asp/keep
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
af1e0ca5702c0795b75a6345bee17e6917e07e3d
keep/src/meta_plugin/env.rs
Andrew Phillips b166477202 fix: harden security, eliminate panics, remove dead code, add Dockerfile 
Security:
- Use constant-time password comparison (subtle crate) to prevent timing attacks
- Replace permissive CORS with configurable origin-restricted CORS
- Add TLS warning when password auth is used without HTTPS

Bug fixes:
- Convert MetaPlugin panics to anyhow::Result (get_meta_plugin, outputs_mut, options_mut)
- Replace item.id.unwrap() with proper error handling across 15 call sites
- Fix panic on unknown column type in list mode
- Fix conflicting PIPESIZE constant (was 8192 vs 65536, now unified to 8192)
- Add 256MB filter chain buffer limit to prevent OOM
- Gracefully skip unregistered plugins instead of panicking

Dead code removal:
- Delete unused filter parser files (filter_parser.rs, filter.pest, parser/ module)
- ~260 lines of dead PEG parser code removed

Code consolidation:
- Add is_content_binary_from_metadata() helper (was duplicated in 4 places)
- Simplify save_item_raw() to delegate to save_item_raw_streaming() (~90 lines removed)

Incomplete features:
- Populate filter_plugins in status output from global registry
- Add FallbackMagicFileMetaPlugin (was referenced but never implemented)
- Document init_plugins() as intentional no-op

Infrastructure:
- Add Dockerfile (static musl binary on scratch, 4.8MB)
- Add .dockerignore
- Add cors_origin to ServerConfig and config.rs
2026-03-13 07:57:36 -03:00

