# Simple user realm file to authenticate users for push/pull\r
realmFile = users.properties\r
\r
-# User roles for push/pull git repository access\r
-# (* is the wildcard for any role)\r
-gitRoles = *\r
-\r
-# User roles for administrative features such\r
-# as create repository, edit repository description,\r
-# and set repository owner. \r
-# (* is the wildcard for any role)\r
-adminRoles = *\r
-\r
#\r
# Server Settings\r
#\r
-debug = true\r
+debugMode = true\r
tempFolder = temp\r
log4jPattern = %-5p %d{MM-dd HH:mm:ss.SSS} %-20.20c{1} %m%n\r
+\r
# Aggressive heap management will run the garbage collector on every generated\r
# page. This slows down page generation but improves heap consumption. \r
aggressiveHeapManagement = true\r
# Git:Blit UI Settings\r
#\r
siteName =\r
+\r
+# If authenticateWebUI=true, users with "admin" role can create repositories,\r
+# create users, and edit repository metadata (owner, description, etc)\r
+#\r
+# If authenticateWebUI=false, any user can execute the aforementioned functions. \r
allowAdministration = true\r
+\r
repositoriesMessage = Welcome to Git:Blit!<br>A quick and easy way to host your own Git repositories.<br>Built with <a href="http://eclipse.org/jgit">JGit</a>, <a href="http://wicket.apache.org">Wicket</a>, <a href="http://code.google.com/p/google-code-prettify/">google-code-prettify</a>, <a href="http://eclipse.org/jetty">Jetty</a>, <a href="http://www.slf4j.org">SLF4J</a>, <a href="http://logging.apache.org/log4j">Log4j</a>, and <a href="http://jcommander.org">JCommander</a>.\r
\r
# Use the client timezone when formatting dates.\r
public final static String NAME = "Git:Blit";\r
\r
public final static String VERSION = "0.0.1";\r
+ \r
+ public final static String ADMIN_ROLE = "admin";\r
+ \r
+ public final static String PULL_ROLE = "pull";\r
+ \r
+ public final static String PUSH_ROLE = "push";\r
\r
public static String getGitBlitVersion() {\r
return NAME + " v" + VERSION;\r
--- /dev/null
+package com.gitblit;\r
+\r
+import java.io.File;\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.List;\r
+\r
+import javax.servlet.http.Cookie;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+import org.apache.wicket.Request;\r
+import org.apache.wicket.protocol.http.WebResponse;\r
+import org.apache.wicket.protocol.http.servlet.ServletWebRequest;\r
+import org.eclipse.jgit.errors.RepositoryNotFoundException;\r
+import org.eclipse.jgit.http.server.resolver.FileResolver;\r
+import org.eclipse.jgit.http.server.resolver.ServiceNotEnabledException;\r
+import org.eclipse.jgit.lib.Repository;\r
+import org.slf4j.Logger;\r
+import org.slf4j.LoggerFactory;\r
+\r
+import com.gitblit.utils.JGitUtils;\r
+import com.gitblit.wicket.User;\r
+import com.gitblit.wicket.models.RepositoryModel;\r
+\r
+public class GitBlit {\r
+\r
+ private static GitBlit gitblit;\r
+\r
+ private final Logger logger = LoggerFactory.getLogger(GitBlit.class);\r
+\r
+ private final boolean debugMode;\r
+\r
+ private final FileResolver repositoryResolver;\r
+\r
+ private final File repositories;\r
+\r
+ private final boolean exportAll;\r
+\r
+ private ILoginService loginService;\r
+\r
+ public static GitBlit self() {\r
+ if (gitblit == null) {\r
+ gitblit = new GitBlit();\r
+ }\r
+ return gitblit;\r
+ }\r
+\r
+ private GitBlit() {\r
+ repositories = new File(StoredSettings.getString("repositoriesFolder", "repos"));\r
+ exportAll = StoredSettings.getBoolean("exportAll", true);\r
+ repositoryResolver = new FileResolver(repositories, exportAll);\r
+ debugMode = StoredSettings.getBoolean("debugMode", false);\r
+ }\r
