2014-04-16 12:37:07 +04:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-04-10 22:20:58 +04:00
package repo
import (
2014-04-11 06:27:13 +04:00
"bytes"
2014-10-16 00:28:38 +04:00
"compress/gzip"
2014-04-10 22:20:58 +04:00
"fmt"
"net/http"
"os"
"os/exec"
"path"
"regexp"
"strconv"
"strings"
"time"
2016-11-10 19:24:48 +03:00
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
2014-04-10 22:20:58 +04:00
)
2016-11-24 10:04:31 +03:00
// HTTP implmentation git smart HTTP protocol
2016-03-11 19:56:52 +03:00
func HTTP ( ctx * context . Context ) {
2014-07-26 08:24:27 +04:00
username := ctx . Params ( ":username" )
2015-12-01 04:45:55 +03:00
reponame := strings . TrimSuffix ( ctx . Params ( ":reponame" ) , ".git" )
2014-04-10 22:20:58 +04:00
var isPull bool
service := ctx . Query ( "service" )
if service == "git-receive-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-receive-pack" ) {
isPull = false
} else if service == "git-upload-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-pack" ) {
isPull = true
2017-02-21 18:02:10 +03:00
} else if service == "git-upload-archive" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-archive" ) {
isPull = true
2014-04-10 22:20:58 +04:00
} else {
isPull = ( ctx . Req . Method == "GET" )
}
2017-02-21 18:02:10 +03:00
var accessMode models . AccessMode
if isPull {
accessMode = models . AccessModeRead
} else {
accessMode = models . AccessModeWrite
}
2015-12-01 04:45:55 +03:00
isWiki := false
if strings . HasSuffix ( reponame , ".wiki" ) {
isWiki = true
2017-02-25 17:54:40 +03:00
reponame = reponame [ : len ( reponame ) - 5 ]
2015-12-01 04:45:55 +03:00
}
2014-04-10 22:20:58 +04:00
repoUser , err := models . GetUserByName ( username )
if err != nil {
2015-08-05 06:14:17 +03:00
if models . IsErrUserNotExist ( err ) {
2016-06-01 14:19:01 +03:00
ctx . Handle ( http . StatusNotFound , "GetUserByName" , nil )
2014-05-31 01:57:38 +04:00
} else {
2016-06-01 14:19:01 +03:00
ctx . Handle ( http . StatusInternalServerError , "GetUserByName" , err )
2014-05-31 01:57:38 +04:00
}
2014-04-10 22:20:58 +04:00
return
}
2016-07-23 20:08:22 +03:00
repo , err := models . GetRepositoryByName ( repoUser . ID , reponame )
2014-04-10 22:20:58 +04:00
if err != nil {
2015-03-16 11:04:27 +03:00
if models . IsErrRepoNotExist ( err ) {
2016-06-01 14:19:01 +03:00
ctx . Handle ( http . StatusNotFound , "GetRepositoryByName" , nil )
2014-05-31 01:57:38 +04:00
} else {
2016-06-01 14:19:01 +03:00
ctx . Handle ( http . StatusInternalServerError , "GetRepositoryByName" , err )
2014-05-31 01:57:38 +04:00
}
2014-04-10 22:20:58 +04:00
return
}
2015-02-07 23:47:23 +03:00
// Only public pull don't need auth.
2014-04-16 12:45:02 +04:00
isPublicPull := ! repo . IsPrivate && isPull
2015-02-07 23:47:23 +03:00
var (
askAuth = ! isPublicPull || setting . Service . RequireSignInView
authUser * models . User
authUsername string
authPasswd string
2017-02-25 17:54:40 +03:00
environ [ ] string
2015-02-07 23:47:23 +03:00
)
2014-04-11 06:27:13 +04:00
2014-04-10 22:20:58 +04:00
// check access
if askAuth {
2016-12-29 00:33:59 +03:00
if setting . Service . EnableReverseProxyAuth {
authUsername = ctx . Req . Header . Get ( setting . ReverseProxyAuthUser )
if len ( authUsername ) == 0 {
ctx . HandleText ( 401 , "reverse proxy login error. authUsername empty" )
2015-01-08 17:16:38 +03:00
return
}
2016-12-29 00:33:59 +03:00
authUser , err = models . GetUserByName ( authUsername )
2015-02-07 23:47:23 +03:00
if err != nil {
2016-12-29 00:33:59 +03:00
ctx . HandleText ( 401 , "reverse proxy login error, got error while running GetUserByName" )
2015-02-07 23:47:23 +03:00
return
2015-01-08 17:16:38 +03:00
}
2016-12-30 10:26:05 +03:00
} else {
2016-12-29 00:33:59 +03:00
authHead := ctx . Req . Header . Get ( "Authorization" )
if len ( authHead ) == 0 {
ctx . Resp . Header ( ) . Set ( "WWW-Authenticate" , "Basic realm=\".\"" )
ctx . Error ( http . StatusUnauthorized )
return
2015-08-19 01:22:33 +03:00
}
2016-12-29 00:33:59 +03:00
auths := strings . Fields ( authHead )
// currently check basic auth
// TODO: support digit auth
// FIXME: middlewares/context.go did basic auth check already,
// maybe could use that one.
