server: Allow disabling proof of possession
This commit is contained in:
Zhaofeng Li
parent
69366cbe97
commit
a7578d1896
|
|
@ -114,7 +114,7 @@ pub(crate) async fn upload_path(
|
||||||
match existing_nar {
|
match existing_nar {
|
||||||
Some(existing_nar) => {
|
Some(existing_nar) => {
|
||||||
// Deduplicate
|
// Deduplicate
|
||||||
upload_path_dedup(username, cache, upload_info, stream, existing_nar, database).await
|
upload_path_dedup(username, cache, upload_info, stream, database, &state, existing_nar).await
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
// New NAR
|
// New NAR
|
||||||
|
|
@ -129,9 +129,11 @@ async fn upload_path_dedup(
|
||||||
cache: cache::Model,
|
cache: cache::Model,
|
||||||
upload_info: UploadPathNarInfo,
|
upload_info: UploadPathNarInfo,
|
||||||
stream: impl AsyncRead + Unpin,
|
stream: impl AsyncRead + Unpin,
|
||||||
existing_nar: NarGuard,
|
|
||||||
database: &DatabaseConnection,
|
database: &DatabaseConnection,
|
||||||
|
state: &State,
|
||||||
|
existing_nar: NarGuard,
|
||||||
) -> ServerResult<String> {
|
) -> ServerResult<String> {
|
||||||
|
if state.config.require_proof_of_possession {
|
||||||
let (mut stream, nar_compute) = StreamHasher::new(stream, Sha256::new());
|
let (mut stream, nar_compute) = StreamHasher::new(stream, Sha256::new());
|
||||||
tokio::io::copy(&mut stream, &mut tokio::io::sink())
|
tokio::io::copy(&mut stream, &mut tokio::io::sink())
|
||||||
.await
|
.await
|
||||||
|
|
@ -148,6 +150,7 @@ async fn upload_path_dedup(
|
||||||
{
|
{
|
||||||
return Err(ErrorKind::RequestError(anyhow!("Bad NAR Hash or Size")).into());
|
return Err(ErrorKind::RequestError(anyhow!("Bad NAR Hash or Size")).into());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Finally...
|
// Finally...
|
||||||
let txn = database
|
let txn = database
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,13 @@ allowed-hosts = []
|
||||||
# are there.
|
# are there.
|
||||||
#soft-delete-caches = false
|
#soft-delete-caches = false
|
||||||
|
|
||||||
|
# Whether to require fully uploading a NAR if it exists in the global cache.
|
||||||
|
#
|
||||||
|
# If set to false, simply knowing the NAR hash is enough for
|
||||||
|
# an uploader to gain access to an existing NAR in the global
|
||||||
|
# cache.
|
||||||
|
#require-proof-of-possession = true
|
||||||
|
|
||||||
# JWT signing token
|
# JWT signing token
|
||||||
#
|
#
|
||||||
# Set this to the Base64 encoding of some random data.
|
# Set this to the Base64 encoding of some random data.
|
||||||
|
|
|
||||||
|
|
@ -64,6 +64,15 @@ pub struct Config {
|
||||||
#[serde(default = "default_soft_delete_caches")]
|
#[serde(default = "default_soft_delete_caches")]
|
||||||
pub soft_delete_caches: bool,
|
pub soft_delete_caches: bool,
|
||||||
|
|
||||||
|
/// Whether to require fully uploading a NAR if it exists in the global cache.
|
||||||
|
///
|
||||||
|
/// If set to false, simply knowing the NAR hash is enough for
|
||||||
|
/// an uploader to gain access to an existing NAR in the global
|
||||||
|
/// cache.
|
||||||
|
#[serde(rename = "require-proof-of-possession")]
|
||||||
|
#[serde(default = "default_require_proof_of_possession")]
|
||||||
|
pub require_proof_of_possession: bool,
|
||||||
|
|
||||||
/// Database connection.
|
/// Database connection.
|
||||||
pub database: DatabaseConfig,
|
pub database: DatabaseConfig,
|
||||||
|
|
||||||
|
|
@ -238,6 +247,10 @@ fn default_soft_delete_caches() -> bool {
|
||||||
false
|
false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn default_require_proof_of_possession() -> bool {
|
||||||
|
true
|
||||||
|
}
|
||||||
|
|
||||||
fn default_gc_interval() -> Duration {
|
fn default_gc_interval() -> Duration {
|
||||||
Duration::from_secs(43200)
|
Duration::from_secs(43200)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue