git_sshripped_worktree 0.6.0

Worktree domain for git-sshripped
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233

#![cfg_attr(feature = "fail-on-warnings", deny(warnings))]
#![warn(clippy::all, clippy::pedantic, clippy::nursery, clippy::cargo)]
#![allow(clippy::multiple_crate_versions)]

use std::fs;
#[cfg(unix)]
use std::os::unix::fs::PermissionsExt;
use std::path::{Path, PathBuf};
use std::process::Command;

use anyhow::{Context, Result};
use base64::Engine;
use git_sshripped_worktree_models::UnlockSession;

fn git_rev_parse(cwd: &Path, arg: &str) -> Result<PathBuf> {
    profiling::scope!("git rev-parse", arg);
    let output = Command::new("git")
        .args(["rev-parse", arg])
        .current_dir(cwd)
        .output()
        .with_context(|| format!("failed to execute git rev-parse {arg}"))?;

    if !output.status.success() {
        anyhow::bail!(
            "git rev-parse {arg} failed: {}",
            String::from_utf8_lossy(&output.stderr).trim()
        );
    }

    let text = String::from_utf8(output.stdout).context("git rev-parse output was not utf8")?;
    Ok(PathBuf::from(text.trim()))
}

/// Resolve the Git common directory for the current working directory.
///
/// # Errors
///
/// Returns an error if `git rev-parse --git-common-dir` fails.
pub fn git_common_dir(cwd: &Path) -> Result<PathBuf> {
    profiling::scope!("git_common_dir");
    git_rev_parse(cwd, "--git-common-dir")
}

/// Resolve the Git directory for the current working directory.
///
/// For the main worktree this returns `.git`; for a linked worktree it
/// returns the worktree-specific Git directory (e.g.
/// `<main>/.git/worktrees/<name>`).
///
/// # Errors
///
/// Returns an error if `git rev-parse --git-dir` fails.
pub fn git_dir(cwd: &Path) -> Result<PathBuf> {
    profiling::scope!("git_dir");
    git_rev_parse(cwd, "--git-dir")
}

/// Resolve the working-tree root for the current working directory.
///
/// # Errors
///
/// Returns an error if `git rev-parse --show-toplevel` fails.
pub fn git_toplevel(cwd: &Path) -> Result<PathBuf> {
    profiling::scope!("git_toplevel");
    git_rev_parse(cwd, "--show-toplevel")
}

/// Returns `true` when the current working directory is inside a linked
/// (non-main) Git worktree.
///
/// Detection works by comparing the resolved `--git-dir` (worktree-specific)
/// against `--git-common-dir` (shared).  When they differ the worktree is a
/// linked one.
///
/// # Errors
///
/// Returns an error if the underlying `git rev-parse` calls fail.
pub fn is_linked_worktree(cwd: &Path) -> Result<bool> {
    profiling::scope!("is_linked_worktree");
    let git_dir_raw = git_dir(cwd)?;
    let common_dir_raw = git_common_dir(cwd)?;
    Ok(is_linked_worktree_inner(cwd, &git_dir_raw, &common_dir_raw))
}

/// Resolved worktree identity: the absolute per-worktree Git directory and
/// whether this is a linked (non-main) worktree.
#[derive(Debug, Clone)]
pub struct WorktreeIdentity {
    /// Absolute per-worktree Git directory. For the main worktree this is
    /// equivalent to `$GIT_COMMON_DIR`; for linked worktrees it is
    /// `$GIT_COMMON_DIR/worktrees/<id>`.
    ///
    /// Path components are joined against `cwd` when `git rev-parse`
    /// returns a relative path, but the result is intentionally **not**
    /// canonicalised so it matches what `$GIT_DIR` would contain at
    /// process start.
    pub git_dir: PathBuf,
    /// `true` when `git_dir` differs from the common dir after symlink
    /// resolution.
    pub linked: bool,
}

