wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
7160 Commits
197 Branches
346 MB
814 Download
Tree: 44114b38e6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '44114b38e6'
${ noResults }
aiforge/routers/repo/http.go

http.go 15 kB
Raw Normal View History

Auth problem related #80
11 years ago
fix
11 years ago
add actions for http push
11 years ago
Fix #572
11 years ago
fix
11 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
9 years ago
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
8 years ago
fix
11 years ago
golint fixed for routers (#208)
9 years ago
Rename module: middleware -> context
9 years ago
Support CORS headers to git smart http protocol (#5719)
6 years ago
Add proper CORS preflight origin validation (#5740)
6 years ago
Support CORS headers to git smart http protocol (#5719)
6 years ago
Add proper CORS preflight origin validation (#5740)
6 years ago
Support CORS headers to git smart http protocol (#5719)
6 years ago
Add proper CORS preflight origin validation (#5740)
6 years ago
Support CORS headers to git smart http protocol (#5719)
6 years ago
New UI merge in progress
11 years ago
finish wiki
10 years ago
fix go get sub package and add domain on installation to let go get work defaultly (#1518) * fix go get sub package and add domain on installation to let go get work defaultly * fix import sequence * fix .git problem
8 years ago
fix go get subpackage bug (#2584) * fix go get subpackage bug * merge the duplicated funtions
8 years ago
fix go get sub package and add domain on installation to let go get work defaultly (#1518) * fix go get sub package and add domain on installation to let go get work defaultly * fix import sequence * fix .git problem
8 years ago
fix
11 years ago
Protected branches system (#339) * Protected branches system * Moved default branch to branches section (`:org/:reponame/settings/branches`). * Initial support Protected Branch. - Admin does not restrict - Owner not to limit - To write permission restrictions * reformat tmpl * finished the UI and add/delete protected branch response * remove unused comment * indent all the template files and remove ru translations since we use crowdin * fix the push bug
8 years ago
fix
11 years ago
Protected branches system (#339) * Protected branches system * Moved default branch to branches section (`:org/:reponame/settings/branches`). * Initial support Protected Branch. - Admin does not restrict - Owner not to limit - To write permission restrictions * reformat tmpl * finished the UI and add/delete protected branch response * remove unused comment * indent all the template files and remove ru translations since we use crowdin * fix the push bug
8 years ago
finish wiki
10 years ago
Add units to team (#947) * add units to team * fix lint * finish team setting backend * finished permission controll on routes * fix import blank line * add unit check on ssh/http pull and push and fix test failed * fix fixtures data * remove unused code
8 years ago
finish wiki
10 years ago
Add units to team (#947) * add units to team * fix lint * finish team setting backend * finished permission controll on routes * fix import blank line * add unit check on ssh/http pull and push and fix test failed * fix fixtures data * remove unused code
8 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
finish wiki
10 years ago
Remove GetRepositoryByRef and add GetRepositoryByOwnerAndName (#3043) * remove GetRepositoryByRef and add GetRepositoryByOwnerAndName * fix tests * fix tests bug * some improvements
8 years ago
fix
11 years ago
Remove GetRepositoryByRef and add GetRepositoryByOwnerAndName (#3043) * remove GetRepositoryByRef and add GetRepositoryByOwnerAndName * fix tests * fix tests bug * some improvements
8 years ago
fix
11 years ago
Feature: Archive repos (#5009)
6 years ago
routers/repo/http.go: allow HTTP push/pull by token for #845
10 years ago
Fix auth issue on #80
11 years ago
routers/repo/http.go: allow HTTP push/pull by token for #845
10 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
routers/repo/http.go: allow HTTP push/pull by token for #845
10 years ago
add actions for http push
11 years ago
fix
11 years ago
Make reverse proxy auth optional (#4643) * Make reverse proxy auth optional If the option ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, make reverse proxy auth optional, instead of failing if the authentication did not succeed. Fixes #3973 Signed-off-by: Najib Idrissi <najib.idrissi.kaitouni@gmail.com> * Update http.go
7 years ago
push + pull now works with reverse proxy + basic auth on apache 2.4
9 years ago
routers/repo/http.go: allow HTTP push/pull by token for #845
10 years ago
push + pull now works with reverse proxy + basic auth on apache 2.4
9 years ago
routers/repo/http.go: allow HTTP push/pull by token for #845
10 years ago
allow http push by token - #842
11 years ago
fix gofmt error Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
9 years ago
push + pull now works with reverse proxy + basic auth on apache 2.4
9 years ago
token recent activity
