func TeamsRepoAction(ctx *middleware.Context) { if !ctx.Org.IsOwner { ctx.Error(404) return } var err error switch ctx.Params(":action") { case "add": repoName := path.Base(ctx.Query("repo-name")) var repo *models.Repository repo, err = models.GetRepositoryByName(ctx.Org.Organization.Id, repoName) if err != nil { ctx.Handle(500, "GetRepositoryByName", err) return } err = ctx.Org.Team.AddRepository(repo) case "remove": err = ctx.Org.Team.RemoveRepository(com.StrTo(ctx.Query("repoid")).MustInt64()) } if err != nil { log.Error(3, "Action(%s): %v", ctx.Params(":action"), err) ctx.JSON(200, map[string]interface{}{ "ok": false, "err": err.Error(), }) return } ctx.Redirect(ctx.Org.OrgLink + "/teams/" + ctx.Org.Team.LowerName + "/repositories") }
func TeamsRepoAction(ctx *middleware.Context) { if !ctx.Org.IsOwner { ctx.Error(404) return } var err error switch ctx.Params(":action") { case "add": repoName := path.Base(ctx.Query("repo_name")) var repo *models.Repository repo, err = models.GetRepositoryByName(ctx.Org.Organization.Id, repoName) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Flash.Error(ctx.Tr("org.teams.add_nonexistent_repo")) ctx.Redirect(ctx.Org.OrgLink + "/teams/" + ctx.Org.Team.LowerName + "/repositories") return } ctx.Handle(500, "GetRepositoryByName", err) return } err = ctx.Org.Team.AddRepository(repo) case "remove": err = ctx.Org.Team.RemoveRepository(com.StrTo(ctx.Query("repoid")).MustInt64()) } if err != nil { log.Error(3, "Action(%s): '%s' %v", ctx.Params(":action"), ctx.Org.Team.Name, err) ctx.Handle(500, "TeamsRepoAction", err) return } ctx.Redirect(ctx.Org.OrgLink + "/teams/" + ctx.Org.Team.LowerName + "/repositories") }
func DeleteRepo(ctx *middleware.Context) { user, err := models.GetUserByName(ctx.Params(":username")) if err != nil { if models.IsErrUserNotExist(err) { ctx.APIError(422, "", err) } else { ctx.APIError(500, "GetUserByName", err) } return } repo, err := models.GetRepositoryByName(user.Id, ctx.Params(":reponame")) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Error(404) } else { ctx.APIError(500, "GetRepositoryByName", err) } return } if user.IsOrganization() && !user.IsOwnedBy(ctx.User.Id) { ctx.APIError(403, "", "Given user is not owner of organization.") return } if err := models.DeleteRepository(user.Id, repo.ID); err != nil { ctx.APIError(500, "DeleteRepository", err) return } log.Trace("Repository deleted: %s/%s", user.Name, repo.Name) ctx.Status(204) }
func RepoAssignment() macaron.Handler { return func(ctx *context.APIContext) { userName := ctx.Params(":username") repoName := ctx.Params(":reponame") var ( owner *models.User err error ) // Check if the user is the same as the repository owner. if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) { owner = ctx.User } else { owner, err = models.GetUserByName(userName) if err != nil { if models.IsErrUserNotExist(err) { ctx.Status(404) } else { ctx.Error(500, "GetUserByName", err) } return } } ctx.Repo.Owner = owner // Get repository. repo, err := models.GetRepositoryByName(owner.ID, repoName) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Status(404) } else { ctx.Error(500, "GetRepositoryByName", err) } return } else if err = repo.GetOwner(); err != nil { ctx.Error(500, "GetOwner", err) return } if ctx.IsSigned && ctx.User.IsAdmin { ctx.Repo.AccessMode = models.ACCESS_MODE_OWNER } else { mode, err := models.AccessLevel(ctx.User, repo) if err != nil { ctx.Error(500, "AccessLevel", err) return } ctx.Repo.AccessMode = mode } if !ctx.Repo.HasAccess() { ctx.Status(404) return } ctx.Repo.Repository = repo } }
func ApiRepoAssignment() macaron.Handler { return func(ctx *Context) { userName := ctx.Params(":username") repoName := ctx.Params(":reponame") var ( u *models.User err error ) // Check if the user is the same as the repository owner. if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) { u = ctx.User } else { u, err = models.GetUserByName(userName) if err != nil { if models.IsErrUserNotExist(err) { ctx.Error(404) } else { ctx.APIError(500, "GetUserByName", err) } return } } ctx.Repo.Owner = u // Get repository. repo, err := models.GetRepositoryByName(u.Id, repoName) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Error(404) } else { ctx.APIError(500, "GetRepositoryByName", err) } return } else if err = repo.GetOwner(); err != nil { ctx.APIError(500, "GetOwner", err) return } mode, err := models.AccessLevel(ctx.User, repo) if err != nil { ctx.APIError(500, "AccessLevel", err) return } ctx.Repo.AccessMode = mode // Check access. if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE { ctx.Error(404) return } ctx.Repo.Repository = repo } }
func GetRepositoryByParams(ctx *context.APIContext) *models.Repository { repo, err := models.GetRepositoryByName(ctx.Org.Team.OrgID, ctx.Params(":reponame")) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Status(404) } else { ctx.Error(500, "GetRepositoryByName", err) } return nil } return repo }
func TriggerHook(ctx *middleware.Context) { u, err := models.GetUserByName(ctx.Params(":username")) if err != nil { if models.IsErrUserNotExist(err) { ctx.Handle(404, "GetUserByName", err) } else { ctx.Handle(500, "GetUserByName", err) } return } repo, err := models.GetRepositoryByName(u.Id, ctx.Params(":reponame")) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Handle(404, "GetRepositoryByName", err) } else { ctx.Handle(500, "GetRepositoryByName", err) } return } models.HookQueue.AddRepoID(repo.ID) }
func parseOwnerAndRepo(ctx *middleware.Context) (*models.User, *models.Repository) { owner, err := models.GetUserByName(ctx.Params(":username")) if err != nil { if models.IsErrUserNotExist(err) { ctx.Handle(404, "GetUserByName", err) } else { ctx.Handle(500, "GetUserByName", err) } return nil, nil } repo, err := models.GetRepositoryByName(owner.Id, ctx.Params(":reponame")) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Handle(404, "GetRepositoryByName", err) } else { ctx.Handle(500, "GetRepositoryByName", err) } return nil, nil } return owner, repo }
func parseOwnerAndRepo(ctx *context.APIContext) (*models.User, *models.Repository) { owner, err := models.GetUserByName(ctx.Params(":username")) if err != nil { if models.IsErrUserNotExist(err) { ctx.Error(422, "", err) } else { ctx.Error(500, "GetUserByName", err) } return nil, nil } repo, err := models.GetRepositoryByName(owner.Id, ctx.Params(":reponame")) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Status(404) } else { ctx.Error(500, "GetRepositoryByName", err) } return nil, nil } return owner, repo }
func RepoAssignment(args ...bool) macaron.Handler { return func(ctx *Context) { var ( displayBare bool // To display bare page if it is a bare repo. ) if len(args) >= 1 { displayBare = args[0] } var ( owner *models.User err error ) userName := ctx.Params(":username") repoName := ctx.Params(":reponame") refName := ctx.Params(":branchname") if len(refName) == 0 { refName = ctx.Params(":path") } // Check if the user is the same as the repository owner if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) { owner = ctx.User } else { owner, err = models.GetUserByName(userName) if err != nil { if models.IsErrUserNotExist(err) { ctx.Handle(404, "GetUserByName", err) } else { ctx.Handle(500, "GetUserByName", err) } return } } ctx.Repo.Owner = owner // Get repository. repo, err := models.GetRepositoryByName(owner.Id, repoName) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Handle(404, "GetRepositoryByName", err) } else { ctx.Handle(500, "GetRepositoryByName", err) } return } else if err = repo.GetOwner(); err != nil { ctx.Handle(500, "GetOwner", err) return } // Admin has super access. if ctx.IsSigned && ctx.User.IsAdmin { ctx.Repo.AccessMode = models.ACCESS_MODE_OWNER } else { mode, err := models.AccessLevel(ctx.User, repo) if err != nil { ctx.Handle(500, "AccessLevel", err) return } ctx.Repo.AccessMode = mode } // Check access. if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE { ctx.Handle(404, "no access right", err) return } ctx.Data["HasAccess"] = true if repo.IsMirror { ctx.Repo.Mirror, err = models.GetMirror(repo.ID) if err != nil { ctx.Handle(500, "GetMirror", err) return } ctx.Data["MirrorEnablePrune"] = ctx.Repo.Mirror.EnablePrune ctx.Data["MirrorInterval"] = ctx.Repo.Mirror.Interval ctx.Data["Mirror"] = ctx.Repo.Mirror } ctx.Repo.Repository = repo ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare gitRepo, err := git.OpenRepository(models.RepoPath(userName, repoName)) if err != nil { ctx.Handle(500, "RepoAssignment Invalid repo "+models.RepoPath(userName, repoName), err) return } ctx.Repo.GitRepo = gitRepo ctx.Repo.RepoLink = repo.Link() ctx.Data["RepoLink"] = ctx.Repo.RepoLink ctx.Data["RepoRelPath"] = ctx.Repo.Owner.Name + "/" + ctx.Repo.Repository.Name tags, err := ctx.Repo.GitRepo.GetTags() if err != nil { ctx.Handle(500, "GetTags", err) return } ctx.Data["Tags"] = tags ctx.Repo.Repository.NumTags = len(tags) ctx.Data["Title"] = owner.Name + "/" + repo.Name ctx.Data["Repository"] = repo ctx.Data["Owner"] = ctx.Repo.Repository.Owner ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner() ctx.Data["IsRepositoryAdmin"] = ctx.Repo.IsAdmin() ctx.Data["IsRepositoryWriter"] = ctx.Repo.IsWriter() ctx.Data["DisableSSH"] = setting.SSH.Disabled