feat: add semver checking to client requests (#1456)

* feat: add semver checking to client requests This enforces that the client and the server run the same major version in order to sync successfully. We're using the `Atuin-Version` http header to transfer this information If the user is not on the same MAJOR, then they will see an error like this > Atuin version mismatch! In order to successfully sync, the client and the server must run the same *major* version > Client: 17.1.0 > Server: 18.1.0 > Error: could not sync records due to version mismatch This change means two things 1. We will now only increment major versions if there is a breaking change for sync 2. We can now add breaking changes to sync, for any version >17.1.0. Clients will fail in a meaningful way. * lint, fmt, etc * only check for client newer than server * Add version header to client too
author: Ellie Huxtable <ellie@elliehuxtable.com> 2023-12-20 09:03:04 +0000
committer: GitHub <noreply@github.com> 2023-12-20 09:03:04 +0000
commit: 86f50e0356e4b661be43c2aeba97a67d83910095 (patch)
tree: 3c836616132ab23e60231af21b668d639dbabe97 /atuin-client
parent: 42ac150fe34ee291e3228177a81f9cb1f572c741 (diff)
1 files changed, 55 insertions, 2 deletions
diff --git a/atuin-client/src/api_client.rs b/atuin-client/src/api_client.rs
index ef966f5c6..ae8df5ad1 100644
--- a/atuin-client/src/api_client.rs
+++ b/atuin-client/src/api_client.rs
@@ -5,10 +5,9 @@ use std::time::Duration;
 use eyre::{bail, Result};
 use reqwest::{
     header::{HeaderMap, AUTHORIZATION, USER_AGENT},
-    StatusCode, Url,
+    Response, StatusCode, Url,
 };
 
-use atuin_common::record::{EncryptedData, HostId, Record, RecordId};
 use atuin_common::{
     api::{
         AddHistoryRequest, CountResponse, DeleteHistoryRequest, ErrorResponse, IndexResponse,
@@ -16,6 +15,10 @@ use atuin_common::{
     },
     record::RecordIndex,
 };
+use atuin_common::{
+    api::{ATUIN_CARGO_VERSION, ATUIN_HEADER_VERSION, ATUIN_VERSION},
+    record::{EncryptedData, HostId, Record, RecordId},
+};
 use semver::Version;
 use time::format_description::well_known::Rfc3339;
 use time::OffsetDateTime;
@@ -52,10 +55,15 @@ pub async fn register(
     let resp = client
         .post(url)
         .header(USER_AGENT, APP_USER_AGENT)
+        .header(ATUIN_HEADER_VERSION, ATUIN_CARGO_VERSION)
         .json(&map)
         .send()
         .await?;
 
+    if !ensure_version(&resp)? {
+        bail!("could not register user due to version mismatch");
+    }
+
     if !resp.status().is_success() {
         let error = resp.json::<ErrorResponse>().await?;
         bail!("failed to register user: {}", error.reason);
@@ -76,6 +84,10 @@ pub async fn login(address: &str, req: LoginRequest) -> Result<LoginResponse> {
         .send()
         .await?;
 
+    if !ensure_version(&resp)? {
+        bail!("could not login due to version mismatch");
+    }
+
     if resp.status() != reqwest::StatusCode::OK {
         let error = resp.json::<ErrorResponse>().await?;
         bail!("invalid login details: {}", error.reason);
@@ -106,6 +118,31 @@ pub async fn latest_version() -> Result<Version> {
     Ok(version)
 }
 
+pub fn ensure_version(response: &Response) -> Result<bool> {
+    let version = response.headers().get(ATUIN_HEADER_VERSION);
+
+    let version = if let Some(version) = version {
+        match version.to_str() {
+            Ok(v) => Version::parse(v),
+            Err(e) => bail!("failed to parse server version: {:?}", e),
+        }
+    } else {
+        // if there is no version header, then the newest this server can possibly be is 17.1.0
+        Version::parse("17.1.0")
+    }?;
+
+    // If the client is newer than the server
+    if version.major < ATUIN_VERSION.major {
+        println!("Atuin version mismatch! In order to successfully sync, the server needs to run a newer version of Atuin");
+        println!("Client: {}", ATUIN_CARGO_VERSION);
+        println!("Server: {}", version);
+
+        return Ok(false);
+    }
+
+    Ok(true)
+}
+
 impl<'a> Client<'a> {
     pub fn new(
         sync_addr: &'a str,
@@ -116,6 +153,9 @@ impl<'a> Client<'a> {
         let mut headers = HeaderMap::new();
         headers.insert(AUTHORIZATION, format!("Token {session_token}").parse()?);
 
+        // used for semver server check
+        headers.insert(ATUIN_HEADER_VERSION, ATUIN_CARGO_VERSION.parse()?);
+
         Ok(Client {
             sync_addr,
             client: reqwest::Client::builder()
@@ -133,6 +173,10 @@ impl<'a> Client<'a> {
 
         let resp = self.client.get(url).send().await?;
 
+        if !ensure_version(&resp)? {
+            bail!("could not sync due to version mismatch");
+        }
+
         if resp.status() != StatusCode::OK {
             bail!("failed to get count (are you logged in?)");
         }
@@ -148,6 +192,10 @@ impl<'a> Client<'a> {
 
         let resp = self.client.get(url).send().await?;
 
+        if !ensure_version(&resp)? {
+            bail!("could not sync due to version mismatch");
+        }
+
         if resp.status() != StatusCode::OK {
             bail!("failed to get status (are you logged in?)");
         }
@@ -262,6 +310,11 @@ impl<'a> Client<'a> {
         let url = Url::parse(url.as_str())?;
 
         let resp = self.client.get(url).send().await?;
+
+        if !ensure_version(&resp)? {
+            bail!("could not sync records due to version mismatch");
+        }
+
         let index = resp.json().await?;
 
         Ok(index)
author	Ellie Huxtable <ellie@elliehuxtable.com>	2023-12-20 09:03:04 +0000
committer	GitHub <noreply@github.com>	2023-12-20 09:03:04 +0000
commit	86f50e0356e4b661be43c2aeba97a67d83910095 (patch)
tree	3c836616132ab23e60231af21b668d639dbabe97 /atuin-client
parent	42ac150fe34ee291e3228177a81f9cb1f572c741 (diff)