10 years ago
push + pull now works with reverse proxy + basic auth on apache 2.4
9 years ago
routers/repo/http.go: allow HTTP push/pull by token for #845
10 years ago
push + pull now works with reverse proxy + basic auth on apache 2.4
9 years ago
allow http push by token - #842
11 years ago
fix
11 years ago
In basic auth check for tokens before call UserSignIn (#5725) * Check first if user/password is a token * In basic auth check if user/password is a token * Remove unnecessary else statement * Changes of fmt
6 years ago
Only allow token authentication with 2FA enabled (#2184) * Don't allow for plain username/password authentication when 2FA is enabled * Removed debugging statement * Don't assume a token belongs to a given user, handle two-factor errors properly * Simplified user/token matching, refactored error handling for two-factor authentication * Change authentication response to avoid bruteforcing * Add TODO item as a comment for changing the response for security purposes
8 years ago
In basic auth check for tokens before call UserSignIn (#5725) * Check first if user/password is a token * In basic auth check if user/password is a token * Remove unnecessary else statement * Changes of fmt
6 years ago
fix .netrc authentication (#2700) * provide both possible authentication solutions Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
8 years ago
Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound
8 years ago
fix .netrc authentication (#2700) * provide both possible authentication solutions Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
8 years ago
Only allow token authentication with 2FA enabled (#2184) * Don't allow for plain username/password authentication when 2FA is enabled * Removed debugging statement * Don't assume a token belongs to a given user, handle two-factor errors properly * Simplified user/token matching, refactored error handling for two-factor authentication * Change authentication response to avoid bruteforcing * Add TODO item as a comment for changing the response for security purposes
8 years ago
In basic auth check for tokens before call UserSignIn (#5725) * Check first if user/password is a token * In basic auth check if user/password is a token * Remove unnecessary else statement * Changes of fmt
6 years ago
Only allow token authentication with 2FA enabled (#2184) * Don't allow for plain username/password authentication when 2FA is enabled * Removed debugging statement * Don't assume a token belongs to a given user, handle two-factor errors properly * Simplified user/token matching, refactored error handling for two-factor authentication * Change authentication response to avoid bruteforcing * Add TODO item as a comment for changing the response for security purposes
8 years ago
In basic auth check for tokens before call UserSignIn (#5725) * Check first if user/password is a token * In basic auth check if user/password is a token * Remove unnecessary else statement * Changes of fmt
6 years ago
push + pull now works with reverse proxy + basic auth on apache 2.4
9 years ago
In basic auth check for tokens before call UserSignIn (#5725) * Check first if user/password is a token * In basic auth check if user/password is a token * Remove unnecessary else statement * Changes of fmt
6 years ago
Only allow token authentication with 2FA enabled (#2184) * Don't allow for plain username/password authentication when 2FA is enabled * Removed debugging statement * Don't assume a token belongs to a given user, handle two-factor errors properly * Simplified user/token matching, refactored error handling for two-factor authentication * Change authentication response to avoid bruteforcing * Add TODO item as a comment for changing the response for security purposes
8 years ago
In basic auth check for tokens before call UserSignIn (#5725) * Check first if user/password is a token * In basic auth check if user/password is a token * Remove unnecessary else statement * Changes of fmt
6 years ago
fix .netrc authentication (#2700) * provide both possible authentication solutions Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
8 years ago
In basic auth check for tokens before call UserSignIn (#5725) * Check first if user/password is a token * In basic auth check if user/password is a token * Remove unnecessary else statement * Changes of fmt
6 years ago
Only allow token authentication with 2FA enabled (#2184) * Don't allow for plain username/password authentication when 2FA is enabled * Removed debugging statement * Don't assume a token belongs to a given user, handle two-factor errors properly * Simplified user/token matching, refactored error handling for two-factor authentication * Change authentication response to avoid bruteforcing * Add TODO item as a comment for changing the response for security purposes
8 years ago
Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound
8 years ago
push + pull now works with reverse proxy + basic auth on apache 2.4
9 years ago
Fix auth issue on #80
11 years ago
