soldeer-core 0.10.1

Core functionality for Soldeer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404

//! Utility functions used throughout the codebase.
use crate::{
    config::Dependency,
    errors::{DownloadError, InstallError},
    registry::parse_version_req,
};
use derive_more::derive::{Display, From};
use ignore::{WalkBuilder, WalkState};
use log::{debug, warn};
use path_slash::PathExt as _;
use rayon::prelude::*;
use semver::Version;
use sha2::{Digest as _, Sha256};
use std::{
    borrow::Cow,
    env,
    ffi::OsStr,
    fs,
    io::Read,
    path::{Path, PathBuf},
    sync::{Arc, mpsc},
};
use tokio::process::Command;

/// Newtype for the string representation of an integrity checksum (SHA256).
#[derive(Debug, Clone, PartialEq, Eq, Hash, From, Display)]
#[from(Cow<'static, str>, String, &'static str)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct IntegrityChecksum(pub String);

/// Get the location where the token file is stored or read from.
///
/// The token file is stored in the home directory of the user, or in the current directory
/// if the home cannot be found, in a hidden folder called `.soldeer`. The token file is called
/// `.soldeer_login`.
///
/// The path can be overridden by setting the `SOLDEER_LOGIN_FILE` environment variable.
pub fn login_file_path() -> Result<PathBuf, std::io::Error> {
    if let Ok(file_path) = env::var("SOLDEER_LOGIN_FILE") &&
        !file_path.is_empty()
    {
        debug!("using soldeer login file defined in environment variable");
        return Ok(file_path.into());
    }

    // if home dir cannot be found, use the current dir
    let dir = home::home_dir().unwrap_or(env::current_dir()?);
    let security_directory = dir.join(".soldeer");
    if !security_directory.exists() {
        debug!(dir:?; ".soldeer folder does not exist, creating it");
        fs::create_dir(&security_directory)?;
    }
    let login_file = security_directory.join(".soldeer_login");
    debug!(login_file:?; "path to login file");
    Ok(login_file)
}

/// Check if any filename in the list of paths starts with a period.
pub fn check_dotfiles(files: &[PathBuf]) -> bool {
    files
        .par_iter()
        .any(|file| file.file_name().unwrap_or_default().to_string_lossy().starts_with('.'))
}

/// Sanitize a filename by replacing invalid characters with a dash.
pub fn sanitize_filename(dependency_name: &str) -> String {
    let options =
        sanitize_filename::Options { truncate: true, windows: cfg!(windows), replacement: "-" };

    let filename = sanitize_filename::sanitize_with_options(dependency_name, options);
    debug!(filename; "sanitized filename");
    filename
}

/// Hash the contents of a Reader with SHA256
pub fn hash_content<R: Read>(content: &mut R) -> [u8; 32] {
    let mut hasher = Sha256::new();
    let mut buf = [0; 1024];
    while let Ok(size) = content.read(&mut buf) {
        if size == 0 {
            break;
        }
        hasher.update(&buf[0..size]);
    }
    hasher.finalize().into()
}

/// Walk a folder and compute the SHA256 hash of all non-hidden and non-ignored files inside the
/// dir, combining them into a single hash.
///
/// The paths of the folders and files are hashes too, so we can the integrity of their names and
/// location can be checked.
pub fn hash_folder(folder_path: impl AsRef<Path>) -> Result<IntegrityChecksum, std::io::Error> {
    debug!(path:? = folder_path.as_ref(); "hashing folder");
    // a list of hashes, one for each DirEntry
    let root_path = Arc::new(dunce::canonicalize(folder_path.as_ref())?);

    let (tx, rx) = mpsc::channel::<[u8; 32]>();

    // we use a parallel walker to speed things up
    let walker = WalkBuilder::new(&folder_path)
        .filter_entry(|entry| {
            !(entry.path().is_dir() && entry.path().file_name().unwrap_or_default() == ".git")
        })
        .hidden(false)
        .require_git(false)
        .parents(false)
        .git_global(false)
        .git_exclude(false)
        .build_parallel();
    walker.run(|| {
        let tx = tx.clone();
        let root_path = Arc::clone(&root_path);
        // function executed for each DirEntry
        Box::new(move |result| {
            let Ok(entry) = result else {
                return WalkState::Continue;
            };
            let path = entry.path();
            // first hash the filename/dirname to make sure it can't be renamed or removed
            let mut hasher = Sha256::new();
            hasher.update(
                path.strip_prefix(root_path.as_ref())
                    .expect("path should be a child of root")
                    .to_slash_lossy()
                    .as_bytes(),
            );
            // for files, also hash the contents
            if let Some(true) = entry.file_type().map(|t| t.is_file()) {
                if let Ok(file) = fs::File::open(path) {
                    let mut reader = std::io::BufReader::new(file);
                    let hash = hash_content(&mut reader);
                    hasher.update(hash);
                } else {
                    warn!(path:?; "could not read file while hashing folder");
                }
            }
            // record the hash for that file/folder in the list
            let hash: [u8; 32] = hasher.finalize().into();
            tx.send(hash)
                .expect("Channel receiver should never be dropped before end of function scope");
            WalkState::Continue
        })
    });
    drop(tx);
    let mut hasher = Sha256::new();
    // this cannot happen before tx is dropped safely
    let mut hashes = Vec::new();
    while let Ok(msg) = rx.recv() {
        hashes.push(msg);
    }
    // sort hashes
    hashes.par_sort_unstable();
    // hash the hashes (yo dawg...)
    for hash in hashes.iter() {
        hasher.update(hash);
    }
    let hash: [u8; 32] = hasher.finalize().into();
    let hash = const_hex::encode(hash);
    debug!(path:? = folder_path.as_ref(), hash; "folder hash was computed");
    Ok(hash.into())
}

