openusd 0.5.0

Rust native USD library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

//! USDZ archive writer.
//!
//! Produces ZIP archives that conform to the [USDZ
//! specification](https://openusd.org/release/spec_usdz.html): every entry is
//! STORED (uncompressed) and its data is aligned to a 64-byte boundary via
//! padding in the local file header's "extra field".
//!
//! The writer is intentionally bytes-in, bytes-out: callers serialize their
//! layers (e.g. via [`crate::usdc::CrateWriter`] or [`crate::usda::TextWriter`])
//! and hand the resulting bytes to [`ArchiveWriter::add_layer`]. Dependency
//! resolution and asset discovery (the C++ `UsdUtilsCreateNewUsdzPackage`
//! equivalent) are out of scope for v1.

use std::io::{Seek, Write};
use std::path::Path;

use anyhow::{bail, Context, Result};
use zip::write::SimpleFileOptions;
use zip::{CompressionMethod, ZipWriter};

/// Alignment (in bytes) for file data inside a USDZ archive.
const USDZ_ALIGNMENT: u16 = 64;

/// Writer for USDZ archives.
///
/// ```no_run
/// use openusd::usdz::ArchiveWriter;
///
/// let out = std::fs::File::create("scene.usdz").unwrap();
/// let mut archive = ArchiveWriter::new(out);
/// archive.add_layer("scene.usdc", &std::fs::read("scene.usdc").unwrap()).unwrap();
/// archive.finish().unwrap();
/// ```
pub struct ArchiveWriter<W: Write + Seek> {
    inner: ZipWriter<W>,
}

impl<W: Write + Seek> ArchiveWriter<W> {
    /// Create a new writer that emits its archive to `out`.
    pub fn new(out: W) -> Self {
        Self {
            inner: ZipWriter::new(out),
        }
    }

    /// Add an entry to the archive. `name` is the archive-relative path,
    /// `bytes` is the raw file content. The first call should typically be a
    /// `.usda`/`.usdc`/`.usd` layer — per the USDZ spec, the first file in
    /// the archive is the package's root layer.
    ///
    /// `name` must be an archive-relative forward-slash path: non-empty, not
    /// absolute, and containing no `..` segments or backslashes. Archives
    /// with path-traversing entries are rejected.
    pub fn add_layer(&mut self, name: &str, bytes: &[u8]) -> Result<()> {
        validate_entry_name(name)?;

        let options = SimpleFileOptions::default()
            .compression_method(CompressionMethod::Stored)
            .with_alignment(USDZ_ALIGNMENT);

        self.inner
            .start_file(name, options)
            .with_context(|| format!("failed to start USDZ entry {name}"))?;
        self.inner
            .write_all(bytes)
            .with_context(|| format!("failed to write USDZ entry {name}"))?;
        Ok(())
    }

    /// Finalize the archive, writing the central directory. Returns the
    /// underlying writer.
    pub fn finish(self) -> Result<W> {
        let w = self.inner.finish().context("failed to finalize USDZ archive")?;
        Ok(w)
    }
}

impl ArchiveWriter<std::fs::File> {
    /// Create a USDZ archive at `path`.
    pub fn create(path: impl AsRef<Path>) -> Result<Self> {
        let path = path.as_ref();
        let file = std::fs::File::create(path)
            .with_context(|| format!("failed to create USDZ archive: {}", path.display()))?;
        Ok(Self::new(file))
    }
}

/// Validate that `name` is safe to use as a ZIP entry path: a non-empty
/// relative path whose segments are all concrete filenames. USDZ archives
/// consumed by other tools interpret entry names as filesystem paths, so
/// absolute, traversing, directory-like, or double-separator forms can
/// escape the extraction root or produce ambiguous results.
fn validate_entry_name(name: &str) -> Result<()> {
    if name.is_empty() {
        bail!("USDZ entry name cannot be empty");
    }
    if name.contains('\\') {
        bail!("USDZ entry name {name:?} must not contain backslashes");
    }
    if name.starts_with('/') {
        bail!("USDZ entry name {name:?} must be relative, not absolute");
    }
    if name.ends_with('/') {
        bail!("USDZ entry name {name:?} must name a file, not a directory");
    }
    for seg in name.split('/') {
        match seg {
            "" => bail!("USDZ entry name {name:?} has an empty path segment"),
            "." | ".." => {
                bail!("USDZ entry name {name:?} must not contain `{seg}` segments")
            }
            _ => {}
        }
    }
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::io::Cursor;

    fn writer() -> ArchiveWriter<Cursor<Vec<u8>>> {
        ArchiveWriter::new(Cursor::new(Vec::new()))
    }

    #[test]
    fn rejects_unsafe_entry_names() {
        for name in [
            "",
            "/absolute",
            "..",
            "a/../b",
            "win\\style",
            "a//b",
            "a/",
            "./a",
            "a/.",
        ] {
            assert!(
                writer().add_layer(name, b"").is_err(),
                "expected rejection for {name:?}"
            );
        }
    }

    #[test]
    fn accepts_safe_relative_entry_names() {
        for name in ["scene.usdc", "Textures/Material/base.jpg", "nested/a.b.c"] {
            writer().add_layer(name, b"dummy").expect(name);
        }
    }
}