2014-04-16 10:37:07 +02:00
// Copyright 2014 The Gogs Authors. All rights reserved.
2019-04-26 00:42:50 +02:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2014-04-16 10:37:07 +02:00
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-04-10 20:20:58 +02:00
package repo
import (
2014-04-11 04:27:13 +02:00
"bytes"
2014-10-15 22:28:38 +02:00
"compress/gzip"
2022-01-20 00:26:57 +01:00
gocontext "context"
2014-04-10 20:20:58 +02:00
"fmt"
"net/http"
"os"
"path"
"regexp"
"strconv"
"strings"
2020-01-16 03:40:13 +01:00
"sync"
2014-04-10 20:20:58 +02:00
"time"
2016-11-10 17:24:48 +01:00
"code.gitea.io/gitea/models"
2022-01-02 14:12:35 +01:00
"code.gitea.io/gitea/models/auth"
2021-12-10 02:27:50 +01:00
"code.gitea.io/gitea/models/db"
2021-11-28 12:58:28 +01:00
"code.gitea.io/gitea/models/perm"
2021-12-10 02:27:50 +01:00
repo_model "code.gitea.io/gitea/models/repo"
2021-11-09 20:57:58 +01:00
"code.gitea.io/gitea/models/unit"
2021-11-11 08:03:30 +01:00
user_model "code.gitea.io/gitea/models/user"
2016-11-10 17:24:48 +01:00
"code.gitea.io/gitea/modules/context"
2019-06-26 20:15:26 +02:00
"code.gitea.io/gitea/modules/git"
2016-11-10 17:24:48 +01:00
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
2020-05-29 16:47:17 +02:00
"code.gitea.io/gitea/modules/structs"
2020-08-11 22:05:34 +02:00
"code.gitea.io/gitea/modules/util"
2019-12-15 03:49:52 +01:00
repo_service "code.gitea.io/gitea/services/repository"
2014-04-10 20:20:58 +02:00
)
2021-07-08 13:38:13 +02:00
// httpBase implementation git smart HTTP protocol
2021-01-26 16:36:53 +01:00
func httpBase ( ctx * context . Context ) ( h * serviceHandler ) {
if setting . Repository . DisableHTTPGit {
ctx . Resp . WriteHeader ( http . StatusForbidden )
_ , err := ctx . Resp . Write ( [ ] byte ( "Interacting with repositories by HTTP protocol is not allowed" ) )
if err != nil {
log . Error ( err . Error ( ) )
}
return
}
2019-01-14 22:05:27 +01:00
if len ( setting . Repository . AccessControlAllowOrigin ) > 0 {
2019-01-16 05:16:45 +01:00
allowedOrigin := setting . Repository . AccessControlAllowOrigin
2019-01-14 22:05:27 +01:00
// Set CORS headers for browser-based git clients
2019-01-16 05:16:45 +01:00
ctx . Resp . Header ( ) . Set ( "Access-Control-Allow-Origin" , allowedOrigin )
2019-01-14 22:05:27 +01:00
ctx . Resp . Header ( ) . Set ( "Access-Control-Allow-Headers" , "Content-Type, Authorization, User-Agent" )
// Handle preflight OPTIONS request
if ctx . Req . Method == "OPTIONS" {
2019-01-16 05:16:45 +01:00
if allowedOrigin == "*" {
ctx . Status ( http . StatusOK )
} else if allowedOrigin == "null" {
ctx . Status ( http . StatusForbidden )
} else {
origin := ctx . Req . Header . Get ( "Origin" )
if len ( origin ) > 0 && origin == allowedOrigin {
ctx . Status ( http . StatusOK )
} else {
ctx . Status ( http . StatusForbidden )
}
}
2019-01-14 22:05:27 +01:00
return
}
}
2014-07-26 06:24:27 +02:00
username := ctx . Params ( ":username" )
2015-12-01 02:45:55 +01:00
reponame := strings . TrimSuffix ( ctx . Params ( ":reponame" ) , ".git" )
2017-04-21 04:43:29 +02:00
2021-08-11 02:31:13 +02:00
if ctx . FormString ( "go-get" ) == "1" {
2017-09-23 15:24:24 +02:00
context . EarlyResponseForGoGetMeta ( ctx )
2017-04-21 04:43:29 +02:00
return
}
2014-04-10 20:20:58 +02:00
2020-01-16 03:40:13 +01:00
var isPull , receivePack bool
2021-08-11 02:31:13 +02:00