Correctly check http git access rights for reverse proxy authorized users (#3721)
7 years ago
fix
11 years ago
Restrict permission check on repositories and fix some problems (#5314) * fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check
7 years ago
Correctly check http git access rights for reverse proxy authorized users (#3721)
7 years ago
Restrict permission check on repositories and fix some problems (#5314) * fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check
7 years ago
fix
11 years ago
Restrict permission check on repositories and fix some problems (#5314) * fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check
7 years ago
Add units to team (#947) * add units to team * fix lint * finish team setting backend * finished permission controll on routes * fix import blank line * add unit check on ssh/http pull and push and fix test failed * fix fixtures data * remove unused code
8 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
finish wiki
10 years ago
env var GITEA_PUSHER_EMAIL (#4516) * env var GITEA_PUSHER_EMAIL * set pusher email only if email address is not private
7 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
Protected branches system (#339) * Protected branches system * Moved default branch to branches section (`:org/:reponame/settings/branches`). * Initial support Protected Branch. - Admin does not restrict - Owner not to limit - To write permission restrictions * reformat tmpl * finished the UI and add/delete protected branch response * remove unused comment * indent all the template files and remove ru translations since we use crowdin * fix the push bug
8 years ago
repo/http: clean code
9 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
10 years ago
fix
11 years ago
repo/http: clean code
9 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
fix
11 years ago
repo/http: clean code
9 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
repo/http: clean code
9 years ago
fix
11 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
10 years ago
repo/http: clean code
9 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
10 years ago
repo/http: clean code
9 years ago
fix HTTP/HTTPS push update func call panic #1037 and `http: multiple response.WriteHeader calls`
10 years ago
fix
11 years ago
repo/http: clean code
9 years ago
finish wiki
10 years ago
repo/http: clean code
9 years ago
finish wiki
10 years ago
repo/http: clean code
9 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
repo/http: clean code
9 years ago
finish wiki
10 years ago
repo/http: clean code
9 years ago
finish wiki
10 years ago
repo/http: clean code
9 years ago
finish wiki
10 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
Protected branches system (#339) * Protected branches system * Moved default branch to branches section (`:org/:reponame/settings/branches`). * Initial support Protected Branch. - Admin does not restrict - Owner not to limit - To write permission restrictions * reformat tmpl * finished the UI and add/delete protected branch response * remove unused comment * indent all the template files and remove ru translations since we use crowdin * fix the push bug
8 years ago
repo/http: clean code
9 years ago
fix
11 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
Fix #572
11 years ago
repo/http: clean code
9 years ago
Fix #572
11 years ago
repo/http: clean code
9 years ago
Fix #572
11 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
Protected branches system (#339) * Protected branches system * Moved default branch to branches section (`:org/:reponame/settings/branches`). * Initial support Protected Branch. - Admin does not restrict - Owner not to limit - To write permission restrictions * reformat tmpl * finished the UI and add/delete protected branch response * remove unused comment * indent all the template files and remove ru translations since we use crowdin * fix the push bug
8 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
repo/http: clean code
9 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
repo/http: clean code
9 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
Fix #572
11 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
fix
11 years ago
golint fixed for routers (#208)
9 years ago
repo/http: clean code
9 years ago
rename variable + fix wiki link
9 years ago
Can disable GIT interactions by HTTP protocol
9 years ago
repo/http: clean code
9 years ago
fix
11 years ago
repo/http: clean code
9 years ago
Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound
8 years ago
repo/http: clean code
9 years ago
fix
11 years ago
Move push update to post-receive and protected branch check to pre-receive (#1030) * move all push update to git hook post-receive and protected branch check to git hook pre-receive * add SSH_ORIGINAL_COMMAND check back * remove all unused codes * fix the import
8 years ago
repo/http: clean code
9 years ago
Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound
8 years ago
repo/http: clean code
9 years ago
fix
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package repo

