Merge pull request #12009 from DeterminateSystems/401-cache

HttpBinaryCacheStore: Improve error message for unauthorized caches
2025-06-24 22:11:15 +02:00 · 2024-12-10 05:41:37 +01:00 · 2024-12-10 05:41:37 +01:00 · 7bd8ece4ba
commit 7bd8ece4ba
parent 8c25eac7a3 3b21ea40cc
3 changed files with 29 additions and 5 deletions
--- a/src/libstore/binary-cache-store.cc
+++ b/src/libstore/binary-cache-store.cc
@ -39,15 +39,13 @@ BinaryCacheStore::BinaryCacheStore(const Params & params)

 void BinaryCacheStore::init()
 {
-    std::string cacheInfoFile = "nix-cache-info";
-
-    auto cacheInfo = getFile(cacheInfoFile);
+    auto cacheInfo = getNixCacheInfo();
    if (!cacheInfo) {
        upsertFile(cacheInfoFile, "StoreDir: " + storeDir + "\n", "text/x-nix-cache-info");
    } else {
        for (auto & line : tokenizeString<Strings>(*cacheInfo, "\n")) {
-            size_t colon= line.find(':');
-            if (colon ==std::string::npos) continue;
+            size_t colon = line.find(':');
+            if (colon == std::string::npos) continue;
            auto name = line.substr(0, colon);
            auto value = trim(line.substr(colon + 1, std::string::npos));
            if (name == "StoreDir") {
@ -63,6 +61,11 @@ void BinaryCacheStore::init()
    }
 }

+std::optional<std::string> BinaryCacheStore::getNixCacheInfo()
+{
+    return getFile(cacheInfoFile);
+}
+
 void BinaryCacheStore::upsertFile(const std::string & path,
    std::string && data,
    const std::string & mimeType)
--- a/src/libstore/binary-cache-store.hh
+++ b/src/libstore/binary-cache-store.hh
@ -64,6 +64,8 @@ protected:
    // The prefix under which realisation infos will be stored
    const std::string realisationsPrefix = "realisations";

+    const std::string cacheInfoFile = "nix-cache-info";
+
    BinaryCacheStore(const Params & params);

 public:
@ -84,6 +86,12 @@ public:
     */
    virtual void getFile(const std::string & path, Sink & sink);

+    /**
+     * Get the contents of /nix-cache-info. Return std::nullopt if it
+     * doesn't exist.
+     */
+    virtual std::optional<std::string> getNixCacheInfo();
+
    /**
     * Fetch the specified file and call the specified callback with
     * the result. A subclass may implement this asynchronously.
--- a/src/libstore/http-binary-cache-store.cc
+++ b/src/libstore/http-binary-cache-store.cc
@ -194,6 +194,19 @@ protected:
        }
    }

+    std::optional<std::string> getNixCacheInfo() override
+    {
+        try {
+            auto result = getFileTransfer()->download(makeRequest(cacheInfoFile));
+            return result.data;
+        } catch (FileTransferError & e) {
+            if (e.error == FileTransfer::NotFound)
+                return std::nullopt;
+            maybeDisable();
+            throw;
+        }
+    }
+
    /**
     * This isn't actually necessary read only. We support "upsert" now, so we
     * have a notion of authentication via HTTP POST/PUT.