Use ructe static file support to serve static files with hashes and caching

chore(deps): Bump serde from 1.0.142 to 1.0.143

.cargo/audit.toml

@@ -1,3 +1 @@
 [advisories]
-# TODO: check if chrono fixed this
-ignore = [ "RUSTSEC-2020-0159", "RUSTSEC-2020-0071" ]

.envrc

@@ -0,0 +1 @@
+eval "$(lorri direnv)"

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "hoc"
-version = "0.21.2"
+version = "0.22.4"
 authors = ["Valentin Brandl <vbrandl@riseup.net>"]
 edition = "2018"
 build = "build.rs"
@@ -13,34 +13,35 @@ path = "src/main.rs"
 name = "hoc"
 
 [dependencies]
-actix-rt = "2.6.0"
-actix-web = "4.0.0-rc.3"
+actix-rt = "2.7.0"
+actix-web = "4.1.0"
 badge = "0.3.0"
-bytes = "1.1.0"
-config = { version = "0.11.0", features = ["toml"] }
+bytes = "1.2.1"
+config = { version = "0.13.2", features = ["toml"] }
 dotenv = "0.15.0"
 futures = "0.3.21"
-git2 = "0.13.25"
+git2 = "0.15.0"
 lazy_static = "1.4.0"
+mime = "0.3"
 number_prefix = "0.4.0"
 openssl-probe = "0.1.5"
-reqwest = "0.11.9"
-serde = "1.0.136"
-serde_derive = "1.0.136"
-serde_json = "1.0.79"
-tracing = "0.1.31"
-tracing-actix-web = "0.5.0-rc.3"
-tracing-bunyan-formatter = "0.3.2"
+reqwest = "0.11.11"
+serde = "1.0.143"
+serde_derive = "1.0.137"
+serde_json = "1.0.83"
+tracing = "0.1.36"
+tracing-actix-web = "0.6.0"
+tracing-bunyan-formatter = "0.3.3"
 tracing-futures = "0.2.5"
-tracing-log = "0.1.2"
-tracing-subscriber = { version = "0.3.9", features = ["registry", "env-filter"] }
+tracing-log = "0.1.3"
+tracing-subscriber = { version = "0.3.15", features = ["registry", "env-filter"] }
 
 [build-dependencies]
-ructe = "0.14.0"
-vergen = { version = "6.0.2", default-features = false, features = ["git"] }
+ructe = { version = "0.14.0", features = ["mime03"] }
+vergen = { version = "7.3.1", default-features = false, features = ["git"] }
 
 [dev-dependencies]
-awc = "3.0.0-beta.21"
+awc = "3.0.0"
 ructe = "0.14.0"
 tempfile = "3.3.0"
-tokio = "1.17.0"
+tokio = "1.20.1"

build.rs

@@ -8,5 +8,8 @@ fn main() -> Result<(), RucteError> {
     let mut config = Config::default();
     *config.git_mut().sha_kind_mut() = ShaKind::Short;
     vergen(config).expect("Unable to generate static repo info");
-    Ructe::from_env()?.compile_templates("templates")
+    let mut ructe = Ructe::from_env()?;
+    let mut statics = ructe.statics()?;
+    statics.add_files("static")?;
+    ructe.compile_templates("templates")
 }

crate-hashes.json

@@ -1 +0,0 @@
-{}

default.nix

@@ -1,56 +0,0 @@
-{ sources ? import ./nix/sources.nix
-, system ? builtins.currentSystem
-}:
-
-let
-  rustOverlay = import "${sources.nixpkgs-mozilla}/rust-overlay.nix";
-  cargo2nixOverlay = import "${sources.cargo2nix}/overlay";
-
-  pkgs = import sources.nixpkgs {
-  # pkgs = import <nixpkgs> {
-    inherit system;
-    overlays = [ cargo2nixOverlay rustOverlay ];
-  };
-
-  rustPkgs = pkgs.rustBuilder.makePackageSet' {
-    rustChannel = "stable";
-    packageFun = import ./Cargo.nix;
-    localPatterns =
-      [
-        ''^(src|tests)(/.*)?''
-        ''[^/]*\.(rs|toml)$''
-        # include other directory from the project repository
-        ''^templates(/.*)?''
-        ''^static(/.*)?''
-        ''^.git.*(/.*)?''
-      ];
-    # packageOverrides
-  };
-in
-rec {
-  inherit rustPkgs;
-  shell = pkgs.mkShell {
-    inputsFrom = pkgs.lib.mapAttrsToList (_: pkg: pkg { }) rustPkgs.noBuild.workspace;
-    nativeBuildInputs = with rustPkgs; [ cargo rustc ];
-  };
-  package = (rustPkgs.workspace.hoc {}).overrideAttrs (drv: {
-      buildInputs = drv.buildInputs or [ ] ++ [ pkgs.git ];
-  });
-  dockerImage =
-    pkgs.dockerTools.buildImage {
-      name = "vbrandl/hits-of-code";
-      tag = package.version;
-
-      contents =
-        [
-          package
-          pkgs.cacert
-          pkgs.gitMinimal
-        ];
-
-      config = {
-        Cmd = [ "/bin/hoc" ];
-        WorkingDir = "/home/hoc";
-      };
-    };
-}