  6. 

  7. import (

  8. 	"bytes"

  9. 	"compress/gzip"

  10. 	"fmt"

  11. 	"net/http"

  12. 	"os"

  13. 	"os/exec"

  14. 	"path"

  15. 	"regexp"

  16. 	"strconv"

  17. 	"strings"

  18. 	"time"

  19. 

  20. 	"code.gitea.io/gitea/models"

  21. 	"code.gitea.io/gitea/modules/base"

  22. 	"code.gitea.io/gitea/modules/context"

  23. 	"code.gitea.io/gitea/modules/log"

  24. 	"code.gitea.io/gitea/modules/setting"

  25. 	"code.gitea.io/gitea/modules/util"

  26. )

  27. 

  28. // HTTP implmentation git smart HTTP protocol

  29. func HTTP(ctx *context.Context) {

  30. 	if len(setting.Repository.AccessControlAllowOrigin) > 0 {

  31. 		allowedOrigin := setting.Repository.AccessControlAllowOrigin

  32. 		// Set CORS headers for browser-based git clients

  33. 		ctx.Resp.Header().Set("Access-Control-Allow-Origin", allowedOrigin)

  34. 		ctx.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, User-Agent")

  35. 

  36. 		// Handle preflight OPTIONS request

  37. 		if ctx.Req.Method == "OPTIONS" {

  38. 			if allowedOrigin == "*" {

  39. 				ctx.Status(http.StatusOK)

  40. 			} else if allowedOrigin == "null" {

  41. 				ctx.Status(http.StatusForbidden)

  42. 			} else {

  43. 				origin := ctx.Req.Header.Get("Origin")

  44. 				if len(origin) > 0 && origin == allowedOrigin {

  45. 					ctx.Status(http.StatusOK)

  46. 				} else {

  47. 					ctx.Status(http.StatusForbidden)

  48. 				}

  49. 			}

  50. 			return

  51. 		}

  52. 	}

  53. 

  54. 	username := ctx.Params(":username")

  55. 	reponame := strings.TrimSuffix(ctx.Params(":reponame"), ".git")

  56. 

  57. 	if ctx.Query("go-get") == "1" {

  58. 		context.EarlyResponseForGoGetMeta(ctx)

  59. 		return

  60. 	}

  61. 

  62. 	var isPull bool

  63. 	service := ctx.Query("service")

  64. 	if service == "git-receive-pack" ||

  65. 		strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") {

  66. 		isPull = false

  67. 	} else if service == "git-upload-pack" ||

  68. 		strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") {

  69. 		isPull = true

  70. 	} else if service == "git-upload-archive" ||

  71. 		strings.HasSuffix(ctx.Req.URL.Path, "git-upload-archive") {

  72. 		isPull = true

  73. 	} else {

  74. 		isPull = (ctx.Req.Method == "GET")

  75. 	}

  76. 

  77. 	var accessMode models.AccessMode

  78. 	if isPull {

  79. 		accessMode = models.AccessModeRead

  80. 	} else {

  81. 		accessMode = models.AccessModeWrite

  82. 	}

  83. 

  84. 	isWiki := false

  85. 	var unitType = models.UnitTypeCode

  86. 	if strings.HasSuffix(reponame, ".wiki") {

  87. 		isWiki = true

  88. 		unitType = models.UnitTypeWiki

  89. 		reponame = reponame[:len(reponame)-5]

  90. 	}

  91. 

  92. 	repo, err := models.GetRepositoryByOwnerAndName(username, reponame)

  93. 	if err != nil {

  94. 		ctx.NotFoundOrServerError("GetRepositoryByOwnerAndName", models.IsErrRepoNotExist, err)

  95. 		return

  96. 	}

  97. 

  98. 	// Don't allow pushing if the repo is archived

  99. 	if repo.IsArchived && !isPull {

  100. 		ctx.HandleText(http.StatusForbidden, "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.")

  101. 		return

  102. 	}

  103. 

  104. 	// Only public pull don't need auth.

  105. 	isPublicPull := !repo.IsPrivate && isPull

  106. 	var (

  107. 		askAuth      = !isPublicPull || setting.Service.RequireSignInView

  108. 		authUser     *models.User

  109. 		authUsername string

  110. 		authPasswd   string

  111. 		environ      []string

  112. 	)

  113. 

  114. 	// check access

  115. 	if askAuth {

  116. 		authUsername = ctx.Req.Header.Get(setting.ReverseProxyAuthUser)

  117. 		if setting.Service.EnableReverseProxyAuth && len(authUsername) > 0 {

  118. 			authUser, err = models.GetUserByName(authUsername)

  119. 			if err != nil {

  120. 				ctx.HandleText(401, "reverse proxy login error, got error while running GetUserByName")

  121. 				return

  122. 			}

  123. 		} else {

  124. 			authHead := ctx.Req.Header.Get("Authorization")

  125. 			if len(authHead) == 0 {

  126. 				ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"")

  127. 				ctx.Error(http.StatusUnauthorized)

  128. 				return

  129. 			}

  130. 