/// Compute the SHA256 hash of the contents of a file
pub fn hash_file(path: impl AsRef<Path>) -> Result<IntegrityChecksum, std::io::Error> {
    debug!(path:? = path.as_ref(); "hashing file");
    let file = fs::File::open(&path)?;
    let mut reader = std::io::BufReader::new(file);
    let bytes = hash_content(&mut reader);
    let hash = const_hex::encode(bytes);
    debug!(path:? = path.as_ref(), hash; "file hash was computed");
    Ok(hash.into())
}

/// Run a `git` command with the given arguments in the given directory.
///
/// The function output is parsed as a UTF-8 string and returned.
pub async fn run_git_command<I, S>(
    args: I,
    current_dir: Option<&PathBuf>,
) -> Result<String, DownloadError>
where
    I: IntoIterator<Item = S> + Clone,
    S: AsRef<OsStr>,
{
    let mut git = Command::new("git");
    git.args(args.clone()).env("GIT_TERMINAL_PROMPT", "0");
    if let Some(current_dir) = current_dir {
        git.current_dir(
            canonicalize(current_dir)
                .await
                .map_err(|e| DownloadError::IOError { path: current_dir.clone(), source: e })?,
        );
    }
    let git = git.output().await.map_err(|e| DownloadError::GitError {
        message: e.to_string(),
        args: args.clone().into_iter().map(|a| a.as_ref().to_string_lossy().into_owned()).collect(),
    })?;
    if !git.status.success() {
        return Err(DownloadError::GitError {
            message: String::from_utf8(git.stderr).unwrap_or_default(),
            args: args.into_iter().map(|a| a.as_ref().to_string_lossy().into_owned()).collect(),
        });
    }
    Ok(String::from_utf8(git.stdout).expect("git command output should be valid utf-8"))
}

/// Run a `forge` command with the given arguments in the given directory.
///
/// The function output is parsed as a UTF-8 string and returned.
pub async fn run_forge_command<I, S>(
    args: I,
    current_dir: Option<&PathBuf>,
) -> Result<String, InstallError>
where
    I: IntoIterator<Item = S>,
    S: AsRef<OsStr>,
{
    let mut forge = Command::new("forge");
    forge.args(args);
    if let Some(current_dir) = current_dir {
        forge.current_dir(
            canonicalize(current_dir)
                .await
                .map_err(|e| InstallError::IOError { path: current_dir.clone(), source: e })?,
        );
    }
    let forge = forge.output().await.map_err(|e| InstallError::ForgeError(e.to_string()))?;
    if !forge.status.success() {
        return Err(InstallError::ForgeError(String::from_utf8(forge.stderr).unwrap_or_default()));
    }
    Ok(String::from_utf8(forge.stdout).expect("forge command output should be valid utf-8"))
}

/// Remove/uninstall the `forge-std` library installed as a git submodule in a foundry project.
///
/// This function removes the `forge-std` submodule, the `.gitmodules` file and the `lib` directory
/// from the project.
pub async fn remove_forge_lib(root: impl AsRef<Path>) -> Result<(), InstallError> {
    debug!("removing forge-std installed as a git submodule");
    let gitmodules_path = root.as_ref().join(".gitmodules");
    let lib_dir = root.as_ref().join("lib");
    let forge_std_dir = lib_dir.join("forge-std");
    if forge_std_dir.exists() {
        run_git_command(
            &["rm", &forge_std_dir.to_string_lossy()],
            Some(&root.as_ref().to_path_buf()),
        )
        .await?;
        debug!("removed lib/forge-std");
    }
    if lib_dir.exists() {
        fs::remove_dir_all(&lib_dir)
            .map_err(|e| InstallError::IOError { path: lib_dir.clone(), source: e })?;
        debug!("removed lib dir");
    }
    if gitmodules_path.exists() {
        fs::remove_file(&gitmodules_path)
            .map_err(|e| InstallError::IOError { path: lib_dir, source: e })?;
        debug!("removed .gitmodules file");
    }
    Ok(())
}

/// Canonicalize a path, resolving symlinks and relative paths.
///
/// This function also normalizes paths on Windows to use the MS-DOS format (as opposed to UNC)
/// whenever possible.
pub async fn canonicalize(path: impl AsRef<Path>) -> Result<PathBuf, std::io::Error> {
    let path = path.as_ref().to_path_buf();
    tokio::task::spawn_blocking(move || dunce::canonicalize(&path)).await?
}