service := ctx . FormString ( "service" )
2014-04-10 20:20:58 +02:00
if service == "git-receive-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-receive-pack" ) {
isPull = false
2020-01-16 03:40:13 +01:00
receivePack = true
2014-04-10 20:20:58 +02:00
} else if service == "git-upload-pack" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-pack" ) {
isPull = true
2017-02-21 16:02:10 +01:00
} else if service == "git-upload-archive" ||
strings . HasSuffix ( ctx . Req . URL . Path , "git-upload-archive" ) {
isPull = true
2014-04-10 20:20:58 +02:00
} else {
2021-04-09 09:40:34 +02:00
isPull = ctx . Req . Method == "GET"
2014-04-10 20:20:58 +02:00
}
2021-11-28 12:58:28 +01:00
var accessMode perm . AccessMode
2017-02-21 16:02:10 +01:00
if isPull {
2021-11-28 12:58:28 +01:00
accessMode = perm . AccessModeRead
2017-02-21 16:02:10 +01:00
} else {
2021-11-28 12:58:28 +01:00
accessMode = perm . AccessModeWrite
2017-02-21 16:02:10 +01:00
}
2015-12-01 02:45:55 +01:00
isWiki := false
2022-01-20 18:46:10 +01:00
unitType := unit . TypeCode
2021-04-15 20:57:19 +02:00
var wikiRepoName string
2015-12-01 02:45:55 +01:00
if strings . HasSuffix ( reponame , ".wiki" ) {
isWiki = true
2021-11-09 20:57:58 +01:00
unitType = unit . TypeWiki
2021-04-15 20:57:19 +02:00
wikiRepoName = reponame
2017-02-25 15:54:40 +01:00
reponame = reponame [ : len ( reponame ) - 5 ]
2015-12-01 02:45:55 +01:00
}
2021-11-24 10:49:20 +01:00
owner , err := user_model . GetUserByName ( username )
2014-04-10 20:20:58 +02:00
if err != nil {
2021-11-24 10:49:20 +01:00
if user_model . IsErrUserNotExist ( err ) {
2021-11-11 08:03:30 +01:00
if redirectUserID , err := user_model . LookupUserRedirect ( username ) ; err == nil {
2021-01-24 16:23:05 +01:00
context . RedirectToUser ( ctx , username , redirectUserID )
} else {
2021-05-10 19:43:55 +02:00
ctx . NotFound ( fmt . Sprintf ( "User %s does not exist" , username ) , nil )
2021-01-24 16:23:05 +01:00
}
} else {
ctx . ServerError ( "GetUserByName" , err )
}
2019-04-25 07:51:40 +02:00
return
}
2020-11-18 10:58:25 +01:00
if ! owner . IsOrganization ( ) && ! owner . IsActive {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "Repository cannot be accessed. You cannot push or open issues/pull-requests." )
2020-11-13 00:29:11 +01:00
return
}
2019-04-25 07:51:40 +02:00
2019-12-15 03:49:52 +01:00
repoExist := true
2021-12-10 02:27:50 +01:00
repo , err := repo_model . GetRepositoryByName ( owner . ID , reponame )
2019-04-25 07:51:40 +02:00
if err != nil {
2021-12-10 02:27:50 +01:00
if repo_model . IsErrRepoNotExist ( err ) {
2021-12-12 16:48:20 +01:00
if redirectRepoID , err := repo_model . LookupRedirect ( owner . ID , reponame ) ; err == nil {
2019-04-25 07:51:40 +02:00
context . RedirectToRepo ( ctx , redirectRepoID )
2019-12-15 03:49:52 +01:00
return
2019-04-25 07:51:40 +02:00
}
2019-12-15 03:49:52 +01:00
repoExist = false
2019-04-25 07:51:40 +02:00
} else {
ctx . ServerError ( "GetRepositoryByName" , err )
2019-12-15 03:49:52 +01:00
return
2019-04-25 07:51:40 +02:00
}
2014-04-10 20:20:58 +02:00
}
2019-01-23 19:58:38 +01:00
// Don't allow pushing if the repo is archived
2019-12-15 03:49:52 +01:00
if repoExist && repo . IsArchived && ! isPull {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests." )
2019-01-23 19:58:38 +01:00
return
}
2015-02-07 21:47:23 +01:00
// Only public pull don't need auth.