  131. 			auths := strings.Fields(authHead)

  132. 			// currently check basic auth

  133. 			// TODO: support digit auth

  134. 			// FIXME: middlewares/context.go did basic auth check already,

  135. 			// maybe could use that one.

  136. 			if len(auths) != 2 || auths[0] != "Basic" {

  137. 				ctx.HandleText(http.StatusUnauthorized, "no basic auth and digit auth")

  138. 				return

  139. 			}

  140. 			authUsername, authPasswd, err = base.BasicAuthDecode(auths[1])

  141. 			if err != nil {

  142. 				ctx.HandleText(http.StatusUnauthorized, "no basic auth and digit auth")

  143. 				return

  144. 			}

  145. 

  146. 			// Check if username or password is a token

  147. 			isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic"

  148. 			// Assume username is token

  149. 			authToken := authUsername

  150. 			if !isUsernameToken {

  151. 				// Assume password is token

  152. 				authToken = authPasswd

  153. 			}

  154. 			// Assume password is a token.

  155. 			token, err := models.GetAccessTokenBySHA(authToken)

  156. 			if err == nil {

  157. 				if isUsernameToken {

  158. 					authUser, err = models.GetUserByID(token.UID)

  159. 					if err != nil {

  160. 						ctx.ServerError("GetUserByID", err)

  161. 						return

  162. 					}

  163. 				} else {

  164. 					authUser, err = models.GetUserByName(authUsername)

  165. 					if err != nil {

  166. 						if models.IsErrUserNotExist(err) {

  167. 							ctx.HandleText(http.StatusUnauthorized, "invalid credentials")

  168. 						} else {

  169. 							ctx.ServerError("GetUserByName", err)

  170. 						}

  171. 						return

  172. 					}

  173. 					if authUser.ID != token.UID {

  174. 						ctx.HandleText(http.StatusUnauthorized, "invalid credentials")

  175. 						return

  176. 					}

  177. 				}

  178. 				token.UpdatedUnix = util.TimeStampNow()

  179. 				if err = models.UpdateAccessToken(token); err != nil {

  180. 					ctx.ServerError("UpdateAccessToken", err)

  181. 				}

  182. 			} else {

  183. 				if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {

  184. 					log.Error(4, "GetAccessTokenBySha: %v", err)

  185. 				}

  186. 			}

  187. 

  188. 			if authUser == nil {

  189. 				// Check username and password

  190. 				authUser, err = models.UserSignIn(authUsername, authPasswd)

  191. 				if err != nil {

  192. 					if !models.IsErrUserNotExist(err) {

  193. 						ctx.ServerError("UserSignIn error: %v", err)

  194. 						return

  195. 					}

  196. 				}

  197. 

  198. 				if authUser == nil {

  199. 					ctx.HandleText(http.StatusUnauthorized, "invalid credentials")

  200. 					return

  201. 				}

  202. 

  203. 				_, err = models.GetTwoFactorByUID(authUser.ID)

  204. 				if err == nil {

  205. 					// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented

  206. 					ctx.HandleText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page")

  207. 					return

  208. 				} else if !models.IsErrTwoFactorNotEnrolled(err) {

  209. 					ctx.ServerError("IsErrTwoFactorNotEnrolled", err)

  210. 					return

  211. 				}

  212. 			}

  213. 		}

  214. 

  215. 		perm, err := models.GetUserRepoPermission(repo, authUser)

  216. 		if err != nil {

  217. 			ctx.ServerError("GetUserRepoPermission", err)

  218. 			return

  219. 		}

  220. 

  221. 		if !perm.CanAccess(accessMode, unitType) {

  222. 			ctx.HandleText(http.StatusForbidden, "User permission denied")

  223. 			return

  224. 		}

  225. 

  226. 		if !isPull && repo.IsMirror {

  227. 			ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")

  228. 			return

  229. 		}

  230. 

  231. 		environ = []string{

  232. 			models.EnvRepoUsername + "=" + username,

  233. 			models.EnvRepoName + "=" + reponame,

  234. 			models.EnvPusherName + "=" + authUser.Name,

  235. 			models.EnvPusherID + fmt.Sprintf("=%d", authUser.ID),

  236. 			models.ProtectedBranchRepoID + fmt.Sprintf("=%d", repo.ID),

  237. 		}

  238. 

