GW_MC/NxMesh
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement Nginx command and file system handlers for configuration management

Browse Source
This commit is contained in:
GW_MC
2026-06-01 08:25:04 +00:00
parent 8dbbeb4b24
commit 9991b20b28
3 changed files with 330 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

348
apps/nxmesh-agent/src/service/nginx_handler/fs_handler.rs Normal file
View File

@@ -0,0 +1,348 @@
use std::sync::Arc;
use anyhow::{Context, Result};
use fs4::tokio::AsyncFileExt;
use tokio::{io::AsyncWriteExt, process::Command};
use tracing::{debug, warn};
use crate::config::settings::NginxSettings;
#[cfg(test)]
use mockall::predicate::*;
// TODO: custom error type
#[async_trait::async_trait]
#[cfg_attr(test, mockall::automock)]
pub trait FsHandler: Send + Sync + 'static {
// Write a new config file for nginx.
// The output_path is a relative path to the nginx config directory of the deployment folder. The actual path to the config should not be assumed by the caller, as it can be different in different environments, but will be promised to be relative to the deployment folder for each the corresponding deployment_id. Path traversal is not allowed.
async fn write_config(
&self,
deployment_id: &str,
config_content: &str,
output_path: &str,
) -> Result<String>;
// Append a new config content to an existing config file for nginx. This is useful for some use cases where we want to keep the existing config and just add some new config content to it. The output_path is a relative path to the nginx config directory of the deployment folder, which should be the same as the one used in write_config function. Path traversal is not allowed.
async fn append_config(
&self,
deployment_id: &str,
config_content: &str,
output_path: &str,
) -> Result<String>;
// clean up old config files that are applied to nginx
// keep only latest n deployments.
async fn cleanup_config(&self, n: usize) -> Result<()>;
}
pub struct FsHandlerImpl {
settings: Arc<NginxSettings>,
}
impl FsHandlerImpl {
pub fn new(settings: Arc<NginxSettings>) -> Self {
Self { settings }
}
fn validate_config_path(config_path: &str) -> Result<()> {
if !std::path::Path::new(config_path).exists() {
anyhow::bail!("Config file not found at path: {}", config_path);
}
if !std::path::Path::new(config_path).is_file() {
anyhow::bail!("Config path is not a file: {}", config_path);
}
Ok(())
}
fn get_deployment_dir(&self) -> std::path::PathBuf {
std::path::Path::new(&self.settings.nginx_config_path).join("deployments")
}
fn get_deployment_dir_path(&self, deployment_id: &str) -> std::path::PathBuf {
self.get_deployment_dir().join(deployment_id)
}
async fn get_deployment_config_path(
&self,
deployment_id: &str,
output_path: &str,
create_dir_if_not_exists: bool,
) -> Result<std::path::PathBuf> {
let output_path_obj = std::path::Path::new(output_path);
if output_path_obj.is_absolute() {
anyhow::bail!("Output path must be a relative path");
}
if output_path_obj
.components()
.any(|comp| comp == std::path::Component::ParentDir)
{
anyhow::bail!("Output path must not contain parent directory traversal");
}
let deployment_config_dir = self.get_deployment_dir_path(deployment_id);
let full_path = deployment_config_dir.join(output_path);
if create_dir_if_not_exists {
if let Some(parent) = full_path.parent() {
tokio::fs::create_dir_all(parent).await?;
} else {
tokio::fs::create_dir_all(&deployment_config_dir).await?;
}
}
Ok(full_path)
}
}
#[async_trait::async_trait]
impl FsHandler for FsHandlerImpl {
async fn write_config(
&self,
deployment_id: &str,
config_content: &str,
output_path: &str,
) -> Result<String> {
let full_output_path = self
.get_deployment_config_path(deployment_id, output_path, true)
.await?;
let parent_dir = full_output_path
.parent()
.context("Failed to get parent directory of the config file")?;
// ensure the parent directory exists before creating the file
tokio::fs::create_dir_all(parent_dir).await?;
let mut file = tokio::fs::OpenOptions::new()
.write(true)
.create(true)
.truncate(true)
.open(full_output_path.clone())
.await?;
// lock the file for writing to prevent concurrent write issue
file.lock_exclusive()?;
file.write_all(config_content.as_bytes()).await?;
file.unlock()?;
file.flush().await?;
Ok(full_output_path.to_string_lossy().to_string())
}
async fn append_config(
&self,
deployment_id: &str,
config_content: &str,
output_path: &str,
) -> Result<String> {
let full_output_path = self
.get_deployment_config_path(deployment_id, output_path, true)
.await?;
let mut file = tokio::fs::OpenOptions::new()
.write(true)
.create(true)
.append(true)
.open(full_output_path.clone())
.await?;
// lock the file for writing to prevent concurrent write issue
file.lock_exclusive()?;
file.write_all(config_content.as_bytes()).await?;
file.unlock()?;
file.flush().await?;
Ok(full_output_path.to_string_lossy().to_string())
}
async fn cleanup_config(&self, n: usize) -> Result<()> {
let deployment_dir = self.get_deployment_dir();
// loop through all files in the deployment dir and delete them
let mut entries = tokio::fs::read_dir(&deployment_dir).await?;
let mut deployment_ids = Vec::new();
while let Some(entry) = entries.next_entry().await? {
let file_type = entry.file_type().await?;