2019-12-15 03:49:52 +01:00
isPublicPull := repoExist && ! repo . IsPrivate && isPull
2015-02-07 21:47:23 +01:00
var (
2021-05-15 17:32:09 +02:00
askAuth = ! isPublicPull || setting . Service . RequireSignInView
environ [ ] string
2015-02-07 21:47:23 +01:00
)
2014-04-11 04:27:13 +02:00
2020-05-29 16:47:17 +02:00
// don't allow anonymous pulls if organization is not public
if isPublicPull {
2021-12-10 02:27:50 +01:00
if err := repo . GetOwner ( db . DefaultContext ) ; err != nil {
2020-05-29 16:47:17 +02:00
ctx . ServerError ( "GetOwner" , err )
return
}
askAuth = askAuth || ( repo . Owner . Visibility != structs . VisibleTypePublic )
}
2014-04-10 20:20:58 +02:00
// check access
if askAuth {
2021-05-15 17:32:09 +02:00
// rely on the results of Contexter
if ! ctx . IsSigned {
// TODO: support digit auth - which would be Authorization header with digit
ctx . Resp . Header ( ) . Set ( "WWW-Authenticate" , "Basic realm=\".\"" )
ctx . Error ( http . StatusUnauthorized )
return
}
2016-12-28 22:33:59 +01:00
2021-05-19 04:30:33 +02:00
if ctx . IsBasicAuth && ctx . Data [ "IsApiToken" ] != true {
2022-01-02 14:12:35 +01:00
_ , err = auth . GetTwoFactorByUID ( ctx . User . ID )
2021-05-15 17:32:09 +02:00
if err == nil {
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusUnauthorized , "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page" )
2016-12-28 22:33:59 +01:00
return
2022-01-02 14:12:35 +01:00
} else if ! auth . IsErrTwoFactorNotEnrolled ( err ) {
2021-05-15 17:32:09 +02:00
ctx . ServerError ( "IsErrTwoFactorNotEnrolled" , err )
2015-01-08 15:16:38 +01:00
return
}
2018-03-29 03:39:51 +02:00
}
2014-04-10 20:20:58 +02:00
2021-05-15 17:32:09 +02:00
if ! ctx . User . IsActive || ctx . User . ProhibitLogin {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "Your account is disabled." )
2020-11-13 00:29:11 +01:00
return
}
2019-12-15 03:49:52 +01:00
if repoExist {
2021-11-28 12:58:28 +01:00
p , err := models . GetUserRepoPermission ( repo , ctx . User )
2019-12-15 03:49:52 +01:00
if err != nil {
ctx . ServerError ( "GetUserRepoPermission" , err )
return
}
2018-03-29 03:39:51 +02:00
2021-07-28 11:42:56 +02:00
// Because of special ref "refs/for" .. , need delay write permission check
if git . SupportProcReceive {
2021-11-28 12:58:28 +01:00
accessMode = perm . AccessModeRead
2021-07-28 11:42:56 +02:00
}
2021-11-28 12:58:28 +01:00
if ! p . CanAccess ( accessMode , unitType ) {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "User permission denied" )
2019-12-15 03:49:52 +01:00
return
}
2014-04-10 20:20:58 +02:00
2019-12-15 03:49:52 +01:00
if ! isPull && repo . IsMirror {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "mirror repository is read-only" )
2019-12-15 03:49:52 +01:00
return
}
2017-05-18 16:54:24 +02:00
}
2017-02-25 15:54:40 +01:00
environ = [ ] string {
models . EnvRepoUsername + "=" + username ,
models . EnvRepoName + "=" + reponame ,
2021-05-15 17:32:09 +02:00
models . EnvPusherName + "=" + ctx . User . Name ,
models . EnvPusherID + fmt . Sprintf ( "=%d" , ctx . User . ID ) ,
2019-10-21 10:21:45 +02:00
models . EnvIsDeployKey + "=false" ,
2020-09-07 05:53:42 +02:00
models . EnvAppURL + "=" + setting . AppURL ,
