securegit 0.8.5

use crate::acquire::download::Downloader;
use crate::acquire::sources::RepoSource;
use crate::acquire::strategy::{AcquireOptions, AcquisitionStrategy};
use crate::archive::ArchiveValidator;
use crate::archive::SafeExtractor;
use crate::auth;
use crate::core::{AcquisitionReport, Config, ScanReport};
use anyhow::Result;
use async_trait::async_trait;
use std::path::Path;

pub struct ZipOnlyStrategy {
    config: Config,
    downloader: Downloader,
}

impl ZipOnlyStrategy {
    pub fn new(config: Config) -> Self {
        Self {
            config,
            downloader: Downloader::new(),
        }
    }
}

#[async_trait]
impl AcquisitionStrategy for ZipOnlyStrategy {
    async fn acquire(
        &self,
        source: &RepoSource,
        target: &Path,
        opts: &AcquireOptions,
    ) -> Result<AcquisitionReport> {
        // Download ZIP with auth headers
        let zip_url = source.zip_url()?;
        let temp_zip = tempfile::Builder::new()
            .prefix("securegit-")
            .suffix(".zip")
            .tempfile_in("/tmp")?;

        let host = source.host().unwrap_or_default();
        let headers = auth::build_http_headers(opts.token.as_ref(), &host);
        self.downloader
            .download_with_headers(&zip_url, temp_zip.path(), &headers)
            .await?;

        // Extract safely
        let validator = ArchiveValidator::new(self.config.archive.clone());
        let extractor = SafeExtractor::new(validator);
        extractor.extract_safe(temp_zip.path(), target).await?;

        Ok(AcquisitionReport {
            target: target.to_path_buf(),
            scan_report: ScanReport::new(),
            sanitize_report: Default::default(),
            has_history: false,
            head_commit: None,
        })
    }
}