ctx.Data["CloneLink"] = repo.CloneLink() ctx.Data["WikiCloneLink"] = repo.WikiCloneLink() if ctx.IsSigned { ctx.Data["IsWatchingRepo"] = models.IsWatching(ctx.User.Id, repo.ID) ctx.Data["IsStaringRepo"] = models.IsStaring(ctx.User.Id, repo.ID) } // repo is bare and display enable if ctx.Repo.Repository.IsBare { log.Debug("Bare repository: %s", ctx.Repo.RepoLink) // NOTE: to prevent templating error ctx.Data["BranchName"] = "" if displayBare { if !ctx.Repo.IsAdmin() { ctx.Flash.Info(ctx.Tr("repo.repo_is_empty"), true) } ctx.HTML(200, "repo/bare") } return } ctx.Data["TagName"] = ctx.Repo.TagName brs, err := ctx.Repo.GitRepo.GetBranches() if err != nil { ctx.Handle(500, "GetBranches", err) return } ctx.Data["Branches"] = brs ctx.Data["BrancheCount"] = len(brs) // If not branch selected, try default one. // If default branch doesn't exists, fall back to some other branch. if len(ctx.Repo.BranchName) == 0 { if len(ctx.Repo.Repository.DefaultBranch) > 0 && gitRepo.IsBranchExist(ctx.Repo.Repository.DefaultBranch) { ctx.Repo.BranchName = ctx.Repo.Repository.DefaultBranch } else if len(brs) > 0 { ctx.Repo.BranchName = brs[0] } } ctx.Data["BranchName"] = ctx.Repo.BranchName ctx.Data["CommitID"] = ctx.Repo.CommitID if repo.IsFork { RetrieveBaseRepo(ctx, repo) if ctx.Written() { return } } // People who have push access and propose a new pull request. if ctx.Repo.IsWriter() { // Pull request is allowed if this is a fork repository // and base repository accepts pull requests. if repo.BaseRepo != nil { if repo.BaseRepo.AllowsPulls() { ctx.Data["BaseRepo"] = repo.BaseRepo ctx.Repo.PullRequest.BaseRepo = repo.BaseRepo ctx.Repo.PullRequest.Allowed = true ctx.Repo.PullRequest.HeadInfo = ctx.Repo.Owner.Name + ":" + ctx.Repo.BranchName } } else { // Or, this is repository accepts pull requests between branches. if repo.AllowsPulls() { ctx.Data["BaseRepo"] = repo ctx.Repo.PullRequest.BaseRepo = repo ctx.Repo.PullRequest.Allowed = true ctx.Repo.PullRequest.SameRepo = true ctx.Repo.PullRequest.HeadInfo = ctx.Repo.BranchName } } } ctx.Data["PullRequestCtx"] = ctx.Repo.PullRequest if ctx.Query("go-get") == "1" { ctx.Data["GoGetImport"] = path.Join(setting.Domain, setting.AppSubUrl, owner.Name, repo.Name) prefix := setting.AppUrl + path.Join(owner.Name, repo.Name, "src", ctx.Repo.BranchName) ctx.Data["GoDocDirectory"] = prefix + "{/dir}" ctx.Data["GoDocFile"] = prefix + "{/dir}/{file}#L{line}" } } }
// for command: ./gogs update func runUpdate(c *cli.Context) { execDir, _ := base.ExecDir() newLogger(execDir) base.NewConfigContext() models.LoadModelsConfig() if models.UseSQLite3 { os.Chdir(execDir) } models.SetEngine() args := c.Args() if len(args) != 3 { log.Error("received less 3 parameters") return } refName := args[0] if refName == "" { log.Error("refName is empty, shouldn't use") return } oldCommitId := args[1] newCommitId := args[2] isNew := strings.HasPrefix(oldCommitId, "0000000") if isNew && strings.HasPrefix(newCommitId, "0000000") { log.Error("old rev and new rev both 000000") return } userName := os.Getenv("userName") userId := os.Getenv("userId") //repoId := os.Getenv("repoId") repoName := os.Getenv("repoName") f := models.RepoPath(userName, repoName) gitUpdate := exec.Command("git", "update-server-info") gitUpdate.Dir = f gitUpdate.Run() repo, err := git.OpenRepository(f) if err != nil { log.Error("runUpdate.Open repoId: %v", err) return } newOid, err := git.NewOidFromString(newCommitId) if err != nil { log.Error("runUpdate.Ref repoId: %v", err) return } newCommit, err := repo.LookupCommit(newOid) if err != nil { log.Error("runUpdate.Ref repoId: %v", err) return } var l *list.List // if a new branch if isNew { l, err = repo.CommitsBefore(newCommit.Id()) if err != nil { log.Error("Find CommitsBefore erro:", err) return } } else { oldOid, err := git.NewOidFromString(oldCommitId) if err != nil { log.Error("runUpdate.Ref repoId: %v", err) return } oldCommit, err := repo.LookupCommit(oldOid) if err != nil { log.Error("runUpdate.Ref repoId: %v", err) return } l = repo.CommitsBetween(newCommit, oldCommit) } if err != nil { log.Error("runUpdate.Commit repoId: %v", err) return } sUserId, err := strconv.Atoi(userId) if err != nil { log.Error("runUpdate.Parse userId: %v", err) return } repos, err := models.GetRepositoryByName(int64(sUserId), repoName) if err != nil { log.Error("runUpdate.GetRepositoryByName userId: %v", err) return } commits := make([]*base.PushCommit, 0) var maxCommits = 3 var actEmail string for e := l.Front(); e != nil; e = e.Next() { commit := e.Value.(*git.Commit) if actEmail == "" { actEmail = commit.Committer.Email } commits = append(commits, &base.PushCommit{commit.Id().String(), commit.Message(), commit.Author.Email, commit.Author.Name}) if len(commits) >= maxCommits { break } } //commits = append(commits, []string{lastCommit.Id().String(), lastCommit.Message()}) if err = models.CommitRepoAction(int64(sUserId), userName, actEmail, repos.Id, repoName, git.BranchName(refName), &base.PushCommits{l.Len(), commits}); err != nil { log.Error("runUpdate.models.CommitRepoAction: %v", err) } }
func runServ(k *cli.Context) { base.NewConfigContext() models.LoadModelsConfig() models.NewEngine() keys := strings.Split(os.Args[2], "-") if len(keys) != 2 { fmt.Println("auth file format error") return } keyId, err := strconv.ParseInt(keys[1], 10, 64) if err != nil { fmt.Println("auth file format error") return } user, err := models.GetUserByKeyId(keyId) if err != nil { fmt.Println("You have no right to access") return } cmd := os.Getenv("SSH_ORIGINAL_COMMAND") if cmd == "" { println("Hi", user.Name, "! You've successfully authenticated, but Gogs does not provide shell access.") return } verb, args := parseCmd(cmd) rRepo := strings.Trim(args, "'") rr := strings.SplitN(rRepo, "/", 2) if len(rr) != 2 { println("Unavilable repository", args) return } repoName := rr[1] if strings.HasSuffix(repoName, ".git") { repoName = repoName[:len(repoName)-4] } repo, err := models.GetRepositoryByName(user.Id, repoName) var isExist bool = true if err != nil { if err == models.ErrRepoNotExist { isExist = false } else { println("Unavilable repository", err) return } } isWrite := In(verb, COMMANDS_WRITE) isRead := In(verb, COMMANDS_READONLY) switch { case isWrite: has, err := models.HasAccess(user.Name, repoName, models.AU_WRITABLE) if err != nil { println("Inernel error:", err) return } if !has { println("You have no right to write this repository") return } case isRead: has, err := models.HasAccess(user.Name, repoName, models.AU_READABLE) if err != nil { println("Inernel error") return } if !has { has, err = models.HasAccess(user.Name, repoName, models.AU_WRITABLE) if err != nil { println("Inernel error") return } } if !has { println("You have no right to access this repository") return } default: println("Unknown command") return } if !isExist { if isRead { println("Repository", user.Name+"/"+repoName, "is not exist") return } else if isWrite { _, err := models.CreateRepository(user, repoName, "", "", "", false, true) if err != nil { println("Create repository failed") return } } } rep, err := git.OpenRepository(models.RepoPath(user.Name, repoName)) if err != nil { println(err.Error()) return } refs, err := rep.AllReferencesMap() if err != nil { println(err.Error()) return } gitcmd := exec.Command(verb, rRepo) gitcmd.Dir = base.RepoRootPath var s string b := bytes.NewBufferString(s) gitcmd.Stdout = io.MultiWriter(os.Stdout, b) //gitcmd.Stdin = io.MultiReader(os.Stdin, b) gitcmd.Stdin = os.Stdin gitcmd.Stderr = os.Stderr if err = gitcmd.Run(); err != nil { println("execute command error:", err.Error()) } if !strings.HasPrefix(cmd, "git-receive-pack") { return } // update //w, _ := os.Create("serve.log") //defer w.Close() //log.SetOutput(w) var t = "ok refs/heads/" var i int var refname string for { l, err := b.ReadString('\n') if err != nil { break } i = i + 1 l = l[:len(l)-1] idx := strings.Index(l, t) if idx > 0 { refname = l[idx+len(t):] } } var ref *git.Reference var ok bool var l *list.List //log.Info("----", refname, "-----") if ref, ok = refs[refname]; !ok { refs, err = rep.AllReferencesMap() if err != nil { println(err.Error()) return } if ref, ok = refs[refname]; !ok { println("unknow reference name -", refname, "-") return } l, err = ref.AllCommits() if err != nil { println(err.Error()) return } } else { //log.Info("----", ref, "-----") var last *git.Commit //log.Info("00000", ref.Oid.String()) last, err = ref.LastCommit() if err != nil { println(err.Error()) return } ref2, err := rep.LookupReference(ref.Name) if err != nil { println(err.Error()) return } //log.Info("11111", ref2.Oid.String()) before, err := ref2.LastCommit() if err != nil { println(err.Error()) return } //log.Info("----", before.Id(), "-----", last.Id()) l = ref.CommitsBetween(before, last) } commits := make([][]string, 0) var maxCommits = 3 for e := l.Front(); e != nil; e = e.Next() { commit := e.Value.(*git.Commit) commits = append(commits, []string{commit.Id().String(), commit.Message()}) if len(commits) >= maxCommits { break } } if err = models.CommitRepoAction(user.Id, user.Name, repo.Id, repoName, refname, &base.PushCommits{l.Len(), commits}); err != nil { log.Error("runUpdate.models.CommitRepoAction: %v", err, commits) } else { //log.Info("refname", refname) //log.Info("Listen: %v", cmd) //fmt.Println("...", cmd) //runUpdate(k) c := exec.Command("git", "update-server-info") c.Dir = models.RepoPath(user.Name, repoName) err := c.Run() if err != nil { log.Error("update-server-info: %v", err) } } }
