forked from rosa/hakurei
cat
38450db74a
This is more versatile than hardcoding the os.Root implementation. Signed-off-by: Ophestra <cat@gensokyo.uk>
368 lines
9.0 KiB
Go
368 lines
9.0 KiB
Go
package rosa
|
|
|
|
import (
|
|
"compress/gzip"
|
|
"context"
|
|
"crypto/ed25519"
|
|
"crypto/sha512"
|
|
"errors"
|
|
"io"
|
|
"io/fs"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
"unique"
|
|
|
|
"hakurei.app/internal/pkg"
|
|
"hakurei.app/message"
|
|
)
|
|
|
|
// Remote is an authenticated cache mirror.
|
|
type Remote struct {
|
|
// Mirror URL.
|
|
url *url.URL
|
|
// Trusted public key.
|
|
pub ed25519.PublicKey
|
|
// For requests to the mirror.
|
|
c *http.Client
|
|
}
|
|
|
|
// NewRemote returns a populated [Remote]
|
|
func NewRemote(base string, pub ed25519.PublicKey, c *http.Client) (Remote, error) {
|
|
u, err := url.Parse(base)
|
|
return Remote{u, pub, c}, err
|
|
}
|
|
|
|
// get makes a [http.MethodGet] request and returns the response, or nil if
|
|
// the response StatusCode is [http.StatusNotFound].
|
|
func (r Remote) get(ctx context.Context, elem ...string) (*http.Response, error) {
|
|
if r.url == nil || len(r.pub) != ed25519.PublicKeySize || r.c == nil {
|
|
return nil, os.ErrInvalid
|
|
}
|
|
|
|
req, err := http.NewRequestWithContext(
|
|
ctx,
|
|
http.MethodGet,
|
|
r.url.JoinPath(elem...).String(),
|
|
nil,
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
req.Header.Set("User-Agent", "Rosa/1.1")
|
|
|
|
var resp *http.Response
|
|
if resp, err = r.c.Do(req); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
switch resp.StatusCode {
|
|
case http.StatusOK:
|
|
return resp, nil
|
|
|
|
case http.StatusNotFound:
|
|
return nil, resp.Body.Close()
|
|
|
|
default:
|
|
_ = resp.Body.Close()
|
|
return nil, pkg.ResponseStatusError(resp.StatusCode)
|
|
}
|
|
}
|
|
|
|
const (
|
|
// dirArtifact holds signed artifact outcome checksums.
|
|
dirArtifact = "artifact"
|
|
// dirOutcome holds outcome archives by their checksum.
|
|
dirOutcome = "outcome"
|
|
// dirStatus holds signed status files.
|
|
dirStatus = "status"
|
|
)
|
|
|
|
// An OutcomeBadSizeError describes a mirror outcome with unexpected size.
|
|
type OutcomeBadSizeError struct {
|
|
Ident unique.Handle[pkg.ID]
|
|
Size int64
|
|
}
|
|
|
|
func (e OutcomeBadSizeError) Error() string {
|
|
if e.Size < 0 {
|
|
return "remote did not return outcome size for " +
|
|
pkg.Encode(e.Ident.Value())
|
|
}
|
|
return "outcome size " + strconv.FormatInt(e.Size, 10) +
|
|
" invalid for " + pkg.Encode(e.Ident.Value())
|
|
}
|
|
|
|
// An OutcomeAuthError describes a mirror outcome with invalid signature.
|
|
type OutcomeAuthError unique.Handle[pkg.ID]
|
|
|
|
func (e OutcomeAuthError) Error() string {
|
|
return "invalid outcome signature for " +
|
|
pkg.Encode(unique.Handle[pkg.ID](e).Value())
|
|
}
|
|
|
|
// Artifact fetches and authenticates an outcome.
