// n34-relay - A nostr GRASP relay implementation
// Copyright (C) 2025 Awiteb <a@4rs.nl>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://gnu.org/licenses/agpl-3.0>;.
use std::{collections::HashMap, sync::Arc};
use axum::{body::Body, response::Response};
use hyper::{HeaderMap, StatusCode};
use nostr::{
event::{Event, Kind},
filter::Filter,
};
use nostr_database::NostrDatabase;
use crate::git_server::{PublicKeyAndRepoPath, ref_update_pkt_line::RefUpdatePkt};
/// unpack-status = PKT-LINE("unpack" SP unpack-result)
/// unpack-result = "ok" / error-msg
const UNPACK_OK: &[u8] = b"unpack ok";
/// Checks if the provided headers contain the `Git-Protocol: version=2` header.
pub fn contains_git_v2(headers: &HeaderMap) -> bool {
headers
.get("Git-Protocol")
.is_some_and(|value| value == "version=2")
}
/// Add the data length before it. `{length}{data}`
fn pkt_line(data: &[u8]) -> Vec<u8> {
let mut result = format!("{:04x}", data.len() + 4).into_bytes();
result.extend_from_slice(data);
result
}
/// Make a pkt_line with a side-band. `{length}{channel}pkt_line({data})`
fn sideband_pkt_line(channel: u8, data: &[u8]) -> Vec<u8> {
let pktline = if data == b"0000" {
data
} else {
&pkt_line(data)
};
// 4 bytes for length + 1 byte for channel + pktline
let mut result = format!("{:04x}", pktline.len() + 5).into_bytes();
result.push(channel);
result.extend_from_slice(pktline);
result
}
/// Formats an error message using Git's pkt-line report-status.
fn git_errors_response(
refs_errors: &HashMap<&str, &'static str>,
all_refs: &[RefUpdatePkt],
capabilities: &str,
) -> Vec<u8> {
let mut response = Vec::new();
let caps_contains = |cap| capabilities.split(" ").any(|c| c == cap);
let use_sideband = caps_contains("side-band-64k") || caps_contains("side-band");
// report-status = unpack-status
// 1*(command-status)
// flush-pkt
if caps_contains("report-status") || caps_contains("report-status-v2") {
// command-status = command-ok / command-fail
// command-ok = PKT-LINE("ok" SP refname)
// command-fail = PKT-LINE("ng" SP refname SP error-msg)
let ng_line = |ref_name, msg| format!("ng {ref_name} {msg}");
let ok_line = |ref_name| format!("ok {ref_name}");
if use_sideband {
response.extend_from_slice(&sideband_pkt_line(1, UNPACK_OK));
for ref_update in all_refs {
if let Some(err) = refs_errors.get(ref_update.ref_name) {
response.extend_from_slice(&sideband_pkt_line(
1,
ng_line(&ref_update.ref_name, err).as_bytes(),
));
} else {
response.extend_from_slice(&sideband_pkt_line(
1,
ok_line(ref_update.ref_name).as_bytes(),
));
}
}
// side-band flush-pkt
response.extend_from_slice(&sideband_pkt_line(1, b"0000"));
// flush-pkt
response.extend_from_slice(b"0000");
} else {
response.extend_from_slice(&pkt_line(UNPACK_OK));
for ref_update in all_refs {
if let Some(err) = refs_errors.get(ref_update.ref_name) {
response.extend_from_slice(&pkt_line(
ng_line(&ref_update.ref_name, err).as_bytes(),
));
} else {
response.extend_from_slice(&pkt_line(ok_line(ref_update.ref_name).as_bytes()));
}
}
// flush-pkt
response.extend_from_slice(b"0000");
}
}
response
}
/// Creates an error response that Git clients will display to users.