func RepoAssignment(redirect bool, args ...bool) macaron.Handler { return func(ctx *Context) { var ( displayBare bool // To display bare page if it is a bare repo. ) if len(args) >= 1 { displayBare = args[0] } var ( u *models.User err error ) userName := ctx.Params(":username") repoName := ctx.Params(":reponame") refName := ctx.Params(":branchname") if len(refName) == 0 { refName = ctx.Params(":path") } // Check if the user is the same as the repository owner if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) { u = ctx.User } else { u, err = models.GetUserByName(userName) if err != nil { if models.IsErrUserNotExist(err) { ctx.Handle(404, "GetUserByName", err) } else { ctx.Handle(500, "GetUserByName", err) } return } } ctx.Repo.Owner = u // Get repository. repo, err := models.GetRepositoryByName(u.Id, repoName) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Handle(404, "GetRepositoryByName", err) } else { ctx.Handle(500, "GetRepositoryByName", err) } return } else if err = repo.GetOwner(); err != nil { ctx.Handle(500, "GetOwner", err) return } mode, err := models.AccessLevel(ctx.User, repo) if err != nil { ctx.Handle(500, "AccessLevel", err) return } ctx.Repo.AccessMode = mode // Check access. if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE { ctx.Handle(404, "no access right", err) return } ctx.Data["HasAccess"] = true if repo.IsMirror { ctx.Repo.Mirror, err = models.GetMirror(repo.ID) if err != nil { ctx.Handle(500, "GetMirror", err) return } ctx.Data["MirrorInterval"] = ctx.Repo.Mirror.Interval } ctx.Repo.Repository = repo ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare gitRepo, err := git.OpenRepository(models.RepoPath(userName, repoName)) if err != nil { ctx.Handle(500, "RepoAssignment Invalid repo "+models.RepoPath(userName, repoName), err) return } ctx.Repo.GitRepo = gitRepo ctx.Repo.RepoLink, err = repo.RepoLink() if err != nil { ctx.Handle(500, "RepoLink", err) return } ctx.Data["RepoLink"] = ctx.Repo.RepoLink ctx.Data["RepoRelPath"] = ctx.Repo.Owner.Name + "/" + ctx.Repo.Repository.Name tags, err := ctx.Repo.GitRepo.GetTags() if err != nil { ctx.Handle(500, "GetTags", err) return } ctx.Data["Tags"] = tags ctx.Repo.Repository.NumTags = len(tags) if repo.IsFork { RetrieveBaseRepo(ctx, repo) if ctx.Written() { return } } ctx.Data["Title"] = u.Name + "/" + repo.Name ctx.Data["Repository"] = repo ctx.Data["Owner"] = ctx.Repo.Repository.Owner ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner() ctx.Data["IsRepositoryAdmin"] = ctx.Repo.IsAdmin() ctx.Data["DisableSSH"] = setting.DisableSSH ctx.Repo.CloneLink, err = repo.CloneLink() if err != nil { ctx.Handle(500, "CloneLink", err) return } ctx.Data["CloneLink"] = ctx.Repo.CloneLink if ctx.Query("go-get") == "1" { ctx.Data["GoGetImport"] = fmt.Sprintf("%s/%s/%s", setting.Domain, u.Name, repo.Name) } if ctx.IsSigned { ctx.Data["IsWatchingRepo"] = models.IsWatching(ctx.User.Id, repo.ID) ctx.Data["IsStaringRepo"] = models.IsStaring(ctx.User.Id, repo.ID) } // repo is bare and display enable if ctx.Repo.Repository.IsBare { log.Debug("Bare repository: %s", ctx.Repo.RepoLink) // NOTE: to prevent templating error ctx.Data["BranchName"] = "" if displayBare { if !ctx.Repo.IsAdmin() { ctx.Flash.Info(ctx.Tr("repo.repo_is_empty"), true) } ctx.HTML(200, "repo/bare") } return } ctx.Data["TagName"] = ctx.Repo.TagName brs, err := ctx.Repo.GitRepo.GetBranches() if err != nil { ctx.Handle(500, "GetBranches", err) return } ctx.Data["Branches"] = brs ctx.Data["BrancheCount"] = len(brs) // If not branch selected, try default one. // If default branch doesn't exists, fall back to some other branch. if len(ctx.Repo.BranchName) == 0 { if len(ctx.Repo.Repository.DefaultBranch) > 0 && gitRepo.IsBranchExist(ctx.Repo.Repository.DefaultBranch) { ctx.Repo.BranchName = ctx.Repo.Repository.DefaultBranch } else if len(brs) > 0 { ctx.Repo.BranchName = brs[0] } } ctx.Data["BranchName"] = ctx.Repo.BranchName ctx.Data["CommitID"] = ctx.Repo.CommitID userAgent := ctx.Req.Header.Get("User-Agent") ua := user_agent.New(userAgent) browserName, browserVer := ua.Browser() ctx.Data["BrowserSupportsCopy"] = (browserName == "Chrome" && version.Compare(browserVer, CHROME_COPY_SUPPORT, ">=")) || (browserName == "Firefox" && version.Compare(browserVer, FIREFOX_COPY_SUPPORT, ">=")) } }
func HTTP(ctx *context.Context) { username := ctx.Params(":username") reponame := strings.TrimSuffix(ctx.Params(":reponame"), ".git") var isPull bool service := ctx.Query("service") if service == "git-receive-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") { isPull = false } else if service == "git-upload-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") { isPull = true } else { isPull = (ctx.Req.Method == "GET") } isWiki := false if strings.HasSuffix(reponame, ".wiki") { isWiki = true reponame = reponame[:len(reponame)-5] } repoUser, err := models.GetUserByName(username) if err != nil { if models.IsErrUserNotExist(err) { ctx.Handle(http.StatusNotFound, "GetUserByName", nil) } else { ctx.Handle(http.StatusInternalServerError, "GetUserByName", err) } return } repo, err := models.GetRepositoryByName(repoUser.Id, reponame) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Handle(http.StatusNotFound, "GetRepositoryByName", nil) } else { ctx.Handle(http.StatusInternalServerError, "GetRepositoryByName", err) } return } // Only public pull don't need auth. isPublicPull := !repo.IsPrivate && isPull var ( askAuth = !isPublicPull || setting.Service.RequireSignInView authUser *models.User authUsername string authPasswd string ) // check access if askAuth { authHead := ctx.Req.Header.Get("Authorization") if len(authHead) == 0 { ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"") ctx.Error(http.StatusUnauthorized) return } auths := strings.Fields(authHead) // currently check basic auth // TODO: support digit auth // FIXME: middlewares/context.go did basic auth check already, // maybe could use that one. if len(auths) != 2 || auths[0] != "Basic" { ctx.HandleText(http.StatusUnauthorized, "no basic auth and digit auth") return } authUsername, authPasswd, err = base.BasicAuthDecode(auths[1]) if err != nil { ctx.HandleText(http.StatusUnauthorized, "no basic auth and digit auth") return } authUser, err = models.UserSignIn(authUsername, authPasswd) if err != nil { if !models.IsErrUserNotExist(err) { ctx.Handle(http.StatusInternalServerError, "UserSignIn error: %v", err) return } // Assume username now is a token. token, err := models.GetAccessTokenBySHA(authUsername) if err != nil { if models.IsErrAccessTokenNotExist(err) { ctx.HandleText(http.StatusUnauthorized, "invalid token") } else { ctx.Handle(http.StatusInternalServerError, "GetAccessTokenBySha", err) } return } token.Updated = time.Now() if err = models.UpdateAccessToken(token); err != nil { ctx.Handle(http.StatusInternalServerError, "UpdateAccessToken", err) } authUser, err = models.GetUserByID(token.UID) if err != nil { ctx.Handle(http.StatusInternalServerError, "GetUserByID", err) return } } if !isPublicPull { var tp = models.ACCESS_MODE_WRITE if isPull { tp = models.ACCESS_MODE_READ } has, err := models.HasAccess(authUser, repo, tp) if err != nil { ctx.Handle(http.StatusInternalServerError, "HasAccess", err) return } else if !has { if tp == models.ACCESS_MODE_READ { has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE) if err != nil { ctx.Handle(http.StatusInternalServerError, "HasAccess2", err) return } else if !has { ctx.HandleText(http.StatusForbidden, "User permission denied") return } } else { ctx.HandleText(http.StatusForbidden, "User permission denied") return } } if !isPull && repo.IsMirror { ctx.HandleText(http.StatusForbidden, "mirror repository is read-only") return } } } callback := func(rpc string, input []byte) { if rpc != "receive-pack" || isWiki { return } var lastLine int64 = 0 for { head := input[lastLine : lastLine+2] if head[0] == '0' && head[1] == '0' { size, err := strconv.ParseInt(string(input[lastLine+2:lastLine+4]), 16, 32) if err != nil { log.Error(4, "%v", err) return } if size == 0 { //fmt.Println(string(input[lastLine:])) break } line := input[lastLine : lastLine+size] idx := bytes.IndexRune(line, '\000') if idx > -1 { line = line[:idx] } fields := strings.Fields(string(line)) if len(fields) >= 3 { oldCommitId := fields[0][4:] newCommitId := fields[1] refName := fields[2] // FIXME: handle error. if err = models.PushUpdate(models.PushUpdateOptions{ RefName: refName, OldCommitID: oldCommitId, NewCommitID: newCommitId, PusherID: authUser.Id, PusherName: authUser.Name, RepoUserName: username, RepoName: reponame, }); err == nil { go models.HookQueue.Add(repo.ID) go models.AddTestPullRequestTask(repo.ID, strings.TrimPrefix(refName, "refs/heads/")) } } lastLine = lastLine + size } else { break } } } HTTPBackend(ctx, &serviceConfig{ UploadPack: true, ReceivePack: true, OnSucceed: callback, })(ctx.Resp, ctx.Req.Request) runtime.GC() }