+ \r
+ public boolean isDebugMode() {\r
+ return debugMode;\r
+ }\r
+\r
+ public void setLoginService(ILoginService loginService) {\r
+ this.loginService = loginService;\r
+ }\r
+\r
+ public User authenticate(String username, char[] password) {\r
+ if (loginService == null) {\r
+ return null;\r
+ }\r
+ return loginService.authenticate(username, password);\r
+ }\r
+\r
+ public User authenticate(Cookie[] cookies) {\r
+ if (loginService == null) {\r
+ return null;\r
+ }\r
+ if (cookies != null && cookies.length > 0) {\r
+ for (Cookie cookie : cookies) {\r
+ if (cookie.getName().equals(Constants.NAME)) {\r
+ String value = cookie.getValue();\r
+ return loginService.authenticate(value.toCharArray());\r
+ }\r
+ }\r
+ }\r
+ return null;\r
+ }\r
+\r
+ public void setCookie(WebResponse response, User user) {\r
+ Cookie userCookie = new Cookie(Constants.NAME, user.getCookie());\r
+ userCookie.setMaxAge(Integer.MAX_VALUE);\r
+ userCookie.setPath("/");\r
+ response.addCookie(userCookie);\r
+ }\r
+ \r
+ public List<String> getRepositoryList() {\r
+ return JGitUtils.getRepositoryList(repositories, exportAll, StoredSettings.getBoolean("nestedRepositories", true));\r
+ }\r
+\r
+ public List<RepositoryModel> getRepositories(Request request) {\r
+ List<String> list = getRepositoryList();\r
+ ServletWebRequest servletWebRequest = (ServletWebRequest) request;\r
+ HttpServletRequest req = servletWebRequest.getHttpServletRequest();\r
+\r
+ List<RepositoryModel> repositories = new ArrayList<RepositoryModel>();\r
+ for (String repo : list) {\r
+ Repository r = getRepository(req, repo);\r
+ String description = JGitUtils.getRepositoryDescription(r);\r
+ String owner = JGitUtils.getRepositoryOwner(r);\r
+ Date lastchange = JGitUtils.getLastChange(r);\r
+ r.close();\r
+ repositories.add(new RepositoryModel(repo, description, owner, lastchange));\r
+ }\r
+ return repositories;\r
+ }\r
+\r
+ public Repository getRepository(HttpServletRequest req, String repositoryName) {\r
+ Repository r = null;\r
+ try {\r
+ r = repositoryResolver.open(req, repositoryName);\r
+ } catch (RepositoryNotFoundException e) {\r
+ r = null;\r
+ logger.error("Failed to find repository " + repositoryName);\r
+ e.printStackTrace();\r
+ } catch (ServiceNotEnabledException e) {\r
+ r = null;\r
+ e.printStackTrace();\r
+ }\r
+ return r;\r
+ }\r
+}\r
import org.eclipse.jetty.http.security.Constraint;\r
import org.eclipse.jetty.security.ConstraintMapping;\r
import org.eclipse.jetty.security.ConstraintSecurityHandler;\r
-import org.eclipse.jetty.security.HashLoginService;\r
+import org.eclipse.jetty.security.LoginService;\r
import org.eclipse.jetty.security.authentication.BasicAuthenticator;\r
import org.eclipse.jetty.server.Connector;\r
import org.eclipse.jetty.server.Handler;\r
\r
private final static Logger logger = Log.getLogger(GitBlitServer.class.getSimpleName());\r
private final static String border_star = "***********************************************************";\r
- private static boolean debugMode = false;\r
-\r
- public static boolean isDebugMode() {\r
- return debugMode;\r
- }\r
\r
public static void main(String[] args) {\r
Params params = new Params();\r
* Start Server.\r
*/\r
private static void start(Params params) {\r
+ // instantiate GitBlit\r
+ GitBlit.self();\r
+ \r
PatternLayout layout = new PatternLayout(StoredSettings.getString("log4jPattern", "%-5p %d{MM-dd HH:mm:ss.SSS} %-20.20c{1} %m%n"));\r
org.apache.log4j.Logger rootLogger = org.apache.log4j.Logger.getRootLogger();\r
rootLogger.addAppender(new ConsoleAppender(layout));\r