nix/sources.json

@@ -1,50 +0,0 @@
-{
-    "cargo2nix": {
-        "branch": "master",
-        "description": "Convert a Cargo.lock to mkRustCrate statements for import in Nix",
-        "homepage": "",
-        "owner": "tenx-tech",
-        "repo": "cargo2nix",
-        "rev": "7bc062ccffc41dc7d3759b8b797e8b4f8dd23a15",
-        "sha256": "1z7xwk1hbp26aydsk3y07riy0ivwqss06n1470mvdl7allfcd1w5",
-        "type": "tarball",
-        "url": "https://github.com/tenx-tech/cargo2nix/archive/7bc062ccffc41dc7d3759b8b797e8b4f8dd23a15.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "niv": {
-        "branch": "master",
-        "description": "Easy dependency management for Nix projects",
-        "homepage": "https://github.com/nmattia/niv",
-        "owner": "nmattia",
-        "repo": "niv",
-        "rev": "98c74a80934123cb4c3bf3314567f67311eb711a",
-        "sha256": "1w8n54hapd4x9f1am33icvngkqns7m3hl9yair38yqq08ffwg0kn",
-        "type": "tarball",
-        "url": "https://github.com/nmattia/niv/archive/98c74a80934123cb4c3bf3314567f67311eb711a.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "nixpkgs": {
-        "branch": "nixpkgs-unstable",
-        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
-        "homepage": "https://github.com/NixOS/nixpkgs",
-        "owner": "NixOS",
-        "repo": "nixpkgs-channels",
-        "rev": "f6bfb371cba2b5a02f200c2747c1fe2c72bd782f",
-        "sha256": "0y3hlbyvznrpr1d2vxj2511hkjg733wdnxfaib3fgy9i9jr8ivzn",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs-channels/archive/f6bfb371cba2b5a02f200c2747c1fe2c72bd782f.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "nixpkgs-mozilla": {
-        "branch": "master",
-        "description": "mozilla related nixpkgs (extends nixos/nixpkgs repo)",
-        "homepage": null,
-        "owner": "mozilla",
-        "repo": "nixpkgs-mozilla",
-        "rev": "e912ed483e980dfb4666ae0ed17845c4220e5e7c",
-        "sha256": "08fvzb8w80bkkabc1iyhzd15f4sm7ra10jn32kfch5klgl0gj3j3",
-        "type": "tarball",
-        "url": "https://github.com/mozilla/nixpkgs-mozilla/archive/e912ed483e980dfb4666ae0ed17845c4220e5e7c.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    }
-}