func RepoAssignment(redirect bool, args ...bool) martini.Handler { return func(ctx *Context, params martini.Params) { log.Trace(fmt.Sprint(args)) // valid brachname var validBranch bool // display bare quick start if it is a bare repo var displayBare bool if len(args) >= 1 { // Note: argument has wrong value in Go1.3 martini. // validBranch = args[0] validBranch = true } if len(args) >= 2 { // displayBare = args[1] displayBare = true } var ( user *models.User err error isTrueOwner bool ) userName := params["username"] repoName := params["reponame"] refName := params["branchname"] // Collaborators who have write access can be seen as owners. if ctx.IsSigned { ctx.Repo.IsOwner, err = models.HasAccess(ctx.User.Name, userName+"/"+repoName, models.AU_WRITABLE) if err != nil { ctx.Handle(500, "RepoAssignment(HasAccess)", err) return } isTrueOwner = ctx.User.LowerName == strings.ToLower(userName) } if !isTrueOwner { user, err = models.GetUserByName(userName) if err != nil { if err == models.ErrUserNotExist { ctx.Handle(404, "RepoAssignment(GetUserByName)", err) return } else if redirect { ctx.Redirect("/") return } ctx.Handle(500, "RepoAssignment(GetUserByName)", err) return } } else { user = ctx.User } if user == nil { if redirect { ctx.Redirect("/") return } ctx.Handle(403, "RepoAssignment", errors.New("invliad user account for single repository")) return } ctx.Repo.Owner = user // get repository repo, err := models.GetRepositoryByName(user.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { ctx.Handle(404, "RepoAssignment", err) return } else if redirect { ctx.Redirect("/") return } ctx.Handle(500, "RepoAssignment", err) return } // Check access. if repo.IsPrivate && !ctx.Repo.IsOwner { if ctx.User == nil { ctx.Handle(404, "RepoAssignment(HasAccess)", nil) return } hasAccess, err := models.HasAccess(ctx.User.Name, ctx.Repo.Owner.Name+"/"+repo.Name, models.AU_READABLE) if err != nil { ctx.Handle(500, "RepoAssignment(HasAccess)", err) return } else if !hasAccess { ctx.Handle(404, "RepoAssignment(HasAccess)", nil) return } } ctx.Repo.HasAccess = true ctx.Data["HasAccess"] = true if repo.IsMirror { ctx.Repo.Mirror, err = models.GetMirror(repo.Id) if err != nil { ctx.Handle(500, "RepoAssignment(GetMirror)", err) return } ctx.Data["MirrorInterval"] = ctx.Repo.Mirror.Interval } repo.NumOpenIssues = repo.NumIssues - repo.NumClosedIssues ctx.Repo.Repository = repo ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare gitRepo, err := git.OpenRepository(models.RepoPath(userName, repoName)) if err != nil { ctx.Handle(500, "RepoAssignment Invalid repo "+models.RepoPath(userName, repoName), err) return } ctx.Repo.GitRepo = gitRepo ctx.Repo.RepoLink = "/" + user.Name + "/" + repo.Name tags, err := ctx.Repo.GitRepo.GetTags() if err != nil { ctx.Handle(500, "RepoAssignment(GetTags))", err) return } ctx.Repo.Repository.NumTags = len(tags) ctx.Data["Title"] = user.Name + "/" + repo.Name ctx.Data["Repository"] = repo ctx.Data["Owner"] = user ctx.Data["RepoLink"] = ctx.Repo.RepoLink ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner ctx.Data["BranchName"] = "" if base.SshPort != 22 { ctx.Repo.CloneLink.SSH = fmt.Sprintf("ssh://%s@%s/%s/%s.git", base.RunUser, base.Domain, user.LowerName, repo.LowerName) } else { ctx.Repo.CloneLink.SSH = fmt.Sprintf("%s@%s:%s/%s.git", base.RunUser, base.Domain, user.LowerName, repo.LowerName) } ctx.Repo.CloneLink.HTTPS = fmt.Sprintf("%s%s/%s.git", base.AppUrl, user.LowerName, repo.LowerName) ctx.Data["CloneLink"] = ctx.Repo.CloneLink if ctx.Repo.Repository.IsGoget { ctx.Data["GoGetLink"] = fmt.Sprintf("%s%s/%s", base.AppUrl, user.LowerName, repo.LowerName) ctx.Data["GoGetImport"] = fmt.Sprintf("%s/%s/%s", base.Domain, user.LowerName, repo.LowerName) } // when repo is bare, not valid branch if !ctx.Repo.Repository.IsBare && validBranch { detect: if len(refName) > 0 { if gitRepo.IsBranchExist(refName) { ctx.Repo.IsBranch = true ctx.Repo.BranchName = refName ctx.Repo.Commit, err = gitRepo.GetCommitOfBranch(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid branch", nil) return } ctx.Repo.CommitId = ctx.Repo.Commit.Id.String() } else if gitRepo.IsTagExist(refName) { ctx.Repo.IsBranch = true ctx.Repo.BranchName = refName ctx.Repo.Commit, err = gitRepo.GetCommitOfTag(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid tag", nil) return } ctx.Repo.CommitId = ctx.Repo.Commit.Id.String() } else if len(refName) == 40 { ctx.Repo.IsCommit = true ctx.Repo.CommitId = refName ctx.Repo.BranchName = refName ctx.Repo.Commit, err = gitRepo.GetCommit(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid commit", nil) return } } else { ctx.Handle(404, "RepoAssignment invalid repo", nil) return } } else { if len(refName) == 0 { if gitRepo.IsBranchExist(ctx.Repo.Repository.DefaultBranch) { refName = ctx.Repo.Repository.DefaultBranch } else { brs, err := gitRepo.GetBranches() if err != nil { ctx.Handle(500, "RepoAssignment(GetBranches))", err) return } refName = brs[0] } } goto detect } ctx.Data["IsBranch"] = ctx.Repo.IsBranch ctx.Data["IsCommit"] = ctx.Repo.IsCommit log.Debug("Repo.Commit: %v", ctx.Repo.Commit) } log.Debug("displayBare: %v; IsBare: %v", displayBare, ctx.Repo.Repository.IsBare) // repo is bare and display enable if displayBare && ctx.Repo.Repository.IsBare { log.Debug("Bare repository: %s", ctx.Repo.RepoLink) ctx.HTML(200, "repo/single_bare") return } if ctx.IsSigned { ctx.Repo.IsWatching = models.IsWatching(ctx.User.Id, repo.Id) } ctx.Data["BranchName"] = ctx.Repo.BranchName brs, err := ctx.Repo.GitRepo.GetBranches() if err != nil { log.Error("RepoAssignment(GetBranches): %v", err) } ctx.Data["Branches"] = brs ctx.Data["CommitId"] = ctx.Repo.CommitId ctx.Data["IsRepositoryWatching"] = ctx.Repo.IsWatching } }
func Http(ctx *middleware.Context, params martini.Params) { username := params["username"] reponame := params["reponame"] if strings.HasSuffix(reponame, ".git") { reponame = reponame[:len(reponame)-4] } var isPull bool service := ctx.Query("service") if service == "git-receive-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") { isPull = false } else if service == "git-upload-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") { isPull = true } else { isPull = (ctx.Req.Method == "GET") } repoUser, err := models.GetUserByName(username) if err != nil { if err == models.ErrUserNotExist { ctx.Handle(404, "repo.Http(GetUserByName)", nil) } else { ctx.Handle(500, "repo.Http(GetUserByName)", nil) } return } repo, err := models.GetRepositoryByName(repoUser.Id, reponame) if err != nil { if err == models.ErrRepoNotExist { ctx.Handle(404, "repo.Http(GetRepositoryByName)", nil) } else { ctx.Handle(500, "repo.Http(GetRepositoryByName)", nil) } return } // only public pull don't need auth isPublicPull := !repo.IsPrivate && isPull var askAuth = !isPublicPull || setting.Service.RequireSignInView var authUser *models.User var authUsername, passwd string // check access if askAuth { baHead := ctx.Req.Header.Get("Authorization") if baHead == "" { // ask auth authRequired(ctx) return } auths := strings.Fields(baHead) // currently check basic auth // TODO: support digit auth if len(auths) != 2 || auths[0] != "Basic" { ctx.Handle(401, "no basic auth and digit auth", nil) return } authUsername, passwd, err = basicDecode(auths[1]) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return } authUser, err = models.GetUserByName(authUsername) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return } newUser := &models.User{Passwd: passwd, Salt: authUser.Salt} newUser.EncodePasswd() if authUser.Passwd != newUser.Passwd { ctx.Handle(401, "no basic auth and digit auth", nil) return } if !isPublicPull { var tp = models.WRITABLE if isPull { tp = models.READABLE } has, err := models.HasAccess(authUsername, username+"/"+reponame, tp) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return } else if !has { if tp == models.READABLE { has, err = models.HasAccess(authUsername, username+"/"+reponame, models.WRITABLE) if err != nil || !has { ctx.Handle(401, "no basic auth and digit auth", nil) return } } else { ctx.Handle(401, "no basic auth and digit auth", nil) return } } } } var f func(rpc string, input []byte) f = func(rpc string, input []byte) { if rpc == "receive-pack" { var lastLine int64 = 0 for { head := input[lastLine : lastLine+2] if head[0] == '0' && head[1] == '0' { size, err := strconv.ParseInt(string(input[lastLine+2:lastLine+4]), 16, 32) if err != nil { log.Error("%v", err) return } if size == 0 { //fmt.Println(string(input[lastLine:])) break } line := input[lastLine : lastLine+size] idx := bytes.IndexRune(line, '\000') if idx > -1 { line = line[:idx] } fields := strings.Fields(string(line)) if len(fields) >= 3 { oldCommitId := fields[0][4:] newCommitId := fields[1] refName := fields[2] models.Update(refName, oldCommitId, newCommitId, authUsername, username, reponame, authUser.Id) } lastLine = lastLine + size } else { //fmt.Println("ddddddddddd") break } } } } config := Config{setting.RepoRootPath, "git", true, true, f} handler := HttpBackend(&config) handler(ctx.ResponseWriter, ctx.Req) }