pub fn git_receive_pack_error(
refs_errors: &HashMap<&str, &'static str>,
all_refs: &[RefUpdatePkt],
capabilities: &str,
) -> Response {
let body = git_errors_response(refs_errors, all_refs, capabilities);
Response::builder()
.status(StatusCode::OK)
.header("Content-Type", "application/x-git-receive-pack-result")
.body(Body::from(body))
.expect("valid response")
}
/// Extract the refs from the repository state event
#[inline]
pub fn extract_refs(repo_state: &Event) -> impl Iterator<Item = (&str, &str)> {
repo_state.tags.iter().filter_map(|tag| {
let tag_kind = tag.as_slice().first()?.as_str();
if (tag_kind.starts_with("refs/heads/") || tag_kind.starts_with("refs/tags/"))
&& let Some(commit_id) = tag.content()
{
return Some((tag_kind, commit_id));
}
None
})
}
/// Check if the ref match with the repository state
pub fn check_ref_update(ref_update: &RefUpdatePkt, repo_state: &Event) -> Result<(), &'static str> {
let ref_commit = extract_refs(repo_state)
.find_map(|(name, commit)| (ref_update.ref_name == name).then_some(commit));
// Return an error if the ref is not found and the operation is not a delete
if ref_commit.is_none() && !ref_update.is_delete() {
return Err(
"Reference not found. The reference must exist in the repository state to update it",
);
}
// Return an error if attempting to delete a ref that is still present in the
// repository state
if ref_commit.is_some() && ref_update.is_delete() {
return Err("Cannot delete reference: it still exists in the repository state");
}
// Return an error if the ref's current commit doesn't match the new commit
if let Some(commit) = ref_commit
&& commit != ref_update.new_commit
{
return Err(
"Commit mismatch: the new commit doesn't match the repository state for this reference",
);
}
// Accept if:
// - ref is not found the the commit is delete
// - ref is found and match the new commit
Ok(())
}
/// Check if the push should be continue, if not return the error message
pub async fn is_legal_push<'a>(
ref_updates: &[RefUpdatePkt<'a>],
db: &Arc<dyn NostrDatabase>,
repo: &PublicKeyAndRepoPath,
) -> Result<HashMap<&'a str, &'static str>, (StatusCode, &'static str)> {
// Repo announcement from the author
let Some(repo_announcement) = db
.query(
Filter::new()
.author(repo.public_key)
.identifier(&repo.repo_name)
.kind(Kind::GitRepoAnnouncement),
)
.await
.map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
"Database error. Try to push later :(",
)
})?
.first_owned()
else {
return Err((
StatusCode::INTERNAL_SERVER_ERROR,
"No repository announcement found. It should be there but it's not. Broadcast it \
please :)",
));
};
// Repo state event from the author or one of the maintainers
let Some(repo_state) = db
.query(
Filter::new()
.author(repo.public_key)
.authors(crate::utils::get_maintainers(&repo_announcement).copied())
.identifier(&repo.repo_name)
.kind(Kind::RepoState),
)
.await
.map_err(|_| {
(
StatusCode::INTERNAL_SERVER_ERROR,
"Database error. Try to push later :(",
)
})?
.first_owned()
else {
return Err((
StatusCode::BAD_REQUEST,
"No repository state announcements found. Broadcast it to the relay first",
));
};
Ok(ref_updates
.iter()
.filter_map(|ref_update| {
check_ref_update(ref_update, &repo_state)
.err()
.map(|err| (ref_update.ref_name, err))
})
.collect())
}
npub127…n5r64
2026-04-05 05:23:55 UTC
Author Public Key
npub127u525u3l674p6l40c72u4ptxvumhfa0hu4pyjztnrw7vpppmvrqun5r64Published at
2026-04-05 05:23:55 UTCEvent JSON
{
"id": "7ef749b6dd6e38fdcf3c802158b2c9c0c11eef47f00da9d26f1453f3b8e33bed",
"pubkey": "57b9455391febd50ebf57e3cae542b3339bba7afbf2a12484b98dde60421db06",
"created_at": 1775366635,
"kind": 1,
"tags": [
[
"file",
"n34-relay/src/git_server/utils.rs"
],
[
"version",
"0.4.7"
]
],