2015-12-01 02:45:55 +01:00
}
2018-07-26 18:38:55 +02:00
2021-05-15 17:32:09 +02:00
if ! ctx . User . KeepEmailPrivate {
environ = append ( environ , models . EnvPusherEmail + "=" + ctx . User . Email )
2018-07-26 18:38:55 +02:00
}
2017-02-25 15:54:40 +01:00
if isWiki {
environ = append ( environ , models . EnvRepoIsWiki + "=true" )
} else {
environ = append ( environ , models . EnvRepoIsWiki + "=false" )
2017-02-21 16:02:10 +01:00
}
}
2019-12-15 03:49:52 +01:00
if ! repoExist {
2020-01-16 03:40:13 +01:00
if ! receivePack {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusNotFound , "Repository not found" )
2020-01-16 03:40:13 +01:00
return
}
2021-04-15 20:57:19 +02:00
if isWiki { // you cannot send wiki operation before create the repository
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusNotFound , "Repository not found" )
2021-04-15 20:57:19 +02:00
return
}
2019-12-15 03:49:52 +01:00
if owner . IsOrganization ( ) && ! setting . Repository . EnablePushCreateOrg {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "Push to create is not enabled for organizations." )
2019-12-15 03:49:52 +01:00
return
}
if ! owner . IsOrganization ( ) && ! setting . Repository . EnablePushCreateUser {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "Push to create is not enabled for users." )
2019-12-15 03:49:52 +01:00
return
}
2020-01-16 03:40:13 +01:00
// Return dummy payload if GET receive-pack
if ctx . Req . Method == http . MethodGet {
dummyInfoRefs ( ctx )
return
}
2021-05-15 17:32:09 +02:00
repo , err = repo_service . PushCreateRepo ( ctx . User , owner , reponame )
2019-12-15 03:49:52 +01:00
if err != nil {
log . Error ( "pushCreateRepo: %v" , err )
ctx . Status ( http . StatusNotFound )
return
}
}
2020-04-19 16:26:58 +02:00
if isWiki {
// Ensure the wiki is enabled before we allow access to it
2021-11-09 20:57:58 +01:00
if _ , err := repo . GetUnit ( unit . TypeWiki ) ; err != nil {
2021-12-10 02:27:50 +01:00
if repo_model . IsErrUnitTypeNotExist ( err ) {
2021-12-15 07:59:57 +01:00
ctx . PlainText ( http . StatusForbidden , "repository wiki is disabled" )
2020-04-19 16:26:58 +02:00
return
}
log . Error ( "Failed to get the wiki unit in %-v Error: %v" , repo , err )
ctx . ServerError ( "GetUnit(UnitTypeWiki) for " + repo . FullName ( ) , err )
return
}
}
2020-08-30 09:24:39 +02:00
environ = append ( environ , models . EnvRepoID + fmt . Sprintf ( "=%d" , repo . ID ) )
2019-12-15 03:49:52 +01:00
2019-11-21 17:24:43 +01:00
w := ctx . Resp
2021-01-26 16:36:53 +01:00
r := ctx . Req
2019-11-21 17:24:43 +01:00
cfg := & serviceConfig {
2016-06-01 13:19:01 +02:00
UploadPack : true ,
ReceivePack : true ,
2017-02-25 15:54:40 +01:00
Env : environ ,
2019-11-21 17:24:43 +01:00
}
2020-06-10 17:26:28 +02:00
r . URL . Path = strings . ToLower ( r . URL . Path ) // blue: In case some repo name has upper case name
2021-12-10 02:27:50 +01:00
dir := repo_model . RepoPath ( username , reponame )
2021-04-15 20:57:19 +02:00
if isWiki {
2021-12-10 02:27:50 +01:00
dir = repo_model . RepoPath ( username , wikiRepoName )
2021-04-15 20:57:19 +02:00
}
2019-11-21 17:24:43 +01:00
2021-01-26 16:36:53 +01:00
