module Hackage.Security.Client.Repository.Remote (
withRepository
, RepoOpts(..)
, defaultRepoOpts
, RemoteTemp
, FileSize(..)
, fileSizeWithinBounds
) where
import Control.Concurrent
import Control.Exception
import Control.Monad.Cont
import Data.List (nub, intercalate)
import Data.Typeable
import Network.URI hiding (uriPath, path)
import System.IO ()
import qualified Data.ByteString as BS
import qualified Data.ByteString.Lazy as BS.L
import Hackage.Security.Client.Formats
import Hackage.Security.Client.Repository
import Hackage.Security.Client.Repository.Cache (Cache)
import Hackage.Security.Client.Repository.HttpLib
import Hackage.Security.Client.Verify
import Hackage.Security.Trusted
import Hackage.Security.TUF
import Hackage.Security.Util.Checked
import Hackage.Security.Util.IO
import Hackage.Security.Util.Path
import Hackage.Security.Util.Pretty
import Hackage.Security.Util.Some
import Hackage.Security.Util.Exit
import qualified Hackage.Security.Client.Repository.Cache as Cache
newtype ServerCapabilities = SC (MVar ServerCapabilities_)
data ServerCapabilities_ = ServerCapabilities {
serverAcceptRangesBytes :: Bool
}
newServerCapabilities :: IO ServerCapabilities
newServerCapabilities = SC <$> newMVar ServerCapabilities {
serverAcceptRangesBytes = False
}
updateServerCapabilities :: ServerCapabilities -> [HttpResponseHeader] -> IO ()
updateServerCapabilities (SC mv) responseHeaders = modifyMVar_ mv $ \caps ->
return $ caps {
serverAcceptRangesBytes = serverAcceptRangesBytes caps
|| HttpResponseAcceptRangesBytes `elem` responseHeaders
}
checkServerCapability :: MonadIO m
=> ServerCapabilities -> (ServerCapabilities_ -> a) -> m a
checkServerCapability (SC mv) f = liftIO $ withMVar mv $ return . f
data FileSize =
FileSizeExact Int54
| FileSizeBound Int54
deriving Show
fileSizeWithinBounds :: Int54 -> FileSize -> Bool
fileSizeWithinBounds sz (FileSizeExact sz') = sz <= sz'
fileSizeWithinBounds sz (FileSizeBound sz') = sz <= sz'
data RepoOpts = RepoOpts {
repoAllowAdditionalMirrors :: Bool
}
defaultRepoOpts :: RepoOpts
defaultRepoOpts = RepoOpts {
repoAllowAdditionalMirrors = True
}
withRepository
:: HttpLib
-> [URI]
-> RepoOpts
-> Cache
-> RepoLayout
-> IndexLayout
-> (LogMessage -> IO ())
-> (Repository RemoteTemp -> IO a)
-> IO a
withRepository httpLib
outOfBandMirrors
repoOpts
cache
repLayout
repIndexLayout
logger
callback
= do
selectedMirror <- newMVar Nothing
caps <- newServerCapabilities
let remoteConfig mirror = RemoteConfig {
cfgLayout = repLayout
, cfgHttpLib = httpLib
, cfgBase = mirror
, cfgCache = cache
, cfgCaps = caps
, cfgLogger = liftIO . logger
, cfgOpts = repoOpts
}
callback Repository {
repGetRemote = getRemote remoteConfig selectedMirror
, repGetCached = Cache.getCached cache
, repGetCachedRoot = Cache.getCachedRoot cache
, repClearCache = Cache.clearCache cache
, repWithIndex = Cache.withIndex cache
, repGetIndexIdx = Cache.getIndexIdx cache
, repLockCache = Cache.lockCache cache
, repWithMirror = withMirror httpLib
selectedMirror
logger
outOfBandMirrors
repoOpts
, repLog = logger
, repLayout = repLayout
, repIndexLayout = repIndexLayout
, repDescription = "Remote repository at " ++ show outOfBandMirrors
}
type SelectedMirror = MVar (Maybe URI)
getSelectedMirror :: SelectedMirror -> IO URI
getSelectedMirror selectedMirror = do
mBaseURI <- readMVar selectedMirror
case mBaseURI of
Nothing -> internalError "Internal error: no mirror selected"
Just baseURI -> return baseURI
getRemote :: Throws SomeRemoteError
=> (URI -> RemoteConfig)
-> SelectedMirror
-> AttemptNr
-> RemoteFile fs typ
-> Verify (Some (HasFormat fs), RemoteTemp typ)
getRemote remoteConfig selectedMirror attemptNr remoteFile = do
baseURI <- liftIO $ getSelectedMirror selectedMirror
let cfg = remoteConfig baseURI
downloadMethod <- liftIO $ pickDownloadMethod cfg attemptNr remoteFile
getFile cfg attemptNr remoteFile downloadMethod
httpRequestHeaders :: RemoteConfig -> AttemptNr -> [HttpRequestHeader]
httpRequestHeaders RemoteConfig{..} attemptNr =
if attemptNr == 0 then defaultHeaders
else HttpRequestMaxAge0 : defaultHeaders
where
defaultHeaders :: [HttpRequestHeader]
defaultHeaders = [HttpRequestNoTransform]
withMirror :: forall a.