"content": "// n34-relay - A nostr GRASP relay implementation\n// Copyright (C) 2025 Awiteb \u003ca@4rs.nl\u003e\n//\n// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU Affero General Public License as published\n// by the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n//\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU Affero General Public License for more details.\n//\n// You should have received a copy of the GNU Affero General Public License\n// along with this program. If not, see \u003chttps://gnu.org/licenses/agpl-3.0\u003e.\n\nuse std::{collections::HashMap, sync::Arc};\n\nuse axum::{body::Body, response::Response};\nuse hyper::{HeaderMap, StatusCode};\nuse nostr::{\n event::{Event, Kind},\n filter::Filter,\n};\nuse nostr_database::NostrDatabase;\n\nuse crate::git_server::{PublicKeyAndRepoPath, ref_update_pkt_line::RefUpdatePkt};\n\n/// unpack-status = PKT-LINE(\"unpack\" SP unpack-result)\n/// unpack-result = \"ok\" / error-msg\nconst UNPACK_OK: \u0026[u8] = b\"unpack ok\";\n\n/// Checks if the provided headers contain the `Git-Protocol: version=2` header.\npub fn contains_git_v2(headers: \u0026HeaderMap) -\u003e bool {\n headers\n .get(\"Git-Protocol\")\n .is_some_and(|value| value == \"version=2\")\n}\n\n/// Add the data length before it. `{length}{data}`\nfn pkt_line(data: \u0026[u8]) -\u003e Vec\u003cu8\u003e {\n let mut result = format!(\"{:04x}\", data.len() + 4).into_bytes();\n result.extend_from_slice(data);\n result\n}\n\n/// Make a pkt_line with a side-band. `{length}{channel}pkt_line({data})`\nfn sideband_pkt_line(channel: u8, data: \u0026[u8]) -\u003e Vec\u003cu8\u003e {\n let pktline = if data == b\"0000\" {\n data\n } else {\n \u0026pkt_line(data)\n };\n\n // 4 bytes for length + 1 byte for channel + pktline\n let mut result = format!(\"{:04x}\", pktline.len() + 5).into_bytes();\n result.push(channel);\n result.extend_from_slice(pktline);\n result\n}\n\n/// Formats an error message using Git's pkt-line report-status.\nfn git_errors_response(\n refs_errors: \u0026HashMap\u003c\u0026str, \u0026'static str\u003e,\n all_refs: \u0026[RefUpdatePkt],\n capabilities: \u0026str,\n) -\u003e Vec\u003cu8\u003e {\n let mut response = Vec::new();\n let caps_contains = |cap| capabilities.split(\" \").any(|c| c == cap);\n let use_sideband = caps_contains(\"side-band-64k\") || caps_contains(\"side-band\");\n\n // report-status = unpack-status\n // 1*(command-status)\n // flush-pkt\n if caps_contains(\"report-status\") || caps_contains(\"report-status-v2\") {\n // command-status = command-ok / command-fail\n // command-ok = PKT-LINE(\"ok\" SP refname)\n // command-fail = PKT-LINE(\"ng\" SP refname SP error-msg)\n let ng_line = |ref_name, msg| format!(\"ng {ref_name} {msg}\");\n let ok_line = |ref_name| format!(\"ok {ref_name}\");\n\n if use_sideband {\n response.extend_from_slice(\u0026sideband_pkt_line(1, UNPACK_OK));\n for ref_update in all_refs {\n if let Some(err) = refs_errors.get(ref_update.ref_name) {\n response.extend_from_slice(\u0026sideband_pkt_line(\n 1,\n ng_line(\u0026ref_update.ref_name, err).as_bytes(),\n ));\n } else {\n response.extend_from_slice(\u0026sideband_pkt_line(\n 1,\n ok_line(ref_update.ref_name).as_bytes(),\n ));\n }\n }\n // side-band flush-pkt\n response.extend_from_slice(\u0026sideband_pkt_line(1, b\"0000\"));\n // flush-pkt\n response.extend_from_slice(b\"0000\");\n } else {\n response.extend_from_slice(\u0026pkt_line(UNPACK_OK));\n for ref_update in all_refs {\n if let Some(err) = refs_errors.get(ref_update.ref_name) {\n response.extend_from_slice(\u0026pkt_line(\n ng_line(\u0026ref_update.ref_name, err).as_bytes(),\n ));\n } else {\n response.extend_from_slice(\u0026pkt_line(ok_line(ref_update.ref_name).as_bytes()));\n }\n }\n // flush-pkt\n response.extend_from_slice(b\"0000\");\n }\n }\n response\n}\n\n/// Creates an error response that Git clients will display to users.