Merge branch 'main' into lm/oidctoken-exe-path

author: Liam Mitchell <[email protected]> 2026-03-09 18:25:30 -0700
committer: Liam Mitchell <[email protected]> 2026-03-09 18:25:30 -0700
commit: 57c1683b2935c834250b73eb506319ed67946160 (patch)
tree: 1fc8f237010b26e65659b731fe6f6eae30422f5c /src/zenserver/storage
parent: Allow external OidcToken executable to be specified unless disabled via comma... (diff)
parent: reduce lock time for project store gc precache and gc validate (#750) (diff)
download: zen-57c1683b2935c834250b73eb506319ed67946160.tar.xz
zen-57c1683b2935c834250b73eb506319ed67946160.zip
7 files changed, 113 insertions, 23 deletions
diff --git a/src/zenserver/storage/admin/admin.cpp b/src/zenserver/storage/admin/admin.cpp
index 04f43d33a..19155e02b 100644
--- a/src/zenserver/storage/admin/admin.cpp
+++ b/src/zenserver/storage/admin/admin.cpp
@@ -121,7 +121,10 @@ HttpAdminService::HttpAdminService(GcScheduler&			   Scheduler,
 		},
 		HttpVerb::kGet);
 
-	m_Router.AddPattern("jobid", "([[:digit:]]+?)");
+	static constexpr AsciiSet ValidNumberCharactersSet{"0123456789"};
+
+	m_Router.AddMatcher("jobid",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidNumberCharactersSet); });
 
 	m_Router.RegisterRoute(
 		"jobs",
@@ -539,7 +542,7 @@ HttpAdminService::HttpAdminService(GcScheduler&			   Scheduler,
 			const HttpServerRequest::QueryParams Params	 = HttpReq.GetQueryParams();
 
 			GcScheduler::TriggerScrubParams ScrubParams;
-			ScrubParams.MaxTimeslice = std::chrono::seconds(100);
+			ScrubParams.MaxTimeslice = std::chrono::seconds(300);
 
 			if (auto Param = Params.GetValue("skipdelete"); Param.empty() == false)
 			{
@@ -556,6 +559,14 @@ HttpAdminService::HttpAdminService(GcScheduler&			   Scheduler,
 				ScrubParams.SkipCas = (Param == "true"sv);
 			}
 
+			if (auto Param = Params.GetValue("maxtimeslice"); Param.empty() == false)
+			{
+				if (auto Value = ParseInt<uint64_t>(Param))
+				{
+					ScrubParams.MaxTimeslice = std::chrono::seconds(Value.value());
+				}
+			}
+
 			m_GcScheduler.TriggerScrub(ScrubParams);
 
 			CbObjectWriter Response;
diff --git a/src/zenserver/storage/buildstore/httpbuildstore.cpp b/src/zenserver/storage/buildstore/httpbuildstore.cpp
index 18fae7027..f5ba30616 100644
--- a/src/zenserver/storage/buildstore/httpbuildstore.cpp
+++ b/src/zenserver/storage/buildstore/httpbuildstore.cpp
@@ -48,10 +48,20 @@ HttpBuildStoreService::Initialize()
 {
 	ZEN_LOG_INFO(LogBuilds, "Initializing Builds Service");
 
-	m_Router.AddPattern("namespace", "([[:alnum:]\\-_.]+)");
-	m_Router.AddPattern("bucket", "([[:alnum:]\\-_.]+)");
-	m_Router.AddPattern("buildid", "([[:xdigit:]]{24})");
-	m_Router.AddPattern("hash", "([[:xdigit:]]{40})");
+	static constexpr AsciiSet ValidNamespaceCharactersSet{"abcdefghijklmnopqrstuvwxyz0123456789-_.ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+	static constexpr AsciiSet ValidBucketCharactersSet{"abcdefghijklmnopqrstuvwxyz0123456789-_.ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+	static constexpr AsciiSet ValidHexCharactersSet{"0123456789abcdefABCDEF"};
+
+	m_Router.AddMatcher("namespace",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidNamespaceCharactersSet); });
+	m_Router.AddMatcher("bucket",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidBucketCharactersSet); });
+	m_Router.AddMatcher("buildid", [](std::string_view Str) -> bool {
+		return Str.length() == Oid::StringLength && AsciiSet::HasOnly(Str, ValidHexCharactersSet);
+	});
+	m_Router.AddMatcher("hash", [](std::string_view Str) -> bool {
+		return Str.length() == IoHash::StringLength && AsciiSet::HasOnly(Str, ValidHexCharactersSet);
+	});
 
 	m_Router.RegisterRoute(
 		"{namespace}/{bucket}/{buildid}/blobs/{hash}",
diff --git a/src/zenserver/storage/objectstore/objectstore.cpp b/src/zenserver/storage/objectstore/objectstore.cpp
index d8ad40621..052c3d630 100644
--- a/src/zenserver/storage/objectstore/objectstore.cpp
+++ b/src/zenserver/storage/objectstore/objectstore.cpp
@@ -271,8 +271,13 @@ HttpObjectStoreService::Inititalize()
 		CreateDirectories(BucketsPath);
 	}
 