/// Resolve the per-worktree Git directory and linked-worktree flag.
///
/// Uses a single `git rev-parse --git-dir` subprocess call, reusing an
/// already-resolved common dir to avoid a second subprocess spawn.
///
/// The returned `git_dir` is absolute (joined against `cwd` if `git` gave
/// us a relative path) but intentionally un-canonicalised so it is stable
/// for use as a cache/marker key.  The `linked` flag *does* use canonical
/// paths so symlinked git dirs compare correctly.
///
/// # Errors
///
/// Returns an error if `git rev-parse --git-dir` fails.
pub fn resolve_worktree_identity(cwd: &Path, common_dir: &Path) -> Result<WorktreeIdentity> {
    profiling::scope!("resolve_worktree_identity");
    let git_dir_raw = git_dir(cwd)?;
    let abs_git = if git_dir_raw.is_absolute() {
        git_dir_raw
    } else {
        cwd.join(git_dir_raw)
    };
    let linked = is_linked_worktree_inner(cwd, &abs_git, common_dir);
    Ok(WorktreeIdentity {
        git_dir: abs_git,
        linked,
    })
}

fn is_linked_worktree_inner(cwd: &Path, git_dir_raw: &Path, common_dir_raw: &Path) -> bool {
    // Both flags may return relative paths – resolve them to absolute.
    let abs_git = if git_dir_raw.is_absolute() {
        git_dir_raw.to_path_buf()
    } else {
        cwd.join(git_dir_raw)
    };
    let abs_common = if common_dir_raw.is_absolute() {
        common_dir_raw.to_path_buf()
    } else {
        cwd.join(common_dir_raw)
    };

    // Canonicalize to collapse symlinks and `..` components.
    let canon_git = fs::canonicalize(&abs_git).unwrap_or(abs_git);
    let canon_common = fs::canonicalize(&abs_common).unwrap_or(abs_common);

    canon_git != canon_common
}

#[must_use]
pub fn session_file(common_dir: &Path) -> PathBuf {
    common_dir
        .join("git-sshripped")
        .join("session")
        .join("unlock.json")
}

/// Persist the unlock session to disk.
///
/// # Errors
///
/// Returns an error if the session directory cannot be created, the session
/// cannot be serialized, or the file cannot be written.
pub fn write_unlock_session(
    common_dir: &Path,
    key: &[u8],
    key_source: &str,
    repo_key_id: Option<String>,
) -> Result<()> {
    profiling::scope!("write_unlock_session");
    let file = session_file(common_dir);
    let parent = file
        .parent()
        .context("session path has no parent directory")?;
    fs::create_dir_all(parent)
        .with_context(|| format!("failed to create session dir {}", parent.display()))?;

    let session = UnlockSession {
        key_b64: base64::engine::general_purpose::STANDARD_NO_PAD.encode(key),
        key_source: key_source.to_string(),
        repo_key_id,
    };
    let text =
        serde_json::to_string_pretty(&session).context("failed to serialize unlock session")?;
    fs::write(&file, text)
        .with_context(|| format!("failed to write session file {}", file.display()))?;

    #[cfg(unix)]
    {
        let mut perms = fs::metadata(&file)
            .with_context(|| format!("failed to read session file metadata {}", file.display()))?
            .permissions();
        perms.set_mode(0o600);
        fs::set_permissions(&file, perms)
            .with_context(|| format!("failed to set secure permissions on {}", file.display()))?;
    }

    Ok(())
}

/// Remove the unlock session file, locking the repository.
///
/// # Errors
///
/// Returns an error if the session file exists but cannot be removed.
pub fn clear_unlock_session(common_dir: &Path) -> Result<()> {
    profiling::scope!("clear_unlock_session");
    let file = session_file(common_dir);
    if file.exists() {
        fs::remove_file(&file)
            .with_context(|| format!("failed to remove session file {}", file.display()))?;
    }
    Ok(())
}

/// Read the current unlock session, if one exists.
///
/// # Errors
///
/// Returns an error if the session file exists but cannot be read or parsed.
pub fn read_unlock_session(common_dir: &Path) -> Result<Option<UnlockSession>> {
    profiling::scope!("read_unlock_session");
    let file = session_file(common_dir);
    if !file.exists() {
        return Ok(None);
    }
    let text = fs::read_to_string(&file)
        .with_context(|| format!("failed to read session file {}", file.display()))?;
    let session = serde_json::from_str(&text)
        .with_context(|| format!("failed to parse session file {}", file.display()))?;
    Ok(Some(session))
}