UploadPack: Add a PreUploadHook to monitor and control behavior

Embedding applications can use this hook to watch actions within UploadPack and possibly reject them. This could be useful to prevent clones of a large repository from this server, or to stop abusive negotiation rounds that offer thousands of objects in a single batch. Change-Id: Id96f1885ac4d61f22c80b6418fff54184b7348ba Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
author: Shawn O. Pearce <spearce@spearce.org> 2011-03-16 13:46:53 -0700
committer: Shawn O. Pearce <spearce@spearce.org> 2011-04-01 17:40:33 -0400
commit: 64b524e3ca3d1f66edaa49eda2d8863ddca779b5 (patch)
tree: 0990a54d8582e37a844c0a9fce020ac4db476e56 /org.eclipse.jgit.http.server/src
parent: af3562f7f70a9017f6f90d266f2b2a6fc3b361ad (diff)
download: jgit-64b524e3ca3d1f66edaa49eda2d8863ddca779b5.tar.gz
jgit-64b524e3ca3d1f66edaa49eda2d8863ddca779b5.zip
2 files changed, 16 insertions, 1 deletions
diff --git a/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/SmartServiceInfoRefs.java b/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/SmartServiceInfoRefs.java
index 7152c88ed5..935867cef3 100644
--- a/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/SmartServiceInfoRefs.java
+++ b/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/SmartServiceInfoRefs.java
@@ -44,6 +44,7 @@
 package org.eclipse.jgit.http.server;
 
 import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
+import static javax.servlet.http.HttpServletResponse.SC_SERVICE_UNAVAILABLE;
 import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
 import static org.eclipse.jgit.http.server.ServletUtils.ATTRIBUTE_HANDLER;
 import static org.eclipse.jgit.http.server.ServletUtils.getRepository;
@@ -63,6 +64,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.transport.PacketLineOut;
 import org.eclipse.jgit.transport.RefAdvertiser.PacketLineOutRefAdvertiser;
+import org.eclipse.jgit.transport.UploadPackMayNotContinueException;
 import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
 import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
 
@@ -119,10 +121,10 @@ abstract class SmartServiceInfoRefs implements Filter {
 			throws IOException {
 		final HttpServletRequest req = (HttpServletRequest) request;
 		final HttpServletResponse rsp = (HttpServletResponse) response;
+		final SmartOutputStream buf = new SmartOutputStream(req, rsp);
 		try {
 			rsp.setContentType("application/x-" + svc + "-advertisement");
 
-			final SmartOutputStream buf = new SmartOutputStream(req, rsp);
 			final PacketLineOut out = new PacketLineOut(buf);
 			out.writeString("# service=" + svc + "\n");
 			out.end();
@@ -133,6 +135,12 @@ abstract class SmartServiceInfoRefs implements Filter {
 
 		} catch (ServiceNotEnabledException e) {
 			rsp.sendError(SC_FORBIDDEN);
+
+		} catch (UploadPackMayNotContinueException e) {
+			if (e.isOutput())
+				buf.close();
+			else
+				rsp.sendError(SC_SERVICE_UNAVAILABLE);
 		}
 	}
 
diff --git a/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/UploadPackServlet.java b/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/UploadPackServlet.java
index 192adc56b4..e60c5068cf 100644
--- a/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/UploadPackServlet.java
+++ b/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/UploadPackServlet.java
@@ -45,6 +45,7 @@ package org.eclipse.jgit.http.server;
 
 import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
 import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
+import static javax.servlet.http.HttpServletResponse.SC_SERVICE_UNAVAILABLE;
 import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
 import static javax.servlet.http.HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE;
 import static org.eclipse.jgit.http.server.ServletUtils.ATTRIBUTE_HANDLER;
@@ -67,6 +68,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.transport.RefAdvertiser.PacketLineOutRefAdvertiser;
 import org.eclipse.jgit.transport.UploadPack;
+import org.eclipse.jgit.transport.UploadPackMayNotContinueException;
 import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
 import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
 import org.eclipse.jgit.transport.resolver.UploadPackFactory;
@@ -171,6 +173,11 @@ class UploadPackServlet extends HttpServlet {
 			up.upload(getInputStream(req), out, null);
 			out.close();
 
+		} catch (UploadPackMayNotContinueException e) {
+			if (!e.isOutput())
+				rsp.sendError(SC_SERVICE_UNAVAILABLE);
+			return;
+
 		} catch (IOException e) {
 			getServletContext().log(HttpServerText.get().internalErrorDuringUploadPack, e);
 			rsp.reset();
author	Shawn O. Pearce <spearce@spearce.org>	2011-03-16 13:46:53 -0700
committer	Shawn O. Pearce <spearce@spearce.org>	2011-04-01 17:40:33 -0400
commit	64b524e3ca3d1f66edaa49eda2d8863ddca779b5 (patch)
tree	0990a54d8582e37a844c0a9fce020ac4db476e56 /org.eclipse.jgit.http.server/src
parent	af3562f7f70a9017f6f90d266f2b2a6fc3b361ad (diff)
download	jgit-64b524e3ca3d1f66edaa49eda2d8863ddca779b5.tar.gz jgit-64b524e3ca3d1f66edaa49eda2d8863ddca779b5.zip