2014-04-10 22:20:58 +04:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-05-02 05:21:46 +04:00
package cmd
2014-04-10 22:20:58 +04:00
import (
//"container/list"
"fmt"
"os"
"os/exec"
"path"
"strconv"
"strings"
"github.com/codegangsta/cli"
qlog "github.com/qiniu/log"
//"github.com/gogits/git"
"github.com/gogits/gogs/models"
"github.com/gogits/gogs/modules/base"
)
var (
COMMANDS_READONLY = map [ string ] int {
"git-upload-pack" : models . AU_WRITABLE ,
"git upload-pack" : models . AU_WRITABLE ,
"git-upload-archive" : models . AU_WRITABLE ,
}
COMMANDS_WRITE = map [ string ] int {
"git-receive-pack" : models . AU_READABLE ,
"git receive-pack" : models . AU_READABLE ,
}
)
var CmdServ = cli . Command {
2014-05-05 08:55:17 +04:00
Name : "serv" ,
Usage : "This command should only be called by SSH shell" ,
Description : ` Serv provide access auth for repositories ` ,
Action : runServ ,
Flags : [ ] cli . Flag { } ,
2014-04-10 22:20:58 +04:00
}
func newLogger ( execDir string ) {
logPath := execDir + "/log/serv.log"
os . MkdirAll ( path . Dir ( logPath ) , os . ModePerm )
f , err := os . OpenFile ( logPath , os . O_WRONLY | os . O_APPEND | os . O_CREATE , os . ModePerm )
if err != nil {
qlog . Fatal ( err )
}
qlog . SetOutput ( f )
2014-04-26 10:14:48 +04:00
//qlog.SetOutputLevel(qlog.Ldebug)
2014-04-10 22:20:58 +04:00
qlog . Info ( "Start logging serv..." )
}
func parseCmd ( cmd string ) ( string , string ) {
ss := strings . SplitN ( cmd , " " , 2 )
if len ( ss ) != 2 {
return "" , ""
}
verb , args := ss [ 0 ] , ss [ 1 ]
if verb == "git" {
ss = strings . SplitN ( args , " " , 2 )
args = ss [ 1 ]
verb = fmt . Sprintf ( "%s %s" , verb , ss [ 0 ] )
}
2014-05-11 20:17:10 +04:00
return verb , strings . Replace ( args , "'/" , "'" , 1 )
2014-04-10 22:20:58 +04:00
}
func In ( b string , sl map [ string ] int ) bool {
_ , e := sl [ b ]
return e
}
func runServ ( k * cli . Context ) {
execDir , _ := base . ExecDir ( )
newLogger ( execDir )
base . NewConfigContext ( )
models . LoadModelsConfig ( )
if models . UseSQLite3 {
os . Chdir ( execDir )
}
models . SetEngine ( )
keys := strings . Split ( os . Args [ 2 ] , "-" )
if len ( keys ) != 2 {
println ( "auth file format error" )
qlog . Fatal ( "auth file format error" )
}
keyId , err := strconv . ParseInt ( keys [ 1 ] , 10 , 64 )
if err != nil {
println ( "auth file format error" )
qlog . Fatal ( "auth file format error" , err )
}
user , err := models . GetUserByKeyId ( keyId )
if err != nil {
println ( "You have no right to access" )
qlog . Fatalf ( "SSH visit error: %v" , err )
}
cmd := os . Getenv ( "SSH_ORIGINAL_COMMAND" )
if cmd == "" {
println ( "Hi" , user . Name , "! You've successfully authenticated, but Gogs does not provide shell access." )
return
}
verb , args := parseCmd ( cmd )
repoPath := strings . Trim ( args , "'" )
rr := strings . SplitN ( repoPath , "/" , 2 )
if len ( rr ) != 2 {
2014-04-22 13:11:11 +04:00
println ( "Unavailable repository" , args )
qlog . Fatalf ( "Unavailable repository %v" , args )
2014-04-10 22:20:58 +04:00
}
repoUserName := rr [ 0 ]
2014-04-12 05:47:39 +04:00
repoName := strings . TrimSuffix ( rr [ 1 ] , ".git" )
2014-04-10 22:20:58 +04:00
isWrite := In ( verb , COMMANDS_WRITE )
isRead := In ( verb , COMMANDS_READONLY )
repoUser , err := models . GetUserByName ( repoUserName )
if err != nil {
println ( "You have no right to access" )
2014-05-11 20:17:10 +04:00
qlog . Fatalf ( "Get user failed: %v" , err )
2014-04-10 22:20:58 +04:00
}
// access check
switch {
case isWrite :
has , err := models . HasAccess ( user . LowerName , path . Join ( repoUserName , repoName ) , models . AU_WRITABLE )
if err != nil {
2014-04-22 13:11:11 +04:00
println ( "Internal error:" , err )
2014-04-10 22:20:58 +04:00
qlog . Fatal ( err )
} else if ! has {
println ( "You have no right to write this repository" )
qlog . Fatalf ( "User %s has no right to write repository %s" , user . Name , repoPath )
}
case isRead :
repo , err := models . GetRepositoryByName ( repoUser . Id , repoName )
if err != nil {
println ( "Get repository error:" , err )
qlog . Fatal ( "Get repository error: " + err . Error ( ) )
}
if ! repo . IsPrivate {
break
}
2014-04-12 05:47:39 +04:00
has , err := models . HasAccess ( user . Name , path . Join ( repoUserName , repoName ) , models . AU_READABLE )
2014-04-10 22:20:58 +04:00
if err != nil {
2014-04-22 13:11:11 +04:00
println ( "Internal error" )
2014-04-10 22:20:58 +04:00
qlog . Fatal ( err )
}
if ! has {
2014-04-23 13:12:50 +04:00
has , err = models . HasAccess ( user . Name , path . Join ( repoUserName , repoName ) , models . AU_WRITABLE )
2014-04-10 22:20:58 +04:00
if err != nil {
2014-04-22 13:11:11 +04:00
println ( "Internal error" )
2014-04-10 22:20:58 +04:00
qlog . Fatal ( err )
}
}
if ! has {
println ( "You have no right to access this repository" )
qlog . Fatal ( "You have no right to access this repository" )
}
default :
println ( "Unknown command" )
qlog . Fatal ( "Unknown command" )
}
2014-05-03 09:37:49 +04:00
models . SetRepoEnvs ( user . Id , user . Name , repoName , repoUserName )
2014-04-10 22:20:58 +04:00
gitcmd := exec . Command ( verb , repoPath )
gitcmd . Dir = base . RepoRootPath
gitcmd . Stdout = os . Stdout
gitcmd . Stdin = os . Stdin
gitcmd . Stderr = os . Stderr
if err = gitcmd . Run ( ) ; err != nil {
println ( "execute command error:" , err . Error ( ) )
qlog . Fatal ( "execute command error: " + err . Error ( ) )
}
2014-04-11 06:27:13 +04:00
//refName := os.Getenv("refName")
//oldCommitId := os.Getenv("oldCommitId")
//newCommitId := os.Getenv("newCommitId")
//qlog.Error("get envs:", refName, oldCommitId, newCommitId)
// update
//models.Update(refName, oldCommitId, newCommitId, repoUserName, repoName, user.Id)
2014-04-10 22:20:58 +04:00
}