Added LFS credentials caching

JetpackDuba · Feb 11, 2025 · c6ce532 · c6ce532
1 parent 12c4b5a
commit c6ce532
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 8 deletions.
diff --git a/src/main/kotlin/com/jetpackduba/gitnuro/credentials/CredentialsCacheRepository.kt b/src/main/kotlin/com/jetpackduba/gitnuro/credentials/CredentialsCacheRepository.kt
@@ -20,19 +20,19 @@ class CredentialsCacheRepository @Inject constructor() {
     // having a random key to encrypt the password may help in case of a memory dump attack
     private val encryptionKey = getRandomKey()
 
-    fun getCachedHttpCredentials(url: String): CredentialsType.HttpCredentials? {
+    fun getCachedHttpCredentials(url: String, isLfs: Boolean): CredentialsType.HttpCredentials? {
         val credentials = credentialsCached.filterIsInstance<CredentialsType.HttpCredentials>().firstOrNull {
-            it.url == url
+            it.url == url && it.isLfs == isLfs
         }
 
         return credentials?.copy(password = credentials.password.cipherDecrypt())
     }
 
     suspend fun cacheHttpCredentials(credentials: CredentialsType.HttpCredentials) {
-        cacheHttpCredentials(credentials.url, credentials.userName, credentials.password)
+        cacheHttpCredentials(credentials.url, credentials.userName, credentials.password, credentials.isLfs)
     }
 
-    suspend fun cacheHttpCredentials(url: String, userName: String, password: String) {
+    suspend fun cacheHttpCredentials(url: String, userName: String, password: String, isLfs: Boolean) {
         val passwordEncrypted = password.cipherEncrypt()
 
         credentialsLock.lockUse {
@@ -41,7 +41,7 @@ class CredentialsCacheRepository @Inject constructor() {
             }
 
             if (!previouslyCached) {
-                val credentials = CredentialsType.HttpCredentials(url, userName, passwordEncrypted)
+                val credentials = CredentialsType.HttpCredentials(url, userName, passwordEncrypted, isLfs)
                 credentialsCached.add(credentials)
             }
         }
@@ -101,5 +101,6 @@ sealed interface CredentialsType {
         val url: String,
         val userName: String,
         val password: String,
+        val isLfs: Boolean,
     ) : CredentialsType
 }
diff --git a/src/main/kotlin/com/jetpackduba/gitnuro/credentials/HttpCredentialsProvider.kt b/src/main/kotlin/com/jetpackduba/gitnuro/credentials/HttpCredentialsProvider.kt
@@ -78,7 +78,10 @@ class HttpCredentialsProvider @AssistedInject constructor(
         val externalCredentialsHelper = getExternalCredentialsHelper(uri, git)
 
         if (externalCredentialsHelper == null) {
-            val cachedCredentials = credentialsCacheRepository.getCachedHttpCredentials(uri.toString())
+            val cachedCredentials = credentialsCacheRepository.getCachedHttpCredentials(
+                url = uri.toString(),
+                isLfs = false,
+            )
 
             if (cachedCredentials == null) {
                 val credentials = askForCredentials()
@@ -92,6 +95,7 @@ class HttpCredentialsProvider @AssistedInject constructor(
                             url = uri.toString(),
                             userName = credentials.user,
                             password = credentials.password,
+                            isLfs = false,
                         )
                     }
 

diff --git a/src/main/kotlin/com/jetpackduba/gitnuro/lfs/GLfsFactory.kt b/src/main/kotlin/com/jetpackduba/gitnuro/lfs/GLfsFactory.kt
@@ -2,6 +2,7 @@ package com.jetpackduba.gitnuro.lfs
 