-	m_Router.AddPattern("path", "([[:alnum:]/_.,;$~\\{\\}\\+\\-\\[\\]\\%\\(\\)]+)");
-	m_Router.AddPattern("bucket", "([[:alnum:]\\-_.]+)");
+	static constexpr AsciiSet ValidPathCharactersSet{"abcdefghijklmnopqrstuvwxyz0123456789/_.,;$~{}+-[]%()]ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+	static constexpr AsciiSet ValidBucketCharactersSet{"abcdefghijklmnopqrstuvwxyz0123456789-_.ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+
+	m_Router.AddMatcher("path",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidPathCharactersSet); });
+	m_Router.AddMatcher("bucket",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidBucketCharactersSet); });
 
 	m_Router.RegisterRoute(
 		"bucket",
diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp
index 91c0a8af1..e3dd52ca7 100644
--- a/src/zenserver/storage/projectstore/httpprojectstore.cpp
+++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp
@@ -565,11 +565,23 @@ HttpProjectService::HttpProjectService(CidStore&					Store,
 
 	using namespace std::literals;
 
-	m_Router.AddPattern("project", "([[:alnum:]_.]+)");
-	m_Router.AddPattern("log", "([[:alnum:]_.]+)");
-	m_Router.AddPattern("op", "([[:digit:]]+?)");
-	m_Router.AddPattern("chunk", "([[:xdigit:]]{24})");
-	m_Router.AddPattern("hash", "([[:xdigit:]]{40})");
+	static constexpr AsciiSet ValidProjectCharactersSet{"abcdefghijklmnopqrstuvwxyz0123456789_.ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+	static constexpr AsciiSet ValidOplogCharactersSet{"abcdefghijklmnopqrstuvwxyz0123456789_.ABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+	static constexpr AsciiSet ValidNumberCharactersSet{"0123456789"};
+	static constexpr AsciiSet ValidHexCharactersSet{"0123456789abcdefABCDEF"};
+
+	m_Router.AddMatcher("project",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidProjectCharactersSet); });
+	m_Router.AddMatcher("log",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidOplogCharactersSet); });
+	m_Router.AddMatcher("op",
+						[](std::string_view Str) -> bool { return !Str.empty() && AsciiSet::HasOnly(Str, ValidNumberCharactersSet); });
+	m_Router.AddMatcher("chunk", [](std::string_view Str) -> bool {
+		return Str.length() == Oid::StringLength && AsciiSet::HasOnly(Str, ValidHexCharactersSet);
+	});
+	m_Router.AddMatcher("hash", [](std::string_view Str) -> bool {
+		return Str.length() == IoHash::StringLength && AsciiSet::HasOnly(Str, ValidHexCharactersSet);
+	});
 
 	m_Router.RegisterRoute(
 		"",
@@ -2900,6 +2912,8 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req)
 				};
 				tsl::robin_map<IoHash, AddedChunk, IoHash::Hasher> AddedChunks;
 
+				const std::filesystem::path CanonicalRoot = std::filesystem::canonical(Project->RootDir);
+
 				Oplog->IterateOplog(
 					[&](CbObjectView Op) {
 						bool OpRewritten = false;
@@ -2918,10 +2932,36 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req)
 
 								if (DataHash == IoHash::Zero)
 								{
-									std::string_view	  ServerPath = View["serverpath"sv].AsString();
-									std::filesystem::path FilePath	 = Project->RootDir / ServerPath;
-									BasicFile			  DataFile;
-									std::error_code		  Ec;
+									std::string_view ServerPath = View["serverpath"sv].AsString();
+									if (CanonicalRoot.empty())
+									{
+										ZEN_WARN("Attempting to load file '{}' from project with unset project root", ServerPath);
+										AllOk = false;
+										continue;
+									}
+
+									std::error_code				Ec;
+									const std::filesystem::path FilePath = std::filesystem::canonical(Project->RootDir / ServerPath, Ec);
+
+									if (Ec)
+									{
+										ZEN_WARN("Failed to find file '{}' in project root '{}' for 'snapshot'. Reason: '{}'",
+												 ServerPath,
+												 Project->RootDir,
+												 Ec.message());
+										AllOk = false;
+										continue;
+									}
+
+									if (std::mismatch(CanonicalRoot.begin(), CanonicalRoot.end(), FilePath.begin()).first !=
+										CanonicalRoot.end())
+									{
+										ZEN_WARN("Unable to read file '{}' outside of project root '{}'", FilePath, CanonicalRoot);
+										AllOk = false;
+										continue;
+									}
+
+									BasicFile DataFile;
 									DataFile.Open(FilePath, BasicFile::Mode::kRead, Ec);
 
 									if (Ec)
diff --git a/src/zenserver/storage/workspaces/httpworkspaces.cpp b/src/zenserver/storage/workspaces/httpworkspaces.cpp
index 3fea46b2f..dc4cc7e69 100644
--- a/src/zenserver/storage/workspaces/httpworkspaces.cpp
+++ b/src/zenserver/storage/workspaces/httpworkspaces.cpp
@@ -169,10 +169,20 @@ HttpWorkspacesService::Initialize()
 
