refactor: streaming, security hardening, and MCP removal
Major overhaul of server architecture and security posture: - Streaming: Unified all I/O through PIPESIZE (8192-byte) buffers. POST bodies stream via MpscReader through the save pipeline. GET content streams from disk via decompression to client. Removed save_item_with_reader, get_item_content_info, ChannelReader. 413 responses keep partial items (nonfatal by design). - Security: XSS protection in all HTML pages via html_escape crate. Security headers middleware (nosniff, frame deny, referrer policy). CORS tightened to explicit headers. Input validation for tags (256 chars), metadata (128/4096), pagination (10k cap). Config file reads use from_utf8_lossy. Generic error messages in HTML. Diff endpoint has 10 MB per-item cap. max_body_size config option. - Panics eliminated: Path unwraps → proper error propagation. Mutex unwraps → map_err (registries) / expect with message (local). - MCP removed: Deleted all MCP code, rmcp dependency, mcp feature. - Docs: Updated README, DESIGN, AGENTS to reflect all changes.
This commit is contained in:
@@ -152,6 +152,7 @@ pub struct ServerConfig {
|
||||
pub cert_file: Option<PathBuf>,
|
||||
pub key_file: Option<PathBuf>,
|
||||
pub cors_origin: Option<String>,
|
||||
pub max_body_size: Option<u64>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize, Serialize)]
|
||||
@@ -256,7 +257,11 @@ impl Settings {
|
||||
// Override with CLI args
|
||||
if let Some(dir) = &args.options.dir {
|
||||
debug!("CONFIG: Overriding dir with CLI arg: {dir:?}");
|
||||
config_builder = config_builder.set_override("dir", dir.to_str().unwrap())?;
|
||||
config_builder = config_builder.set_override(
|
||||
"dir",
|
||||
dir.to_str()
|
||||
.ok_or_else(|| anyhow::anyhow!("non-UTF-8 directory path"))?,
|
||||
)?;
|
||||
}
|
||||
|
||||
if args.options.human_readable {
|
||||
@@ -316,6 +321,10 @@ impl Settings {
|
||||
.set_override("server.key_file", server_key.to_string_lossy().as_ref())?;
|
||||
}
|
||||
|
||||
if let Some(max_body_size) = args.options.server_max_body_size {
|
||||
config_builder = config_builder.set_override("server.max_body_size", max_body_size)?;
|
||||
}
|
||||
|
||||
if let Some(compression) = &args.item.compression {
|
||||
config_builder =
|
||||
config_builder.set_override("compression_plugin.name", compression.as_str())?;
|
||||
@@ -486,10 +495,10 @@ impl Settings {
|
||||
// First check for password_file
|
||||
if let Some(password_file) = &server.password_file {
|
||||
debug!("CONFIG: Reading password from file: {password_file:?}");
|
||||
let password = fs::read_to_string(password_file)
|
||||
.with_context(|| format!("Failed to read password file: {password_file:?}"))?
|
||||
.trim()
|
||||
.to_string();
|
||||
let password = fs::read(password_file)
|
||||
.with_context(|| format!("Failed to read password file: {password_file:?}"))?;
|
||||
let end = password.len().min(4096);
|
||||
let password = String::from_utf8_lossy(&password[..end]).trim().to_string();
|
||||
return Ok(Some(password));
|
||||
}
|
||||
|
||||
@@ -521,12 +530,11 @@ impl Settings {
|
||||
// First check for jwt_secret_file
|
||||
if let Some(jwt_secret_file) = &server.jwt_secret_file {
|
||||
debug!("CONFIG: Reading JWT secret from file: {jwt_secret_file:?}");
|
||||
let secret = fs::read_to_string(jwt_secret_file)
|
||||
.with_context(|| {
|
||||
format!("Failed to read JWT secret file: {jwt_secret_file:?}")
|
||||
})?
|
||||
.trim()
|
||||
.to_string();
|
||||
let secret = fs::read(jwt_secret_file).with_context(|| {
|
||||
format!("Failed to read JWT secret file: {jwt_secret_file:?}")
|
||||
})?;
|
||||
let end = secret.len().min(4096);
|
||||
let secret = String::from_utf8_lossy(&secret[..end]).trim().to_string();
|
||||
return Ok(Some(secret));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user