 import com.jetpackduba.gitnuro.Result
 import com.jetpackduba.gitnuro.credentials.CredentialsAccepted
+import com.jetpackduba.gitnuro.credentials.CredentialsCacheRepository
 import com.jetpackduba.gitnuro.credentials.CredentialsRequest
 import com.jetpackduba.gitnuro.credentials.CredentialsStateManager
 import com.jetpackduba.gitnuro.logging.printLog
@@ -41,10 +42,18 @@ private const val TAG = "GLfsFactory"
 class GLfsFactory @Inject constructor(
     private val lfsRepository: LfsRepository,
     private val credentialsStateManager: CredentialsStateManager,
+    private val credentialsCacheRepository: CredentialsCacheRepository,
 ) : LfsFactory() {
     init {
         FilterCommandRegistry.register("jgit://builtin/lfs/smudge") { repository, input, out ->
-            LfsSmudgeFilter(lfsRepository, credentialsStateManager, input, out, repository)
+            LfsSmudgeFilter(
+                lfsRepository = lfsRepository,
+                credentialsStateManager = credentialsStateManager,
+                credentialsCacheRepository = credentialsCacheRepository,
+                input = input,
+                output = out,
+                repository = repository
+            )
         }
         FilterCommandRegistry.register("jgit://builtin/lfs/clean") { db, `in`, out ->
             LfsCleanFilter(db, `in`, out)

diff --git a/src/main/kotlin/com/jetpackduba/gitnuro/lfs/LfsSmudgeFilter.kt b/src/main/kotlin/com/jetpackduba/gitnuro/lfs/LfsSmudgeFilter.kt
@@ -2,6 +2,7 @@ package com.jetpackduba.gitnuro.lfs
 
 import com.jetpackduba.gitnuro.Result
 import com.jetpackduba.gitnuro.credentials.CredentialsAccepted
+import com.jetpackduba.gitnuro.credentials.CredentialsCacheRepository
 import com.jetpackduba.gitnuro.credentials.CredentialsRequest
 import com.jetpackduba.gitnuro.credentials.CredentialsStateManager
 import com.jetpackduba.gitnuro.logging.printLog
@@ -16,6 +17,7 @@ import org.eclipse.jgit.lfs.LfsPointer
 import org.eclipse.jgit.lfs.lib.AnyLongObjectId
 import org.eclipse.jgit.lib.Repository
 import java.io.*
+import java.net.URI
 import java.nio.file.Files
 import java.util.concurrent.CancellationException
 
@@ -24,6 +26,7 @@ private const val MAX_COPY_BYTES = 1024 * 1024 * 256
 class LfsSmudgeFilter(
     private val lfsRepository: LfsRepository,
     private val credentialsStateManager: CredentialsStateManager,
+    private val credentialsCacheRepository: CredentialsCacheRepository,
     input: InputStream,
     output: OutputStream,
     repository: Repository,
@@ -57,6 +60,7 @@ class LfsSmudgeFilter(
         res: LfsPointer,
     ) = runBlocking {
         val lfsServerUrl = lfsRepository.getLfsRepositoryUrl(repository)
+
         val hash = res.oid.name()
         val size = res.size
 
@@ -67,17 +71,44 @@ class LfsSmudgeFilter(
         )
 
         var credentials: CredentialsAccepted.LfsCredentialsAccepted? = null
+        var cachedCredentialsAlreadyRequested = false
 
         val lfsObjects = getLfsObjects(lfsServerUrl, lfsPrepareUploadObjectBatch) {
+            if (!cachedCredentialsAlreadyRequested) {
+                val cachedCredentials = credentialsCacheRepository.getCachedHttpCredentials(lfsServerUrl, true)
+
+                if (cachedCredentials != null) {
+                    val newCredentials = CredentialsAccepted.LfsCredentialsAccepted(
+                        user = cachedCredentials.userName,
+                        password = cachedCredentials.password,
+                    )
+
+                    credentials = newCredentials
+
+                    cachedCredentialsAlreadyRequested = true
+
+                    return@getLfsObjects newCredentials
+                }
+            }
+
             val newCredentials = requestLfsCredentials()
             credentials = newCredentials
 
-            newCredentials
+            return@getLfsObjects newCredentials
         }
 
         when (lfsObjects) {
             is Result.Err -> throw Exception("LFS Error ${lfsObjects.error}")
             is Result.Ok -> {
+                credentials?.let { safeCredentials ->
+                    credentialsCacheRepository.cacheHttpCredentials(
+                        lfsServerUrl,
+                        safeCredentials.user,
+                        safeCredentials.password,
+                        isLfs = true,
+                    )
+                }
+
                 val lfs = Lfs(repository)
 
                 printLog("LFS", "Requesting credentials for objects upload")