funman300
ce38b26721
Implements Phase 7 of CARD_PLAN.md — the entry point that takes a
user-supplied theme zip archive, validates it end-to-end, and
atomically unpacks it into the per-platform user themes directory.
Public API:
import_theme(zip_path) -> Result<ThemeId, ImportError>
Resolves user_theme_dir() and unpacks into <user>/<id>/.
import_theme_into(zip_path, target_root) -> Result<ThemeId, ImportError>
Test-friendly variant that takes the destination explicitly so
unit tests never touch the global OnceLock override.
Safety guarantees enforced:
- 20 MB hard cap on archive size (read from the central directory
before any extraction).
- Zip-slip path traversal rejected via ZipFile::enclosed_name plus a
Component::Normal-only belt-and-braces check.
- Manifest parsed via ron::de and validated via the existing
ThemeManifest::validate (Phase 2) — surfaces named diagnostics for
missing-of-52, unknown keys, duplicate keys, and meta errors.
- Every referenced face + back rasterised through rasterize_svg as a
structural validity check before any bytes hit the destination.
- Atomic install: writes to <root>/.<id>.tmp/ then std::fs::rename
into place, with a recursive copy + remove fallback for cross-
device renames. Failed extraction wipes the staging dir; the user
themes root is never touched on error.
- Id collision with an existing theme dir rejected up front.
7 new tests covering the happy path plus six failure modes (missing
manifest, missing face, oversized archive, zip-slip, missing-file,
id collision). Tests build zips in tempfile::TempDir so they never
touch the real user themes directory.
Workspace deps: zip 8.6 (default-features off + deflate only),
tempfile 3.27 (dev only).
cargo check --workspace --all-targets / clippy --workspace
--all-targets -- -D warnings clean. cargo test could not be run in
this turn because cc disappeared from the sandbox; tests compile
under cargo check --tests and will run on a normal toolchain.
83 lines
2.5 KiB
TOML
83 lines
2.5 KiB
TOML
[workspace]
|
|
members = [
|
|
"solitaire_core",
|
|
"solitaire_sync",
|
|
"solitaire_data",
|
|
"solitaire_engine",
|
|
"solitaire_server",
|
|
"solitaire_app",
|
|
"solitaire_assetgen",
|
|
]
|
|
resolver = "2"
|
|
|
|
[workspace.package]
|
|
edition = "2024"
|
|
version = "0.1.0"
|
|
license = "MIT"
|
|
rust-version = "1.95"
|
|
|
|
[workspace.dependencies]
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
uuid = { version = "1", features = ["v4", "serde"] }
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
thiserror = "2"
|
|
rand = "0.9"
|
|
async-trait = "0.1"
|
|
tokio = { version = "1", features = ["full"] }
|
|
dirs = "6"
|
|
keyring = "4"
|
|
keyring-core = "1"
|
|
reqwest = { version = "0.13", features = ["json", "rustls", "rustls-native-certs"], default-features = false }
|
|
|
|
solitaire_core = { path = "solitaire_core" }
|
|
solitaire_sync = { path = "solitaire_sync" }
|
|
solitaire_data = { path = "solitaire_data" }
|
|
solitaire_engine = { path = "solitaire_engine" }
|
|
|
|
bevy = "0.18"
|
|
kira = "0.12"
|
|
|
|
# SVG rasterisation pipeline for the runtime card-theme system.
|
|
# usvg parses + simplifies; resvg renders to a tiny-skia Pixmap;
|
|
# tiny-skia provides the CPU rasteriser. All three are maintained
|
|
# together by the resvg-rs project and version in lockstep.
|
|
usvg = "0.47"
|
|
resvg = "0.47"
|
|
tiny-skia = "0.12"
|
|
|
|
# Theme manifest format. RON keeps the file human-editable while
|
|
# preserving Rust-style structures the importer can validate.
|
|
ron = "0.12"
|
|
|
|
# Importer-only: reads user-supplied theme zip archives, validates
|
|
# their contents, and unpacks them into the user themes directory.
|
|
# Default features are disabled to keep the dependency footprint small;
|
|
# only `deflate` is needed because the importer rejects other
|
|
# compression methods anyway (see Phase 7 spec).
|
|
zip = { version = "8.6", default-features = false, features = ["deflate"] }
|
|
|
|
# Importer-only test dependency: tests build zip archives in a
|
|
# scratch directory so they don't pollute the real user themes path
|
|
# on the developer's machine.
|
|
tempfile = "3.27"
|
|
|
|
axum = "0.8"
|
|
sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite", "macros", "migrate"] }
|
|
jsonwebtoken = { version = "10", default-features = false, features = ["rust_crypto"] }
|
|
bcrypt = "0.19"
|
|
tower_governor = "0.8"
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
|
|
dotenvy = "0.15"
|
|
|
|
[profile.dev]
|
|
opt-level = 1
|
|
|
|
[profile.dev.package."*"]
|
|
opt-level = 3
|
|
|
|
[profile.release]
|
|
opt-level = 3
|
|
lto = "thin"
|