2014-04-16 14:07:07 +05:30
// Copyright 2014 The Gogs Authors. All rights reserved.
2019-04-26 04:12:50 +05:30
// Copyright 2019 The Gitea Authors. All rights reserved.
2014-04-16 14:07:07 +05:30
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-04-10 23:50:58 +05:30
package repo
import (
2014-04-11 07:57:13 +05:30
"bytes"
2014-10-16 01:58:38 +05:30
"compress/gzip"
2019-11-30 20:10:22 +05:30
gocontext "context"
2014-04-10 23:50:58 +05:30
"fmt"
2020-01-16 08:10:13 +05:30
"io/ioutil"
2014-04-10 23:50:58 +05:30
"net/http"
"os"
"os/exec"
"path"
"regexp"
"strconv"
"strings"
2020-01-16 08:10:13 +05:30
"sync"
2014-04-10 23:50:58 +05:30
"time"
2016-11-10 21:54:48 +05:30
"code.gitea.io/gitea/models"
2019-11-23 05:03:31 +05:30
"code.gitea.io/gitea/modules/auth/sso"
2016-11-10 21:54:48 +05:30
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
2019-06-26 23:45:26 +05:30
"code.gitea.io/gitea/modules/git"
2016-11-10 21:54:48 +05:30
"code.gitea.io/gitea/modules/log"
2019-11-30 20:10:22 +05:30
"code.gitea.io/gitea/modules/process"
2016-11-10 21:54:48 +05:30
"code.gitea.io/gitea/modules/setting"
2020-05-29 20:17:17 +05:30
"code.gitea.io/gitea/modules/structs"
2019-08-15 20:16:21 +05:30
"code.gitea.io/gitea/modules/timeutil"
2020-08-12 01:35:34 +05:30
"code.gitea.io/gitea/modules/util"
2019-12-15 08:19:52 +05:30
repo_service "code.gitea.io/gitea/services/repository"
2014-04-10 23:50:58 +05:30
)
2016-11-24 12:34:31 +05:30
// HTTP implmentation git smart HTTP protocol
2016-03-11 22:26:52 +05:30
func HTTP ( ctx * context . Context ) {
2019-01-15 02:35:27 +05:30
if len ( setting . Repository . AccessControlAllowOrigin ) > 0 {
2019-01-16 09:46:45 +05:30
allowedOrigin := setting . Repository . AccessControlAllowOrigin
2019-01-15 02:35:27 +05:30
// Set CORS headers for browser-based git clients
2019-01-16 09:46:45 +05:30
ctx . Resp . Header ( ) . Set ( "Access-Control-Allow-Origin" , allowedOrigin )
2019-01-15 02:35:27 +05:30
ctx . Resp . Header ( ) . Set ( "Access-Control-Allow-Headers" , "Content-Type, Authorization, User-Agent" )
// Handle preflight OPTIONS request
if ctx . Req . Method == "OPTIONS" {
2019-01-16 09:46:45 +05:30
if allowedOrigin == "*" {
ctx . Status ( http . StatusOK )
} else if allowedOrigin == "null" {
ctx . Status ( http . StatusForbidden )
} else {
origin := ctx . Req . Header . Get ( "Origin" )
if len ( origin ) > 0 && origin == allowedOrigin {
ctx . Status ( http . StatusOK )
} else {
ctx . Status ( http . StatusForbidden )
}
}
2019-01-15 02:35:27 +05:30
return
}
}
2014-07-26 09:54:27 +05:30
username := ctx . Params ( ":username" )
2015-12-01 07:15:55 +05:30
reponame := strings . TrimSuffix ( ctx . Params ( ":reponame" ) , ".git" )
2017-04-21 08:13:29 +05:30
if ctx . Query ( "go-get" ) == "1" {
2017-09-23 18:54:24 +05:30
context . EarlyResponseForGoGetMeta ( ctx )
2017-04-21 08:13:29 +05:30
return
}
2014-04-10 23:50:58 +05:30
2020-01-16 08:10:13 +05:30