HttpLib
-> SelectedMirror
-> (LogMessage -> IO ())
-> [URI]
-> RepoOpts
-> Maybe [Mirror]
-> IO a
-> IO a
withMirror HttpLib{..}
selectedMirror
logger
oobMirrors
repoOpts
tufMirrors
callback
=
go orderedMirrors
where
go :: [URI] -> IO a
go [] = internalError "No mirrors configured"
go [m] = do
logger $ LogSelectedMirror (show m)
select m $ callback
go (m:ms) = do
logger $ LogSelectedMirror (show m)
catchChecked (select m callback) $ \ex -> do
logger $ LogMirrorFailed (show m) ex
go ms
orderedMirrors :: [URI]
orderedMirrors = nub $ concat [
oobMirrors
, if repoAllowAdditionalMirrors repoOpts
then maybe [] (map mirrorUrlBase) tufMirrors
else []
]
select :: URI -> IO a -> IO a
select uri =
bracket_ (modifyMVar_ selectedMirror $ \_ -> return $ Just uri)
(modifyMVar_ selectedMirror $ \_ -> return Nothing)
data DownloadMethod :: * -> * -> * where
NeverUpdated :: {
neverUpdatedFormat :: HasFormat fs f
} -> DownloadMethod fs typ
CannotUpdate :: {
cannotUpdateFormat :: HasFormat fs f
, cannotUpdateReason :: UpdateFailure
} -> DownloadMethod fs Binary
Update :: {
updateFormat :: HasFormat fs f
, updateInfo :: Trusted FileInfo
, updateLocal :: Path Absolute
, updateTail :: Int54
} -> DownloadMethod fs Binary
pickDownloadMethod :: forall fs typ. RemoteConfig
-> AttemptNr
-> RemoteFile fs typ
-> IO (DownloadMethod fs typ)
pickDownloadMethod RemoteConfig{..} attemptNr remoteFile =
case remoteFile of
RemoteTimestamp -> return $ NeverUpdated (HFZ FUn)
(RemoteRoot _) -> return $ NeverUpdated (HFZ FUn)
(RemoteSnapshot _) -> return $ NeverUpdated (HFZ FUn)
(RemoteMirrors _) -> return $ NeverUpdated (HFZ FUn)
(RemotePkgTarGz _ _) -> return $ NeverUpdated (HFZ FGz)
(RemoteIndex hasGz formats) -> multipleExitPoints $ do
rangeSupport <- checkServerCapability cfgCaps serverAcceptRangesBytes
unless rangeSupport $ exit $ CannotUpdate hasGz UpdateImpossibleUnsupported
mCachedIndex <- lift $ Cache.getCachedIndex cfgCache (hasFormatGet hasGz)
cachedIndex <- case mCachedIndex of
Nothing -> exit $ CannotUpdate hasGz UpdateImpossibleNoLocalCopy
Just fp -> return fp
when (attemptNr >= 2) $ exit $ CannotUpdate hasGz UpdateFailedTwice
return Update {
updateFormat = hasGz
, updateInfo = formatsLookup hasGz formats
, updateLocal = cachedIndex
, updateTail = 65536
}
getFile :: forall fs typ. Throws SomeRemoteError
=> RemoteConfig
-> AttemptNr
-> RemoteFile fs typ
-> DownloadMethod fs typ
-> Verify (Some (HasFormat fs), RemoteTemp typ)
getFile cfg@RemoteConfig{..} attemptNr remoteFile method =
go method
where
go :: DownloadMethod fs typ -> Verify (Some (HasFormat fs), RemoteTemp typ)
go NeverUpdated{..} = do
cfgLogger $ LogDownloading remoteFile
download neverUpdatedFormat
go CannotUpdate{..} = do
cfgLogger $ LogCannotUpdate remoteFile cannotUpdateReason
cfgLogger $ LogDownloading remoteFile
download cannotUpdateFormat
go Update{..} = do
cfgLogger $ LogUpdating remoteFile
update updateFormat updateInfo updateLocal updateTail
headers :: [HttpRequestHeader]
headers = httpRequestHeaders cfg attemptNr
download :: HasFormat fs f -> Verify (Some (HasFormat fs), RemoteTemp typ)
download format = do
(tempPath, h) <- openTempFile (Cache.cacheRoot cfgCache) (uriTemplate uri)
liftIO $ do