return & serviceHandler { cfg , w , r , dir , cfg . Env }
2014-04-10 20:20:58 +02:00
}
2020-01-16 03:40:13 +01:00
var (
infoRefsCache [ ] byte
infoRefsOnce sync . Once
)
func dummyInfoRefs ( ctx * context . Context ) {
infoRefsOnce . Do ( func ( ) {
2021-09-22 07:38:34 +02:00
tmpDir , err := os . MkdirTemp ( os . TempDir ( ) , "gitea-info-refs-cache" )
2020-01-16 03:40:13 +01:00
if err != nil {
log . Error ( "Failed to create temp dir for git-receive-pack cache: %v" , err )
return
}
defer func ( ) {
2020-08-11 22:05:34 +02:00
if err := util . RemoveAll ( tmpDir ) ; err != nil {
2020-01-16 03:40:13 +01:00
log . Error ( "RemoveAll: %v" , err )
}
} ( )
2022-01-20 00:26:57 +01:00
if err := git . InitRepository ( ctx , tmpDir , true ) ; err != nil {
2020-01-16 03:40:13 +01:00
log . Error ( "Failed to init bare repo for git-receive-pack cache: %v" , err )
return
}
2022-01-20 00:26:57 +01:00
refs , err := git . NewCommandContext ( ctx , "receive-pack" , "--stateless-rpc" , "--advertise-refs" , "." ) . RunInDirBytes ( tmpDir )
2020-01-16 03:40:13 +01:00
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( refs ) ) )
}
log . Debug ( "populating infoRefsCache: \n%s" , string ( refs ) )
infoRefsCache = refs
} )
2021-12-15 07:59:57 +01:00
ctx . RespHeader ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
ctx . RespHeader ( ) . Set ( "Pragma" , "no-cache" )
ctx . RespHeader ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
ctx . RespHeader ( ) . Set ( "Content-Type" , "application/x-git-receive-pack-advertisement" )
2020-01-16 03:40:13 +01:00
_ , _ = ctx . Write ( packetWrite ( "# service=git-receive-pack\n" ) )
_ , _ = ctx . Write ( [ ] byte ( "0000" ) )
_ , _ = ctx . Write ( infoRefsCache )
}
2016-06-01 13:19:01 +02:00
type serviceConfig struct {
UploadPack bool
ReceivePack bool
2017-02-25 15:54:40 +01:00
Env [ ] string
2014-04-10 20:20:58 +02:00
}
2016-06-01 13:19:01 +02:00
type serviceHandler struct {
2017-02-25 15:54:40 +01:00
cfg * serviceConfig
w http . ResponseWriter
r * http . Request
dir string
environ [ ] string
2016-06-01 13:19:01 +02:00
}
func ( h * serviceHandler ) setHeaderNoCache ( ) {
h . w . Header ( ) . Set ( "Expires" , "Fri, 01 Jan 1980 00:00:00 GMT" )
h . w . Header ( ) . Set ( "Pragma" , "no-cache" )
h . w . Header ( ) . Set ( "Cache-Control" , "no-cache, max-age=0, must-revalidate" )
}
func ( h * serviceHandler ) setHeaderCacheForever ( ) {
now := time . Now ( ) . Unix ( )
expires := now + 31536000
h . w . Header ( ) . Set ( "Date" , fmt . Sprintf ( "%d" , now ) )
h . w . Header ( ) . Set ( "Expires" , fmt . Sprintf ( "%d" , expires ) )
h . w . Header ( ) . Set ( "Cache-Control" , "public, max-age=31536000" )
}
2021-06-09 14:53:12 +02:00
func containsParentDirectorySeparator ( v string ) bool {
if ! strings . Contains ( v , ".." ) {
return false
}
for _ , ent := range strings . FieldsFunc ( v , isSlashRune ) {
if ent == ".." {
return true
}
}
return false
}
func isSlashRune ( r rune ) bool { return r == '/' || r == '\\' }
2021-01-26 16:36:53 +01:00
func ( h * serviceHandler ) sendFile ( contentType , file string ) {
2021-06-09 14:53:12 +02:00
if containsParentDirectorySeparator ( file ) {
log . Error ( "request file path contains invalid path: %v" , file )