\npub fn git_receive_pack_error(\n refs_errors: \u0026HashMap\u003c\u0026str, \u0026'static str\u003e,\n all_refs: \u0026[RefUpdatePkt],\n capabilities: \u0026str,\n) -\u003e Response {\n let body = git_errors_response(refs_errors, all_refs, capabilities);\n\n Response::builder()\n .status(StatusCode::OK)\n .header(\"Content-Type\", \"application/x-git-receive-pack-result\")\n .body(Body::from(body))\n .expect(\"valid response\")\n}\n\n/// Extract the refs from the repository state event\n#[inline]\npub fn extract_refs(repo_state: \u0026Event) -\u003e impl Iterator\u003cItem = (\u0026str, \u0026str)\u003e {\n repo_state.tags.iter().filter_map(|tag| {\n let tag_kind = tag.as_slice().first()?.as_str();\n if (tag_kind.starts_with(\"refs/heads/\") || tag_kind.starts_with(\"refs/tags/\"))\n \u0026\u0026 let Some(commit_id) = tag.content()\n {\n return Some((tag_kind, commit_id));\n }\n None\n })\n}\n\n/// Check if the ref match with the repository state\npub fn check_ref_update(ref_update: \u0026RefUpdatePkt, repo_state: \u0026Event) -\u003e Result\u003c(), \u0026'static str\u003e {\n let ref_commit = extract_refs(repo_state)\n .find_map(|(name, commit)| (ref_update.ref_name == name).then_some(commit));\n\n // Return an error if the ref is not found and the operation is not a delete\n if ref_commit.is_none() \u0026\u0026 !ref_update.is_delete() {\n return Err(\n \"Reference not found. The reference must exist in the repository state to update it\",\n );\n }\n\n // Return an error if attempting to delete a ref that is still present in the\n // repository state\n if ref_commit.is_some() \u0026\u0026 ref_update.is_delete() {\n return Err(\"Cannot delete reference: it still exists in the repository state\");\n }\n\n // Return an error if the ref's current commit doesn't match the new commit\n if let Some(commit) = ref_commit\n \u0026\u0026 commit != ref_update.new_commit\n {\n return Err(\n \"Commit mismatch: the new commit doesn't match the repository state for this reference\",\n );\n }\n\n // Accept if:\n // - ref is not found the the commit is delete\n // - ref is found and match the new commit\n Ok(())\n}\n\n/// Check if the push should be continue, if not return the error message\npub async fn is_legal_push\u003c'a\u003e(\n ref_updates: \u0026[RefUpdatePkt\u003c'a\u003e],\n db: \u0026Arc\u003cdyn NostrDatabase\u003e,\n repo: \u0026PublicKeyAndRepoPath,\n) -\u003e Result\u003cHashMap\u003c\u0026'a str, \u0026'static str\u003e, (StatusCode, \u0026'static str)\u003e {\n // Repo announcement from the author\n let Some(repo_announcement) = db\n .query(\n Filter::new()\n .author(repo.public_key)\n .identifier(\u0026repo.repo_name)\n .kind(Kind::GitRepoAnnouncement),\n )\n .await\n .map_err(|_| {\n (\n StatusCode::INTERNAL_SERVER_ERROR,\n \"Database error. Try to push later :(\",\n )\n })?\n .first_owned()\n else {\n return Err((\n StatusCode::INTERNAL_SERVER_ERROR,\n \"No repository announcement found. It should be there but it's not. Broadcast it \\\n please :)\",\n ));\n };\n\n // Repo state event from the author or one of the maintainers\n let Some(repo_state) = db\n .query(\n Filter::new()\n .author(repo.public_key)\n .authors(crate::utils::get_maintainers(\u0026repo_announcement).copied())\n .identifier(\u0026repo.repo_name)\n .kind(Kind::RepoState),\n )\n .await\n .map_err(|_| {\n (\n StatusCode::INTERNAL_SERVER_ERROR,\n \"Database error. Try to push later :(\",\n )\n })?\n .first_owned()\n else {\n return Err((\n StatusCode::BAD_REQUEST,\n \"No repository state announcements found. Broadcast it to the relay first\",\n ));\n };\n\n Ok(ref_updates\n .iter()\n .filter_map(|ref_update| {\n check_ref_update(ref_update, \u0026repo_state)\n .err()\n .map(|err| (ref_update.ref_name, err))\n })\n .collect())\n}\n",
"sig": "6accfd9df3b971929078446a3ce0a1992674c15620273900ec32bf6ef0210b22b0cfc207752670e39efba3d9833066edfdba2bd1cadda30264f3865227839d6e"
}