/// Canonicalize a path, resolving symlinks and relative paths, synchronously.
///
/// This function also normalizes paths on Windows to use the MS-DOS format (as opposed to UNC)
/// whenever possible.
pub fn canonicalize_sync(path: impl AsRef<Path>) -> Result<PathBuf, std::io::Error> {
    dunce::canonicalize(path)
}

/// Check if a path corresponds to the provided dependency.
///
/// The folder does not need to exist. The folder name must start with the dependency name
/// (sanitized). For dependencies with a semver-compliant version requirement, any folder with a
/// version that matches will give a result of `true`. Otherwise, the folder name must contain the
/// version requirement string after the dependency name.
pub fn path_matches(dependency: &Dependency, path: impl AsRef<Path>) -> bool {
    let path = path.as_ref();
    let Some(dir_name) = path.file_name() else {
        return false;
    };
    let dir_name = dir_name.to_string_lossy();
    let prefix = format!("{}-", sanitize_filename(dependency.name()));
    if !dir_name.starts_with(&prefix) {
        return false;
    }
    match (
        parse_version_req(dependency.version_req()),
        Version::parse(dir_name.strip_prefix(&prefix).expect("prefix should be present")),
    ) {
        (None, _) | (Some(_), Err(_)) => {
            // not semver compliant
            dir_name == format!("{prefix}{}", sanitize_filename(dependency.version_req()))
        }
        (Some(version_req), Ok(version)) => version_req.matches(&version),
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::fs;
    use testdir::testdir;

    fn create_test_folder(name: Option<&str>) -> PathBuf {
        let dir = testdir!();
        let named_dir = match name {
            None => dir,
            Some(name) => {
                let d = dir.join(name);
                fs::create_dir(&d).unwrap();
                d
            }
        };
        fs::write(named_dir.join("a.txt"), "this is a test file").unwrap();
        fs::write(named_dir.join("b.txt"), "this is a second test file").unwrap();
        fs::write(named_dir.join("ignored.txt"), "this file should be ignored").unwrap();
        fs::write(named_dir.join(".gitignore"), "ignored.txt\n").unwrap();
        fs::write(
            named_dir.parent().unwrap().join(".gitignore"),
            format!("{}/a.txt", named_dir.file_name().unwrap().to_string_lossy()),
        )
        .unwrap(); // this file should be ignored because it's in the parent dir
        dunce::canonicalize(named_dir).unwrap()
    }

    #[test]
    fn test_hash_content() {
        let mut content = "this is a test file".as_bytes();
        let hash = hash_content(&mut content);
        assert_eq!(
            const_hex::encode(hash),
            "5881707e54b0112f901bc83a1ffbacac8fab74ea46a6f706a3efc5f7d4c1c625".to_string()
        );
    }

    #[test]
    fn test_hash_content_content_sensitive() {
        let mut content = "foobar".as_bytes();
        let hash = hash_content(&mut content);
        let mut content2 = "baz".as_bytes();
        let hash2 = hash_content(&mut content2);
        assert_ne!(hash, hash2);
    }

    #[test]
    fn test_hash_file() {
        let path = testdir!().join("test.txt");
        fs::write(&path, "this is a test file").unwrap();
        let hash = hash_file(&path).unwrap();
        assert_eq!(hash, "5881707e54b0112f901bc83a1ffbacac8fab74ea46a6f706a3efc5f7d4c1c625".into());
    }

    #[test]
    fn test_hash_folder_abs_path_insensitive() {
        let folder1 = create_test_folder(Some("dir1"));
        let folder2 = create_test_folder(Some("dir2"));
        let hash1 = hash_folder(&folder1).unwrap();
        let hash2 = hash_folder(&folder2).unwrap();
        assert_eq!(
            hash1.to_string(),
            "c5328a2c3db7582b9074d5f5263ef111b496bbf9cda9b6c5fb0f97f1dc17b766"
        );
        assert_eq!(hash1, hash2);
        // ignored.txt should be ignored in the checksum calculation, so removing it should yield
        // the same checksum
        fs::remove_file(folder1.join("ignored.txt")).unwrap();
        let hash1 = hash_folder(&folder1).unwrap();
        assert_eq!(hash1, hash2);
    }

    #[test]
    fn test_hash_folder_rel_path_sensitive() {
        let folder = create_test_folder(Some("dir"));
        let hash1 = hash_folder(&folder).unwrap();
        fs::rename(folder.join("a.txt"), folder.join("c.txt")).unwrap();
        let hash2 = hash_folder(&folder).unwrap();
        assert_ne!(hash1, hash2);
    }

    #[test]
    fn test_hash_folder_content_sensitive() {
        let folder = create_test_folder(Some("dir"));
        let hash1 = hash_folder(&folder).unwrap();
        fs::create_dir(folder.join("test")).unwrap();
        let hash2 = hash_folder(&folder).unwrap();
        assert_ne!(hash1, hash2);
        fs::write(folder.join("test/c.txt"), "this is a third test file").unwrap();
        let hash3 = hash_folder(&folder).unwrap();
        assert_ne!(hash2, hash3);
        assert_ne!(hash1, hash3);
    }
}