h . w . WriteHeader ( http . StatusBadRequest )
return
}
2021-01-26 16:36:53 +01:00
reqFile := path . Join ( h . dir , file )
2016-06-01 13:19:01 +02:00
fi , err := os . Stat ( reqFile )
if os . IsNotExist ( err ) {
h . w . WriteHeader ( http . StatusNotFound )
return
}
h . w . Header ( ) . Set ( "Content-Type" , contentType )
h . w . Header ( ) . Set ( "Content-Length" , fmt . Sprintf ( "%d" , fi . Size ( ) ) )
h . w . Header ( ) . Set ( "Last-Modified" , fi . ModTime ( ) . Format ( http . TimeFormat ) )
http . ServeFile ( h . w , h . r , reqFile )
2014-04-10 20:20:58 +02:00
}
2020-07-08 00:31:49 +02:00
// one or more key=value pairs separated by colons
var safeGitProtocolHeader = regexp . MustCompile ( ` ^[0-9a-zA-Z]+=[0-9a-zA-Z]+(:[0-9a-zA-Z]+=[0-9a-zA-Z]+)*$ ` )
2022-01-20 00:26:57 +01:00
func getGitConfig ( ctx gocontext . Context , option , dir string ) string {
out , err := git . NewCommandContext ( ctx , "config" , option ) . RunInDir ( dir )
2016-06-01 13:19:01 +02:00
if err != nil {
2019-06-01 17:00:21 +02:00
log . Error ( "%v - %s" , err , out )
2015-12-01 02:45:55 +01:00
}
2017-02-25 15:54:40 +01:00
return out [ 0 : len ( out ) - 1 ]
2016-06-01 13:19:01 +02:00
}
2015-12-01 02:45:55 +01:00
2022-01-20 00:26:57 +01:00
func getConfigSetting ( ctx gocontext . Context , service , dir string ) bool {
2020-10-11 22:27:20 +02:00
service = strings . ReplaceAll ( service , "-" , "" )
2022-01-20 00:26:57 +01:00
setting := getGitConfig ( ctx , "http." + service , dir )
2016-06-01 13:19:01 +02:00
if service == "uploadpack" {
return setting != "false"
2015-12-01 02:45:55 +01:00
}
2016-06-01 13:19:01 +02:00
return setting == "true"
2015-12-01 02:45:55 +01:00
}
2022-01-20 00:26:57 +01:00
func hasAccess ( ctx gocontext . Context , service string , h serviceHandler , checkContentType bool ) bool {
2016-06-01 13:19:01 +02:00
if checkContentType {
if h . r . Header . Get ( "Content-Type" ) != fmt . Sprintf ( "application/x-git-%s-request" , service ) {
return false
2014-04-10 20:20:58 +02:00
}
}
2016-06-01 13:19:01 +02:00
if ! ( service == "upload-pack" || service == "receive-pack" ) {
return false
}
if service == "receive-pack" {
return h . cfg . ReceivePack
}
if service == "upload-pack" {
return h . cfg . UploadPack
}
2014-04-10 20:20:58 +02:00
2022-01-20 00:26:57 +01:00
return getConfigSetting ( ctx , service , h . dir )
2014-04-10 20:20:58 +02:00
}
2022-01-20 00:26:57 +01:00
func serviceRPC ( ctx gocontext . Context , h serviceHandler , service string ) {
2019-06-12 21:41:28 +02:00
defer func ( ) {
if err := h . r . Body . Close ( ) ; err != nil {
log . Error ( "serviceRPC: Close: %v" , err )
}
} ( )
2014-04-10 20:20:58 +02:00
2022-01-20 00:26:57 +01:00
if ! hasAccess ( ctx , service , h , true ) {
2016-06-01 13:19:01 +02:00
h . w . WriteHeader ( http . StatusUnauthorized )
2014-04-10 20:20:58 +02:00
return
}
2017-02-21 16:02:10 +01:00
2016-06-01 13:19:01 +02:00
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-result" , service ) )
2014-04-10 20:20:58 +02:00
2017-02-25 15:54:40 +01:00
var err error
2022-01-20 18:46:10 +01:00
reqBody := h . r . Body
2014-10-15 22:28:38 +02:00
// Handle GZIP.
