mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
							/*
 * Copyright 2011 gitblit.com.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.gitblit.git;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.transport.RefFilter;
import org.eclipse.jgit.transport.UploadPack;
import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
import org.eclipse.jgit.transport.resolver.UploadPackFactory;

import com.gitblit.Constants;
import com.gitblit.GitBlit;
import com.gitblit.models.UserModel;

/**
 * The upload pack factory creates an upload pack which controls what refs are
 * advertised to cloning/pulling clients.
 * 
 * @author James Moger
 * 
 * @param <X> the connection type
 */
public class GitblitUploadPackFactory<X> implements UploadPackFactory<X> {

	@Override
	public UploadPack create(X req, Repository db)
			throws ServiceNotEnabledException, ServiceNotAuthorizedException {

		UserModel user = UserModel.ANONYMOUS;
		int timeout = 0;

		if (req instanceof HttpServletRequest) {
			// http/https request may or may not be authenticated 
			user = GitBlit.self().authenticate((HttpServletRequest) req);
			if (user == null) {
				user = UserModel.ANONYMOUS;
			}
		} else if (req instanceof GitDaemonClient) {
			// git daemon request is always anonymous
			GitDaemonClient client = (GitDaemonClient) req;
			// set timeout from Git daemon
			timeout = client.getDaemon().getTimeout();
		}

		RefFilter refFilter = new UserRefFilter(user);
		UploadPack up = new UploadPack(db);
		up.setRefFilter(refFilter);
		up.setTimeout(timeout);
		
		return up;
	}

	/**
	 * Restricts advertisement of certain refs based on the permission of the
	 * requesting user.
	 */
	public static class UserRefFilter implements RefFilter {
		
		final UserModel user;
		
		public UserRefFilter(UserModel user) {
			this.user = user;
		}
		
		@Override
		public Map<String, Ref> filter(Map<String, Ref> refs) {
			if (user.canAdmin()) {
				// admins can see all refs
				return refs;
			}

			// normal users can not clone any gitblit refs
			// JGit's RefMap is custom and does not support iterator removal :(
			List<String> toRemove = new ArrayList<String>();
			for (String ref : refs.keySet()) {
				if (ref.startsWith(Constants.R_GITBLIT)) {
					toRemove.add(ref);
				}
			}
			for (String ref : toRemove) {
				refs.remove(ref);
			}
			return refs;
		}
	}
}