func HTTP(ctx *context.Context) { username := ctx.Params(":username") reponame := strings.TrimSuffix(ctx.Params(":reponame"), ".git") var isPull bool service := ctx.Query("service") if service == "git-receive-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") { isPull = false } else if service == "git-upload-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") { isPull = true } else { isPull = (ctx.Req.Method == "GET") } isWiki := false if strings.HasSuffix(reponame, ".wiki") { isWiki = true reponame = reponame[:len(reponame)-5] } repoUser, err := models.GetUserByName(username) if err != nil { if models.IsErrUserNotExist(err) { ctx.Handle(404, "GetUserByName", nil) } else { ctx.Handle(500, "GetUserByName", err) } return } repo, err := models.GetRepositoryByName(repoUser.Id, reponame) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Handle(404, "GetRepositoryByName", nil) } else { ctx.Handle(500, "GetRepositoryByName", err) } return } // Only public pull don't need auth. isPublicPull := !repo.IsPrivate && isPull var ( askAuth = !isPublicPull || setting.Service.RequireSignInView authUser *models.User ) // check access if askAuth { authSandstormId := ctx.Req.Header.Get("X-Sandstorm-User-Id") if authSandstormId == "" { authRequired(ctx) return } authUser, err = models.GetUserBySandstormID(authSandstormId) if err != nil { ctx.Handle(500, "UserSignIn error: %v", err) return } if !isPublicPull { var tp = models.ACCESS_MODE_WRITE if isPull { tp = models.ACCESS_MODE_READ } has, err := models.HasAccess(authUser, repo, tp) if err != nil { ctx.Handle(500, "HasAccess", err) return } else if !has { if tp == models.ACCESS_MODE_READ { has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE) if err != nil { ctx.Handle(500, "HasAccess2", err) return } else if !has { ctx.HandleText(403, "User permission denied") return } } else { ctx.HandleText(403, "User permission denied") return } } if !isPull && repo.IsMirror { ctx.HandleText(403, "mirror repository is read-only") return } } } callback := func(rpc string, input []byte) { if rpc != "receive-pack" || isWiki { return } var lastLine int64 = 0 for { head := input[lastLine : lastLine+2] if head[0] == '0' && head[1] == '0' { size, err := strconv.ParseInt(string(input[lastLine+2:lastLine+4]), 16, 32) if err != nil { log.Error(4, "%v", err) return } if size == 0 { //fmt.Println(string(input[lastLine:])) break } line := input[lastLine : lastLine+size] idx := bytes.IndexRune(line, '\000') if idx > -1 { line = line[:idx] } fields := strings.Fields(string(line)) if len(fields) >= 3 { oldCommitId := fields[0][4:] newCommitId := fields[1] refName := fields[2] // FIXME: handle error. if err = models.PushUpdate(models.PushUpdateOptions{ RefName: refName, OldCommitID: oldCommitId, NewCommitID: newCommitId, PusherID: authUser.Id, PusherName: authUser.Name, RepoUserName: username, RepoName: reponame, }); err == nil { go models.HookQueue.Add(repo.ID) go models.AddTestPullRequestTask(repo.ID, strings.TrimPrefix(refName, "refs/heads/")) } } lastLine = lastLine + size } else { break } } } HTTPBackend(ctx, &Config{ RepoRootPath: setting.RepoRootPath, GitBinPath: "git", UploadPack: true, ReceivePack: true, OnSucceed: callback, })(ctx.Resp, ctx.Req.Request) runtime.GC() }
func runServ(c *cli.Context) { if c.IsSet("config") { setting.CustomConf = c.String("config") } setup("serv.log") if len(c.Args()) < 1 { fail("Not enough arguments", "Not enough arguments") } cmd := os.Getenv("SSH_ORIGINAL_COMMAND") if len(cmd) == 0 { println("Hi there, You've successfully authenticated, but Gogs does not provide shell access.") println("If this is unexpected, please log in with password and setup Gogs under another user.") return } verb, args := parseCmd(cmd) repoPath := strings.ToLower(strings.Trim(args, "'")) rr := strings.SplitN(repoPath, "/", 2) if len(rr) != 2 { fail("Invalid repository path", "Invalid repository path: %v", args) } username := strings.ToLower(rr[0]) reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git")) isWiki := false if strings.HasSuffix(reponame, ".wiki") { isWiki = true reponame = reponame[:len(reponame)-5] } repoUser, err := models.GetUserByName(username) if err != nil { if models.IsErrUserNotExist(err) { fail("Repository owner does not exist", "Unregistered owner: %s", username) } fail("Internal error", "Failed to get repository owner (%s): %v", username, err) } repo, err := models.GetRepositoryByName(repoUser.Id, reponame) if err != nil { if models.IsErrRepoNotExist(err) { fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, reponame) } fail("Internal error", "Failed to get repository: %v", err) } requestedMode, has := allowedCommands[verb] if !has { fail("Unknown git command", "Unknown git command %s", verb) } // Prohibit push to mirror repositories. if requestedMode > models.ACCESS_MODE_READ && repo.IsMirror { fail("mirror repository is read-only", "") } // Allow anonymous clone for public repositories. var ( keyID int64 user *models.User ) if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate { keys := strings.Split(c.Args()[0], "-") if len(keys) != 2 { fail("Key ID format error", "Invalid key argument: %s", c.Args()[0]) } key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64()) if err != nil { fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err) } keyID = key.ID // Check deploy key or user key. if key.Type == models.KEY_TYPE_DEPLOY { if key.Mode < requestedMode { fail("Key permission denied", "Cannot push with deployment key: %d", key.ID) } // Check if this deploy key belongs to current repository. if !models.HasDeployKey(key.ID, repo.ID) { fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID) } // Update deploy key activity. deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID) if err != nil { fail("Internal error", "GetDeployKey: %v", err) } deployKey.Updated = time.Now() if err = models.UpdateDeployKey(deployKey); err != nil { fail("Internal error", "UpdateDeployKey: %v", err) } } else { user, err = models.GetUserByKeyID(key.ID) if err != nil { fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) } mode, err := models.AccessLevel(user, repo) if err != nil { fail("Internal error", "Fail to check access: %v", err) } else if mode < requestedMode { clientMessage := _ACCESS_DENIED_MESSAGE if mode >= models.ACCESS_MODE_READ { clientMessage = "You do not have sufficient authorization for this action" } fail(clientMessage, "User %s does not have level %v access to repository %s", user.Name, requestedMode, repoPath) } } } uuid := uuid.NewV4().String() os.Setenv("uuid", uuid) // Special handle for Windows. if setting.IsWindows { verb = strings.Replace(verb, "-", " ", 1) } var gitcmd *exec.Cmd verbs := strings.Split(verb, " ") if len(verbs) == 2 { gitcmd = exec.Command(verbs[0], verbs[1], repoPath) } else { gitcmd = exec.Command(verb, repoPath) } gitcmd.Dir = setting.RepoRootPath gitcmd.Stdout = os.Stdout gitcmd.Stdin = os.Stdin gitcmd.Stderr = os.Stderr if err = gitcmd.Run(); err != nil { fail("Internal error", "Failed to execute git command: %v", err) } if requestedMode == models.ACCESS_MODE_WRITE { handleUpdateTask(uuid, user, repoUser, reponame, isWiki) } // Update user key activity. if keyID > 0 { key, err := models.GetPublicKeyByID(keyID) if err != nil { fail("Internal error", "GetPublicKeyById: %v", err) } key.Updated = time.Now() if err = models.UpdatePublicKey(key); err != nil { fail("Internal error", "UpdatePublicKey: %v", err) } } }
func RepoAssignment(redirect bool) martini.Handler { return func(ctx *Context, params martini.Params) { // assign false first ctx.Data["IsRepositoryValid"] = false var ( user *models.User err error ) // get repository owner ctx.Repo.IsOwner = ctx.IsSigned && ctx.User.LowerName == strings.ToLower(params["username"]) if !ctx.Repo.IsOwner { user, err = models.GetUserByName(params["username"]) if err != nil { if redirect { ctx.Redirect("/") return } ctx.Handle(200, "RepoAssignment", err) return } } else { user = ctx.User } if user == nil { if redirect { ctx.Redirect("/") return } ctx.Handle(200, "RepoAssignment", errors.New("invliad user account for single repository")) return } ctx.Repo.Owner = user // get repository repo, err := models.GetRepositoryByName(user.Id, params["reponame"]) if err != nil { if redirect { ctx.Redirect("/") return } ctx.Handle(200, "RepoAssignment", err) return } ctx.Repo.IsValid = true if ctx.User != nil { ctx.Repo.IsWatching = models.IsWatching(ctx.User.Id, repo.Id) } ctx.Repo.Repository = repo scheme := "http" if base.EnableHttpsClone { scheme = "https" } ctx.Repo.CloneLink.SSH = fmt.Sprintf("git@%s:%s/%s.git", base.Domain, user.LowerName, repo.LowerName) ctx.Repo.CloneLink.HTTPS = fmt.Sprintf("%s://%s/%s/%s.git", scheme, base.Domain, user.LowerName, repo.LowerName) ctx.Data["IsRepositoryValid"] = true ctx.Data["Repository"] = repo ctx.Data["Owner"] = user ctx.Data["Title"] = user.Name + "/" + repo.Name ctx.Data["CloneLink"] = ctx.Repo.CloneLink ctx.Data["RepositoryLink"] = ctx.Data["Title"] ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner ctx.Data["IsRepositoryWatching"] = ctx.Repo.IsWatching } }