2016-06-01 13:19:01 +02:00
if h . r . Header . Get ( "Content-Encoding" ) == "gzip" {
2014-10-15 22:28:38 +02:00
reqBody , err = gzip . NewReader ( reqBody )
if err != nil {
2019-06-01 17:00:21 +02:00
log . Error ( "Fail to create gzip reader: %v" , err )
2016-06-01 13:19:01 +02:00
h . w . WriteHeader ( http . StatusInternalServerError )
2014-10-15 22:28:38 +02:00
return
}
}
2017-02-25 15:54:40 +01:00
// set this for allow pre-receive and post-receive execute
h . environ = append ( h . environ , "SSH_ORIGINAL_COMMAND=" + service )
2017-02-21 16:02:10 +01:00
2020-07-08 00:31:49 +02:00
if protocol := h . r . Header . Get ( "Git-Protocol" ) ; protocol != "" && safeGitProtocolHeader . MatchString ( protocol ) {
h . environ = append ( h . environ , "GIT_PROTOCOL=" + protocol )
}
2017-02-25 15:54:40 +01:00
var stderr bytes . Buffer
2022-01-23 22:19:32 +01:00
cmd := git . NewCommandContext ( h . r . Context ( ) , service , "--stateless-rpc" , h . dir )
2022-01-23 06:57:52 +01:00
cmd . SetDescription ( fmt . Sprintf ( "%s %s %s [repo_path: %s]" , git . GitExecutable , service , "--stateless-rpc" , h . dir ) )
if err := cmd . RunWithContext ( & git . RunContext {
Timeout : - 1 ,
Dir : h . dir ,
Env : append ( os . Environ ( ) , h . environ ... ) ,
Stdout : h . w ,
Stdin : reqBody ,
Stderr : & stderr ,
} ) ; err != nil {
2020-10-18 16:10:11 +02:00
log . Error ( "Fail to serve RPC(%s) in %s: %v - %s" , service , h . dir , err , stderr . String ( ) )
2014-04-10 20:20:58 +02:00
return
}
}
2021-01-26 16:36:53 +01:00
// ServiceUploadPack implements Git Smart HTTP protocol
func ServiceUploadPack ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
2022-01-20 00:26:57 +01:00
serviceRPC ( ctx , * h , "upload-pack" )
2021-01-26 16:36:53 +01:00
}
2014-04-10 20:20:58 +02:00
}
2021-01-26 16:36:53 +01:00
// ServiceReceivePack implements Git Smart HTTP protocol
func ServiceReceivePack ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
2022-01-20 00:26:57 +01:00
serviceRPC ( ctx , * h , "receive-pack" )
2021-01-26 16:36:53 +01:00
}
2014-04-10 20:20:58 +02:00
}
func getServiceType ( r * http . Request ) string {
serviceType := r . FormValue ( "service" )
2016-06-01 13:19:01 +02:00
if ! strings . HasPrefix ( serviceType , "git-" ) {
2014-04-10 20:20:58 +02:00
return ""
}
return strings . Replace ( serviceType , "git-" , "" , 1 )
}
2022-01-20 00:26:57 +01:00
func updateServerInfo ( ctx gocontext . Context , dir string ) [ ] byte {
out , err := git . NewCommandContext ( ctx , "update-server-info" ) . RunInDirBytes ( dir )
2019-06-26 20:15:26 +02:00
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( out ) ) )
}
return out
2014-04-10 20:20:58 +02:00
}
2016-06-01 13:19:01 +02:00
func packetWrite ( str string ) [ ] byte {
2017-02-25 15:54:40 +01:00
s := strconv . FormatInt ( int64 ( len ( str ) + 4 ) , 16 )
2016-06-01 13:19:01 +02:00
if len ( s ) % 4 != 0 {
s = strings . Repeat ( "0" , 4 - len ( s ) % 4 ) + s
2014-04-10 20:20:58 +02:00
}
2016-06-01 13:19:01 +02:00
return [ ] byte ( s + str )
2014-04-10 20:20:58 +02:00