var isPull , receivePack bool
2014-04-10 23:50:58 +05:30
service := ctx . Query ( "service" )
if service == "git-receive-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-receive-pack" ) {
isPull = false
2020-01-16 08:10:13 +05:30
receivePack = true
2014-04-10 23:50:58 +05:30
} else if service == "git-upload-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-pack" ) {
isPull = true
2017-02-21 20:32:10 +05:30
} else if service == "git-upload-archive" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-archive" ) {
isPull = true
2014-04-10 23:50:58 +05:30
} else {
isPull = ( ctx . Req . Method == "GET" )
}
2017-02-21 20:32:10 +05:30
var accessMode models . AccessMode
if isPull {
accessMode = models . AccessModeRead
} else {
accessMode = models . AccessModeWrite
}
2015-12-01 07:15:55 +05:30
isWiki := false
2017-05-18 20:24:24 +05:30
var unitType = models . UnitTypeCode
2015-12-01 07:15:55 +05:30
if strings . HasSuffix ( reponame , ".wiki" ) {
isWiki = true
2017-05-18 20:24:24 +05:30
unitType = models . UnitTypeWiki
2017-02-25 20:24:40 +05:30
reponame = reponame [ : len ( reponame ) - 5 ]
2015-12-01 07:15:55 +05:30
}
2019-04-25 11:21:40 +05:30
owner , err := models . GetUserByName ( username )
2014-04-10 23:50:58 +05:30
if err != nil {
2021-01-24 20:53:05 +05:30
if models . IsErrUserNotExist ( err ) {
if redirectUserID , err := models . LookupUserRedirect ( username ) ; err == nil {
context . RedirectToUser ( ctx , username , redirectUserID )
} else {
ctx . NotFound ( "GetUserByName" , err )
}
} else {
ctx . ServerError ( "GetUserByName" , err )
}
2019-04-25 11:21:40 +05:30
return
}
2020-11-18 15:28:25 +05:30
if ! owner . IsOrganization ( ) && ! owner . IsActive {
2020-11-13 04:59:11 +05:30
ctx . HandleText ( http . StatusForbidden , "Repository cannot be accessed. You cannot push or open issues/pull-requests." )
return
}
2019-04-25 11:21:40 +05:30
2019-12-15 08:19:52 +05:30
repoExist := true
2019-04-25 11:21:40 +05:30
repo , err := models . GetRepositoryByName ( owner . ID , reponame )
if err != nil {
if models . IsErrRepoNotExist ( err ) {
2019-12-15 08:19:52 +05:30
if redirectRepoID , err := models . LookupRepoRedirect ( owner . ID , reponame ) ; err == nil {
2019-04-25 11:21:40 +05:30
context . RedirectToRepo ( ctx , redirectRepoID )
2019-12-15 08:19:52 +05:30
return
2019-04-25 11:21:40 +05:30
}
2019-12-15 08:19:52 +05:30
repoExist = false
2019-04-25 11:21:40 +05:30
} else {
ctx . ServerError ( "GetRepositoryByName" , err )
2019-12-15 08:19:52 +05:30
return
2019-04-25 11:21:40 +05:30
}
2014-04-10 23:50:58 +05:30
}
2019-01-24 00:28:38 +05:30
// Don't allow pushing if the repo is archived
2019-12-15 08:19:52 +05:30
if repoExist && repo . IsArchived && ! isPull {
2019-01-24 00:28:38 +05:30
ctx . HandleText ( http . StatusForbidden , "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests." )
return
}
2015-02-08 02:17:23 +05:30
// Only public pull don't need auth.