func runServ(k *cli.Context) { execDir, _ := base.ExecDir() newLogger(execDir) base.NewConfigContext() models.LoadModelsConfig() if models.UseSQLite3 { os.Chdir(execDir) } models.SetEngine() keys := strings.Split(os.Args[2], "-") if len(keys) != 2 { println("auth file format error") log.Error("auth file format error") return } keyId, err := strconv.ParseInt(keys[1], 10, 64) if err != nil { println("auth file format error") log.Error("auth file format error", err) return } user, err := models.GetUserByKeyId(keyId) if err != nil { println("You have no right to access") log.Error("SSH visit error: %v", err) return } cmd := os.Getenv("SSH_ORIGINAL_COMMAND") if cmd == "" { println("Hi", user.Name, "! You've successfully authenticated, but Gogs does not provide shell access.") return } verb, args := parseCmd(cmd) repoPath := strings.Trim(args, "'") rr := strings.SplitN(repoPath, "/", 2) if len(rr) != 2 { println("Unavilable repository", args) log.Error("Unavilable repository %v", args) return } repoUserName := rr[0] repoName := rr[1] if strings.HasSuffix(repoName, ".git") { repoName = repoName[:len(repoName)-4] } isWrite := In(verb, COMMANDS_WRITE) isRead := In(verb, COMMANDS_READONLY) repoUser, err := models.GetUserByName(repoUserName) if err != nil { fmt.Println("You have no right to access") log.Error("Get user failed", err) return } // access check switch { case isWrite: has, err := models.HasAccess(user.LowerName, path.Join(repoUserName, repoName), models.AU_WRITABLE) if err != nil { println("Inernel error:", err) log.Error(err.Error()) return } else if !has { println("You have no right to write this repository") log.Error("User %s has no right to write repository %s", user.Name, repoPath) return } case isRead: repo, err := models.GetRepositoryByName(repoUser.Id, repoName) if err != nil { println("Get repository error:", err) log.Error("Get repository error: " + err.Error()) return } if !repo.IsPrivate { break } has, err := models.HasAccess(user.Name, repoPath, models.AU_READABLE) if err != nil { println("Inernel error") log.Error(err.Error()) return } if !has { has, err = models.HasAccess(user.Name, repoPath, models.AU_WRITABLE) if err != nil { println("Inernel error") log.Error(err.Error()) return } } if !has { println("You have no right to access this repository") log.Error("You have no right to access this repository") return } default: println("Unknown command") log.Error("Unknown command") return } // for update use os.Setenv("userName", user.Name) os.Setenv("userId", strconv.Itoa(int(user.Id))) os.Setenv("repoName", repoName) gitcmd := exec.Command(verb, repoPath) gitcmd.Dir = base.RepoRootPath gitcmd.Stdout = os.Stdout gitcmd.Stdin = os.Stdin gitcmd.Stderr = os.Stderr if err = gitcmd.Run(); err != nil { println("execute command error:", err.Error()) log.Error("execute command error: " + err.Error()) return } }
func runServ(c *cli.Context) { if c.IsSet("config") { setting.CustomConf = c.String("config") } setup("serv.log") if len(c.Args()) < 1 { fail("Not enough arguments", "Not enough arguments") } cmd := os.Getenv("SSH_ORIGINAL_COMMAND") if len(cmd) == 0 { println("Hi there, You've successfully authenticated, but Gogs does not provide shell access.") println("If this is unexpected, please log in with password and setup Gogs under another user.") return } verb, args := parseCmd(cmd) repoPath := strings.Trim(args, "'") rr := strings.SplitN(repoPath, "/", 2) if len(rr) != 2 { fail("Invalid repository path", "Invalid repository path: %v", args) } repoUserName := rr[0] repoName := strings.TrimSuffix(rr[1], ".git") repoUser, err := models.GetUserByName(repoUserName) if err != nil { if models.IsErrUserNotExist(err) { fail("Repository owner does not exist", "Unregistered owner: %s", repoUserName) } fail("Internal error", "Failed to get repository owner(%s): %v", repoUserName, err) } repo, err := models.GetRepositoryByName(repoUser.Id, repoName) if err != nil { if models.IsErrRepoNotExist(err) { fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName) } fail("Internal error", "Failed to get repository: %v", err) } requestedMode, has := COMMANDS[verb] if !has { fail("Unknown git command", "Unknown git command %s", verb) } // Allow anonymous clone for public repositories. var ( keyID int64 user *models.User ) if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate { keys := strings.Split(c.Args()[0], "-") if len(keys) != 2 { fail("Key ID format error", "Invalid key ID: %s", c.Args()[0]) } key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64()) if err != nil { fail("Key ID format error", "Invalid key ID[%s]: %v", c.Args()[0], err) } keyID = key.ID // Check deploy key or user key. if key.Type == models.KEY_TYPE_DEPLOY { if key.Mode < requestedMode { fail("Key permission denied", "Cannot push with deployment key: %d", key.ID) } // Check if this deploy key belongs to current repository. if !models.HasDeployKey(key.ID, repo.ID) { fail("Key access denied", "Key access denied: %d-%d", key.ID, repo.ID) } // Update deploy key activity. deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID) if err != nil { fail("Internal error", "GetDeployKey: %v", err) } deployKey.Updated = time.Now() if err = models.UpdateDeployKey(deployKey); err != nil { fail("Internal error", "UpdateDeployKey: %v", err) } } else { user, err = models.GetUserByKeyId(key.ID) if err != nil { fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) } mode, err := models.AccessLevel(user, repo) if err != nil { fail("Internal error", "Fail to check access: %v", err) } else if mode < requestedMode { clientMessage := _ACCESS_DENIED_MESSAGE if mode >= models.ACCESS_MODE_READ { clientMessage = "You do not have sufficient authorization for this action" } fail(clientMessage, "User %s does not have level %v access to repository %s", user.Name, requestedMode, repoPath) } } } uuid := uuid.NewV4().String() os.Setenv("uuid", uuid) var gitcmd *exec.Cmd verbs := strings.Split(verb, " ") if len(verbs) == 2 { gitcmd = exec.Command(verbs[0], verbs[1], repoPath) } else { gitcmd = exec.Command(verb, repoPath) } gitcmd.Dir = setting.RepoRootPath gitcmd.Stdout = os.Stdout gitcmd.Stdin = os.Stdin gitcmd.Stderr = os.Stderr if err = gitcmd.Run(); err != nil { fail("Internal error", "Failed to execute git command: %v", err) } if requestedMode == models.ACCESS_MODE_WRITE { tasks, err := models.GetUpdateTasksByUuid(uuid) if err != nil { log.GitLogger.Fatal(2, "GetUpdateTasksByUuid: %v", err) } for _, task := range tasks { err = models.Update(task.RefName, task.OldCommitId, task.NewCommitId, user.Name, repoUserName, repoName, user.Id) if err != nil { log.GitLogger.Error(2, "Failed to update: %v", err) } } if err = models.DelUpdateTasksByUuid(uuid); err != nil { log.GitLogger.Fatal(2, "DelUpdateTasksByUuid: %v", err) } } // Send deliver hook request. resp, err := httplib.Head(setting.AppUrl + setting.AppSubUrl + repoUserName + "/" + repoName + "/hooks/trigger").Response() if err == nil { resp.Body.Close() } // Update user key activity. if keyID > 0 { key, err := models.GetPublicKeyByID(keyID) if err != nil { fail("Internal error", "GetPublicKeyById: %v", err) } key.Updated = time.Now() if err = models.UpdatePublicKey(key); err != nil { fail("Internal error", "UpdatePublicKey: %v", err) } } }
func runServ(c *cli.Context) { if c.IsSet("config") { setting.CustomConf = c.String("config") } setup("serv.log") fail := func(userMessage, logMessage string, args ...interface{}) { fmt.Fprintln(os.Stderr, "Gogs: ", userMessage) log.GitLogger.Fatal(2, logMessage, args...) } if len(c.Args()) < 1 { fail("Not enough arguments", "Not enough arugments") } keys := strings.Split(c.Args()[0], "-") if len(keys) != 2 { fail("key-id format error", "Invalid key id: %s", c.Args()[0]) } keyId, err := com.StrTo(keys[1]).Int64() if err != nil { fail("key-id format error", "Invalid key id: %s", err) } user, err := models.GetUserByKeyId(keyId) if err != nil { fail("internal error", "Fail to get user by key ID(%d): %v", keyId, err) } cmd := os.Getenv("SSH_ORIGINAL_COMMAND") if cmd == "" { fmt.Printf("Hi, %s! You've successfully authenticated, but Gogs does not provide shell access.