String osversion = System.getProperty("os.version");\r
logger.info("Running on " + osname + " (" + osversion + ")");\r
\r
- if (params.debug) {\r
+ if (StoredSettings.getBoolean("debugMode", false)) {\r
logger.warn("DEBUG Mode");\r
}\r
\r
FilterHolder wicketFilter = new FilterHolder(WicketFilter.class);\r
wicketFilter.setInitParameter(ContextParamWebApplicationFactory.APP_CLASS_PARAM, GitBlitWebApp.class.getName());\r
wicketFilter.setInitParameter(WicketFilter.FILTER_MAPPING_PARAM, wicketPathSpec);\r
+ wicketFilter.setInitParameter(WicketFilter.IGNORE_PATHS_PARAM, "git/");\r
rootContext.addFilter(wicketFilter, wicketPathSpec, FilterMapping.DEFAULT);\r
\r
- Handler handler;\r
-\r
// Git Servlet\r
ServletHolder gitServlet = null;\r
String gitServletPathSpec = "/git/*";\r
gitServlet = rootContext.addServlet(GitServlet.class, gitServletPathSpec);\r
gitServlet.setInitParameter("base-path", params.repositoriesFolder);\r
gitServlet.setInitParameter("export-all", params.exportAll ? "1" : "0");\r
- String realmUsers = params.realmFile;\r
-\r
- if (realmUsers != null && new File(realmUsers).exists() && params.authenticatePushPull) {\r
+ }\r
+ \r
+ // Login Service\r
+ LoginService loginService = null;\r
+ String realmUsers = params.realmFile;\r
+ if (realmUsers != null && new File(realmUsers).exists()) {\r
+ logger.info("Setting up login service from " + realmUsers);\r
+ JettyLoginService jettyLoginService = new JettyLoginService(realmUsers);\r
+ GitBlit.self().setLoginService(jettyLoginService);\r
+ loginService = jettyLoginService;\r
+ }\r
+ \r
+ // Determine what handler to use\r
+ Handler handler;\r
+ if (gitServlet != null) {\r
+ if (loginService != null && params.authenticatePushPull) {\r
// Authenticate Pull/Push\r
- List<String> list = StoredSettings.getStrings("gitRoles");\r
- String[] roles;\r
- if (list.size() == 0) {\r
- roles = new String[] { "*" };\r
- } else {\r
- roles = list.toArray(new String[list.size()]);\r
- }\r
+ String[] roles = new String[] { Constants.PULL_ROLE, Constants.PUSH_ROLE };\r
logger.info("Authentication required for git servlet pull/push access");\r
- logger.info("Setting up realm from " + realmUsers);\r
- HashLoginService loginService = new HashLoginService(Constants.NAME, realmUsers);\r
\r
Constraint constraint = new Constraint();\r
constraint.setName("auth");\r
@Parameter(names = { "--temp" }, description = "Server temp folder")\r
public String temp = StoredSettings.getString("tempFolder", "temp");\r
\r
- @Parameter(names = { "--debug" }, description = "Run server in DEBUG mode")\r
- public Boolean debug = StoredSettings.getBoolean("debug", false);\r
-\r
/*\r
* GIT Servlet Parameters\r
*/\r
--- /dev/null
+package com.gitblit;\r
+\r
+import com.gitblit.wicket.User;\r
+\r
+public interface ILoginService {\r
+\r
+ User authenticate(String username, char [] password);\r
+ \r
+ User authenticate(char [] cookie);\r
+}\r
--- /dev/null
+package com.gitblit;\r
+\r
+import org.eclipse.jetty.security.HashLoginService;\r
+import org.eclipse.jetty.server.UserIdentity;\r
+\r
+import com.gitblit.wicket.User;\r
+\r
+public class JettyLoginService extends HashLoginService implements ILoginService {\r
+\r
+ public JettyLoginService(String realmFile) {\r
+ super(Constants.NAME, realmFile);\r
+ }\r
+ \r
+ @Override\r
+ public User authenticate(String username, char[] password) {\r
+ UserIdentity identity = login(username, new String(password));\r
+ if (identity == null || identity.equals(UserIdentity.UNAUTHENTICATED_IDENTITY)) {\r
+ return null;\r
+ }\r
+ User user = new User(username, password);\r
