Add expires_at field for impersonation_tokens POST request

w4 · w4 · commit 106b4ca4b364 · 2023-07-03T22:04:43.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -31,6 +31,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 sha1 = "0.10"
 shlex = "1.1"
+time = { version = "0.3", features = ["serde"] }
 tracing = "0.1"
 tracing-subscriber = "0.3"
 thrussh = "0.33"
diff --git a/src/config.rs b/src/config.rs
@@ -3,6 +3,7 @@
 use clap::Parser;
 use serde::{de::DeserializeOwned, Deserialize};
 use std::{net::SocketAddr, path::PathBuf};
+use time::Duration;
 use url::Url;
 
 #[derive(Parser)]
@@ -25,6 +26,15 @@ pub struct Config {
 pub struct GitlabConfig {
     pub uri: Url,
     pub admin_token: String,
+    #[serde(default = "GitlabConfig::default_token_expiry")]
+    pub token_expiry: Duration,
+}
+
+impl GitlabConfig {
+    #[must_use]
+    const fn default_token_expiry() -> Duration {
+        Duration::days(30)
+    }
 }
 
 pub fn from_toml_path<T: DeserializeOwned>(path: &str) -> Result<T, std::io::Error> {
diff --git a/src/git_command_handlers/ls_refs.rs b/src/git_command_handlers/ls_refs.rs
@@ -19,10 +19,10 @@ pub fn handle<U: UserProvider + PackageProvider + Send + Sync + 'static>(
     _metadata: &[Bytes],
     commit_hash: &HashOutput,
 ) -> Result<(), anyhow::Error> {
-    let commit_hash = hex::encode(&commit_hash);
+    let commit_hash = hex::encode(commit_hash);
 
     handle.write(PktLine::Data(
-        format!("{} HEAD symref-target:refs/heads/master", commit_hash).as_bytes(),
+        format!("{commit_hash} HEAD symref-target:refs/heads/master").as_bytes(),
     ))?;
     handle.write(PktLine::Flush)?;
     handle.flush(session, channel);
diff --git a/src/main.rs b/src/main.rs
@@ -84,7 +84,7 @@ async fn main() -> anyhow::Result<()> {
             .ok_or_else(|| anyhow!("failed to generate server private key"))?;
         let thrussh_keys::key::KeyPair::Ed25519(key) = key;
 
-        std::fs::write(server_private_key, &key.key)?;
+        std::fs::write(server_private_key, key.key)?;
 
         thrussh_keys::key::KeyPair::Ed25519(key)
     };
@@ -350,7 +350,7 @@ type AsyncHandlerFut<T, U> =
     dyn Future<Output = Result<T, <Handler<U> as thrussh::server::Handler>::Error>> + Send;
 
 #[allow(clippy::type_complexity)]
-impl<'a, U: UserProvider + PackageProvider + Send + Sync + 'static> thrussh::server::Handler
+impl<U: UserProvider + PackageProvider + Send + Sync + 'static> thrussh::server::Handler
     for Handler<U>
 {
     type Error = anyhow::Error;
diff --git a/src/providers/gitlab.rs b/src/providers/gitlab.rs
@@ -8,12 +8,14 @@ use percent_encoding::{utf8_percent_encode, NON_ALPHANUMERIC};
 use reqwest::header;
 use serde::{Deserialize, Serialize};
 use std::{borrow::Cow, sync::Arc};
+use time::{Duration, OffsetDateTime};
 use tracing::{info_span, instrument, Instrument};
 use url::Url;
 
 pub struct Gitlab {
     client: reqwest::Client,
     base_url: Url,
+    token_expiry: Duration,
 }
 
 impl Gitlab {
@@ -29,6 +31,7 @@ impl Gitlab {
                 .default_headers(headers)
                 .build()?,
             base_url: config.uri.join("api/v4/")?,
+            token_expiry: config.token_expiry,
         })
     }
 }
@@ -41,9 +44,8 @@ impl super::UserProvider for Gitlab {
         username_password: &str,
     ) -> anyhow::Result<Option<User>> {
         let mut splitter = username_password.splitn(2, ':');
-        let (username, password) = match (splitter.next(), splitter.next()) {
-            (Some(username), Some(password)) => (username, password),
-            _ => return Ok(None),
+        let (Some(username), Some(password)) = (splitter.next(), splitter.next()) else {
+            return Ok(None);
         };
 
         if username == "gitlab-ci-token" {
@@ -95,6 +97,9 @@ impl super::UserProvider for Gitlab {
                 )
                 .json(&GitlabImpersonationTokenRequest {
                     name: env!("CARGO_PKG_NAME"),
+                    expires_at: (OffsetDateTime::now_utc() + self.token_expiry)
+                        .date()
+                        .to_string(),
                     scopes: vec!["api"],
                 })
                 .send()
@@ -273,6 +278,7 @@ impl GitlabCratePath {
 #[derive(Serialize)]
 pub struct GitlabImpersonationTokenRequest {
     name: &'static str,
+    expires_at: String,
     scopes: Vec<&'static str>,
 }
 
diff --git a/src/util.rs b/src/util.rs
@@ -9,7 +9,7 @@ use ustr::ustr;
 
 #[must_use]
 pub fn format_fingerprint(fingerprint: &str) -> String {
-    format!("SHA256:{}", fingerprint)
+    format!("SHA256:{fingerprint}")
 }
 
 /// Crates with a total of 1, 2 characters in the same are written out to directories named

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ use ustr::ustr;`
`9`	`9`
`10`	`10`	`#[must_use]`
`11`	`11`	`pub fn format_fingerprint(fingerprint: &str) -> String {`
`12`		`- format!("SHA256:{}", fingerprint)`
	`12`	`+ format!("SHA256:{fingerprint}")`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`/// Crates with a total of 1, 2 characters in the same are written out to directories named`