6c4e705f97
- create the caches interface and matching cachesImpl
- move the cache logic out of handler
- openDB
- readCache
- useCache
- gcCache
- access to the storage struct
- serve
- commit
- exist
- write
- add getCaches / setCaches to the handler interface so it can be
used by tests. The caches test should be implemented independently
in the future but this is a different kind of cleanup.
- no functional change, minimal refactor
51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
// Copyright 2024 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package artifactcache
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"errors"
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
var ErrValidation = errors.New("validation error")
|
|
|
|
func (c *cachesImpl) validateMac(rundata RunData) (string, error) {
|
|
// TODO: allow configurable max age
|
|
if !validateAge(rundata.Timestamp) {
|
|
return "", ErrValidation
|
|
}
|
|
|
|
expectedMAC := ComputeMac(c.secret, rundata.RepositoryFullName, rundata.RunNumber, rundata.Timestamp, rundata.WriteIsolationKey)
|
|
if hmac.Equal([]byte(expectedMAC), []byte(rundata.RepositoryMAC)) {
|
|
return rundata.RepositoryFullName, nil
|
|
}
|
|
return "", ErrValidation
|
|
}
|
|
|
|
func validateAge(ts string) bool {
|
|
tsInt, err := strconv.ParseInt(ts, 10, 64)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
if tsInt > time.Now().Unix() {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func ComputeMac(secret, repo, run, ts, writeIsolationKey string) string {
|
|
mac := hmac.New(sha256.New, []byte(secret))
|
|
mac.Write([]byte(repo))
|
|
mac.Write([]byte(">"))
|
|
mac.Write([]byte(run))
|
|
mac.Write([]byte(">"))
|
|
mac.Write([]byte(ts))
|
|
mac.Write([]byte(">"))
|
|
mac.Write([]byte(writeIsolationKey))
|
|
return hex.EncodeToString(mac.Sum(nil))
|
|
}
|