jmarya/mirrord
jmarya/mirrord
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity

limit path scope

Browse source
This commit is contained in:
JMARyA 2024-04-16 16:26:18 +02:00
parent 2cc0bfbb09
commit ef14646507
Signed by: jmarya
GPG key ID: 901B2ADDF27C2263
4 changed files with 30 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -12,6 +12,7 @@ mirrors = [
cache_dir = "./data" cache_dir = "./data"
no_cache = '.*(?:db|db\.sig)$' no_cache = '.*(?:db|db\.sig)$'
only_allow = '^\/archlinux'
``` ```
Add this to your mirrorlist: Add this to your mirrorlist:

3
sample.conf
View file

@ -15,3 +15,6 @@ ttl = "180"
# Regex for paths which will never be served from cache # Regex for paths which will never be served from cache
no_cache = '.*(?:db|db\.sig)$' no_cache = '.*(?:db|db\.sig)$'
# Redirect only paths matching this regex to the mirrors, return 404 otherwise
only_allow = '^\/archlinux'

10
src/config.rs
View file

@ -2,21 +2,17 @@ use serde::Deserialize;
use crate::proxy::Mirror; use crate::proxy::Mirror;
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize, Clone)]
pub struct Config { pub struct Config {
pub mirrors: Vec<String>, pub mirrors: Vec<String>,
pub cache_dir: String, pub cache_dir: String,
pub no_cache: String, pub no_cache: String,
pub ttl: usize, pub ttl: usize,
pub only_allow: Option<String>,
} }
impl Config { impl Config {
pub fn to_proxy(&self) -> Mirror { pub fn to_proxy(&self) -> Mirror {
Mirror::new( Mirror::new(self)
self.mirrors.clone(),
&self.cache_dir,
&self.no_cache,
self.ttl,
)
} }
} }

29
src/proxy.rs
View file

@ -5,20 +5,28 @@ use std::{
sync::Arc, sync::Arc,
}; };
use crate::config::Config;
pub struct Mirror { pub struct Mirror {
mirrors: Vec<Arc<String>>, mirrors: Vec<Arc<String>>,
data_dir: String, data_dir: String,
ttl: usize,
no_cache: regex::Regex, no_cache: regex::Regex,
only_allow: Option<regex::Regex>,
config: Config,
} }
impl Mirror { impl Mirror {
pub fn new(mirrors: Vec<String>, data_dir: &str, no_cache: &str, ttl: usize) -> Self { pub fn new(config: &Config) -> Self {
let mirrors = config.mirrors.clone();
Self { Self {
mirrors: mirrors.into_iter().map(Arc::new).collect(), mirrors: mirrors.into_iter().map(Arc::new).collect(),
data_dir: data_dir.to_string(), data_dir: config.cache_dir.clone(),
no_cache: regex::Regex::new(no_cache).unwrap(), no_cache: regex::Regex::new(&config.no_cache).unwrap(),
ttl, only_allow: config
.only_allow
.clone()
.map(|x| regex::Regex::new(&x).unwrap()),
config: config.clone(),
} }
} }
@ -57,13 +65,13 @@ impl Mirror {
let current_time = std::time::SystemTime::now(); let current_time = std::time::SystemTime::now();
let elapsed_time = current_time.duration_since(modified).ok()?; let elapsed_time = current_time.duration_since(modified).ok()?;
let threshold_duration = let threshold_duration =
std::time::Duration::from_secs((self.ttl * 60).try_into().unwrap()); std::time::Duration::from_secs((self.config.ttl * 60).try_into().unwrap());
if elapsed_time > threshold_duration { if elapsed_time > threshold_duration {
log::info!( log::info!(
"Cached file is {} minutes old. Older than TTL {}.", "Cached file is {} minutes old. Older than TTL {}.",
(elapsed_time.as_secs() / 60), (elapsed_time.as_secs() / 60),
self.ttl self.config.ttl
); );
Some(true) Some(true)
} else { } else {
@ -93,6 +101,13 @@ impl Mirror {
let p = std::path::Path::new(&path[1..]); let p = std::path::Path::new(&path[1..]);
let p = std::path::Path::new(&self.data_dir).join(p); let p = std::path::Path::new(&self.data_dir).join(p);
// check if path is in scope
if let Some(only_allow) = &self.only_allow {
if !only_allow.is_match(path) {
return Some(HttpResponse::NotFound().finish());
}
}
// check if cache should be used // check if cache should be used
if !self.no_cache.is_match(path) || !self.is_cache_invalid(&p) { if !self.no_cache.is_match(path) || !self.is_cache_invalid(&p) {
Self::create_cache_dir(p.parent().unwrap()); Self::create_cache_dir(p.parent().unwrap());