if len ( auths ) != 2 || auths [ 0 ] != "Basic" {
ctx . HandleText ( http . StatusUnauthorized , "no basic auth and digit auth" )
return
}
authUsername , authPasswd , err = base . BasicAuthDecode ( auths [ 1 ] )
2015-02-07 23:47:23 +03:00
if err != nil {
2016-12-29 00:33:59 +03:00
ctx . HandleText ( http . StatusUnauthorized , "no basic auth and digit auth" )
2015-01-08 17:16:38 +03:00
return
}
2014-04-10 22:20:58 +04:00
2016-12-29 00:33:59 +03:00
authUser , err = models . UserSignIn ( authUsername , authPasswd )
if err != nil {
if ! models . IsErrUserNotExist ( err ) {
ctx . Handle ( http . StatusInternalServerError , "UserSignIn error: %v" , err )
return
}
// Assume username now is a token.
token , err := models . GetAccessTokenBySHA ( authUsername )
if err != nil {
if models . IsErrAccessTokenNotExist ( err ) || models . IsErrAccessTokenEmpty ( err ) {
ctx . HandleText ( http . StatusUnauthorized , "invalid token" )
} else {
ctx . Handle ( http . StatusInternalServerError , "GetAccessTokenBySha" , err )
}
return
}
token . Updated = time . Now ( )
if err = models . UpdateAccessToken ( token ) ; err != nil {
ctx . Handle ( http . StatusInternalServerError , "UpdateAccessToken" , err )
}
authUser , err = models . GetUserByID ( token . UID )
if err != nil {
ctx . Handle ( http . StatusInternalServerError , "GetUserByID" , err )
return
}
2014-04-16 12:45:02 +04:00
}
2014-04-10 22:20:58 +04:00
2016-12-29 00:33:59 +03:00
if ! isPublicPull {
2017-03-15 03:51:46 +03:00
has , err := models . HasAccess ( authUser . ID , repo , accessMode )
2016-12-29 00:33:59 +03:00
if err != nil {
ctx . Handle ( http . StatusInternalServerError , "HasAccess" , err )
return
} else if ! has {
2017-02-21 18:02:10 +03:00
if accessMode == models . AccessModeRead {
2017-03-15 03:51:46 +03:00
has , err = models . HasAccess ( authUser . ID , repo , models . AccessModeWrite )
2016-12-29 00:33:59 +03:00
if err != nil {
ctx . Handle ( http . StatusInternalServerError , "HasAccess2" , err )
return
} else if ! has {
ctx . HandleText ( http . StatusForbidden , "User permission denied" )
return
}
} else {
2016-06-01 14:19:01 +03:00
ctx . HandleText ( http . StatusForbidden , "User permission denied" )
2014-04-16 12:45:02 +04:00
return
}
2014-04-10 22:20:58 +04:00
}
2015-02-16 13:00:06 +03:00
2016-12-29 00:33:59 +03:00
if ! isPull && repo . IsMirror {
ctx . HandleText ( http . StatusForbidden , "mirror repository is read-only" )
return
}
2015-02-16 13:00:06 +03:00
}
2014-04-10 22:20:58 +04:00
}
2017-02-25 17:54:40 +03:00
environ = [ ] string {
models . EnvRepoUsername + "=" + username ,
models . EnvRepoName + "=" + reponame ,
models . EnvRepoUserSalt + "=" + repoUser . Salt ,
models . EnvPusherName + "=" + authUser . Name ,
models . EnvPusherID + fmt . Sprintf ( "=%d" , authUser . ID ) ,
models . ProtectedBranchRepoID + fmt . Sprintf ( "=%d" , repo . ID ) ,
2015-12-01 04:45:55 +03:00
}
2017-02-25 17:54:40 +03:00
if isWiki {
environ = append ( environ , models . EnvRepoIsWiki + "=true" )
} else {
environ = append ( environ , models . EnvRepoIsWiki + "=false" )
2017-02-21 18:02:10 +03:00
}
}
2016-06-01 14:19:01 +03:00
HTTPBackend ( ctx , & serviceConfig {
UploadPack : true ,
ReceivePack : true ,
2017-02-25 17:54:40 +03:00
Env : environ ,
2015-03-12 08:15:01 +03:00
} ) ( ctx . Resp , ctx . Req . Request )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
type serviceConfig struct {
UploadPack bool
ReceivePack bool
2017-02-25 17:54:40 +03:00
Env [ ] string
