cache credentials in memory when doing http basic auth to a git remote

When accessing a git remote over http needs a git credential prompt for a password, cache it for the lifetime of the git-annex process, rather than repeatedly prompting. The git-lfs special remote already caches the credential when discovering the endpoint. And presumably commands like git pull do as well, since they may download multiple urls from a remote. The TMVar CredentialCache is read, so two concurrent calls to getBasicAuthFromCredential will both prompt for a credential. There would already be two concurrent password prompts in such a case, and existing uses of `prompt` probably avoid it. Anyway, it's no worse than before.
2022-09-09 13:53:38 -04:00 · 2022-09-09 13:53:38 -04:00 · 9621beabc4
commit 9621beabc4
parent adb2f5cc00
5 changed files with 96 additions and 14 deletions
--- a/Annex.hs
+++ b/Annex.hs
@ -81,6 +81,7 @@ import Utility.InodeCache
 import Utility.Url
 import Utility.ResourcePool
 import Utility.HumanTime
+import Git.Credential (CredentialCache(..))

 import "mtl" Control.Monad.Reader
 import Control.Concurrent
@ -129,6 +130,7 @@ data AnnexRead = AnnexRead
 	, forcebackend :: Maybe String
 	, useragent :: Maybe String
 	, desktopnotify :: DesktopNotify
+	, gitcredentialcache :: TMVar CredentialCache
 	}

 newAnnexRead :: GitConfig -> IO AnnexRead
@ -140,6 +142,7 @@ newAnnexRead c = do
 	si <- newTVarIO M.empty
 	tp <- newTransferrerPool
 	cm <- newTMVarIO M.empty
+	cc <- newTMVarIO (CredentialCache M.empty)
 	return $ AnnexRead
 		{ activekeys = emptyactivekeys
 		, activeremotes = emptyactiveremotes
@ -157,6 +160,7 @@ newAnnexRead c = do
 		, forcemincopies = Nothing
 		, useragent = Nothing
 		, desktopnotify = mempty
+		, gitcredentialcache = cc
 		}

 -- Values that can change while running an Annex action.