2019-12-15 08:19:52 +05:30
isPublicPull := repoExist && ! repo . IsPrivate && isPull
2015-02-08 02:17:23 +05:30
var (
askAuth = ! isPublicPull || setting . Service . RequireSignInView
authUser * models . User
authUsername string
authPasswd string
2017-02-25 20:24:40 +05:30
environ [ ] string
2015-02-08 02:17:23 +05:30
)
2014-04-11 07:57:13 +05:30
2020-05-29 20:17:17 +05:30
// don't allow anonymous pulls if organization is not public
if isPublicPull {
if err := repo . GetOwner ( ) ; err != nil {
ctx . ServerError ( "GetOwner" , err )
return
}
askAuth = askAuth || ( repo . Owner . Visibility != structs . VisibleTypePublic )
}
2014-04-10 23:50:58 +05:30
// check access
if askAuth {
2018-08-29 20:09:16 +05:30
authUsername = ctx . Req . Header . Get ( setting . ReverseProxyAuthUser )
if setting . Service . EnableReverseProxyAuth && len ( authUsername ) > 0 {
2016-12-29 03:03:59 +05:30
authUser , err = models . GetUserByName ( authUsername )
2015-02-08 02:17:23 +05:30
if err != nil {
2016-12-29 03:03:59 +05:30
ctx . HandleText ( 401 , "reverse proxy login error, got error while running GetUserByName" )
2015-02-08 02:17:23 +05:30
return
2015-01-08 19:46:38 +05:30
}
2016-12-30 12:56:05 +05:30
} else {
2016-12-29 03:03:59 +05:30
authHead := ctx . Req . Header . Get ( "Authorization" )
if len ( authHead ) == 0 {
ctx . Resp . Header ( ) . Set ( "WWW-Authenticate" , "Basic realm=\".\"" )
ctx . Error ( http . StatusUnauthorized )
return
2015-08-19 03:52:33 +05:30
}
2016-12-29 03:03:59 +05:30
auths := strings . Fields ( authHead )
// currently check basic auth
// TODO: support digit auth
// FIXME: middlewares/context.go did basic auth check already,
// maybe could use that one.
if len ( auths ) != 2 || auths [ 0 ] != "Basic" {
ctx . HandleText ( http . StatusUnauthorized , "no basic auth and digit auth" )
return
}
authUsername , authPasswd , err = base . BasicAuthDecode ( auths [ 1 ] )
2015-02-08 02:17:23 +05:30
if err != nil {
2016-12-29 03:03:59 +05:30
ctx . HandleText ( http . StatusUnauthorized , "no basic auth and digit auth" )
2015-01-08 19:46:38 +05:30
return
}
2014-04-10 23:50:58 +05:30
2019-02-12 14:50:08 +05:30
// Check if username or password is a token
isUsernameToken := len ( authPasswd ) == 0 || authPasswd == "x-oauth-basic"
// Assume username is token
authToken := authUsername
if ! isUsernameToken {
// Assume password is token
authToken = authPasswd
2017-07-26 13:03:16 +05:30
}
2019-11-23 05:03:31 +05:30
uid := sso . CheckOAuthAccessToken ( authToken )
2019-04-26 04:12:50 +05:30
if uid != 0 {
ctx . Data [ "IsApiToken" ] = true
authUser , err = models . GetUserByID ( uid )
if err != nil {
ctx . ServerError ( "GetUserByID" , err )
return
}
}
2019-02-12 14:50:08 +05:30
// Assume password is a token.
token , err := models . GetAccessTokenBySHA ( authToken )
if err == nil {
2020-04-15 00:02:03 +05:30
authUser , err = models . GetUserByID ( token . UID )
if err != nil {
ctx . ServerError ( "GetUserByID" , err )
return
2016-12-29 03:03:59 +05:30
}
2020-04-15 00:02:03 +05:30
2019-08-15 20:16:21 +05:30
token . UpdatedUnix = timeutil . TimeStampNow ( )
2019-02-12 14:50:08 +05:30
if err = models . UpdateAccessToken ( token ) ; err != nil {
ctx . ServerError ( "UpdateAccessToken" , err )
}
2019-06-13 01:11:28 +05:30
} else if ! models . IsErrAccessTokenNotExist ( err ) && ! models . IsErrAccessTokenEmpty ( err ) {
log . Error ( "GetAccessTokenBySha: %v" , err )
2019-02-12 14:50:08 +05:30
}
2017-07-26 13:03:16 +05:30
2019-02-12 14:50:08 +05:30
if authUser == nil {