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
type serviceHandler struct {
2017-02-25 17:54:40 +03:00
cfg * serviceConfig
w http . ResponseWriter
r * http . Request
dir string
file string
environ [ ] string
2016-06-01 14:19:01 +03:00
}
func ( h * serviceHandler ) setHeaderNoCache ( ) {
h . w . Header ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
h . w . Header ( ) . Set ( "Pragma" , "no-cache" )
h . w . Header ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
}
func ( h * serviceHandler ) setHeaderCacheForever ( ) {
now := time . Now ( ) . Unix ( )
expires := now + 31536000
h . w . Header ( ) . Set ( "Date" , fmt . Sprintf ( "%d" , now ) )
h . w . Header ( ) . Set ( "Expires" , fmt . Sprintf ( "%d" , expires ) )
h . w . Header ( ) . Set ( "Cache-Control" , "public, max-age=31536000" )
}
func ( h * serviceHandler ) sendFile ( contentType string ) {
reqFile := path . Join ( h . dir , h . file )
fi , err := os . Stat ( reqFile )
if os . IsNotExist ( err ) {
h . w . WriteHeader ( http . StatusNotFound )
return
}
h . w . Header ( ) . Set ( "Content-Type" , contentType )
h . w . Header ( ) . Set ( "Content-Length" , fmt . Sprintf ( "%d" , fi . Size ( ) ) )
h . w . Header ( ) . Set ( "Last-Modified" , fi . ModTime ( ) . Format ( http . TimeFormat ) )
http . ServeFile ( h . w , h . r , reqFile )
2014-04-10 22:20:58 +04:00
}
2015-03-12 08:15:01 +03:00
type route struct {
2016-06-01 14:19:01 +03:00
reg * regexp . Regexp
2015-03-12 08:15:01 +03:00
method string
2016-06-01 14:19:01 +03:00
handler func ( serviceHandler )
2015-03-12 08:15:01 +03:00
}
2014-04-10 22:20:58 +04:00
var routes = [ ] route {
{ regexp . MustCompile ( "(.*?)/git-upload-pack$" ) , "POST" , serviceUploadPack } ,
{ regexp . MustCompile ( "(.*?)/git-receive-pack$" ) , "POST" , serviceReceivePack } ,
{ regexp . MustCompile ( "(.*?)/info/refs$" ) , "GET" , getInfoRefs } ,
{ regexp . MustCompile ( "(.*?)/HEAD$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/info/alternates$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/info/http-alternates$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/info/packs$" ) , "GET" , getInfoPacks } ,
{ regexp . MustCompile ( "(.*?)/objects/info/[^/]*$" ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( "(.*?)/objects/[0-9a-f]{2}/[0-9a-f]{38}$" ) , "GET" , getLooseObject } ,
{ regexp . MustCompile ( "(.*?)/objects/pack/pack-[0-9a-f]{40}\\.pack$" ) , "GET" , getPackFile } ,
{ regexp . MustCompile ( "(.*?)/objects/pack/pack-[0-9a-f]{40}\\.idx$" ) , "GET" , getIdxFile } ,
}
2016-06-01 14:19:01 +03:00
// FIXME: use process module
func gitCommand ( dir string , args ... string ) [ ] byte {
cmd := exec . Command ( "git" , args ... )
cmd . Dir = dir
out , err := cmd . Output ( )
if err != nil {
log . GitLogger . Error ( 4 , fmt . Sprintf ( "%v - %s" , err , out ) )
2015-12-01 04:45:55 +03:00
}
2016-06-01 14:19:01 +03:00
return out
}
2015-12-01 04:45:55 +03:00
2016-06-01 14:19:01 +03:00
func getGitConfig ( option , dir string ) string {
out := string ( gitCommand ( dir , "config" , option ) )
2017-02-25 17:54:40 +03:00
return out [ 0 : len ( out ) - 1 ]
2016-06-01 14:19:01 +03:00
}
2015-12-01 04:45:55 +03:00
2016-06-01 14:19:01 +03:00
func getConfigSetting ( service , dir string ) bool {
service = strings . Replace ( service , "-" , "" , - 1 )
setting := getGitConfig ( "http." + service , dir )
if service == "uploadpack" {
return setting != "false"
2015-12-01 04:45:55 +03:00
}
2016-06-01 14:19:01 +03:00