  239. 		if !authUser.KeepEmailPrivate {

  240. 			environ = append(environ, models.EnvPusherEmail+"="+authUser.Email)

  241. 		}

  242. 

  243. 		if isWiki {

  244. 			environ = append(environ, models.EnvRepoIsWiki+"=true")

  245. 		} else {

  246. 			environ = append(environ, models.EnvRepoIsWiki+"=false")

  247. 		}

  248. 	}

  249. 

  250. 	HTTPBackend(ctx, &serviceConfig{

  251. 		UploadPack:  true,

  252. 		ReceivePack: true,

  253. 		Env:         environ,

  254. 	})(ctx.Resp, ctx.Req.Request)

  255. }

  256. 

  257. type serviceConfig struct {

  258. 	UploadPack  bool

  259. 	ReceivePack bool

  260. 	Env         []string

  261. }

  262. 

  263. type serviceHandler struct {

  264. 	cfg     *serviceConfig

  265. 	w       http.ResponseWriter

  266. 	r       *http.Request

  267. 	dir     string

  268. 	file    string

  269. 	environ []string

  270. }

  271. 

  272. func (h *serviceHandler) setHeaderNoCache() {

  273. 	h.w.Header().Set("Expires", "Fri, 01 Jan 1980 00:00:00 GMT")

  274. 	h.w.Header().Set("Pragma", "no-cache")

  275. 	h.w.Header().Set("Cache-Control", "no-cache, max-age=0, must-revalidate")

  276. }

  277. 

  278. func (h *serviceHandler) setHeaderCacheForever() {

  279. 	now := time.Now().Unix()

  280. 	expires := now + 31536000

  281. 	h.w.Header().Set("Date", fmt.Sprintf("%d", now))

  282. 	h.w.Header().Set("Expires", fmt.Sprintf("%d", expires))

  283. 	h.w.Header().Set("Cache-Control", "public, max-age=31536000")

  284. }

  285. 

  286. func (h *serviceHandler) sendFile(contentType string) {

  287. 	reqFile := path.Join(h.dir, h.file)

  288. 

  289. 	fi, err := os.Stat(reqFile)

  290. 	if os.IsNotExist(err) {

  291. 		h.w.WriteHeader(http.StatusNotFound)

  292. 		return

  293. 	}

  294. 

  295. 	h.w.Header().Set("Content-Type", contentType)

  296. 	h.w.Header().Set("Content-Length", fmt.Sprintf("%d", fi.Size()))

  297. 	h.w.Header().Set("Last-Modified", fi.ModTime().Format(http.TimeFormat))

  298. 	http.ServeFile(h.w, h.r, reqFile)

  299. }

  300. 

  301. type route struct {

  302. 	reg     *regexp.Regexp

  303. 	method  string

  304. 	handler func(serviceHandler)

  305. }

  306. 

  307. var routes = []route{

  308. 	{regexp.MustCompile("(.*?)/git-upload-pack$"), "POST", serviceUploadPack},

  309. 	{regexp.MustCompile("(.*?)/git-receive-pack$"), "POST", serviceReceivePack},

  310. 	{regexp.MustCompile("(.*?)/info/refs$"), "GET", getInfoRefs},

  311. 	{regexp.MustCompile("(.*?)/HEAD$"), "GET", getTextFile},

  312. 	{regexp.MustCompile("(.*?)/objects/info/alternates$"), "GET", getTextFile},

  313. 	{regexp.MustCompile("(.*?)/objects/info/http-alternates$"), "GET", getTextFile},

  314. 	{regexp.MustCompile("(.*?)/objects/info/packs$"), "GET", getInfoPacks},

  315. 	{regexp.MustCompile("(.*?)/objects/info/[^/]*$"), "GET", getTextFile},

  316. 	{regexp.MustCompile("(.*?)/objects/[0-9a-f]{2}/[0-9a-f]{38}$"), "GET", getLooseObject},

  317. 	{regexp.MustCompile("(.*?)/objects/pack/pack-[0-9a-f]{40}\\.pack$"), "GET", getPackFile},

  318. 	{regexp.MustCompile("(.*?)/objects/pack/pack-[0-9a-f]{40}\\.idx$"), "GET", getIdxFile},

  319. }

  320. 