+ user.canAdmin(identity.isUserInRole(Constants.ADMIN_ROLE, null));\r
+ user.canClone(identity.isUserInRole(Constants.PULL_ROLE, null));\r
+ user.canPush(identity.isUserInRole(Constants.PUSH_ROLE, null));\r
+ return user;\r
+ }\r
+\r
+ @Override\r
+ public User authenticate(char [] cookie) {\r
+ // TODO cookie login\r
+ return null;\r
+ }\r
+}\r
package com.gitblit.wicket;\r
\r
-import java.io.File;\r
-import java.util.ArrayList;\r
-import java.util.Date;\r
-import java.util.List;\r
-\r
-import javax.servlet.http.Cookie;\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
import org.apache.wicket.Application;\r
import org.apache.wicket.Page;\r
import org.apache.wicket.Request;\r
import org.apache.wicket.Response;\r
import org.apache.wicket.Session;\r
import org.apache.wicket.protocol.http.WebApplication;\r
-import org.apache.wicket.protocol.http.WebResponse;\r
import org.apache.wicket.protocol.http.request.urlcompressing.UrlCompressingWebRequestProcessor;\r
-import org.apache.wicket.protocol.http.servlet.ServletWebRequest;\r
import org.apache.wicket.request.IRequestCycleProcessor;\r
import org.apache.wicket.request.target.coding.MixedParamUrlCodingStrategy;\r
-import org.eclipse.jgit.errors.RepositoryNotFoundException;\r
-import org.eclipse.jgit.http.server.resolver.FileResolver;\r
-import org.eclipse.jgit.http.server.resolver.ServiceNotEnabledException;\r
-import org.eclipse.jgit.lib.Repository;\r
-import org.slf4j.Logger;\r
-import org.slf4j.LoggerFactory;\r
\r
-import com.gitblit.Constants;\r
-import com.gitblit.GitBlitServer;\r
+import com.gitblit.GitBlit;\r
import com.gitblit.StoredSettings;\r
-import com.gitblit.utils.JGitUtils;\r
-import com.gitblit.wicket.models.RepositoryModel;\r
import com.gitblit.wicket.pages.BlobDiffPage;\r
import com.gitblit.wicket.pages.BlobPage;\r
import com.gitblit.wicket.pages.BranchesPage;\r
\r
public class GitBlitWebApp extends WebApplication {\r
\r
- Logger logger = LoggerFactory.getLogger(GitBlitWebApp.class);\r
-\r
- FileResolver repositoryResolver;\r
-\r
- private File repositories;\r
-\r
- private boolean exportAll;\r
-\r
@Override\r
public void init() {\r
super.init();\r
mount(new MixedParamUrlCodingStrategy("/ticgittkt", TicGitTicketPage.class, new String[] { "r", "h", "f" }));\r
\r
mount(new MixedParamUrlCodingStrategy("/login", LoginPage.class, new String[] {}));\r
-\r
- repositories = new File(StoredSettings.getString("repositoriesFolder", "repos"));\r
- exportAll = StoredSettings.getBoolean("exportAll", true);\r
- repositoryResolver = new FileResolver(repositories, exportAll);\r
}\r
\r
@Override\r
\r
@Override\r
public final String getConfigurationType() {\r
- if (GitBlitServer.isDebugMode())\r
+ if (GitBlit.self().isDebugMode())\r
return Application.DEVELOPMENT;\r
return Application.DEPLOYMENT;\r
}\r
\r
- public User authenticate(String username, char [] password) {\r
- return new User(username, password);\r
- }\r
-\r
- public User authenticate(Cookie[] cookies) {\r
- if (cookies != null && cookies.length > 0) {\r
- for (Cookie cookie:cookies) {\r
- if (cookie.getName().equals(Constants.NAME)) {\r
- String value = cookie.getValue();\r
- }\r
- }\r
- }\r
- return null;\r
- }\r
- \r
- public void setCookie(WebResponse response, User user) {\r
- Cookie userCookie = new Cookie(Constants.NAME, user.getCookie());\r
- userCookie.setMaxAge(Integer.MAX_VALUE);\r
- userCookie.setPath("/");\r
- response.addCookie(userCookie);\r
- }\r
-\r
- public List<String> getRepositoryList() {\r
- return JGitUtils.getRepositoryList(repositories, exportAll, StoredSettings.getBoolean("nestedRepositories", true));\r
- }\r
