerprint/<fpr>")]
pub fn vks_v1_by_fingerprint(
state: rocket::State<HagridState>,
db: rocket::State<KeyDatabase>,
i18n: I18n,
fpr: String,
@ -151,12 +150,11 @@ pub fn vks_v1_by_fingerprint(
Err(_) => return MyResponse::bad_request_plain("malformed fingerprint"),
};
web::key_to_response_plain(state, db, i18n, query)
web::key_to_response_plain(db, i18n, query)
}
#[get("/vks/v1/by-email/<email>")]
pub fn vks_v1_by_email(
state: rocket::State<HagridState>,
db: rocket::State<KeyDatabase>,
i18n: I18n,
email: String,
@ -167,12 +165,11 @@ pub fn vks_v1_by_email(
Err(_) => return MyResponse::bad_request_plain("malformed e-mail address"),
};
web::key_to_response_plain(state, db, i18n, query)
web::key_to_response_plain(db, i18n, query)
}
#[get("/vks/v1/by-keyid/<kid>")]
pub fn vks_v1_by_keyid(
state: rocket::State<HagridState>,
db: rocket::State<KeyDatabase>,
i18n: I18n,
kid: String,
@ -182,5 +179,5 @@ pub fn vks_v1_by_keyid(
Err(_) => return MyResponse::bad_request_plain("malformed key id"),
};
web::key_to_response_plain(state, db, i18n, query)
web::key_to_response_plain(db, i18n, query)
}