232 lines
7.1 KiB
Rust
Raw Blame History

use super::{BaseMetaPlugin, MetaPlugin, MetaPluginType, process_metadata_outputs};
#[derive(Debug, Clone)]
/// Meta plugin that extracts environment variables prefixed with KEEP_META_ as metadata.
pub struct EnvMetaPlugin {
is_finalized: bool,
base: BaseMetaPlugin,
env_vars: Vec<(String, String)>,
}
impl EnvMetaPlugin {
/// Creates a new `EnvMetaPlugin` instance.
///
/// Collects environment variables starting with KEEP_META_ and sets up default output mappings.
///
/// # Arguments
///
/// * `_options` - Optional configuration options for the plugin (unused in this implementation).
/// * `outputs` - Optional output mappings for metadata (overrides defaults).
///
/// # Returns
///
/// A new instance of `EnvMetaPlugin`.
pub fn new(
_options: Option<std::collections::HashMap<String, serde_yaml::Value>>,
outputs: Option<std::collections::HashMap<String, serde_yaml::Value>>,
) -> Self {
// Collect environment variables starting with KEEP_META_
let mut env_vars = Vec::new();
let mut outputs_map = std::collections::HashMap::new();
for (key, value) in std::env::vars() {
if let Some(stripped_key) = key.strip_prefix("KEEP_META_") {
// Add to env_vars to process later
env_vars.push((stripped_key.to_string(), value));
// Add to outputs with default mapping to the stripped name
outputs_map.insert(
stripped_key.to_string(),
serde_yaml::Value::String(stripped_key.to_string()),
);
}
}
// Override with provided outputs
if let Some(provided_outputs) = outputs {
for (key, value) in provided_outputs {
outputs_map.insert(key, value);
}
}
let mut base = BaseMetaPlugin::new();
base.outputs = outputs_map;
EnvMetaPlugin {
is_finalized: false,
base,
env_vars,
}
}
}
impl MetaPlugin for EnvMetaPlugin {
/// Returns the type of this meta plugin.
///
/// # Returns
///
/// `MetaPluginType::Env`.
fn meta_type(&self) -> MetaPluginType {
MetaPluginType::Env
}
/// Checks if the plugin has been finalized.
///
/// # Returns
///
/// `true` if finalized, `false` otherwise.
fn is_finalized(&self) -> bool {
self.is_finalized
}
/// Sets the finalized state of the plugin.
///
/// # Arguments
///
/// * `finalized` - The new finalized state.
fn set_finalized(&mut self, finalized: bool) {
self.is_finalized = finalized;
}
/// Initializes the plugin, processing environment variables.
///
/// Processes all KEEP_META_* variables and generates metadata using output mappings.
///
/// # Returns
///
/// A `MetaPluginResponse` with environment metadata and finalized state set to `true`.
fn initialize(&mut self) -> crate::meta_plugin::MetaPluginResponse {
// If already finalized, don't process again
if self.is_finalized {
return crate::meta_plugin::MetaPluginResponse {
metadata: Vec::new(),
is_finalized: true,
};
}
// Process all collected environment variables
let mut metadata = Vec::new();
for (name, value) in &self.env_vars {
if let Some(meta_data) = process_metadata_outputs(
name,
serde_yaml::Value::String(value.clone()),
self.base.outputs(),
) {
metadata.push(meta_data);
}
}
// Mark as finalized since this plugin only needs to run once
self.is_finalized = true;
crate::meta_plugin::MetaPluginResponse {
metadata,
is_finalized: true,
}
}
/// Updates the plugin with new data (unused in this implementation).
///
/// This plugin does not process streaming data; returns empty response.
///
/// # Arguments
///
/// * `_data` - The data chunk (unused).
///
/// # Returns
///
/// A `MetaPluginResponse` with empty metadata and current finalized state.
fn update(&mut self, _data: &[u8]) -> crate::meta_plugin::MetaPluginResponse {
// If already finalized, don't process more data
if self.is_finalized {
return crate::meta_plugin::MetaPluginResponse {
metadata: Vec::new(),
is_finalized: true,
};
}
crate::meta_plugin::MetaPluginResponse {
metadata: Vec::new(),
is_finalized: false,
}
}
/// Finalizes the plugin, calling initialize if not already done.
///
/// Ensures environment metadata is processed if not previously initialized.
///
/// # Returns
///
/// A `MetaPluginResponse` with environment metadata if not finalized, or empty if already done.
fn finalize(&mut self) -> crate::meta_plugin::MetaPluginResponse {
// If not already finalized, we can call initialize
if !self.is_finalized {
return self.initialize();
}
crate::meta_plugin::MetaPluginResponse {
metadata: Vec::new(),
is_finalized: true,
}
}
/// Returns a reference to the outputs mapping.
///
/// # Returns
///
/// A reference to the `HashMap` of outputs.
fn outputs(&self) -> &std::collections::HashMap<String, serde_yaml::Value> {
self.base.outputs()
}
/// Returns a mutable reference to the outputs mapping.
///
/// # Returns
///
/// A mutable reference to the `HashMap` of outputs.
fn outputs_mut(
&mut self,
) -> anyhow::Result<&mut std::collections::HashMap<String, serde_yaml::Value>> {
Ok(self.base.outputs_mut())
}
/// Returns the default output names based on collected env vars.
///
/// # Returns
///
/// A vector of environment variable names (stripped of KEEP_META_ prefix).
fn default_outputs(&self) -> Vec<String> {
self.env_vars.iter().map(|(name, _)| name.clone()).collect()
}
/// Returns a reference to the options mapping (empty for this plugin).
///
/// This plugin has no configurable options.
///
/// # Returns
///
/// An empty `HashMap`.
fn options(&self) -> &std::collections::HashMap<String, serde_yaml::Value> {
self.base.options()
}
/// Returns a mutable reference to the options mapping.
///
/// # Panics
///
/// Panics with "options_mut() not implemented for EnvMetaPlugin".
fn options_mut(
&mut self,
) -> anyhow::Result<&mut std::collections::HashMap<String, serde_yaml::Value>> {
Ok(self.base.options_mut())
}
}
use crate::meta_plugin::register_meta_plugin;
/// Registers the EnvMetaPlugin with the global registry at module initialization.
#[ctor::ctor]
fn register_env_plugin() {
register_meta_plugin(MetaPluginType::Env, |options, outputs| {
Box::new(EnvMetaPlugin::new(options, outputs))
});
}
Reference in New Issue View Git Blame Copy Permalink