  321. // FIXME: use process module

  322. func gitCommand(dir string, args ...string) []byte {

  323. 	cmd := exec.Command("git", args...)

  324. 	cmd.Dir = dir

  325. 	out, err := cmd.Output()

  326. 	if err != nil {

  327. 		log.GitLogger.Error(4, fmt.Sprintf("%v - %s", err, out))

  328. 	}

  329. 	return out

  330. }

  331. 

  332. func getGitConfig(option, dir string) string {

  333. 	out := string(gitCommand(dir, "config", option))

  334. 	return out[0 : len(out)-1]

  335. }

  336. 

  337. func getConfigSetting(service, dir string) bool {

  338. 	service = strings.Replace(service, "-", "", -1)

  339. 	setting := getGitConfig("http."+service, dir)

  340. 

  341. 	if service == "uploadpack" {

  342. 		return setting != "false"

  343. 	}

  344. 

  345. 	return setting == "true"

  346. }

  347. 

  348. func hasAccess(service string, h serviceHandler, checkContentType bool) bool {

  349. 	if checkContentType {

  350. 		if h.r.Header.Get("Content-Type") != fmt.Sprintf("application/x-git-%s-request", service) {

  351. 			return false

  352. 		}

  353. 	}

  354. 

  355. 	if !(service == "upload-pack" || service == "receive-pack") {

  356. 		return false

  357. 	}

  358. 	if service == "receive-pack" {

  359. 		return h.cfg.ReceivePack

  360. 	}

  361. 	if service == "upload-pack" {

  362. 		return h.cfg.UploadPack

  363. 	}

  364. 

  365. 	return getConfigSetting(service, h.dir)

  366. }

  367. 

  368. func serviceRPC(h serviceHandler, service string) {

  369. 	defer h.r.Body.Close()

  370. 

  371. 	if !hasAccess(service, h, true) {

  372. 		h.w.WriteHeader(http.StatusUnauthorized)

  373. 		return

  374. 	}

  375. 

  376. 	h.w.Header().Set("Content-Type", fmt.Sprintf("application/x-git-%s-result", service))

  377. 

  378. 	var err error

  379. 	var reqBody = h.r.Body

  380. 

  381. 	// Handle GZIP.

  382. 	if h.r.Header.Get("Content-Encoding") == "gzip" {

  383. 		reqBody, err = gzip.NewReader(reqBody)

  384. 		if err != nil {

  385. 			log.GitLogger.Error(2, "fail to create gzip reader: %v", err)

  386. 			h.w.WriteHeader(http.StatusInternalServerError)

  387. 			return

  388. 		}

  389. 	}

  390. 

  391. 	// set this for allow pre-receive and post-receive execute

  392. 	h.environ = append(h.environ, "SSH_ORIGINAL_COMMAND="+service)

  393. 

  394. 	var stderr bytes.Buffer

  395. 	cmd := exec.Command("git", service, "--stateless-rpc", h.dir)

  396. 	cmd.Dir = h.dir

  397. 	if service == "receive-pack" {

  398. 		cmd.Env = append(os.Environ(), h.environ...)

  399. 	}

  400. 	cmd.Stdout = h.w

  401. 	cmd.Stdin = reqBody

  402. 	cmd.Stderr = &stderr

  403. 	if err := cmd.Run(); err != nil {

  404. 		log.GitLogger.Error(2, "fail to serve RPC(%s): %v - %v", service, err, stderr)

  405. 		return

  406. 	}

  407. }

  408. 

  409. func serviceUploadPack(h serviceHandler) {

  410. 	serviceRPC(h, "upload-pack")

  411. }

  412. 

  413. func serviceReceivePack(h serviceHandler) {

  414. 	serviceRPC(h, "receive-pack")

  415. }

  416. 

  417. func getServiceType(r *http.Request) string {

  418. 	serviceType := r.FormValue("service")

  419. 	if !strings.HasPrefix(serviceType, "git-") {

  420. 		return ""

  421. 	}

  422. 	return strings.Replace(serviceType, "git-", "", 1)

  423. }

  424. 

  425. func updateServerInfo(dir string) []byte {

  426. 	return gitCommand(dir, "update-server-info")

  427. }

  428. 