|
|
func (r Remote) Artifact(
|
|
ctx context.Context,
|
|
id unique.Handle[pkg.ID],
|
|
) (*pkg.Checksum, error) {
|
|
if len(r.pub) != ed25519.PublicKeySize || r.c == nil {
|
|
return nil, os.ErrInvalid
|
|
}
|
|
|
|
resp, err := r.get(ctx, dirArtifact, pkg.Encode(id.Value()))
|
|
if err != nil || resp == nil {
|
|
return nil, err
|
|
}
|
|
|
|
var buf [ed25519.SignatureSize + 2*len(pkg.Checksum{})]byte
|
|
if resp.ContentLength != int64(len(buf)) {
|
|
_ = resp.Body.Close()
|
|
return nil, OutcomeBadSizeError{id, resp.ContentLength}
|
|
}
|
|
if _, err = io.ReadFull(resp.Body, buf[:]); err != nil {
|
|
return nil, errors.Join(err, resp.Body.Close())
|
|
} else if err = resp.Body.Close(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if !ed25519.Verify(
|
|
r.pub,
|
|
buf[ed25519.SignatureSize:],
|
|
buf[:ed25519.SignatureSize],
|
|
) {
|
|
return nil, OutcomeAuthError(id)
|
|
} else if unique.Make((pkg.ID)(buf[ed25519.SignatureSize:])) != id {
|
|
return nil, OutcomeAuthError(id)
|
|
}
|
|
return (*pkg.Checksum)(buf[ed25519.SignatureSize+len(pkg.Checksum{}):]), nil
|
|
}
|
|
|
|
// Checksum returns an artifact satisfying checksum.
|
|
func (r Remote) Checksum(checksum unique.Handle[pkg.Checksum]) pkg.Artifact {
|
|
return pkg.NewArchive(pkg.NewHTTPGet(
|
|
r.c,
|
|
r.url.JoinPath(dirOutcome, pkg.Encode(checksum.Value())).String(),
|
|
checksum.Value(),
|
|
))
|
|
}
|
|
|
|
// A StatusBadSizeError describes a mirror status with unexpected size.
|
|
type StatusBadSizeError unique.Handle[pkg.ID]
|
|
|
|
func (e StatusBadSizeError) Error() string {
|
|
return "status payload too short for " +
|
|
pkg.Encode(unique.Handle[pkg.ID](e).Value())
|
|
}
|
|
|
|
// A StatusAuthError describes a mirror status with invalid signature.
|
|
type StatusAuthError unique.Handle[pkg.ID]
|
|
|
|
func (e StatusAuthError) Error() string {
|
|
return "invalid status signature for " +
|
|
pkg.Encode(unique.Handle[pkg.ID](e).Value())
|
|
}
|
|
|
|
// Status authenticates the checksum of a status file and returns its
|
|
// corresponding measured reader.
|
|
func (r Remote) Status(
|
|
ctx *pkg.RContext,
|
|
id unique.Handle[pkg.ID],
|
|
) (io.ReadCloser, error) {
|
|
resp, err := r.get(ctx.Unwrap(), dirStatus, pkg.Encode(id.Value()))
|
|
if err != nil || resp == nil {
|
|
return nil, err
|
|
}
|
|
|
|
var buf [ed25519.SignatureSize + 2*len(pkg.Checksum{})]byte
|
|
if _, err = io.ReadFull(resp.Body, buf[:]); err != nil {
|
|
if errors.Is(err, io.ErrUnexpectedEOF) {
|
|
err = StatusBadSizeError(id)
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
if !ed25519.Verify(
|
|
r.pub,
|
|
buf[ed25519.SignatureSize:],
|
|
buf[:ed25519.SignatureSize],
|
|
) {
|
|
_ = resp.Body.Close()
|
|
return nil, StatusAuthError(id)
|
|
} else if unique.Make((pkg.ID)(buf[ed25519.SignatureSize:])) != id {
|
|
return nil, StatusAuthError(id)
|
|
}
|
|
return ctx.NewMeasuredReader(
|
|
resp.Body,
|
|
unique.Make((pkg.Checksum)(buf[ed25519.SignatureSize+len(pkg.Checksum{}):])),
|
|
), nil
|
|
}
|
|
|
|
// NewMirror returns an [http.Handler] for servicing mirror requests.