return setting == "true"
2015-12-01 04:45:55 +03:00
}
2016-06-01 14:19:01 +03:00
func hasAccess ( service string , h serviceHandler , checkContentType bool ) bool {
if checkContentType {
if h . r . Header . Get ( "Content-Type" ) != fmt . Sprintf ( "application/x-git-%s-request" , service ) {
return false
2014-04-10 22:20:58 +04:00
}
}
2016-06-01 14:19:01 +03:00
if ! ( service == "upload-pack" || service == "receive-pack" ) {
return false
}
if service == "receive-pack" {
return h . cfg . ReceivePack
}
if service == "upload-pack" {
return h . cfg . UploadPack
}
2014-04-10 22:20:58 +04:00
2016-06-01 14:19:01 +03:00
return getConfigSetting ( service , h . dir )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func serviceRPC ( h serviceHandler , service string ) {
defer h . r . Body . Close ( )
2014-04-10 22:20:58 +04:00
2016-06-01 14:19:01 +03:00
if ! hasAccess ( service , h , true ) {
h . w . WriteHeader ( http . StatusUnauthorized )
2014-04-10 22:20:58 +04:00
return
}
2017-02-21 18:02:10 +03:00
2016-06-01 14:19:01 +03:00
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-result" , service ) )
2014-04-10 22:20:58 +04:00
2017-02-25 17:54:40 +03:00
var err error
var reqBody = h . r . Body
2014-10-16 00:28:38 +04:00
// Handle GZIP.
2016-06-01 14:19:01 +03:00
if h . r . Header . Get ( "Content-Encoding" ) == "gzip" {
2014-10-16 00:28:38 +04:00
reqBody , err = gzip . NewReader ( reqBody )
if err != nil {
log . GitLogger . Error ( 2 , "fail to create gzip reader: %v" , err )
2016-06-01 14:19:01 +03:00
h . w . WriteHeader ( http . StatusInternalServerError )
2014-10-16 00:28:38 +04:00
return
}
}
2017-02-25 17:54:40 +03:00
// set this for allow pre-receive and post-receive execute
h . environ = append ( h . environ , "SSH_ORIGINAL_COMMAND=" + service )
2017-02-21 18:02:10 +03:00
2017-02-25 17:54:40 +03:00
var stderr bytes . Buffer
2016-06-01 14:19:01 +03:00
cmd := exec . Command ( "git" , service , "--stateless-rpc" , h . dir )
cmd . Dir = h . dir
2017-02-25 17:54:40 +03:00
if service == "receive-pack" {
cmd . Env = append ( os . Environ ( ) , h . environ ... )
}
2016-06-01 14:19:01 +03:00
cmd . Stdout = h . w
2017-02-25 17:54:40 +03:00
cmd . Stdin = reqBody
cmd . Stderr = & stderr
2014-10-16 00:28:38 +04:00
if err := cmd . Run ( ) ; err != nil {
2017-02-25 17:54:40 +03:00
log . GitLogger . Error ( 2 , "fail to serve RPC(%s): %v - %v" , service , err , stderr )
2016-06-01 14:19:01 +03:00
h . w . WriteHeader ( http . StatusInternalServerError )
2014-04-10 22:20:58 +04:00
return
}
}
2016-06-01 14:19:01 +03:00
func serviceUploadPack ( h serviceHandler ) {
serviceRPC ( h , "upload-pack" )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func serviceReceivePack ( h serviceHandler ) {
serviceRPC ( h , "receive-pack" )
2014-04-10 22:20:58 +04:00
}
func getServiceType ( r * http . Request ) string {
serviceType := r . FormValue ( "service" )
2016-06-01 14:19:01 +03:00
if ! strings . HasPrefix ( serviceType , "git-" ) {
2014-04-10 22:20:58 +04:00
return ""
}
return strings . Replace ( serviceType , "git-" , "" , 1 )
}
2016-06-01 14:19:01 +03:00
func updateServerInfo ( dir string ) [ ] byte {
return gitCommand ( dir , "update-server-info" )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func packetWrite ( str string ) [ ] byte {
2017-02-25 17:54:40 +03:00
s := strconv . FormatInt ( int64 ( len ( str ) + 4 ) , 16 )
2016-06-01 14:19:01 +03:00
if len ( s ) % 4 != 0 {
s = strings . Repeat ( "0" , 4 - len ( s ) % 4 ) + s