// Check username and password
authUser , err = models . UserSignIn ( authUsername , authPasswd )
if err != nil {
2019-07-23 23:02:53 +05:30
if models . IsErrUserProhibitLogin ( err ) {
2019-07-24 02:08:47 +05:30
ctx . HandleText ( http . StatusForbidden , "User is not permitted to login" )
2019-07-23 23:02:53 +05:30
return
} else if ! models . IsErrUserNotExist ( err ) {
2019-02-12 14:50:08 +05:30
ctx . ServerError ( "UserSignIn error: %v" , err )
2017-10-15 21:05:43 +05:30
return
}
2019-02-12 14:50:08 +05:30
}
if authUser == nil {
2020-01-22 04:21:39 +05:30
ctx . HandleText ( http . StatusUnauthorized , fmt . Sprintf ( "invalid credentials from %s" , ctx . RemoteAddr ( ) ) )
2017-07-26 13:03:16 +05:30
return
}
_ , err = models . GetTwoFactorByUID ( authUser . ID )
if err == nil {
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
ctx . HandleText ( http . StatusUnauthorized , "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page" )
return
} else if ! models . IsErrTwoFactorNotEnrolled ( err ) {
2018-01-11 03:04:17 +05:30
ctx . ServerError ( "IsErrTwoFactorNotEnrolled" , err )
2016-12-29 03:03:59 +05:30
return
}
2014-04-16 14:15:02 +05:30
}
2018-03-29 07:09:51 +05:30
}
2014-04-10 23:50:58 +05:30
2020-11-13 04:59:11 +05:30
if ! authUser . IsActive || authUser . ProhibitLogin {
ctx . HandleText ( http . StatusForbidden , "Your account is disabled." )
return
}
2019-12-15 08:19:52 +05:30
if repoExist {
perm , err := models . GetUserRepoPermission ( repo , authUser )
if err != nil {
ctx . ServerError ( "GetUserRepoPermission" , err )
return
}
2018-03-29 07:09:51 +05:30
2019-12-15 08:19:52 +05:30
if ! perm . CanAccess ( accessMode , unitType ) {
ctx . HandleText ( http . StatusForbidden , "User permission denied" )
return
}
2014-04-10 23:50:58 +05:30
2019-12-15 08:19:52 +05:30
if ! isPull && repo . IsMirror {
ctx . HandleText ( http . StatusForbidden , "mirror repository is read-only" )
return
}
2017-05-18 20:24:24 +05:30
}
2017-02-25 20:24:40 +05:30
environ = [ ] string {
models . EnvRepoUsername + "=" + username ,
models . EnvRepoName + "=" + reponame ,
models . EnvPusherName + "=" + authUser . Name ,
models . EnvPusherID + fmt . Sprintf ( "=%d" , authUser . ID ) ,
2019-10-21 13:51:45 +05:30
models . EnvIsDeployKey + "=false" ,
2020-09-07 09:23:42 +05:30
models . EnvAppURL + "=" + setting . AppURL ,
2015-12-01 07:15:55 +05:30
}
2018-07-26 22:08:55 +05:30
if ! authUser . KeepEmailPrivate {
environ = append ( environ , models . EnvPusherEmail + "=" + authUser . Email )
}
2017-02-25 20:24:40 +05:30
if isWiki {
environ = append ( environ , models . EnvRepoIsWiki + "=true" )
} else {
environ = append ( environ , models . EnvRepoIsWiki + "=false" )
2017-02-21 20:32:10 +05:30
}
}
2019-12-15 08:19:52 +05:30
if ! repoExist {
2020-01-16 08:10:13 +05:30
if ! receivePack {
ctx . HandleText ( http . StatusNotFound , "Repository not found" )
return
}
2019-12-15 08:19:52 +05:30
if owner . IsOrganization ( ) && ! setting . Repository . EnablePushCreateOrg {
ctx . HandleText ( http . StatusForbidden , "Push to create is not enabled for organizations." )
return
}
if ! owner . IsOrganization ( ) && ! setting . Repository . EnablePushCreateUser {
ctx . HandleText ( http . StatusForbidden , "Push to create is not enabled for users." )
return
}
2020-01-16 08:10:13 +05:30
// Return dummy payload if GET receive-pack
if ctx . Req . Method == http . MethodGet {
dummyInfoRefs ( ctx )
return
}
2019-12-15 08:19:52 +05:30
repo , err = repo_service . PushCreateRepo ( authUser , owner , reponame )