-\r
- public List<RepositoryModel> getRepositories(Request request) {\r
- List<String> list = getRepositoryList();\r
- ServletWebRequest servletWebRequest = (ServletWebRequest) request;\r
- HttpServletRequest req = servletWebRequest.getHttpServletRequest();\r
-\r
- List<RepositoryModel> repositories = new ArrayList<RepositoryModel>();\r
- for (String repo : list) {\r
- Repository r = getRepository(req, repo);\r
- String description = JGitUtils.getRepositoryDescription(r);\r
- String owner = JGitUtils.getRepositoryOwner(r);\r
- Date lastchange = JGitUtils.getLastChange(r);\r
- r.close();\r
- repositories.add(new RepositoryModel(repo, description, owner, lastchange));\r
- }\r
- return repositories;\r
- }\r
-\r
- public Repository getRepository(HttpServletRequest req, String repositoryName) {\r
- Repository r = null;\r
- try {\r
- r = repositoryResolver.open(req, repositoryName);\r
- } catch (RepositoryNotFoundException e) {\r
- r = null;\r
- logger.error("Failed to find repository " + repositoryName);\r
- e.printStackTrace();\r
- } catch (ServiceNotEnabledException e) {\r
- r = null;\r
- e.printStackTrace();\r
- }\r
- return r;\r
- }\r
-\r
public String getCloneUrl(String repositoryName) {\r
return StoredSettings.getString("cloneUrl", "https://localhost/git/") + repositoryName;\r
}\r
return user != null;\r
}\r
\r
+ public boolean canAdmin() {\r
+ if (user == null) {\r
+ return false; \r
+ }\r
+ return user.canAdmin();\r
+ }\r
+ \r
public User getUser() {\r
return user;\r
}\r
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;\r
\r
import com.gitblit.Constants;\r
+import com.gitblit.GitBlit;\r
\r
public class LoginPage extends WebPage {\r
\r
String username = LoginPage.this.username.getObject();\r
char [] password = LoginPage.this.password.getObject().toCharArray();\r
\r
- User user = GitBlitWebApp.get().authenticate(username, password);\r
+ User user = GitBlit.self().authenticate(username, password);\r
if (user == null)\r
error("Invalid username or password!");\r
else\r
// Grab cookie from Browser Session\r
Cookie[] cookies = ((WebRequest) getRequestCycle().getRequest()).getCookies();\r
if (cookies != null && cookies.length > 0) {\r
- user = GitBlitWebApp.get().authenticate(cookies);\r
+ user = GitBlit.self().authenticate(cookies);\r
}\r
\r
// Login the user\r
\r
// Set Cookie\r
WebResponse response = (WebResponse) getRequestCycle().getResponse();\r
- GitBlitWebApp.get().setCookie(response, user);\r
+ GitBlit.self().setCookie(response, user);\r
\r
// track user object so that we do not have to continue\r
// re-authenticating on each request.\r
import org.eclipse.jgit.lib.Repository;\r
import org.eclipse.jgit.revwalk.RevCommit;\r
\r
+import com.gitblit.GitBlit;\r
import com.gitblit.StoredSettings;\r
import com.gitblit.utils.JGitUtils;\r
import com.gitblit.wicket.pages.RepositoriesPage;\r
HttpServletRequest req = servletWebRequest.getHttpServletRequest();\r
req.getServerName();\r
\r
- Repository r = GitBlitWebApp.get().getRepository(req, repositoryName);\r
+ Repository r = GitBlit.self().getRepository(req, repositoryName);\r
if (r == null) {\r
error("Can not load repository " + repositoryName);\r
redirectToInterceptPage(new RepositoriesPage());\r
\r
private String username;\r
private char [] password;\r
+ private boolean canAdmin = false;\r
+ private boolean canClone = false;\r
+ private boolean canPush = false;\r
\r
public User(String username, char [] password) {\r
this.username = username;\r
this.password = password;\r
}\r
\r
+ public void canAdmin(boolean value) {\r
+ canAdmin = value;\r
+ }\r
+ \r
