mirror of
https://github.com/gitbutlerapp/gitbutler.git
synced 2024-12-25 10:33:21 +03:00
add initial authentication types and filesystem stat trait method
This commit is contained in:
parent
35fd485858
commit
87a7de0c29
@ -127,6 +127,34 @@ pub unsafe trait GitExecutor {
|
||||
/// If for some reason these invariants are not possible to uphold,
|
||||
/// please open an issue on the repository to discuss this issue.
|
||||
async unsafe fn create_askpass_server<F>(&self) -> Result<Self::ServerHandle, Self::Error>;
|
||||
|
||||
/// Gets some basic information about a file on the filesystem.
|
||||
///
|
||||
/// This is used to perform some basic security checks
|
||||
/// during askpass authentication.
|
||||
///
|
||||
/// **Do not follow symbolic links.**
|
||||
async fn stat(&self, path: &str) -> Result<FileStat, Self::Error>;
|
||||
}
|
||||
|
||||
/// Stats for a file on the filesystem.
|
||||
///
|
||||
/// This is returned by [`GitExecutor::stat`],
|
||||
/// and is just a small subset of the information
|
||||
/// typically returned by `stat(2)` and the like,
|
||||
/// as we only need a small subset of the information
|
||||
/// to perform some baseline security checks during
|
||||
/// the authentication process.
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct FileStat {
|
||||
/// The device number of the filesystem containing the file.
|
||||
///
|
||||
/// On Windows, this is (probably) always 0.
|
||||
pub dev: u64,
|
||||
/// The inode number of the file.
|
||||
pub ino: u64,
|
||||
/// If the file is a regular file (not a symlink).
|
||||
pub is_regular_file: bool,
|
||||
}
|
||||
|
||||
/// A handle to a server created by [`GitExecutor::create_askpass_server`].
|
||||
|
@ -2,6 +2,8 @@
|
||||
|
||||
use crate::prelude::*;
|
||||
use core::time::Duration;
|
||||
#[cfg(unix)]
|
||||
use std::os::unix::fs::MetadataExt;
|
||||
use std::{fs::Permissions, os::unix::fs::PermissionsExt};
|
||||
use tokio::process::Command;
|
||||
|
||||
@ -48,6 +50,17 @@ unsafe impl super::GitExecutor for TokioExecutor {
|
||||
connection_string: connection_string.to_string_lossy().into(),
|
||||
})
|
||||
}
|
||||
|
||||
#[cfg(unix)]
|
||||
async fn stat(&self, path: &str) -> Result<super::FileStat, Self::Error> {
|
||||
let metadata = tokio::fs::symlink_metadata(path).await?;
|
||||
|
||||
Ok(super::FileStat {
|
||||
dev: metadata.dev(),
|
||||
ino: metadata.ino(),
|
||||
is_regular_file: metadata.is_file(),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(unix)]
|
||||
|
@ -52,5 +52,5 @@ pub use backend::git2;
|
||||
|
||||
pub use self::{
|
||||
refspec::{Error as RefSpecError, RefSpec},
|
||||
repository::{ConfigScope, Repository},
|
||||
repository::{Authorization, ConfigScope, Repository},
|
||||
};
|
||||
|
@ -59,3 +59,37 @@ pub trait Repository {
|
||||
scope: ConfigScope,
|
||||
) -> Result<(), Self::Error>;
|
||||
}
|
||||
|
||||
/// Provides authentication credentials when performing
|
||||
/// an operation that interacts with a remote.
|
||||
#[derive(Default, Debug, Clone, PartialEq, Eq, Hash)]
|
||||
pub enum Authorization {
|
||||
/// Performs no attempt to authorize; uses the system's
|
||||
/// default authorization mechanism, if any.
|
||||
#[default]
|
||||
Auto,
|
||||
/// Performs HTTP(S) Basic authentication with a username
|
||||
/// and password.
|
||||
///
|
||||
/// Note that certain remotes may use this mechanism
|
||||
/// for passing tokens as well; consult the respective
|
||||
/// remote's documentation for what information to supply.
|
||||
Basic {
|
||||
/// The username to use for authentication.
|
||||
username: String,
|
||||
/// The password to use for authentication.
|
||||
password: String,
|
||||
},
|
||||
/// Specifies a set of credentials for logging in with SSH.
|
||||
/// If
|
||||
Ssh {
|
||||
/// The path to the SSH private key to use for authentication.
|
||||
/// If `None`, the default SSH key will be used (i.e. `-i` will not
|
||||
/// be passed to `ssh`).
|
||||
private_key: Option<String>,
|
||||
/// The passphrase to use for the SSH private key.
|
||||
/// If `None`, the key is assumed to be unencrypted.
|
||||
/// A prompt for a passphrase will result in an error.
|
||||
passphrase: Option<String>,
|
||||
},
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user