flask does not document this well, but url rule converters apparently
*can* accept arguments, and one of them is for providing a limited
choice of values. Use this to restrict the formats to the list of
supported formats, which we hardcode because it must be built into the
string.

This avoids interpreting 1.0.tar.gz.asc as tag="1", format=".0.tar.gz"
which causes the server to explode.
---
 gitsrht/blueprints/repo.py | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/gitsrht/blueprints/repo.py b/gitsrht/blueprints/repo.py
index 78a2dc9..e6aade5 100644
--- a/gitsrht/blueprints/repo.py
+++ b/gitsrht/blueprints/repo.py
@@ -192,19 +192,12 @@ def lookup_ref(git_repo, ref, path):
         abort(404)
     return commit, ref, "/".join(path)
 
-def lookup_signature(git_repo, ref, fmt=None):
+def lookup_signature(git_repo, ref, fmt=['tar', 'tar.gz']):
     commit_or_tag = git_repo.revparse_single(ref)
     if not isinstance(commit_or_tag, (pygit2.Commit, pygit2.Tag)):
         return None, None
 
-    fmts = ['tar.gz', 'tar']
-
-    if fmt is not None:
-        if fmt not in fmts:
-            return None, None
-        fmts = [fmt]
-
-    for trial in fmts:
+    for trial in fmt:
         try:
             note = git_repo.lookup_note(commit_or_tag.hex, f'refs/notes/signatures/{trial}')
         except KeyError:
@@ -391,11 +384,11 @@ def archive(owner, repo, ref):
         return send_file(subp.stdout, mimetype="application/tar+gzip",
                 as_attachment=True, attachment_filename=f"{repo.name}-{refname}.tar.gz")
 
-@repo.route("/<owner>/<repo>/archive/<path:ref>.<fmt>.asc")
+@repo.route("/<owner>/<repo>/archive/<path:ref>.<any('tar.gz','tar'):fmt>.asc")
 def archivesig(owner, repo, ref, fmt):
     owner, repo = get_repo_or_redir(owner, repo)
     with GitRepository(repo.path) as git_repo:
-        sigdata, _ = lookup_signature(git_repo, ref, fmt)
+        sigdata, _ = lookup_signature(git_repo, ref, [fmt])
         if sigdata is None:
             abort(404)
 
-- 
2.33.0

---
 gitsrht/blueprints/repo.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gitsrht/blueprints/repo.py b/gitsrht/blueprints/repo.py
index e6aade5..61db55f 100644
--- a/gitsrht/blueprints/repo.py
+++ b/gitsrht/blueprints/repo.py
@@ -193,7 +193,10 @@ def lookup_ref(git_repo, ref, path):
     return commit, ref, "/".join(path)
 
 def lookup_signature(git_repo, ref, fmt=['tar', 'tar.gz']):
-    commit_or_tag = git_repo.revparse_single(ref)
+    try:
+        commit_or_tag = git_repo.revparse_single(ref)
+    except (KeyError, ValueError):
+        return None, None
     if not isinstance(commit_or_tag, (pygit2.Commit, pygit2.Tag)):
         return None, None
 
-- 
2.33.0

git.sr.ht/patches: SUCCESS in 3m41s

[archive .asc endpoint: fix incorrect accounting of tag vs. format][0] from [Eli Schwartz][1]

[0]: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/25480
[1]: eschwartz@archlinux.org

✓ #599034 SUCCESS git.sr.ht/patches/debian.yml    https://builds.sr.ht/~sircmpwn/job/599034
✓ #599033 SUCCESS git.sr.ht/patches/archlinux.yml https://builds.sr.ht/~sircmpwn/job/599033
✓ #599032 SUCCESS git.sr.ht/patches/alpine.yml    https://builds.sr.ht/~sircmpwn/job/599032

Thanks!

To git@git.sr.ht:~sircmpwn/git.sr.ht
   75f3592..0a3366b  master -> master