|
|
func NewMirror(
|
|
msg message.Msg,
|
|
fsys fs.FS,
|
|
key ed25519.PrivateKey,
|
|
) http.Handler {
|
|
const identName = "ident"
|
|
var mux http.ServeMux
|
|
|
|
mux.HandleFunc("/"+dirArtifact+"/{"+identName+"}", func(
|
|
w http.ResponseWriter,
|
|
req *http.Request,
|
|
) {
|
|
var buf [2 * len(pkg.Checksum{})]byte
|
|
if err := pkg.Decode(
|
|
(*pkg.Checksum)(buf[:len(pkg.Checksum{})]),
|
|
req.PathValue(identName),
|
|
); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
ids := pkg.Encode((pkg.Checksum)(buf[:len(pkg.Checksum{})]))
|
|
if linkname, err := fs.ReadLink(fsys, filepath.Join(
|
|
"identifier",
|
|
ids,
|
|
)); err != nil {
|
|
if errors.Is(err, os.ErrNotExist) {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
return
|
|
}
|
|
msg.GetLogger().Println(err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
} else if err = pkg.Decode(
|
|
(*pkg.Checksum)(buf[len(pkg.Checksum{}):]),
|
|
filepath.Base(linkname),
|
|
); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
msg.Verbosef("serving artifact %s", ids)
|
|
|
|
w.Header().Set(
|
|
"Content-Length",
|
|
strconv.Itoa(ed25519.SignatureSize+len(buf)),
|
|
)
|
|
if _, err := w.Write(append(
|
|
ed25519.Sign(key, buf[:]),
|
|
buf[:]...,
|
|
)); err != nil {
|
|
msg.Verbose(err)
|
|
}
|
|
})
|
|
|
|
mux.HandleFunc("/"+dirOutcome+"/{"+identName+"}", func(
|
|
w http.ResponseWriter,
|
|
req *http.Request,
|
|
) {
|
|
if !strings.Contains(req.Header.Get("Accept-Encoding"), "gzip") {
|
|
w.WriteHeader(http.StatusNotAcceptable)
|
|
return
|
|
}
|
|
|
|
var buf pkg.Checksum
|
|
if err := pkg.Decode(
|
|
&buf,
|
|
req.PathValue(identName),
|
|
); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
checksums := pkg.Encode(buf)
|
|
rel := filepath.Join("checksum", checksums)
|
|
if _, err := fs.Lstat(fsys, rel); err != nil {
|
|
if errors.Is(err, os.ErrNotExist) {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
return
|
|
}
|
|
msg.GetLogger().Println(err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
msg.Verbosef("serving outcome %s", pkg.Encode(buf))
|
|
|
|
_fsys, err := fs.Sub(fsys, rel)
|
|
if err != nil {
|
|
msg.GetLogger().Println(err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
var gw *gzip.Writer
|
|
if gw, err = gzip.NewWriterLevel(w, gzip.BestCompression); err != nil {
|
|
msg.GetLogger().Println(err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Encoding", "gzip")
|
|
if err = pkg.Write(_fsys, ".", gw); err != nil {
|
|
msg.Verbose(err)
|
|
}
|
|
if err = gw.Close(); err != nil {
|
|
msg.GetLogger().Println(err)
|
|
}
|
|
})
|
|
|
|
mux.HandleFunc("/"+dirStatus+"/{"+identName+"}", func(
|
|
w http.ResponseWriter,
|
|
req *http.Request,
|
|
) {
|
|
var buf [2 * len(pkg.Checksum{})]byte
|
|
if err := pkg.Decode(
|
|
(*pkg.Checksum)(buf[:len(pkg.Checksum{})]),
|
|
req.PathValue(identName),
|
|
); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
ids := pkg.Encode((pkg.Checksum)(buf[:len(pkg.Checksum{})]))
|
|
f, err := fsys.Open(filepath.Join(
|
|
"status",
|
|
ids,
|
|
))
|
|
if err != nil {
|
|
if errors.Is(err, os.ErrNotExist) {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
return
|
|
}
|
|
msg.GetLogger().Println(err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
s, ok := f.(io.Seeker)
|
|
if !ok {
|
|
msg.GetLogger().Println("backing filesystem does not support seek")
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
msg.Verbosef("serving status %s", ids)
|
|
|
|
h := sha512.New384()
|
|
if _, err = io.Copy(h, f); err != nil {
|
|
_ = f.Close()
|
|
msg.Verbose(err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
h.Sum(buf[len(pkg.Checksum{}):len(pkg.Checksum{})])
|
|
if _, err = w.Write(append(ed25519.Sign(key, buf[:]), buf[:]...)); err != nil {
|
|
msg.Verbose(err)
|
|
return
|
|
} else if _, err = s.Seek(0, io.SeekStart); err != nil {
|
|
msg.GetLogger().Println(err)
|
|
return
|
|
} else if _, err = io.Copy(w, f); err != nil {
|
|
msg.Verbose(err)
|
|
return
|
|
}
|
|
})
|
|
|
|
return &mux
|
|
}
|