if err != nil {
log . Error ( "pushCreateRepo: %v" , err )
ctx . Status ( http . StatusNotFound )
return
}
}
2020-04-19 19:56:58 +05:30
if isWiki {
// Ensure the wiki is enabled before we allow access to it
if _ , err := repo . GetUnit ( models . UnitTypeWiki ) ; err != nil {
if models . IsErrUnitTypeNotExist ( err ) {
ctx . HandleText ( http . StatusForbidden , "repository wiki is disabled" )
return
}
log . Error ( "Failed to get the wiki unit in %-v Error: %v" , repo , err )
ctx . ServerError ( "GetUnit(UnitTypeWiki) for " + repo . FullName ( ) , err )
return
}
}
2020-08-30 12:54:39 +05:30
environ = append ( environ , models . EnvRepoID + fmt . Sprintf ( "=%d" , repo . ID ) )
2019-12-15 08:19:52 +05:30
2019-11-21 21:54:43 +05:30
w := ctx . Resp
r := ctx . Req . Request
cfg := & serviceConfig {
2016-06-01 16:49:01 +05:30
UploadPack : true ,
ReceivePack : true ,
2017-02-25 20:24:40 +05:30
Env : environ ,
2019-11-21 21:54:43 +05:30
}
2020-06-10 20:56:28 +05:30
r . URL . Path = strings . ToLower ( r . URL . Path ) // blue: In case some repo name has upper case name
2019-11-21 21:54:43 +05:30
for _ , route := range routes {
if m := route . reg . FindStringSubmatch ( r . URL . Path ) ; m != nil {
if setting . Repository . DisableHTTPGit {
w . WriteHeader ( http . StatusForbidden )
_ , err := w . Write ( [ ] byte ( "Interacting with repositories by HTTP protocol is not allowed" ) )
if err != nil {
log . Error ( err . Error ( ) )
}
return
}
if route . method != r . Method {
if r . Proto == "HTTP/1.1" {
w . WriteHeader ( http . StatusMethodNotAllowed )
_ , err := w . Write ( [ ] byte ( "Method Not Allowed" ) )
if err != nil {
log . Error ( err . Error ( ) )
}
} else {
w . WriteHeader ( http . StatusBadRequest )
_ , err := w . Write ( [ ] byte ( "Bad Request" ) )
if err != nil {
log . Error ( err . Error ( ) )
}
}
return
}
file := strings . Replace ( r . URL . Path , m [ 1 ] + "/" , "" , 1 )
dir , err := getGitRepoPath ( m [ 1 ] )
if err != nil {
log . Error ( err . Error ( ) )
ctx . NotFound ( "Smart Git HTTP" , err )
return
}
route . handler ( serviceHandler { cfg , w , r , dir , file , cfg . Env } )
return
}
}
ctx . NotFound ( "Smart Git HTTP" , nil )
2014-04-10 23:50:58 +05:30
}
2020-01-16 08:10:13 +05:30
var (
infoRefsCache [ ] byte
infoRefsOnce sync . Once
)
func dummyInfoRefs ( ctx * context . Context ) {
infoRefsOnce . Do ( func ( ) {
tmpDir , err := ioutil . TempDir ( os . TempDir ( ) , "gitea-info-refs-cache" )
if err != nil {
log . Error ( "Failed to create temp dir for git-receive-pack cache: %v" , err )
return
}
defer func ( ) {
2020-08-12 01:35:34 +05:30
if err := util . RemoveAll ( tmpDir ) ; err != nil {
2020-01-16 08:10:13 +05:30
log . Error ( "RemoveAll: %v" , err )
}
} ( )
if err := git . InitRepository ( tmpDir , true ) ; err != nil {
log . Error ( "Failed to init bare repo for git-receive-pack cache: %v" , err )
return
}
refs , err := git . NewCommand ( "receive-pack" , "--stateless-rpc" , "--advertise-refs" , "." ) . RunInDirBytes ( tmpDir )
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( refs ) ) )
}
log . Debug ( "populating infoRefsCache: \n%s" , string ( refs ) )
infoRefsCache = refs
} )
ctx . Header ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
ctx . Header ( ) . Set ( "Pragma" , "no-cache" )
ctx . Header ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
ctx . Header ( ) . Set ( "Content-Type" , "application/x-git-receive-pack-advertisement" )
_ , _ = ctx . Write ( packetWrite ( "# service=git-receive-pack\n" ) )