\n", user.Name) if user.IsAdmin { println("If this is unexpected, please log in with password and setup Gogs under another user.") } return } verb, args := parseCmd(cmd) repoPath := strings.Trim(args, "'") rr := strings.SplitN(repoPath, "/", 2) if len(rr) != 2 { fail("Invalid repository path", "Invalide repository path: %v", args) } repoUserName := rr[0] repoName := strings.TrimSuffix(rr[1], ".git") repoUser, err := models.GetUserByName(repoUserName) if err != nil { if err == models.ErrUserNotExist { fail("Repository owner does not exist", "Unregistered owner: %s", repoUserName) } fail("Internal error", "Fail to get repository owner(%s): %v", repoUserName, err) } repo, err := models.GetRepositoryByName(repoUser.Id, repoName) if err != nil { if models.IsErrRepoNotExist(err) { if user.Id == repoUser.Id || repoUser.IsOwnedBy(user.Id) { fail("Repository does not exist", "Repository does not exist: %s/%s", repoUser.Name, repoName) } else { fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName) } } fail("Internal error", "Fail to get repository: %v", err) } requestedMode, has := COMMANDS[verb] if !has { fail("Unknown git command", "Unknown git command %s", verb) } mode, err := models.AccessLevel(user, repo) if err != nil { fail("Internal error", "Fail to check access: %v", err) } else if mode < requestedMode { clientMessage := _ACCESS_DENIED_MESSAGE if mode >= models.ACCESS_MODE_READ { clientMessage = "You do not have sufficient authorization for this action" } fail(clientMessage, "User %s does not have level %v access to repository %s", user.Name, requestedMode, repoPath) } uuid := uuid.NewV4().String() os.Setenv("uuid", uuid) var gitcmd *exec.Cmd verbs := strings.Split(verb, " ") if len(verbs) == 2 { gitcmd = exec.Command(verbs[0], verbs[1], repoPath) } else { gitcmd = exec.Command(verb, repoPath) } gitcmd.Dir = setting.RepoRootPath gitcmd.Stdout = os.Stdout gitcmd.Stdin = os.Stdin gitcmd.Stderr = os.Stderr if err = gitcmd.Run(); err != nil { fail("Internal error", "Fail to execute git command: %v", err) } if requestedMode == models.ACCESS_MODE_WRITE { tasks, err := models.GetUpdateTasksByUuid(uuid) if err != nil { log.GitLogger.Fatal(2, "GetUpdateTasksByUuid: %v", err) } for _, task := range tasks { err = models.Update(task.RefName, task.OldCommitId, task.NewCommitId, user.Name, repoUserName, repoName, user.Id) if err != nil { log.GitLogger.Error(2, "Fail to update: %v", err) } } if err = models.DelUpdateTasksByUuid(uuid); err != nil { log.GitLogger.Fatal(2, "DelUpdateTasksByUuid: %v", err) } } // Update key activity. key, err := models.GetPublicKeyById(keyId) if err != nil { fail("Internal error", "GetPublicKeyById: %v", err) } key.Updated = time.Now() if err = models.UpdatePublicKey(key); err != nil { fail("Internal error", "UpdatePublicKey: %v", err) } }
func runServ(k *cli.Context) { setup(path.Join(setting.LogRootPath, "serv.log")) keys := strings.Split(os.Args[2], "-") if len(keys) != 2 { println("Gogs: auth file format error") qlog.Fatal("Invalid auth file format: %s", os.Args[2]) } keyId, err := strconv.ParseInt(keys[1], 10, 64) if err != nil { println("Gogs: auth file format error") qlog.Fatalf("Invalid auth file format: %v", err) } user, err := models.GetUserByKeyId(keyId) if err != nil { if err == models.ErrUserNotKeyOwner { println("Gogs: you are not the owner of SSH key") qlog.Fatalf("Invalid owner of SSH key: %d", keyId) } println("Gogs: internal error:", err) qlog.Fatalf("Fail to get user by key ID(%d): %v", keyId, err) } cmd := os.Getenv("SSH_ORIGINAL_COMMAND") if cmd == "" { println("Hi", user.Name, "! You've successfully authenticated, but Gogs does not provide shell access.") return } verb, args := parseCmd(cmd) repoPath := strings.Trim(args, "'") rr := strings.SplitN(repoPath, "/", 2) if len(rr) != 2 { println("Gogs: unavailable repository", args) qlog.Fatalf("Unavailable repository: %v", args) } repoUserName := rr[0] repoName := strings.TrimSuffix(rr[1], ".git") isWrite := In(verb, COMMANDS_WRITE) isRead := In(verb, COMMANDS_READONLY) repoUser, err := models.GetUserByName(repoUserName) if err != nil { if err == models.ErrUserNotExist { println("Gogs: given repository owner are not registered") qlog.Fatalf("Unregistered owner: %s", repoUserName) } println("Gogs: internal error:", err) qlog.Fatalf("Fail to get repository owner(%s): %v", repoUserName, err) } // Access check. switch { case isWrite: has, err := models.HasAccess(user.Name, path.Join(repoUserName, repoName), models.AU_WRITABLE) if err != nil { println("Gogs: internal error:", err) qlog.Fatal("Fail to check write access:", err) } else if !has { println("You have no right to write this repository") qlog.Fatalf("User %s has no right to write repository %s", user.Name, repoPath) } case isRead: repo, err := models.GetRepositoryByName(repoUser.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { println("Gogs: given repository does not exist") qlog.Fatalf("Repository does not exist: %s/%s", repoUser.Name, repoName) } println("Gogs: internal error:", err) qlog.Fatalf("Fail to get repository: %v", err) } if !repo.IsPrivate { break } has, err := models.HasAccess(user.Name, path.Join(repoUserName, repoName), models.AU_READABLE) if err != nil { println("Gogs: internal error:", err) qlog.Fatal("Fail to check read access:", err) } else if !has { println("You have no right to access this repository") qlog.Fatalf("User %s has no right to read repository %s", user.Name, repoPath) } default: println("Unknown command") return } models.SetRepoEnvs(user.Id, user.Name, repoName, repoUserName) gitcmd := exec.Command(verb, repoPath) gitcmd.Dir = setting.RepoRootPath gitcmd.Stdout = os.Stdout gitcmd.Stdin = os.Stdin gitcmd.Stderr = os.Stderr if err = gitcmd.Run(); err != nil { println("Gogs: internal error:", err) qlog.Fatalf("Fail to execute git command: %v", err) } //refName := os.Getenv("refName") //oldCommitId := os.Getenv("oldCommitId") //newCommitId := os.Getenv("newCommitId") //qlog.Error("get envs:", refName, oldCommitId, newCommitId) // update //models.Update(refName, oldCommitId, newCommitId, repoUserName, repoName, user.Id) }
func Http(ctx *middleware.Context) { username := ctx.Params(":username") reponame := ctx.Params(":reponame") if strings.HasSuffix(reponame, ".git") { reponame = reponame[:len(reponame)-4] } var isPull bool service := ctx.Query("service") if service == "git-receive-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") { isPull = false } else if service == "git-upload-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") { isPull = true } else { isPull = (ctx.Req.Method == "GET") } repoUser, err := models.GetUserByName(username) if err != nil { if models.IsErrUserNotExist(err) { ctx.Handle(404, "GetUserByName", nil) } else { ctx.Handle(500, "GetUserByName", err) } return } repo, err := models.GetRepositoryByName(repoUser.Id, reponame) if err != nil { if models.IsErrRepoNotExist(err) { ctx.Handle(404, "GetRepositoryByName", nil) } else { ctx.Handle(500, "GetRepositoryByName", err) } return } // Only public pull don't need auth. isPublicPull := !repo.IsPrivate && isPull var ( askAuth = !isPublicPull || setting.Service.RequireSignInView authUser *models.User authUsername string authPasswd string ) // check access if askAuth { baHead := ctx.Req.Header.Get("Authorization") if baHead == "" { authRequired(ctx) return } auths := strings.Fields(baHead) // currently check basic auth // TODO: support digit auth // FIXME: middlewares/context.go did basic auth check already, // maybe could use that one. if len(auths) != 2 || auths[0] != "Basic" { ctx.HandleText(401, "no basic auth and digit auth") return } authUsername, authPasswd, err = base.BasicAuthDecode(auths[1]) if err != nil { ctx.HandleText(401, "no basic auth and digit auth") return } authUser, err = models.UserSignIn(authUsername, authPasswd) if err != nil { if !models.IsErrUserNotExist(err) { ctx.Handle(500, "UserSignIn error: %v", err) return } // Assume username now is a token. token, err := models.GetAccessTokenBySha(authUsername) if err != nil { if err == models.ErrAccessTokenNotExist { ctx.HandleText(401, "invalid token") } else { ctx.Handle(500, "GetAccessTokenBySha", err) } return } authUser, err = models.GetUserByID(token.UID) if err != nil { ctx.Handle(500, "GetUserById", err) return } authUsername = authUser.Name } if !isPublicPull { var tp = models.ACCESS_MODE_WRITE if isPull { tp = models.ACCESS_MODE_READ } has, err := models.HasAccess(authUser, repo, tp) if err != nil { ctx.HandleText(401, "no basic auth and digit auth") return } else if !has { if tp == models.ACCESS_MODE_READ { has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE) if err != nil || !has { ctx.HandleText(401, "no basic auth and digit auth") return } } else { ctx.HandleText(401, "no basic auth and digit auth") return } } if !isPull && repo.IsMirror { ctx.HandleText(401, "can't push to mirror") return } } } callback := func(rpc string, input []byte) { if rpc == "receive-pack" { var lastLine int64 = 0 for { head := input[lastLine : lastLine+2] if head[0] == '0' && head[1] == '0' { size, err := strconv.ParseInt(string(input[lastLine+2:lastLine+4]), 16, 32) if err != nil { log.Error(4, "%v", err) return } if size == 0 { //fmt.Println(string(input[lastLine:])) break } line := input[lastLine : lastLine+size] idx := bytes.IndexRune(line, '\000') if idx > -1 { line = line[:idx] } fields := strings.Fields(string(line)) if len(fields) >= 3 { oldCommitId := fields[0][4:] newCommitId := fields[1] refName := fields[2] // FIXME: handle error. if err = models.Update(refName, oldCommitId, newCommitId, authUsername, username, reponame, authUser.Id); err == nil { models.HookQueue.AddRepoID(repo.ID) } } lastLine = lastLine + size } else { break } } } } HTTPBackend(&Config{ RepoRootPath: setting.RepoRootPath, GitBinPath: "git", UploadPack: true, ReceivePack: true, OnSucceed: callback, })(ctx.Resp, ctx.Req.Request) runtime.GC() }