 	ZEN_LOG_INFO(LogFs, "Initializing Workspaces Service");
 
-	m_Router.AddPattern("workspace_id", "([[:xdigit:]]{24})");
-	m_Router.AddPattern("share_id", "([[:xdigit:]]{24})");
-	m_Router.AddPattern("chunk", "([[:xdigit:]]{24})");
-	m_Router.AddPattern("share_alias", "([[:alnum:]_.\\+\\-\\[\\]]+)");
+	static constexpr AsciiSet ValidHexCharactersSet{"0123456789abcdefABCDEF"};
+
+	m_Router.AddMatcher("workspace_id", [](std::string_view Str) -> bool {
+		return Str.length() == Oid::StringLength && AsciiSet::HasOnly(Str, ValidHexCharactersSet);
+	});
+	m_Router.AddMatcher("share_id", [](std::string_view Str) -> bool {
+		return Str.length() == Oid::StringLength && AsciiSet::HasOnly(Str, ValidHexCharactersSet);
+	});
+	m_Router.AddMatcher("chunk", [](std::string_view Str) -> bool {
+		return Str.length() == Oid::StringLength && AsciiSet::HasOnly(Str, ValidHexCharactersSet);
+	});
+	m_Router.AddMatcher("share_alias", [](std::string_view Str) -> bool {
+		return !Str.empty() && AsciiSet::HasOnly(Str, Workspaces::ValidAliasCharactersSet);
+	});
 
 	m_Router.RegisterRoute(
 		"{workspace_id}/{share_id}/files",
diff --git a/src/zenserver/storage/zenstorageserver.cpp b/src/zenserver/storage/zenstorageserver.cpp
index cf4936f6f..edce75d2a 100644
--- a/src/zenserver/storage/zenstorageserver.cpp
+++ b/src/zenserver/storage/zenstorageserver.cpp
@@ -17,6 +17,7 @@
 #include <zencore/sentryintegration.h>
 #include <zencore/session.h>
 #include <zencore/string.h>
+#include <zencore/system.h>
 #include <zencore/thread.h>
 #include <zencore/timer.h>
 #include <zencore/trace.h>
@@ -683,8 +684,8 @@ ZenStorageServer::Run()
 			"        \\/   \\/     \\/          \\/                         \\/ \n");
 
 		ExtendableStringBuilder<256> BuildOptions;
-		GetBuildOptions(BuildOptions);
-		ZEN_INFO("Build options: {}", BuildOptions);
+		GetBuildOptions(BuildOptions, '\n');
+		ZEN_INFO("Build options ({}/{}):\n{}", GetOperatingSystemName(), GetCpuName(), BuildOptions);
 	}
 
 	ZEN_INFO(ZEN_APP_NAME " now running (pid: {})", GetCurrentProcessId());
@@ -904,6 +905,16 @@ ZenStorageServerMain::ZenStorageServerMain(ZenStorageServerConfig& ServerOptions
 {
 }
 
+ZenStorageServerMain::~ZenStorageServerMain()
+{
+}
+
+void
+ZenStorageServerMain::InitializeLogging()
+{
+	InitializeServerLogging(m_ServerOptions, /* WithCacheService */ true);
+}
+
 void
 ZenStorageServerMain::DoRun(ZenServerState::ZenServerEntry* Entry)
 {
diff --git a/src/zenserver/storage/zenstorageserver.h b/src/zenserver/storage/zenstorageserver.h
index f79c55bc8..5ccb587d6 100644
--- a/src/zenserver/storage/zenstorageserver.h
+++ b/src/zenserver/storage/zenstorageserver.h
@@ -103,7 +103,10 @@ class ZenStorageServerMain : public ZenServerMain
 {
 public:
 	ZenStorageServerMain(ZenStorageServerConfig& ServerOptions);
+	~ZenStorageServerMain();
+
 	virtual void DoRun(ZenServerState::ZenServerEntry* Entry) override;
+	virtual void InitializeLogging() override;
 
 	ZenStorageServerMain(const ZenStorageServerMain&) = delete;
 	ZenStorageServerMain& operator=(const ZenStorageServerMain&) = delete;
author	Liam Mitchell <[email protected]>	2026-03-09 18:25:30 -0700
committer	Liam Mitchell <[email protected]>	2026-03-09 18:25:30 -0700
commit	57c1683b2935c834250b73eb506319ed67946160 (patch)
tree	1fc8f237010b26e65659b731fe6f6eae30422f5c /src/zenserver/storage
parent	Allow external OidcToken executable to be specified unless disabled via comma... (diff)
parent	reduce lock time for project store gc precache and gc validate (#750) (diff)
download	zen-57c1683b2935c834250b73eb506319ed67946160.tar.xz zen-57c1683b2935c834250b73eb506319ed67946160.zip