_ , _ = ctx . Write ( [ ] byte ( "0000" ) )
_ , _ = ctx . Write ( infoRefsCache )
}
2016-06-01 16:49:01 +05:30
type serviceConfig struct {
UploadPack bool
ReceivePack bool
2017-02-25 20:24:40 +05:30
Env [ ] string
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
type serviceHandler struct {
2017-02-25 20:24:40 +05:30
cfg * serviceConfig
w http . ResponseWriter
r * http . Request
dir string
file string
environ [ ] string
2016-06-01 16:49:01 +05:30
}
func ( h * serviceHandler ) setHeaderNoCache ( ) {
h . w . Header ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
h . w . Header ( ) . Set ( "Pragma" , "no-cache" )
h . w . Header ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
}
func ( h * serviceHandler ) setHeaderCacheForever ( ) {
now := time . Now ( ) . Unix ( )
expires := now + 31536000
h . w . Header ( ) . Set ( "Date" , fmt . Sprintf ( "%d" , now ) )
h . w . Header ( ) . Set ( "Expires" , fmt . Sprintf ( "%d" , expires ) )
h . w . Header ( ) . Set ( "Cache-Control" , "public, max-age=31536000" )
}
func ( h * serviceHandler ) sendFile ( contentType string ) {
reqFile := path . Join ( h . dir , h . file )
fi , err := os . Stat ( reqFile )
if os . IsNotExist ( err ) {
h . w . WriteHeader ( http . StatusNotFound )
return
}
h . w . Header ( ) . Set ( "Content-Type" , contentType )
h . w . Header ( ) . Set ( "Content-Length" , fmt . Sprintf ( "%d" , fi . Size ( ) ) )
h . w . Header ( ) . Set ( "Last-Modified" , fi . ModTime ( ) . Format ( http . TimeFormat ) )
http . ServeFile ( h . w , h . r , reqFile )
2014-04-10 23:50:58 +05:30
}
2015-03-12 10:45:01 +05:30
type route struct {
2016-06-01 16:49:01 +05:30
reg * regexp . Regexp
2015-03-12 10:45:01 +05:30
method string
2016-06-01 16:49:01 +05:30
handler func ( serviceHandler )
2015-03-12 10:45:01 +05:30
}
2014-04-10 23:50:58 +05:30
var routes = [ ] route {
2019-06-13 01:11:28 +05:30
{ regexp . MustCompile ( ` (.*?)/git-upload-pack$ ` ) , "POST" , serviceUploadPack } ,
{ regexp . MustCompile ( ` (.*?)/git-receive-pack$ ` ) , "POST" , serviceReceivePack } ,
{ regexp . MustCompile ( ` (.*?)/info/refs$ ` ) , "GET" , getInfoRefs } ,
{ regexp . MustCompile ( ` (.*?)/HEAD$ ` ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( ` (.*?)/objects/info/alternates$ ` ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( ` (.*?)/objects/info/http-alternates$ ` ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( ` (.*?)/objects/info/packs$ ` ) , "GET" , getInfoPacks } ,
{ regexp . MustCompile ( ` (.*?)/objects/info/[^/]*$ ` ) , "GET" , getTextFile } ,
{ regexp . MustCompile ( ` (.*?)/objects/[0-9a-f] { 2}/[0-9a-f] { 38}$ ` ) , "GET" , getLooseObject } ,
{ regexp . MustCompile ( ` (.*?)/objects/pack/pack-[0-9a-f] { 40}\.pack$ ` ) , "GET" , getPackFile } ,
{ regexp . MustCompile ( ` (.*?)/objects/pack/pack-[0-9a-f] { 40}\.idx$ ` ) , "GET" , getIdxFile } ,
2014-04-10 23:50:58 +05:30
}
2020-07-08 04:01:49 +05:30
// one or more key=value pairs separated by colons
var safeGitProtocolHeader = regexp . MustCompile ( ` ^[0-9a-zA-Z]+=[0-9a-zA-Z]+(:[0-9a-zA-Z]+=[0-9a-zA-Z]+)*$ ` )
2019-06-26 23:45:26 +05:30
func getGitConfig ( option , dir string ) string {
out , err := git . NewCommand ( "config" , option ) . RunInDir ( dir )
2016-06-01 16:49:01 +05:30
if err != nil {
2019-06-01 20:30:21 +05:30
log . Error ( "%v - %s" , err , out )
2015-12-01 07:15:55 +05:30
}
2017-02-25 20:24:40 +05:30
return out [ 0 : len ( out ) - 1 ]
2016-06-01 16:49:01 +05:30
}
2015-12-01 07:15:55 +05:30
2016-06-01 16:49:01 +05:30
