mirrors
/
gitblit
espejo de https://github.com/gitblit/gitblit.git
Seguir 1
Destacar 0
Fork 0
Código Incidencias 0 Lanzamientos 43 Wiki Actividad
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1552 Commits
11 Ramas
Árbol: c5069a16da
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'c5069a16da'
${ noResults }
gitblit/src/main/java/com/gitblit/servlet/GitFilter.java

GitFilter.java 8.4KB
Original Blame Histórico

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266 
  1. /*

  2.  * Copyright 2011 gitblit.com.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package com.gitblit.servlet;

  17. 

  18. import java.text.MessageFormat;

  19. 

  20. import javax.inject.Inject;

  21. 

  22. import com.gitblit.Constants.AccessRestrictionType;

  23. import com.gitblit.Constants.AuthorizationControl;

  24. import com.gitblit.GitBlitException;

  25. import com.gitblit.IStoredSettings;

  26. import com.gitblit.Keys;

  27. import com.gitblit.manager.IAuthenticationManager;

  28. import com.gitblit.manager.IRepositoryManager;

  29. import com.gitblit.manager.IRuntimeManager;

  30. import com.gitblit.models.RepositoryModel;

  31. import com.gitblit.models.UserModel;

  32. import com.gitblit.utils.StringUtils;

  33. 

  34. /**

  35.  * The GitFilter is an AccessRestrictionFilter which ensures that Git client

  36.  * requests for push, clone, or view restricted repositories are authenticated

  37.  * and authorized.

  38.  *

  39.  * @author James Moger

  40.  *

  41.  */

  42. public class GitFilter extends AccessRestrictionFilter {

  43. 

  44. 	protected static final String gitReceivePack = "/git-receive-pack";

  45. 

  46. 	protected static final String gitUploadPack = "/git-upload-pack";

  47. 

  48. 	protected static final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",

  49. 			"/objects" };

  50. 

  51. 	private final IStoredSettings settings;

  52. 

  53. 	@Inject

  54. 	public GitFilter(

  55. 			IRuntimeManager runtimeManager,

  56. 			IAuthenticationManager authenticationManager,

  57. 			IRepositoryManager repositoryManager) {

  58. 

  59. 		super(runtimeManager, authenticationManager, repositoryManager);

  60. 		this.settings = runtimeManager.getSettings();

  61. 	}

  62. 

  63. 	/**

  64. 	 * Extract the repository name from the url.

  65. 	 *

  66. 	 * @param cloneUrl

  67. 	 * @return repository name

  68. 	 */

  69. 	public static String getRepositoryName(String value) {

  70. 		String repository = value;

  71. 		// get the repository name from the url by finding a known url suffix

  72. 		for (String urlSuffix : suffixes) {

  73. 			if (repository.indexOf(urlSuffix) > -1) {

  74. 				repository = repository.substring(0, repository.indexOf(urlSuffix));

  75. 			}

  76. 		}

  77. 		return repository;

  78. 	}

  79. 

  80. 	/**

  81. 	 * Extract the repository name from the url.

  82. 	 *

  83. 	 * @param url

  84. 	 * @return repository name

  85. 	 */

  86. 	@Override

  87. 	protected String extractRepositoryName(String url) {

  88. 		return GitFilter.getRepositoryName(url);

  89. 	}

  90. 

  91. 	/**

  92. 	 * Analyze the url and returns the action of the request. Return values are

  93. 	 * either "/git-receive-pack" or "/git-upload-pack".

  94. 	 *

  95. 	 * @param serverUrl

  96. 	 * @return action of the request

  97. 	 */

  98. 	@Override

  99. 	protected String getUrlRequestAction(String suffix) {

  100. 		if (!StringUtils.isEmpty(suffix)) {

  101. 			if (suffix.startsWith(gitReceivePack)) {

  102. 				return gitReceivePack;

  103. 			} else if (suffix.startsWith(gitUploadPack)) {

  104. 				return gitUploadPack;

  105. 			} else if (suffix.contains("?service=git-receive-pack")) {

  106. 				return gitReceivePack;

  107. 			} else if (suffix.contains("?service=git-upload-pack")) {

  108. 				return gitUploadPack;

  109. 			} else {

  110. 				return gitUploadPack;

  111. 			}

  112. 		}

  113. 		return null;

  114. 	}

  115. 

  116. 	/**

  117. 	 * Determine if a non-existing repository can be created using this filter.

  118. 	 *

  119. 	 * @return true if the server allows repository creation on-push

  120. 	 */

  121. 	@Override

  122. 	protected boolean isCreationAllowed() {

  123. 		return settings.getBoolean(Keys.git.allowCreateOnPush, true);

  124. 	}

  125. 

  126. 	/**

  127. 	 * Determine if the repository can receive pushes.

  128. 	 *

  129. 	 * @param repository

  130. 	 * @param action

  131. 	 * @return true if the action may be performed

  132. 	 */

  133. 	@Override

  134. 	protected boolean isActionAllowed(RepositoryModel repository, String action) {

  135. 		// the log here has been moved into ReceiveHook to provide clients with

  136. 		// error messages

  137. 		return true;

  138. 	}

  139. 