  429. func packetWrite(str string) []byte {

  430. 	s := strconv.FormatInt(int64(len(str)+4), 16)

  431. 	if len(s)%4 != 0 {

  432. 		s = strings.Repeat("0", 4-len(s)%4) + s

  433. 	}

  434. 	return []byte(s + str)

  435. }

  436. 

  437. func getInfoRefs(h serviceHandler) {

  438. 	h.setHeaderNoCache()

  439. 	if hasAccess(getServiceType(h.r), h, false) {

  440. 		service := getServiceType(h.r)

  441. 		refs := gitCommand(h.dir, service, "--stateless-rpc", "--advertise-refs", ".")

  442. 

  443. 		h.w.Header().Set("Content-Type", fmt.Sprintf("application/x-git-%s-advertisement", service))

  444. 		h.w.WriteHeader(http.StatusOK)

  445. 		h.w.Write(packetWrite("# service=git-" + service + "\n"))

  446. 		h.w.Write([]byte("0000"))

  447. 		h.w.Write(refs)

  448. 	} else {

  449. 		updateServerInfo(h.dir)

  450. 		h.sendFile("text/plain; charset=utf-8")

  451. 	}

  452. }

  453. 

  454. func getTextFile(h serviceHandler) {

  455. 	h.setHeaderNoCache()

  456. 	h.sendFile("text/plain")

  457. }

  458. 

  459. func getInfoPacks(h serviceHandler) {

  460. 	h.setHeaderCacheForever()

  461. 	h.sendFile("text/plain; charset=utf-8")

  462. }

  463. 

  464. func getLooseObject(h serviceHandler) {

  465. 	h.setHeaderCacheForever()

  466. 	h.sendFile("application/x-git-loose-object")

  467. }

  468. 

  469. func getPackFile(h serviceHandler) {

  470. 	h.setHeaderCacheForever()

  471. 	h.sendFile("application/x-git-packed-objects")

  472. }

  473. 

  474. func getIdxFile(h serviceHandler) {

  475. 	h.setHeaderCacheForever()

  476. 	h.sendFile("application/x-git-packed-objects-toc")

  477. }

  478. 

  479. func getGitRepoPath(subdir string) (string, error) {

  480. 	if !strings.HasSuffix(subdir, ".git") {

  481. 		subdir += ".git"

  482. 	}

  483. 

  484. 	fpath := path.Join(setting.RepoRootPath, subdir)

  485. 	if _, err := os.Stat(fpath); os.IsNotExist(err) {

  486. 		return "", err

  487. 	}

  488. 

  489. 	return fpath, nil

  490. }

  491. 

  492. // HTTPBackend middleware for git smart HTTP protocol

  493. func HTTPBackend(ctx *context.Context, cfg *serviceConfig) http.HandlerFunc {

  494. 	return func(w http.ResponseWriter, r *http.Request) {

  495. 		for _, route := range routes {

  496. 			r.URL.Path = strings.ToLower(r.URL.Path) // blue: In case some repo name has upper case name

  497. 			if m := route.reg.FindStringSubmatch(r.URL.Path); m != nil {

  498. 				if setting.Repository.DisableHTTPGit {

  499. 					w.WriteHeader(http.StatusForbidden)

  500. 					w.Write([]byte("Interacting with repositories by HTTP protocol is not allowed"))

  501. 					return

  502. 				}

  503. 				if route.method != r.Method {

  504. 					if r.Proto == "HTTP/1.1" {

  505. 						w.WriteHeader(http.StatusMethodNotAllowed)

  506. 						w.Write([]byte("Method Not Allowed"))

  507. 					} else {

  508. 						w.WriteHeader(http.StatusBadRequest)

  509. 						w.Write([]byte("Bad Request"))

  510. 					}

  511. 					return

  512. 				}

  513. 

  514. 				file := strings.Replace(r.URL.Path, m[1]+"/", "", 1)

  515. 				dir, err := getGitRepoPath(m[1])

  516. 				if err != nil {

  517. 					log.GitLogger.Error(4, err.Error())

  518. 					ctx.NotFound("HTTPBackend", err)

  519. 					return

  520. 				}

  521. 

  522. 				route.handler(serviceHandler{cfg, w, r, dir, file, cfg.Env})

  523. 				return

  524. 			}

  525. 		}

  526. 

  527. 		ctx.NotFound("HTTPBackend", nil)

  528. 		return

  529. 	}

  530. }

No Description