nix/sources.nix

@@ -1,134 +0,0 @@
-# This file has been generated by Niv.
-
-let
-
-  #
-  # The fetchers. fetch_<type> fetches specs of type <type>.
-  #
-
-  fetch_file = pkgs: spec:
-    if spec.builtin or true then
-      builtins_fetchurl { inherit (spec) url sha256; }
-    else
-      pkgs.fetchurl { inherit (spec) url sha256; };
-
-  fetch_tarball = pkgs: spec:
-    if spec.builtin or true then
-      builtins_fetchTarball { inherit (spec) url sha256; }
-    else
-      pkgs.fetchzip { inherit (spec) url sha256; };
-
-  fetch_git = spec:
-    builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; };
-
-  fetch_builtin-tarball = spec:
-    builtins.trace
-      ''
-        WARNING:
-          The niv type "builtin-tarball" will soon be deprecated. You should
-          instead use `builtin = true`.
-
-          $ niv modify <package> -a type=tarball -a builtin=true
-      ''
-      builtins_fetchTarball { inherit (spec) url sha256; };
-
-  fetch_builtin-url = spec:
-    builtins.trace
-      ''
-        WARNING:
-          The niv type "builtin-url" will soon be deprecated. You should
-          instead use `builtin = true`.
-
-          $ niv modify <package> -a type=file -a builtin=true
-      ''
-      (builtins_fetchurl { inherit (spec) url sha256; });
-
-  #
-  # Various helpers
-  #
-
-  # The set of packages used when specs are fetched using non-builtins.
-  mkPkgs = sources:
-    let
-      sourcesNixpkgs =
-        import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {};
-      hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
-      hasThisAsNixpkgsPath = <nixpkgs> == ./.;
-    in
-      if builtins.hasAttr "nixpkgs" sources
-      then sourcesNixpkgs
-      else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
-        import <nixpkgs> {}
-      else
-        abort
-          ''
-            Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
-            add a package called "nixpkgs" to your sources.json.
-          '';
-
-  # The actual fetching function.
-  fetch = pkgs: name: spec:
-
-    if ! builtins.hasAttr "type" spec then
-      abort "ERROR: niv spec ${name} does not have a 'type' attribute"
-    else if spec.type == "file" then fetch_file pkgs spec
-    else if spec.type == "tarball" then fetch_tarball pkgs spec
-    else if spec.type == "git" then fetch_git spec
-    else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec
-    else if spec.type == "builtin-url" then fetch_builtin-url spec
-    else
-      abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
-
-  # Ports of functions for older nix versions
-
-  # a Nix version of mapAttrs if the built-in doesn't exist
-  mapAttrs = builtins.mapAttrs or (
-    f: set: with builtins;
-    listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
-  );
-
-  # fetchTarball version that is compatible between all the versions of Nix
-  builtins_fetchTarball = { url, sha256 }@attrs:
-    let
-      inherit (builtins) lessThan nixVersion fetchTarball;
-    in
-      if lessThan nixVersion "1.12" then
-        fetchTarball { inherit url; }
-      else
-        fetchTarball attrs;
-
-  # fetchurl version that is compatible between all the versions of Nix
-  builtins_fetchurl = { url, sha256 }@attrs:
-    let
-      inherit (builtins) lessThan nixVersion fetchurl;
-    in
-      if lessThan nixVersion "1.12" then
-        fetchurl { inherit url; }
-      else
-        fetchurl attrs;
-
-  # Create the final "sources" from the config
-  mkSources = config:
-    mapAttrs (
-      name: spec:
-        if builtins.hasAttr "outPath" spec
-        then abort
-          "The values in sources.json should not have an 'outPath' attribute"
-        else
-          spec // { outPath = fetch config.pkgs name spec; }
-    ) config.sources;
-
-  # The "config" used by the fetchers
-  mkConfig =
-    { sourcesFile ? ./sources.json
-    , sources ? builtins.fromJSON (builtins.readFile sourcesFile)
-    , pkgs ? mkPkgs sources
-    }: rec {
-      # The sources, i.e. the attribute set of spec name to spec
-      inherit sources;
-
-      # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
-      inherit pkgs;
-    };
-in
-mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }

shell.nix

@@ -1 +1,8 @@
-with import ./. { }; shell
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+    openssl
+    pkg-config
+  ];
+}

src/config.rs

@@ -18,21 +18,16 @@ pub struct Settings {
 }
 
 impl Settings {
-    #[deprecated]
-    pub fn new() -> Result<Self, ConfigError> {
-        Self::load()
-    }
-
     pub fn load() -> Result<Self, ConfigError> {
-        let mut config = Config::new();
-        config
-            .merge(File::with_name("hoc.toml").required(false))?
-            .merge(Environment::with_prefix("hoc"))?
+        Config::builder()
+            .add_source(File::with_name("hoc.toml").required(false))
+            .add_source(Environment::with_prefix("hoc"))
             .set_default("repodir", "./repos")?
             .set_default("cachedir", "./cache")?
             .set_default("workers", 4)?
             .set_default("port", 8080)?
-            .set_default("host", "0.0.0.0")?;
-        config.try_into()
+            .set_default("host", "0.0.0.0")?
+            .build()?
+            .try_deserialize()
     }
 }

src/lib.rs

@@ -23,7 +23,7 @@ use crate::{
     config::Settings,
     error::{Error, Result},
     service::{Bitbucket, FormService, GitHub, Gitlab, Service, Sourcehut},
-    statics::{CLIENT, CSS, FAVICON, VERSION_INFO},
+    statics::{CLIENT, VERSION_INFO},
     template::RepoInfo,
 };
 use actix_web::{
@@ -46,6 +46,7 @@ use std::{
     sync::atomic::Ordering,
     time::{Duration, SystemTime},
 };
+use templates::statics::{self as template_statics, StaticFile};
 use tracing::Instrument;
 
 include!(concat!(env!("OUT_DIR"), "/templates.rs"));
@@ -462,14 +463,32 @@ async fn async_p404(repo_count: web::Data<AtomicUsize>) -> Result<HttpResponse>
     p404(repo_count)
 }
 
