mirror of
https://code.forgejo.org/forgejo/runner.git
synced 2025-10-05 19:30:59 +00:00
69c6c70845
- the Handler struct becomes handler (lowercase) - the Handler interface is defined to be the existing methods - isClosed() is added and used only in tests - setgcAt() is added and used only in tests --- This is to allow mocking the Handler interface for testing. <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/934): <!--number 934 --><!--line 0 --><!--description Y2hvcmU6IHJlZmFjdG9yIGFjdC9hcnRpZmFjdGNhY2hlIEhhbmRsZXIgdG8gYW4gaW50ZXJmYWNl-->chore: refactor act/artifactcache Handler to an interface<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/934 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org> Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org>
53 lines
1.3 KiB
Go
53 lines
1.3 KiB
Go
// Copyright 2024 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package artifactcache
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"errors"
|
|
"strconv"
|
|
"time"
|
|
|
|
"code.forgejo.org/forgejo/runner/v9/act/cacheproxy"
|
|
)
|
|
|
|
var ErrValidation = errors.New("validation error")
|
|
|
|
func (h *handler) validateMac(rundata cacheproxy.RunData) (string, error) {
|
|
// TODO: allow configurable max age
|
|
if !validateAge(rundata.Timestamp) {
|
|
return "", ErrValidation
|
|
}
|
|
|
|
expectedMAC := computeMac(h.secret, rundata.RepositoryFullName, rundata.RunNumber, rundata.Timestamp, rundata.WriteIsolationKey)
|
|
if hmac.Equal([]byte(expectedMAC), []byte(rundata.RepositoryMAC)) {
|
|
return rundata.RepositoryFullName, nil
|
|
}
|
|
return "", ErrValidation
|
|
}
|
|
|
|
func validateAge(ts string) bool {
|
|
tsInt, err := strconv.ParseInt(ts, 10, 64)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
if tsInt > time.Now().Unix() {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func computeMac(secret, repo, run, ts, writeIsolationKey string) string {
|
|
mac := hmac.New(sha256.New, []byte(secret))
|
|
mac.Write([]byte(repo))
|
|
mac.Write([]byte(">"))
|
|
mac.Write([]byte(run))
|
|
mac.Write([]byte(">"))
|
|
mac.Write([]byte(ts))
|
|
mac.Write([]byte(">"))
|
|
mac.Write([]byte(writeIsolationKey))
|
|
return hex.EncodeToString(mac.Sum(nil))
|
|
}
|