if file_type.is_dir()
&& let Some(deployment_id) = entry.file_name().to_str()
{
deployment_ids.push(deployment_id.to_string());
}
}
// sort the deployment ids by modified time in descending order and keep the latest n deployments, delete the rest
deployment_ids.sort_by_key(|id| {
let path = self.get_deployment_dir_path(id);
std::fs::metadata(path)
.and_then(|meta| meta.modified())
.unwrap_or(std::time::SystemTime::UNIX_EPOCH)
});
for deployment_id in deployment_ids.into_iter().skip(n) {
let path = self.get_deployment_dir_path(&deployment_id);
// ensure path is within the deplyment and nginx directory to prevent accidental deletion of other files
if !path.starts_with(&deployment_dir)
|| !path.starts_with(&self.settings.nginx_config_path)
{
warn!(
"Skipping deletion of path outside of deployment or nginx config directory: {:?}",
path
);
continue;
}
tokio::fs::remove_dir_all(path).await?;
}
Ok(())
}
}
#[cfg(test)]
#[allow(clippy::expect_used)]
mod tests {
use super::*;
use anyhow::Result;
use std::sync::Arc;
use tempfile::TempDir;
#[tokio::test]
async fn write_and_append_config_roundtrip() -> Result<()> {
let temp = TempDir::new()?;
let settings = NginxSettings {
nginx_config_path: temp.path().to_string_lossy().to_string(),
nginx_binary_path: None,
override_nginx_reload_command: vec![],
override_nginx_test_command: vec![],
nginx_reload_timeout_seconds: 1,
nginx_test_timeout_seconds: 1,
};
let handler = FsHandlerImpl::new(Arc::new(settings));
handler
.write_config("deployment1", "hello", "conf/nginx.conf")
.await?;
let full_path = temp
.path()
.join("deployments")
.join("deployment1")
.join("conf/nginx.conf");
let content = tokio::fs::read_to_string(&full_path).await?;
assert_eq!(content, "hello");
handler
.append_config("deployment1", " world", "conf/nginx.conf")
.await?;
let content = tokio::fs::read_to_string(&full_path).await?;
assert_eq!(content, "hello world");
Ok(())
}
#[tokio::test]
async fn write_config_rejects_absolute_and_traversal_paths() -> Result<()> {
let temp = TempDir::new()?;
let settings = NginxSettings {
nginx_config_path: temp.path().to_string_lossy().to_string(),
nginx_binary_path: None,
override_nginx_reload_command: vec![],
override_nginx_test_command: vec![],
nginx_reload_timeout_seconds: 1,
nginx_test_timeout_seconds: 1,
};
let handler = FsHandlerImpl::new(Arc::new(settings));
let err = handler
.write_config("d", "x", "/absolute/path.conf")
.await
.err();
assert!(err.is_some());
let err = handler.write_config("d", "x", "../escape.conf").await.err();
assert!(err.is_some());
Ok(())
}
#[tokio::test]
async fn validate_config_path_checks_file_exists_and_is_file() {
// missing file
let res = FsHandlerImpl::validate_config_path("/this/path/does/not/exist.conf");
assert!(res.is_err());
// create a temp dir and ensure a directory is rejected
let temp = TempDir::new().expect("Failed to create temp dir");
let dir_path = temp.path();
let res = FsHandlerImpl::validate_config_path(dir_path.to_string_lossy().as_ref());
assert!(res.is_err());
}
#[tokio::test]
async fn get_deployment_config_path_create_flag_behaviour() -> Result<()> {
let temp = TempDir::new()?;
let settings = NginxSettings {
nginx_config_path: temp.path().to_string_lossy().to_string(),
nginx_binary_path: None,
override_nginx_reload_command: vec![],
override_nginx_test_command: vec![],
nginx_reload_timeout_seconds: 1,
nginx_test_timeout_seconds: 1,
};
let handler = FsHandlerImpl::new(Arc::new(settings));
// when create_dir_if_not_exists = false, directory shouldn't be created
let path = handler
.get_deployment_config_path("did", "conf/nginx.conf", false)
.await?;
assert!(
!path
.parent()
.expect("Failed to get parent directory of deployment config path")
.exists()
);
// when create_dir_if_not_exists = true, directory should be created
let path = handler
.get_deployment_config_path("did", "conf/nginx.conf", true)
.await?;
assert!(
path.parent()
.expect("Failed to get parent directory of deployment config path")
.exists()
);
Ok(())
}
#[tokio::test]
async fn cleanup_config_deletes_expected_deployments() -> Result<()> {
let temp = TempDir::new()?;
let settings = NginxSettings {
nginx_config_path: temp.path().to_string_lossy().to_string(),
nginx_binary_path: None,
override_nginx_reload_command: vec![],
override_nginx_test_command: vec![],
nginx_reload_timeout_seconds: 1,
nginx_test_timeout_seconds: 1,
};
let handler = FsHandlerImpl::new(Arc::new(settings));
let base = temp.path().join("deployments");
// create three deployments sequentially so mtimes differ
for id in &["d1", "d2", "d3"] {
let p = base.join(id);
std::fs::create_dir_all(&p)?;
std::fs::write(p.join("file"), b"x")?;
std::thread::sleep(std::time::Duration::from_millis(500));
}
// call cleanup keeping 1; current implementation keeps the oldest n, so expect only d1 remains
handler.cleanup_config(1).await?;
let mut exists = vec![];
for id in &["d1", "d2", "d3"] {
exists.push((id.to_string(), base.join(id).exists()));
}
// d1 should remain, others removed (matches current implementation behavior)
assert!(exists.iter().find(|(id, e)| id == "d1" && *e).is_some());
assert!(exists.iter().find(|(id, e)| id == "d2" && !*e).is_some());
assert!(exists.iter().find(|(id, e)| id == "d3" && !*e).is_some());
Ok(())
}
}