httpGet headers uri $ \responseHeaders bodyReader -> do
updateServerCapabilities cfgCaps responseHeaders
execBodyReader targetPath sz h bodyReader
hClose h
cacheIfVerified format $ DownloadedWhole tempPath
where
targetPath = TargetPathRepo $ remoteRepoPath' cfgLayout remoteFile format
uri = formatsLookup format $ remoteFileURI cfgLayout cfgBase remoteFile
sz = formatsLookup format $ remoteFileSize remoteFile
update :: (typ ~ Binary)
=> HasFormat fs f
-> Trusted FileInfo
-> Path Absolute
-> Int54
-> Verify (Some (HasFormat fs), RemoteTemp typ)
update format info cachedFile fileTail = do
currentSz <- liftIO $ getFileSize cachedFile
let fileSz = fileLength' info
range = (0 `max` (currentSz fileTail), fileSz)
range' = (fromIntegral (fst range), fromIntegral (snd range))
cacheRoot = Cache.cacheRoot cfgCache
(tempPath, h) <- openTempFile cacheRoot (uriTemplate uri)
statusCode <- liftIO $
httpGetRange headers uri range' $ \statusCode responseHeaders bodyReader -> do
updateServerCapabilities cfgCaps responseHeaders
let expectedSize =
case statusCode of
HttpStatus206PartialContent ->
FileSizeExact (snd range fst range)
HttpStatus200OK ->
FileSizeExact fileSz
execBodyReader targetPath expectedSize h bodyReader
hClose h
return statusCode
let downloaded =
case statusCode of
HttpStatus206PartialContent ->
DownloadedDelta {
deltaTemp = tempPath
, deltaExisting = cachedFile
, deltaSeek = fst range
}
HttpStatus200OK ->
DownloadedWhole tempPath
cacheIfVerified format downloaded
where
targetPath = TargetPathRepo repoPath
uri = modifyUriPath cfgBase (`anchorRepoPathRemotely` repoPath)
repoPath = remoteRepoPath' cfgLayout remoteFile format
cacheIfVerified :: HasFormat fs f -> RemoteTemp typ
-> Verify (Some (HasFormat fs), RemoteTemp typ)
cacheIfVerified format remoteTemp = do
ifVerified $
Cache.cacheRemoteFile cfgCache
remoteTemp
(hasFormatGet format)
(mustCache remoteFile)
return (Some format, remoteTemp)
httpGetRange :: forall a. Throws SomeRemoteError
=> [HttpRequestHeader]
-> URI
-> (Int, Int)
-> (HttpStatus -> [HttpResponseHeader] -> BodyReader -> IO a)
-> IO a
HttpLib{..} = cfgHttpLib
execBodyReader :: Throws SomeRemoteError
=> TargetPath
-> FileSize
-> Handle
-> BodyReader
-> IO ()
execBodyReader file mlen h br = go 0
where
go :: Int54 -> IO ()
go sz = do
unless (sz `fileSizeWithinBounds` mlen) $
throwChecked $ SomeRemoteError $ FileTooLarge file mlen
bs <- br
if BS.null bs
then return ()
else BS.hPut h bs >> go (sz + fromIntegral (BS.length bs))
data FileTooLarge = FileTooLarge {
fileTooLargePath :: TargetPath
, fileTooLargeExpected :: FileSize
}
deriving (Typeable)
instance Pretty FileTooLarge where
pretty FileTooLarge{..} = concat [
"file returned by server too large: "
, pretty fileTooLargePath
, " (expected " ++ expected fileTooLargeExpected ++ " bytes)"
]
where
expected :: FileSize -> String
expected (FileSizeExact n) = "exactly " ++ show n
expected (FileSizeBound n) = "at most " ++ show n
#if MIN_VERSION_base(4,8,0)
deriving instance Show FileTooLarge
instance Exception FileTooLarge where displayException = pretty
#else
instance Exception FileTooLarge
instance Show FileTooLarge where show = pretty
#endif
remoteFileURI :: RepoLayout -> URI -> RemoteFile fs typ -> Formats fs URI
