mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
650 Commits
17 Branches
Tree: 79a610592e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '79a610592e'
${ noResults }
gitea/serve.go

serve.go 4.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package main

  6. 

  7. import (

  8. 	//"container/list"

  9. 	"fmt"

  10. 	"os"

  11. 	"os/exec"

  12. 	"path"

  13. 	"strconv"

  14. 	"strings"

  15. 

  16. 	"github.com/codegangsta/cli"

  17. 	"github.com/gogits/gogs/modules/log"

  18. 

  19. 	//"github.com/gogits/git"

  20. 	"github.com/gogits/gogs/models"

  21. 	"github.com/gogits/gogs/modules/base"

  22. )

  23. 

  24. var (

  25. 	COMMANDS_READONLY = map[string]int{

  26. 		"git-upload-pack":    models.AU_WRITABLE,

  27. 		"git upload-pack":    models.AU_WRITABLE,

  28. 		"git-upload-archive": models.AU_WRITABLE,

  29. 	}

  30. 

  31. 	COMMANDS_WRITE = map[string]int{

  32. 		"git-receive-pack": models.AU_READABLE,

  33. 		"git receive-pack": models.AU_READABLE,

  34. 	}

  35. )

  36. 

  37. var CmdServ = cli.Command{

  38. 	Name:  "serv",

  39. 	Usage: "This command just should be called by ssh shell",

  40. 	Description: `

  41. gogs serv provide access auth for repositories`,

  42. 	Action: runServ,

  43. 	Flags:  []cli.Flag{},

  44. }

  45. 

  46. func newLogger(execDir string) {

  47. 	level := "0"

  48. 	logPath := execDir + "/log/serv.log"

  49. 	os.MkdirAll(path.Dir(logPath), os.ModePerm)

  50. 	log.NewLogger(0, "file", fmt.Sprintf(`{"level":%s,"filename":"%s"}`, level, logPath))

  51. 	log.Trace("start logging...")

  52. }

  53. 

  54. func parseCmd(cmd string) (string, string) {

  55. 	ss := strings.SplitN(cmd, " ", 2)

  56. 	if len(ss) != 2 {

  57. 		return "", ""

  58. 	}

  59. 

  60. 	verb, args := ss[0], ss[1]

  61. 	if verb == "git" {

  62. 		ss = strings.SplitN(args, " ", 2)

  63. 		args = ss[1]

  64. 		verb = fmt.Sprintf("%s %s", verb, ss[0])

  65. 	}

  66. 	return verb, args

  67. }

  68. 

  69. func In(b string, sl map[string]int) bool {

  70. 	_, e := sl[b]

  71. 	return e

  72. }

  73. 

  74. func runServ(k *cli.Context) {

  75. 	execDir, _ := base.ExecDir()

  76. 	newLogger(execDir)

  77. 

  78. 	base.NewConfigContext()

  79. 	models.LoadModelsConfig()

  80. 

  81. 	if models.UseSQLite3 {

  82. 		os.Chdir(execDir)

  83. 	}

  84. 

  85. 	models.SetEngine()

  86. 

  87. 	keys := strings.Split(os.Args[2], "-")

  88. 	if len(keys) != 2 {

  89. 		println("auth file format error")

  90. 		log.Error("auth file format error")

  91. 		return

  92. 	}

  93. 

  94. 	keyId, err := strconv.ParseInt(keys[1], 10, 64)

  95. 	if err != nil {

  96. 		println("auth file format error")

  97. 		log.Error("auth file format error", err)

  98. 		return

  99. 	}

  100. 	user, err := models.GetUserByKeyId(keyId)

  101. 	if err != nil {

  102. 		println("You have no right to access")

  103. 		log.Error("SSH visit error: %v", err)

  104. 		return

  105. 	}

  106. 

  107. 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")

  108. 	if cmd == "" {

  109. 		println("Hi", user.Name, "! You've successfully authenticated, but Gogs does not provide shell access.")

  110. 		return

  111. 	}

  112. 

  113. 	verb, args := parseCmd(cmd)

  114. 	repoPath := strings.Trim(args, "'")

  115. 	rr := strings.SplitN(repoPath, "/", 2)

  116. 	if len(rr) != 2 {

  117. 		println("Unavilable repository", args)

  118. 		log.Error("Unavilable repository %v", args)

  119. 		return

  120. 	}

  121. 	repoUserName := rr[0]

  122. 	repoName := rr[1]

  123. 	if strings.HasSuffix(repoName, ".git") {

  124. 		repoName = repoName[:len(repoName)-4]

  125. 	}

  126. 

  127. 	isWrite := In(verb, COMMANDS_WRITE)

  128. 	isRead := In(verb, COMMANDS_READONLY)

  129. 

  130. 	repoUser, err := models.GetUserByName(repoUserName)

  131. 	if err != nil {

  132. 		fmt.Println("You have no right to access")

  133. 		log.Error("Get user failed", err)

  134. 		return

  135. 	}

  136. 

  137. 	// access check

  138. 	switch {

  139. 	case isWrite:

  140. 		has, err := models.HasAccess(user.LowerName, path.Join(repoUserName, repoName), models.AU_WRITABLE)

  141. 		if err != nil {

  142. 			println("Inernel error:", err)

  143. 			log.Error(err.Error())

  144. 			return

  145. 		} else if !has {

  146. 			println("You have no right to write this repository")

  147. 			log.Error("User %s has no right to write repository %s", user.Name, repoPath)

  148. 			return

  149. 		}

  150. 	case isRead:

  151. 		repo, err := models.GetRepositoryByName(repoUser.Id, repoName)

  152. 		if err != nil {

  153. 			println("Get repository error:", err)

  154. 			log.Error("Get repository error: " + err.Error())

  155. 			return

  156. 		}

  157. 

  158. 		if !repo.IsPrivate {

  159. 			break

  160. 		}

  161. 

  162. 		has, err := models.HasAccess(user.Name, repoPath, models.AU_READABLE)

  163. 		if err != nil {

  164. 			println("Inernel error")

  165. 			log.Error(err.Error())

  166. 			return

  167. 		}

  168. 		if !has {

  169. 			has, err = models.HasAccess(user.Name, repoPath, models.AU_WRITABLE)

  170. 			if err != nil {

  171. 				println("Inernel error")

  172. 				log.Error(err.Error())

  173. 				return

  174. 			}

  175. 		}

  176. 		if !has {

  177. 			println("You have no right to access this repository")

  178. 			log.Error("You have no right to access this repository")

  179. 			return

  180. 		}

  181. 	default:

  182. 		println("Unknown command")

  183. 		log.Error("Unknown command")

  184. 		return

  185. 	}

  186. 

  187. 	// for update use

  188. 	os.Setenv("userName", user.Name)

  189. 	os.Setenv("userId", strconv.Itoa(int(user.Id)))

  190. 	os.Setenv("repoName", repoName)

  191. 

  192. 	gitcmd := exec.Command(verb, repoPath)

  193. 	gitcmd.Dir = base.RepoRootPath

  194. 	gitcmd.Stdout = os.Stdout

  195. 	gitcmd.Stdin = os.Stdin

  196. 	gitcmd.Stderr = os.Stderr

  197. 

  198. 	if err = gitcmd.Run(); err != nil {

  199. 		println("execute command error:", err.Error())

  200. 		log.Error("execute command error: " + err.Error())

  201. 		return

  202. 	}

  203. }