}
2021-01-26 16:36:53 +01:00
// GetInfoRefs implements Git dumb HTTP
func GetInfoRefs ( ctx * context . Context ) {
h := httpBase ( ctx )
if h == nil {
return
}
2016-06-01 13:19:01 +02:00
h . setHeaderNoCache ( )
2022-01-20 00:26:57 +01:00
if hasAccess ( ctx , getServiceType ( h . r ) , * h , false ) {
2016-06-01 13:19:01 +02:00
service := getServiceType ( h . r )
2020-07-08 00:31:49 +02:00
if protocol := h . r . Header . Get ( "Git-Protocol" ) ; protocol != "" && safeGitProtocolHeader . MatchString ( protocol ) {
h . environ = append ( h . environ , "GIT_PROTOCOL=" + protocol )
}
h . environ = append ( os . Environ ( ) , h . environ ... )
2022-01-20 00:26:57 +01:00
refs , err := git . NewCommandContext ( ctx , service , "--stateless-rpc" , "--advertise-refs" , "." ) . RunInDirTimeoutEnv ( h . environ , - 1 , h . dir )
2019-06-26 20:15:26 +02:00
if err != nil {
log . Error ( fmt . Sprintf ( "%v - %s" , err , string ( refs ) ) )
}
2016-06-01 13:19:01 +02:00
h . w . Header ( ) . Set ( "Content-Type" , fmt . Sprintf ( "application/x-git-%s-advertisement" , service ) )
h . w . WriteHeader ( http . StatusOK )
2019-06-12 21:41:28 +02:00
_ , _ = h . w . Write ( packetWrite ( "# service=git-" + service + "\n" ) )
_ , _ = h . w . Write ( [ ] byte ( "0000" ) )
_ , _ = h . w . Write ( refs )
2016-06-01 13:19:01 +02:00
} else {
2022-01-20 00:26:57 +01:00
updateServerInfo ( ctx , h . dir )
2021-01-26 16:36:53 +01:00
h . sendFile ( "text/plain; charset=utf-8" , "info/refs" )
2014-04-10 20:20:58 +02:00
}
}
2021-01-26 16:36:53 +01:00
// GetTextFile implements Git dumb HTTP
func GetTextFile ( p string ) func ( * context . Context ) {
return func ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderNoCache ( )
file := ctx . Params ( "file" )
if file != "" {
h . sendFile ( "text/plain" , "objects/info/" + file )
} else {
h . sendFile ( "text/plain" , p )
}
}
}
2014-04-10 20:20:58 +02:00
}
2021-01-26 16:36:53 +01:00
// GetInfoPacks implements Git dumb HTTP
func GetInfoPacks ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "text/plain; charset=utf-8" , "objects/info/packs" )
}
2016-06-01 13:19:01 +02:00
}
2014-04-10 20:20:58 +02:00
2021-01-26 16:36:53 +01:00
// GetLooseObject implements Git dumb HTTP
func GetLooseObject ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-loose-object" , fmt . Sprintf ( "objects/%s/%s" ,
ctx . Params ( "head" ) , ctx . Params ( "hash" ) ) )
}
2014-04-10 20:20:58 +02:00
}
2021-01-26 16:36:53 +01:00
// GetPackFile implements Git dumb HTTP
func GetPackFile ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects" , "objects/pack/pack-" + ctx . Params ( "file" ) + ".pack" )
2016-06-01 13:19:01 +02:00
}
2021-01-26 16:36:53 +01:00
}
2014-04-10 20:20:58 +02:00
2021-01-26 16:36:53 +01:00
// GetIdxFile implements Git dumb HTTP
func GetIdxFile ( ctx * context . Context ) {
h := httpBase ( ctx )
if h != nil {
h . setHeaderCacheForever ( )
h . sendFile ( "application/x-git-packed-objects-toc" , "objects/pack/pack-" + ctx . Params ( "file" ) + ".idx" )
2014-04-10 20:20:58 +02:00
}
}