feat(tvix/nar-bridge): stop parsing nixbase32 manually, validate

We have nixhash.FromHashTypeAndDigest now. Also, run Validate() on the PathInfo received from the remote PathInfoService. Change-Id: I14db0d9356c539c084afc9dd712314b56da2587e Reviewed-on: https://cl.tvl.fyi/c/depot/+/9652 Tested-by: BuildkiteCI Reviewed-by: Brian McGee <brian@bmcgee.ie>
2023-10-11 12:52:33 +02:00 · 2023-10-11 12:52:33 +02:00 · 673f5febbb
commit 673f5febbb
parent 98c17147c6
2 changed files with 24 additions and 10 deletions
--- a/tvix/nar-bridge/pkg/http/nar_put.go
+++ b/tvix/nar-bridge/pkg/http/nar_put.go
@ -10,7 +10,6 @@ import (
 	"code.tvl.fyi/tvix/nar-bridge/pkg/importer"
 	"github.com/go-chi/chi/v5"
 	nixhash "github.com/nix-community/go-nix/pkg/hash"
-	"github.com/nix-community/go-nix/pkg/nixbase32"
 	"github.com/sirupsen/logrus"
 	log "github.com/sirupsen/logrus"
 )
@ -101,11 +100,8 @@ func registerNarPut(s *Server) {
 		}

 		// Compare the nar hash specified in the URL with the one that has been
-		// calculated while processing the NAR file
-		// TODO: bump go-nix and remove the parsing
-		narHash, err := nixhash.ParseNixBase32(
-			"sha256:" + nixbase32.EncodeToString(narSha256),
-		)
+		// calculated while processing the NAR file.
+		narHash, err := nixhash.FromHashTypeAndDigest(0x12, narSha256)
 		if err != nil {
 			panic("must parse nixbase32")
 		}
--- a/tvix/nar-bridge/pkg/http/narinfo_get.go
+++ b/tvix/nar-bridge/pkg/http/narinfo_get.go
@ -51,11 +51,29 @@ func renderNarinfo(
 		return fmt.Errorf("unable to get pathinfo: %w", err)
 	}

-	// TODO: don't parse
-	narHash, err := nixhash.ParseNixBase32("sha256:" + nixbase32.EncodeToString(pathInfo.GetNarinfo().GetNarSha256()))
+	log = log.WithField("pathInfo", pathInfo)
+
+	// The PathInfo received needs to be valid, and contain a NARInfo field.
+	if _, err := pathInfo.Validate(); err != nil {
+		log.WithError(err).Error("unable to validate PathInfo")
+
+		return fmt.Errorf("unable to validate PathInfo: %w", err)
+	}
+
+	// Ensure the PathInfo contains a NARInfo field
+	if pathInfo.GetNarinfo() == nil {
+		log.Error("PathInfo doesn't contain Narinfo field")
+
+		return fmt.Errorf("PathInfo doesn't contain Narinfo field")
+	}
+
+	// extract the NARHash
+	narHash, err := nixhash.FromHashTypeAndDigest(0x12, pathInfo.GetNarinfo().GetNarSha256())
 	if err != nil {
-		// TODO: return proper error
-		return fmt.Errorf("No usable NarHash found in PathInfo")
+		// TODO: replace with panic once we use cl/9649
+
+		log.WithError(err).Error("invalid NarHash in PathInfo")
+		return fmt.Errorf("invalid NarHash in PathInfo")
 	}

 	// add things to the lookup table, in case the same process didn't handle the NAR hash yet.