+ public boolean canAdmin() {\r
+ return canAdmin;\r
+ }\r
+\r
+ public void canClone(boolean value) {\r
+ canClone = value;\r
+ }\r
+ \r
+ public boolean canClone() {\r
+ return canClone;\r
+ }\r
+ \r
+ public void canPush(boolean value) {\r
+ canPush = value;\r
+ }\r
+ \r
+ public boolean canPush() {\r
+ return canPush;\r
+ }\r
+\r
public String getCookie() {\r
return Build.getSHA1((Constants.NAME + username + new String(password)).getBytes());\r
}\r
import org.eclipse.jgit.lib.Repository;\r
import org.eclipse.jgit.revwalk.RevCommit;\r
\r
+import com.gitblit.GitBlit;\r
import com.gitblit.utils.JGitUtils;\r
-import com.gitblit.wicket.GitBlitWebApp;\r
import com.gitblit.wicket.WicketUtils;\r
\r
\r
HttpServletRequest req = servletWebRequest.getHttpServletRequest();\r
req.getServerName();\r
\r
- Repository r = GitBlitWebApp.get().getRepository(req, repositoryName);\r
+ Repository r = GitBlit.self().getRepository(req, repositoryName);\r
if (r == null) {\r
error("Can not load repository " + repositoryName);\r
redirectToInterceptPage(new RepositoriesPage());\r
import org.eclipse.jgit.lib.Repository;\r
import org.eclipse.jgit.revwalk.RevCommit;\r
\r
+import com.gitblit.GitBlit;\r
import com.gitblit.StoredSettings;\r
import com.gitblit.utils.JGitUtils;\r
-import com.gitblit.wicket.GitBlitWebApp;\r
import com.gitblit.wicket.WicketUtils;\r
\r
\r
HttpServletRequest req = servletWebRequest.getHttpServletRequest();\r
req.getServerName();\r
\r
- Repository r = GitBlitWebApp.get().getRepository(req, repositoryName);\r
+ Repository r = GitBlit.self().getRepository(req, repositoryName);\r
if (r == null) {\r
error("Can not load repository " + repositoryName);\r
redirectToInterceptPage(new RepositoriesPage());\r
import org.apache.wicket.model.IModel;\r
import org.apache.wicket.model.Model;\r
\r
+import com.gitblit.GitBlit;\r
import com.gitblit.StoredSettings;\r
import com.gitblit.utils.Utils;\r
import com.gitblit.wicket.BasePage;\r
-import com.gitblit.wicket.GitBlitWebApp;\r
+import com.gitblit.wicket.GitBlitWebSession;\r
import com.gitblit.wicket.LinkPanel;\r
import com.gitblit.wicket.WicketUtils;\r
import com.gitblit.wicket.models.RepositoryModel;\r
super();\r
setupPage("", "");\r
\r
+ boolean showAdmin = false;\r
+ if (StoredSettings.getBoolean("authenticateWebUI", true)) {\r
+ boolean allowAdmin = StoredSettings.getBoolean("allowAdministration", false);\r
+ showAdmin = allowAdmin && GitBlitWebSession.get().canAdmin(); \r
+ } else {\r
+ showAdmin = StoredSettings.getBoolean("allowAdministration", false);\r
+ }\r
+ \r
Fragment adminLinks = new Fragment("adminPanel", "adminLinks", this);\r
adminLinks.add(new BookmarkablePageLink<Void>("newRepository", RepositoriesPage.class));\r
- adminLinks.add(new BookmarkablePageLink<Void>("newUser", RepositoriesPage.class));\r
- add(adminLinks.setVisible(StoredSettings.getBoolean("allowAdministration", false)));\r
+ adminLinks.add(new BookmarkablePageLink<Void>("newUser", RepositoriesPage.class)); \r
+ add(adminLinks.setVisible(showAdmin));\r
\r
add(new Label("repositoriesMessage", StoredSettings.getString("repositoriesMessage", "")).setEscapeModelStrings(false));\r
\r
- List<RepositoryModel> rows = GitBlitWebApp.get().getRepositories(getRequest());\r
+ List<RepositoryModel> rows = GitBlit.self().getRepositories(getRequest());\r
DataProvider dp = new DataProvider(rows);\r
DataView<RepositoryModel> dataView = new DataView<RepositoryModel>("repository", dp) {\r
private static final long serialVersionUID = 1L;\r
-test: test\r
+test: test,pull\r
+admin: admin,pull,push,admin\r
projects / gitblit.git / commitdiff