func getConfigSetting ( service , dir string ) bool {
2020-10-12 01:57:20 +05:30
service = strings . ReplaceAll ( service , "-" , "" )
2016-06-01 16:49:01 +05:30
setting := getGitConfig ( "http." + service , dir )
if service == "uploadpack" {
return setting != "false"
2015-12-01 07:15:55 +05:30
}
2016-06-01 16:49:01 +05:30
return setting == "true"
2015-12-01 07:15:55 +05:30
}
2016-06-01 16:49:01 +05:30
func hasAccess ( service string , h serviceHandler , checkContentType bool ) bool {
if checkContentType {
if h . r . Header . Get ( "Content-Type" ) != fmt . Sprintf ( "application/x-git-%s-request" , service ) {
return false
2014-04-10 23:50:58 +05:30
}
}
2016-06-01 16:49:01 +05:30
if ! ( service == "upload-pack" || service == "receive-pack" ) {
return false
}
if service == "receive-pack" {
return h . cfg . ReceivePack
}
if service == "upload-pack" {
return h . cfg . UploadPack
}
2014-04-10 23:50:58 +05:30
2016-06-01 16:49:01 +05:30
return getConfigSetting ( service , h . dir )
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func serviceRPC ( h serviceHandler , service string ) {
2019-06-13 01:11:28 +05:30
defer func ( ) {
if err := h . r . Body . Close ( ) ; err != nil {
log . Error ( "serviceRPC: Close: %v" , err )
}
} ( )
2014-04-10 23:50:58 +05:30
2016-06-01 16:49:01 +05:30
if ! hasAccess ( service , h , true ) {
h . w . WriteHeader ( http . StatusUnauthorized )
2014-04-10 23:50:58 +05:30
return
}
2017-02-21 20:32:10 +05:30
2016-06-01 16:49:01 +05:30
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-result" , service ) )
2014-04-10 23:50:58 +05:30
2017-02-25 20:24:40 +05:30
var err error
var reqBody = h . r . Body
2014-10-16 01:58:38 +05:30
// Handle GZIP.
2016-06-01 16:49:01 +05:30
if h . r . Header . Get ( "Content-Encoding" ) == "gzip" {
2014-10-16 01:58:38 +05:30
reqBody , err = gzip . NewReader ( reqBody )
if err != nil {
2019-06-01 20:30:21 +05:30
log . Error ( "Fail to create gzip reader: %v" , err )
2016-06-01 16:49:01 +05:30
h . w . WriteHeader ( http . StatusInternalServerError )
2014-10-16 01:58:38 +05:30
return
}
}
2017-02-25 20:24:40 +05:30
// set this for allow pre-receive and post-receive execute
h . environ = append ( h . environ , "SSH_ORIGINAL_COMMAND=" + service )
2017-02-21 20:32:10 +05:30
2020-07-08 04:01:49 +05:30
if protocol := h . r . Header . Get ( "Git-Protocol" ) ; protocol != "" && safeGitProtocolHeader . MatchString ( protocol ) {
h . environ = append ( h . environ , "GIT_PROTOCOL=" + protocol )
}
2019-11-30 20:10:22 +05:30
ctx , cancel := gocontext . WithCancel ( git . DefaultContext )
defer cancel ( )
2017-02-25 20:24:40 +05:30
var stderr bytes . Buffer
2019-11-30 20:10:22 +05:30
cmd := exec . CommandContext ( ctx , git . GitExecutable , service , "--stateless-rpc" , h . dir )
2016-06-01 16:49:01 +05:30
cmd . Dir = h . dir
2020-07-08 04:01:49 +05:30
cmd . Env = append ( os . Environ ( ) , h . environ ... )
2016-06-01 16:49:01 +05:30
cmd . Stdout = h . w
2017-02-25 20:24:40 +05:30
cmd . Stdin = reqBody
cmd . Stderr = & stderr
2019-11-30 20:10:22 +05:30
pid := process . GetManager ( ) . Add ( fmt . Sprintf ( "%s %s %s [repo_path: %s]" , git . GitExecutable , service , "--stateless-rpc" , h . dir ) , cancel )
defer process . GetManager ( ) . Remove ( pid )
2014-10-16 01:58:38 +05:30
if err := cmd . Run ( ) ; err != nil {
2020-10-18 19:40:11 +05:30
log . Error ( "Fail to serve RPC(%s) in %s: %v - %s" , service , h . dir , err , stderr . String ( ) )
2014-04-10 23:50:58 +05:30
return
}
}
2016-06-01 16:49:01 +05:30