-#[get("/tacit-css.min.css")]
-async fn css() -> HttpResponse {
-    HttpResponse::Ok().content_type("text/css").body(CSS)
+/// A duration to add to current time for a far expires header.
+static FAR: Duration = Duration::from_secs(180 * 24 * 60 * 60);
+
+#[get("/static/{filename}")]
+async fn static_file(
+    path: web::Path<String>,
+    repo_count: web::Data<AtomicUsize>,
+) -> Result<HttpResponse> {
+    StaticFile::get(&path)
+        .map(|data| {
+            let far_expires = SystemTime::now() + FAR;
+            HttpResponse::Ok()
+                .insert_header(Expires(far_expires.into()))
+                .content_type(data.mime.clone())
+                .body(data.content)
+        })
+        .map(Result::Ok)
+        .unwrap_or_else(|| p404(repo_count))
 }
 
 #[get("/favicon.ico")]
 async fn favicon32() -> HttpResponse {
-    HttpResponse::Ok().content_type("image/png").body(FAVICON)
+    let data = &template_statics::favicon32_png;
+    HttpResponse::Ok()
+        .content_type(data.mime.clone())
+        .body(data.content)
 }
 
 async fn start_server(listener: TcpListener, settings: Settings) -> std::io::Result<Server> {
@@ -486,7 +505,7 @@ async fn start_server(listener: TcpListener, settings: Settings) -> std::io::Res
             .wrap(middleware::NormalizePath::new(TrailingSlash::Trim))
             .service(index)
             .service(health_check)
-            .service(css)
+            .service(static_file)
             .service(favicon32)
             .service(generate)
             .default_service(web::to(async_p404));

src/statics.rs

@@ -7,8 +7,6 @@ pub(crate) const VERSION_INFO: VersionInfo = VersionInfo {
     commit: env!("VERGEN_GIT_SHA_SHORT"),
     version: env!("CARGO_PKG_VERSION"),
 };
-pub(crate) const CSS: &str = include_str!("../static/tacit-css.min.css");
-pub(crate) const FAVICON: &[u8] = include_bytes!("../static/favicon32.png");
 
 lazy_static! {
     pub(crate) static ref CLIENT: reqwest::Client = reqwest::Client::new();

templates/base.rs.html

@@ -1,3 +1,4 @@
+@use super::statics::*;
 @use crate::statics::VersionInfo;
 
 @(title: &str, header: &str, content: Content, version_info: VersionInfo, repo_count: usize)
@@ -9,7 +10,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="keywords" content="Hits-of-Code, GitHub, Badge" />
     <meta name="description" content="Hits-of-Code Badges for Git repositories" />
-    <link rel="stylesheet" href="/tacit-css.min.css" />
+    <link rel="stylesheet" href="/static/@tacit_css_min_css.name" />
     <title>@title</title>
 </head>
 <body>

vm.nix

@@ -1,80 +0,0 @@
-# Nix configuration for a VM to run a custom configured Vim
-#
-# It is intended as an example of building a VM that builds Vim for testing
-# and evaluation purposes. It does not represent a production or secure
-# deployment.
-
-{ sources ? import ./nix/sources.nix
-, pkgs ? import sources.nixpkgs { }
-, callPackage ? pkgs.callPackage
-, config
-, lib
-, ...
-}:
-  # config, pkgs, lib, ... }:
-
-let
-  hoc = pkgs.callPackage ./default.nix { };
-
-  # hoc = cargoNix.rootCrate.build;
-in
-{
-  environment = {
-    systemPackages = with pkgs; [
-      (
-        hoc
-        # import ./default.nix
-      )
-    ];
-  };
-
-
-  networking.hostName = "hoc";   # Define your hostname.
-
-  system.stateVersion = "19.09";    # The version of NixOS originally installed
-
-  # Set security options:
-  security = {
-    sudo = {
-      enable = true;                # Enable sudo
-      wheelNeedsPassword = false;   # Allow wheel members to run sudo without a passowrd
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 ];
-
-  # List services that you want to enable:
-  services.openssh = {
-    enable = true;                             # Enable the OpenSSH daemon.
-    #permitRootLogin = "yes";                  # Probably want to change this in production
-    #challengeResponseAuthentication = true;   # Probably want to change this in production
-    #passwordAuthentication = true;            # Probably want to change this in production
-    openFirewall = true;
-    hostKeys = [
-      {
-        path = "/etc/ssh/ssh_host_ed25519_key";   # Generate a key for the vm
-        type = "ed25519";                         # Use the current best key type
-      }
-    ];
-  };
-
-  # Users of the Vim VM:
-  users.mutableUsers = false;        # Remove any users not defined in here
-
-  users.users.root = {
-    password = "123456";             # Probably want to change this in production
-  };
-
-  # Misc groups:
-  users.groups.nixos.gid = 1000;
-
-  # NixOS users
-  users.users.nixos = {
-    isNormalUser = true;
-    uid = 1000;
-    group = "nixos";
-    extraGroups = [ "wheel" ];
-    password = "123456";             # Probably want to change this in production
-  };
-
-}