Don't output whole timers map; hash headers in rust (#1411)

vlad-ivanov-name · web-flow · commit 92d228ba5e42 · 2025-02-23T17:39:08.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -34,6 +34,7 @@ serde_yaml = "0.9.34"
 toml = "0.8.19"
 tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
 tempfile = "3.14.0"
+hex = "0.4.3"
 
 [workspace.dependencies.git2]
 default-features = false
diff --git a/josh-core/Cargo.toml b/josh-core/Cargo.toml
@@ -17,7 +17,7 @@ git-version = "0.3.9"
 git2 = { workspace = true }
 gix-object = "0.46.0"
 glob = "0.3.1"
-hex = "0.4.3"
+hex = { workspace = true }
 indoc = "2.0.5"
 itertools = "0.13.0"
 lazy_static = { workspace = true }
diff --git a/josh-proxy/Cargo.toml b/josh-proxy/Cargo.toml
@@ -10,6 +10,8 @@ repository = "https://github.com/josh-project/josh"
 version = "22.4.15"
 
 [dependencies]
+sha2 = "0.10.8"
+hex = { workspace = true }
 base64 = { workspace = true }
 clap = { workspace = true }
 futures = { workspace = true }
diff --git a/josh-proxy/src/auth.rs b/josh-proxy/src/auth.rs
@@ -98,16 +98,25 @@ impl Handle {
     }
 }
 
+fn hash_header(header: &hyper::http::HeaderValue) -> String {
+    use sha2::{Digest, Sha256};
+
+    let mut hasher = Sha256::new();
+    hasher.update(header.as_bytes());
+    let result = hasher.finalize();
+    hex::encode(result)
+}
+
 pub fn add_auth(token: &str) -> josh::JoshResult<Handle> {
     let header = hyper::header::HeaderValue::from_str(&format!("Basic {}", BASE64.encode(token)))?;
-    let hp = Handle {
-        hash: Some(git2::Oid::hash_object(git2::ObjectType::Blob, header.as_bytes())?.to_string()),
+    let handle = Handle {
+        hash: Some(hash_header(&header)),
     };
-    let p = Header {
+    let header_wrapper = Header {
         header: Some(header),
     };
-    AUTH.lock()?.insert(hp.clone(), p);
-    Ok(hp)
+    AUTH.lock()?.insert(handle.clone(), header_wrapper);
+    Ok(handle)
 }
 
 #[tracing::instrument()]
@@ -180,7 +189,7 @@ pub async fn check_http_auth(url: &str, auth: &Handle, required: bool) -> josh::
         }
 
         tracing::info!(
-            auth_timers = ?auth_timers,
+            auth_timers_count = auth_timers.len(),
             "check_http_auth: no valid cached auth"
         );
 
@@ -237,16 +246,14 @@ pub fn strip_auth(
         req.headers_mut().remove(hyper::header::AUTHORIZATION);
 
     if let Some(header) = header {
-        let hp = Handle {
-            hash: Some(
-                git2::Oid::hash_object(git2::ObjectType::Blob, header.as_bytes())?.to_string(),
-            ),
+        let handle = Handle {
+            hash: Some(hash_header(&header)),
         };
-        let p = Header {
+        let header_wrapper = Header {
             header: Some(header),
         };
-        AUTH.lock()?.insert(hp.clone(), p);
-        return Ok((hp, req));
+        AUTH.lock()?.insert(handle.clone(), header_wrapper);
+        return Ok((handle, req));
     }
 
     Ok((Handle { hash: None }, req))