remoteFileURI repoLayout baseURI = fmap aux . remoteRepoPath repoLayout
where
aux :: RepoPath -> URI
aux repoPath = modifyUriPath baseURI (`anchorRepoPathRemotely` repoPath)
remoteFileSize :: RemoteFile fs typ -> Formats fs FileSize
remoteFileSize (RemoteTimestamp) =
FsUn $ FileSizeBound fileSizeBoundTimestamp
remoteFileSize (RemoteRoot mLen) =
FsUn $ maybe (FileSizeBound fileSizeBoundRoot)
(FileSizeExact . fileLength')
mLen
remoteFileSize (RemoteSnapshot len) =
FsUn $ FileSizeExact (fileLength' len)
remoteFileSize (RemoteMirrors len) =
FsUn $ FileSizeExact (fileLength' len)
remoteFileSize (RemoteIndex _ lens) =
fmap (FileSizeExact . fileLength') lens
remoteFileSize (RemotePkgTarGz _pkgId len) =
FsGz $ FileSizeExact (fileLength' len)
fileSizeBoundTimestamp :: Int54
fileSizeBoundTimestamp = 4096
fileSizeBoundRoot :: Int54
fileSizeBoundRoot = 2 * 1024 * 2014
data RemoteConfig = RemoteConfig {
cfgLayout :: RepoLayout
, cfgHttpLib :: HttpLib
, cfgBase :: URI
, cfgCache :: Cache
, cfgCaps :: ServerCapabilities
, cfgLogger :: forall m. MonadIO m => LogMessage -> m ()
, cfgOpts :: RepoOpts
}
uriTemplate :: URI -> String
uriTemplate = takeFileName . uriPath
fileLength' :: Trusted FileInfo -> Int54
fileLength' = fileLength . fileInfoLength . trusted
data RemoteTemp :: * -> * where
DownloadedWhole :: {
wholeTemp :: Path Absolute
} -> RemoteTemp a
DownloadedDelta :: {
deltaTemp :: Path Absolute
, deltaExisting :: Path Absolute
, deltaSeek :: Int54
} -> RemoteTemp Binary
instance Pretty (RemoteTemp typ) where
pretty DownloadedWhole{..} = intercalate " " $ [
"DownloadedWhole"
, pretty wholeTemp
]
pretty DownloadedDelta{..} = intercalate " " $ [
"DownloadedDelta"
, pretty deltaTemp
, pretty deltaExisting
, show deltaSeek
]
instance DownloadedFile RemoteTemp where
downloadedVerify = verifyRemoteFile
downloadedRead = readLazyByteString . wholeTemp
downloadedCopyTo = \f dest ->
case f of
DownloadedWhole{..} ->
renameFile wholeTemp dest
DownloadedDelta{..} -> do
unless (deltaExisting == dest) $
throwIO $ userError "Assertion failure: deltaExisting /= dest"
withFile deltaExisting ReadWriteMode $ \h -> do
hSeek h AbsoluteSeek (fromIntegral deltaSeek)
BS.L.hPut h =<< readLazyByteString deltaTemp
verifyRemoteFile :: RemoteTemp typ -> Trusted FileInfo -> IO Bool
verifyRemoteFile remoteTemp trustedInfo = do
sz <- FileLength <$> remoteSize remoteTemp
if sz /= fileInfoLength (trusted trustedInfo)
then return False
else withRemoteBS remoteTemp $
compareTrustedFileInfo (trusted trustedInfo) . fileInfo
where
remoteSize :: RemoteTemp typ -> IO Int54
remoteSize DownloadedWhole{..} = getFileSize wholeTemp
remoteSize DownloadedDelta{..} = do
deltaSize <- getFileSize deltaTemp
return $ deltaSeek + deltaSize
withRemoteBS :: RemoteTemp typ -> (BS.L.ByteString -> Bool) -> IO Bool
withRemoteBS DownloadedWhole{..} callback = do
withFile wholeTemp ReadMode $ \h -> do
bs <- BS.L.hGetContents h
evaluate $ callback bs
withRemoteBS DownloadedDelta{..} callback =
withFile deltaExisting ReadMode $ \hExisting ->
withFile deltaTemp ReadMode $ \hTemp -> do
existing <- BS.L.hGetContents hExisting
temp <- BS.L.hGetContents hTemp
evaluate $ callback $ BS.L.concat [
BS.L.take (fromIntegral deltaSeek) existing
, temp
]