func serviceUploadPack ( h serviceHandler ) {
serviceRPC ( h , "upload-pack" )
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func serviceReceivePack ( h serviceHandler ) {
serviceRPC ( h , "receive-pack" )
2014-04-10 23:50:58 +05:30
}
func getServiceType ( r * http . Request ) string {
serviceType := r . FormValue ( "service" )
2016-06-01 16:49:01 +05:30
if ! strings . HasPrefix ( serviceType , "git-" ) {
2014-04-10 23:50:58 +05:30
return ""
}
return strings . Replace ( serviceType , "git-" , "" , 1 )
}
2016-06-01 16:49:01 +05:30
func updateServerInfo ( dir string ) [ ] byte {
2019-06-26 23:45:26 +05:30
out , err := git . NewCommand ( "update-server-info" ) . RunInDirBytes ( dir )
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( out ) ) )
}
return out
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func packetWrite ( str string ) [ ] byte {
2017-02-25 20:24:40 +05:30
s := strconv . FormatInt ( int64 ( len ( str ) + 4 ) , 16 )
2016-06-01 16:49:01 +05:30
if len ( s ) % 4 != 0 {
s = strings . Repeat ( "0" , 4 - len ( s ) % 4 ) + s
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
return [ ] byte ( s + str )
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func getInfoRefs ( h serviceHandler ) {
h . setHeaderNoCache ( )
if hasAccess ( getServiceType ( h . r ) , h , false ) {
service := getServiceType ( h . r )
2020-07-08 04:01:49 +05:30
if protocol := h . r . Header . Get ( "Git-Protocol" ) ; protocol != "" && safeGitProtocolHeader . MatchString ( protocol ) {
h . environ = append ( h . environ , "GIT_PROTOCOL=" + protocol )
}
h . environ = append ( os . Environ ( ) , h . environ ... )
refs , err := git . NewCommand ( service , "--stateless-rpc" , "--advertise-refs" , "." ) . RunInDirTimeoutEnv ( h . environ , - 1 , h . dir )
2019-06-26 23:45:26 +05:30
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( refs ) ) )
}
2016-06-01 16:49:01 +05:30
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-advertisement" , service ) )
h . w . WriteHeader ( http . StatusOK )
2019-06-13 01:11:28 +05:30
_ , _ = h . w . Write ( packetWrite ( "# service=git-" + service + "\n" ) )
_ , _ = h . w . Write ( [ ] byte ( "0000" ) )
_ , _ = h . w . Write ( refs )
2016-06-01 16:49:01 +05:30
} else {
updateServerInfo ( h . dir )
h . sendFile ( "text/plain; charset=utf-8" )
2014-04-10 23:50:58 +05:30
}
}
2016-06-01 16:49:01 +05:30
func getTextFile ( h serviceHandler ) {
h . setHeaderNoCache ( )
h . sendFile ( "text/plain" )
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func getInfoPacks ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "text/plain; charset=utf-8" )
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func getLooseObject ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-loose-object" )
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func getPackFile ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects" )
}
2014-04-10 23:50:58 +05:30
2016-06-01 16:49:01 +05:30
func getIdxFile ( h serviceHandler ) {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects-toc" )
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
func getGitRepoPath ( subdir string ) ( string , error ) {
if ! strings . HasSuffix ( subdir , ".git" ) {
subdir += ".git"
}
2014-04-10 23:50:58 +05:30
2016-06-01 16:49:01 +05:30
fpath := path . Join ( setting . RepoRootPath , subdir )
if _ , err := os . Stat ( fpath ) ; os . IsNotExist ( err ) {
return "" , err
2014-04-10 23:50:58 +05:30
}
2016-06-01 16:49:01 +05:30
return fpath , nil
2014-04-10 23:50:58 +05:30
}