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
return [ ] byte ( s + str )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func getInfoRefs ( h serviceHandler ) {
h . setHeaderNoCache ( )
if hasAccess ( getServiceType ( h . r ) , h , false ) {
service := getServiceType ( h . r )
refs := gitCommand ( h . dir , service , "--stateless-rpc" , "--advertise-refs" , "." )
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-advertisement" , service ) )
h . w . WriteHeader ( http . StatusOK )
h . w . Write ( packetWrite ( "# service=git-" + service + "\n" ) )
h . w . Write ( [ ] byte ( "0000" ) )
h . w . Write ( refs )
} else {
updateServerInfo ( h . dir )
h . sendFile ( "text/plain; charset=utf-8" )
2014-04-10 22:20:58 +04:00
}
}
2016-06-01 14:19:01 +03:00
func getTextFile ( h serviceHandler ) {
h . setHeaderNoCache ( )
h . sendFile ( "text/plain" )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func getInfoPacks ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "text/plain; charset=utf-8" )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func getLooseObject ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-loose-object" )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func getPackFile ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects" )
}
2014-04-10 22:20:58 +04:00
2016-06-01 14:19:01 +03:00
func getIdxFile ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects-toc" )
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
func getGitRepoPath ( subdir string ) ( string , error ) {
if ! strings . HasSuffix ( subdir , ".git" ) {
subdir += ".git"
}
2014-04-10 22:20:58 +04:00
2016-06-01 14:19:01 +03:00
fpath := path . Join ( setting . RepoRootPath , subdir )
if _ , err := os . Stat ( fpath ) ; os . IsNotExist ( err ) {
return "" , err
2014-04-10 22:20:58 +04:00
}
2016-06-01 14:19:01 +03:00
return fpath , nil
2014-04-10 22:20:58 +04:00
}
2016-11-24 10:04:31 +03:00
// HTTPBackend middleware for git smart HTTP protocol
2016-06-01 14:19:01 +03:00
func HTTPBackend ( ctx * context . Context , cfg * serviceConfig ) http . HandlerFunc {
return func ( w http . ResponseWriter , r * http . Request ) {
for _ , route := range routes {
r . URL . Path = strings . ToLower ( r . URL . Path ) // blue: In case some repo name has upper case name
if m := route . reg . FindStringSubmatch ( r . URL . Path ) ; m != nil {
2016-10-04 19:58:14 +03:00
if setting . Repository . DisableHTTPGit {
2016-09-18 11:54:33 +03:00
w . WriteHeader ( http . StatusForbidden )
w . Write ( [ ] byte ( "Interacting with repositories by HTTP protocol is not allowed" ) )
return
}
2016-06-01 14:19:01 +03:00
if route . method != r . Method {
if r . Proto == "HTTP/1.1" {
w . WriteHeader ( http . StatusMethodNotAllowed )
w . Write ( [ ] byte ( "Method Not Allowed" ) )
} else {
w . WriteHeader ( http . StatusBadRequest )
w . Write ( [ ] byte ( "Bad Request" ) )
}
return
}
2014-04-10 22:20:58 +04:00
2016-06-01 14:19:01 +03:00
file := strings . Replace ( r . URL . Path , m [ 1 ] + "/" , "" , 1 )
dir , err := getGitRepoPath ( m [ 1 ] )
if err != nil {
log . GitLogger . Error ( 4 , err . Error ( ) )
ctx . Handle ( http . StatusNotFound , "HTTPBackend" , err )
return
}
2014-04-10 22:20:58 +04:00
2017-02-25 17:54:40 +03:00
route . handler ( serviceHandler { cfg , w , r , dir , file , cfg . Env } )
2016-06-01 14:19:01 +03:00
return
}
}
ctx . Handle ( http . StatusNotFound , "HTTPBackend" , nil )
return
}
2014-04-10 22:20:58 +04:00
}