  140. 	@Override

  141. 	protected boolean requiresClientCertificate() {

  142. 		return settings.getBoolean(Keys.git.requiresClientCertificate, false);

  143. 	}

  144. 

  145. 	/**

  146. 	 * Determine if the repository requires authentication.

  147. 	 *

  148. 	 * @param repository

  149. 	 * @param action

  150. 	 * @return true if authentication required

  151. 	 */

  152. 	@Override

  153. 	protected boolean requiresAuthentication(RepositoryModel repository, String action) {

  154. 		if (gitUploadPack.equals(action)) {

  155. 			// send to client

  156. 			return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE);

  157. 		} else if (gitReceivePack.equals(action)) {

  158. 			// receive from client

  159. 			return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);

  160. 		}

  161. 		return false;

  162. 	}

  163. 

  164. 	/**

  165. 	 * Determine if the user can access the repository and perform the specified

  166. 	 * action.

  167. 	 *

  168. 	 * @param repository

  169. 	 * @param user

  170. 	 * @param action

  171. 	 * @return true if user may execute the action on the repository

  172. 	 */

  173. 	@Override

  174. 	protected boolean canAccess(RepositoryModel repository, UserModel user, String action) {

  175. 		if (!settings.getBoolean(Keys.git.enableGitServlet, true)) {

  176. 			// Git Servlet disabled

  177. 			return false;

  178. 		}

  179. 		if (action.equals(gitReceivePack)) {

  180. 			// Push request

  181. 			if (user.canPush(repository)) {

  182. 				return true;

  183. 			} else {

  184. 				// user is unauthorized to push to this repository

  185. 				logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",

  186. 						user.username, repository));

  187. 				return false;

  188. 			}

  189. 		} else if (action.equals(gitUploadPack)) {

  190. 			// Clone request

  191. 			if (user.canClone(repository)) {

  192. 				return true;

  193. 			} else {

  194. 				// user is unauthorized to clone this repository

  195. 				logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",

  196. 						user.username, repository));

  197. 				return false;

  198. 			}

  199. 		}

  200. 		return true;

  201. 	}

  202. 

  203. 	/**

  204. 	 * An authenticated user with the CREATE role can create a repository on

  205. 	 * push.

  206. 	 *

  207. 	 * @param user

  208. 	 * @param repository

  209. 	 * @param action

  210. 	 * @return the repository model, if it is created, null otherwise

  211. 	 */

  212. 	@Override

  213. 	protected RepositoryModel createRepository(UserModel user, String repository, String action) {

  214. 		boolean isPush = !StringUtils.isEmpty(action) && gitReceivePack.equals(action);

  215. 		if (isPush) {

  216. 			if (user.canCreate(repository)) {

  217. 				// user is pushing to a new repository

  218. 				// validate name

  219. 				if (repository.startsWith("../")) {

  220. 					logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));

  221. 					return null;

  222. 				}

  223. 				if (repository.contains("/../")) {

  224. 					logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));

  225. 					return null;

  226. 				}

  227. 

  228. 				// confirm valid characters in repository name

  229. 				Character c = StringUtils.findInvalidCharacter(repository);

  230. 				if (c != null) {

  231. 					logger.error(MessageFormat.format("Invalid character '{0}' in repository name {1}!", c, repository));

  232. 					return null;

  233. 				}

  234. 

  235. 				// create repository

  236. 				RepositoryModel model = new RepositoryModel();

  237. 				model.name = repository;

  238. 				model.addOwner(user.username);

  239. 				model.projectPath = StringUtils.getFirstPathElement(repository);

  240. 				if (model.isUsersPersonalRepository(user.username)) {

  241. 					// personal repository, default to private for user

  242. 					model.authorizationControl = AuthorizationControl.NAMED;

  243. 					model.accessRestriction = AccessRestrictionType.VIEW;

  244. 				} else {

  245. 					// common repository, user default server settings

  246. 					model.authorizationControl = AuthorizationControl.fromName(settings.getString(Keys.git.defaultAuthorizationControl, ""));

  247. 					model.accessRestriction = AccessRestrictionType.fromName(settings.getString(Keys.git.defaultAccessRestriction, "PUSH"));

  248. 				}

  249. 

  250. 				// create the repository

  251. 				try {

  252. 					repositoryManager.updateRepositoryModel(model.name, model, true);

  253. 					logger.info(MessageFormat.format("{0} created {1} ON-PUSH", user.username, model.name));

  254. 					return repositoryManager.getRepositoryModel(model.name);

  255. 				} catch (GitBlitException e) {

  256. 					logger.error(MessageFormat.format("{0} failed to create repository {1} ON-PUSH!", user.username, model.name), e);

  257. 				}

  258. 			} else {

  259. 				logger.warn(MessageFormat.format("{0} is not permitted to create repository {1} ON-PUSH!", user.username, repository));

  260. 			}

  261. 		}

  262. 

  263. 		// repository could not be created or action was not a push

  264. 		return null;

  265. 	}

  266. }