func RepoAssignment(redirect bool, args ...bool) martini.Handler { return func(ctx *Context, params martini.Params) { // valid brachname var validBranch bool // display bare quick start if it is a bare repo var displayBare bool if len(args) >= 1 { validBranch = args[0] } if len(args) >= 2 { displayBare = args[1] } var ( user *models.User err error ) userName := params["username"] repoName := params["reponame"] branchName := params["branchname"] // get repository owner ctx.Repo.IsOwner = ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) if !ctx.Repo.IsOwner { user, err = models.GetUserByName(params["username"]) if err != nil { if redirect { ctx.Redirect("/") return } ctx.Handle(200, "RepoAssignment", err) return } } else { user = ctx.User } if user == nil { if redirect { ctx.Redirect("/") return } ctx.Handle(200, "RepoAssignment", errors.New("invliad user account for single repository")) return } // get repository repo, err := models.GetRepositoryByName(user.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { ctx.Handle(404, "RepoAssignment", err) } else if redirect { ctx.Redirect("/") return } ctx.Handle(404, "RepoAssignment", err) return } ctx.Repo.Repository = repo ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare gitRepo, err := git.OpenRepository(models.RepoPath(userName, repoName)) if err != nil { ctx.Handle(404, "RepoAssignment Invalid repo "+models.RepoPath(userName, repoName), err) return } ctx.Repo.GitRepo = gitRepo ctx.Repo.Owner = user ctx.Repo.RepoLink = "/" + user.Name + "/" + repo.Name ctx.Data["Title"] = user.Name + "/" + repo.Name ctx.Data["Repository"] = repo ctx.Data["Owner"] = user ctx.Data["RepoLink"] = ctx.Repo.RepoLink ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner ctx.Data["BranchName"] = "" ctx.Repo.CloneLink.SSH = fmt.Sprintf("%s@%s:%s/%s.git", base.RunUser, base.Domain, user.LowerName, repo.LowerName) ctx.Repo.CloneLink.HTTPS = fmt.Sprintf("%s%s/%s.git", base.AppUrl, user.LowerName, repo.LowerName) ctx.Data["CloneLink"] = ctx.Repo.CloneLink // when repo is bare, not valid branch if !ctx.Repo.Repository.IsBare && validBranch { detect: if len(branchName) > 0 { // TODO check tag if models.IsBranchExist(user.Name, repoName, branchName) { ctx.Repo.IsBranch = true ctx.Repo.BranchName = branchName ctx.Repo.Commit, err = gitRepo.GetCommitOfBranch(branchName) if err != nil { ctx.Handle(404, "RepoAssignment invalid branch", nil) return } ctx.Repo.CommitId = ctx.Repo.Commit.Oid.String() } else if len(branchName) == 40 { ctx.Repo.IsCommit = true ctx.Repo.CommitId = branchName ctx.Repo.BranchName = branchName ctx.Repo.Commit, err = gitRepo.GetCommit(branchName) if err != nil { ctx.Handle(404, "RepoAssignment invalid commit", nil) return } } else { ctx.Handle(404, "RepoAssignment invalid repo", nil) return } } else { branchName = "master" goto detect } ctx.Data["IsBranch"] = ctx.Repo.IsBranch ctx.Data["IsCommit"] = ctx.Repo.IsCommit } // repo is bare and display enable if displayBare && ctx.Repo.Repository.IsBare { ctx.HTML(200, "repo/single_bare") return } if ctx.IsSigned { ctx.Repo.IsWatching = models.IsWatching(ctx.User.Id, repo.Id) } ctx.Data["BranchName"] = ctx.Repo.BranchName ctx.Data["CommitId"] = ctx.Repo.CommitId ctx.Data["IsRepositoryWatching"] = ctx.Repo.IsWatching } }
func runServ(k *cli.Context) { setup("serv.log") keys := strings.Split(os.Args[2], "-") if len(keys) != 2 { println("Gogs: auth file format error") log.GitLogger.Fatal(2, "Invalid auth file format: %s", os.Args[2]) } keyId, err := com.StrTo(keys[1]).Int64() if err != nil { println("Gogs: auth file format error") log.GitLogger.Fatal(2, "Invalid auth file format: %v", err) } user, err := models.GetUserByKeyId(keyId) if err != nil { if err == models.ErrUserNotKeyOwner { println("Gogs: you are not the owner of SSH key") log.GitLogger.Fatal(2, "Invalid owner of SSH key: %d", keyId) } println("Gogs: internal error:", err) log.GitLogger.Fatal(2, "Fail to get user by key ID(%d): %v", keyId, err) } cmd := os.Getenv("SSH_ORIGINAL_COMMAND") if cmd == "" { println("Hi", user.Name, "! You've successfully authenticated, but Gogs does not provide shell access.") return } verb, args := parseCmd(cmd) repoPath := strings.Trim(args, "'") rr := strings.SplitN(repoPath, "/", 2) if len(rr) != 2 { println("Gogs: unavailable repository", args) log.GitLogger.Fatal(2, "Unavailable repository: %v", args) } repoUserName := rr[0] repoName := strings.TrimSuffix(rr[1], ".git") isWrite := In(verb, COMMANDS_WRITE) isRead := In(verb, COMMANDS_READONLY) repoUser, err := models.GetUserByName(repoUserName) if err != nil { if err == models.ErrUserNotExist { println("Gogs: given repository owner are not registered") log.GitLogger.Fatal(2, "Unregistered owner: %s", repoUserName) } println("Gogs: internal error:", err) log.GitLogger.Fatal(2, "Fail to get repository owner(%s): %v", repoUserName, err) } // Access check. switch { case isWrite: has, err := models.HasAccess(user.Name, path.Join(repoUserName, repoName), models.WRITABLE) if err != nil { println("Gogs: internal error:", err) log.GitLogger.Fatal(2, "Fail to check write access:", err) } else if !has { println("You have no right to write this repository") log.GitLogger.Fatal(2, "User %s has no right to write repository %s", user.Name, repoPath) } case isRead: repo, err := models.GetRepositoryByName(repoUser.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { println("Gogs: given repository does not exist") log.GitLogger.Fatal(2, "Repository does not exist: %s/%s", repoUser.Name, repoName) } println("Gogs: internal error:", err) log.GitLogger.Fatal(2, "Fail to get repository: %v", err) } if !repo.IsPrivate { break } has, err := models.HasAccess(user.Name, path.Join(repoUserName, repoName), models.READABLE) if err != nil { println("Gogs: internal error:", err) log.GitLogger.Fatal(2, "Fail to check read access:", err) } else if !has { println("You have no right to access this repository") log.GitLogger.Fatal(2, "User %s has no right to read repository %s", user.Name, repoPath) } default: println("Unknown command") return } uuid := uuid.NewV4().String() os.Setenv("uuid", uuid) gitcmd := exec.Command(verb, repoPath) gitcmd.Dir = setting.RepoRootPath gitcmd.Stdout = os.Stdout gitcmd.Stdin = os.Stdin gitcmd.Stderr = os.Stderr if err = gitcmd.Run(); err != nil { println("Gogs: internal error:", err.Error()) log.GitLogger.Fatal(2, "Fail to execute git command: %v", err) } if isWrite { tasks, err := models.GetUpdateTasksByUuid(uuid) if err != nil { log.GitLogger.Fatal(2, "GetUpdateTasksByUuid: %v", err) } for _, task := range tasks { err = models.Update(task.RefName, task.OldCommitId, task.NewCommitId, user.Name, repoUserName, repoName, user.Id) if err != nil { log.GitLogger.Error(2, "Fail to update: %v", err) } } if err = models.DelUpdateTasksByUuid(uuid); err != nil { log.GitLogger.Fatal(2, "DelUpdateTasksByUuid: %v", err) } } // Update key activity. key, err := models.GetPublicKeyById(keyId) if err != nil { log.GitLogger.Fatal(2, "GetPublicKeyById: %v", err) } key.Updated = time.Now() if err = models.UpdatePublicKey(key); err != nil { log.GitLogger.Fatal(2, "UpdatePublicKey: %v", err) } }
func Http(ctx *middleware.Context, params martini.Params) { username := params["username"] reponame := params["reponame"] if strings.HasSuffix(reponame, ".git") { reponame = reponame[:len(reponame)-4] } var isPull bool service := ctx.Query("service") if service == "git-receive-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") { isPull = false } else if service == "git-upload-pack" || strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") { isPull = true } else { isPull = (ctx.Req.Method == "GET") } repoUser, err := models.GetUserByName(username) if err != nil { ctx.Handle(500, "repo.GetUserByName", nil) return } repo, err := models.GetRepositoryByName(repoUser.Id, reponame) if err != nil { ctx.Handle(500, "repo.GetRepositoryByName", nil) return } // only public pull don't need auth isPublicPull := !repo.IsPrivate && isPull var askAuth = !isPublicPull || base.Service.RequireSignInView var authUser *models.User var authUsername, passwd string // check access if askAuth { baHead := ctx.Req.Header.Get("Authorization") if baHead == "" { // ask auth authRequired(ctx) return } auths := strings.Fields(baHead) // currently check basic auth // TODO: support digit auth if len(auths) != 2 || auths[0] != "Basic" { ctx.Handle(401, "no basic auth and digit auth", nil) return } authUsername, passwd, err = basicDecode(auths[1]) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return } authUser, err = models.GetUserByName(authUsername) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return } newUser := &models.User{Passwd: passwd, Salt: authUser.Salt} newUser.EncodePasswd() if authUser.Passwd != newUser.Passwd { ctx.Handle(401, "no basic auth and digit auth", nil) return } if !isPublicPull { var tp = models.AU_WRITABLE if isPull { tp = models.AU_READABLE } has, err := models.HasAccess(authUsername, username+"/"+reponame, tp) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return } else if !has { if tp == models.AU_READABLE { has, err = models.HasAccess(authUsername, username+"/"+reponame, models.AU_WRITABLE) if err != nil || !has { ctx.Handle(401, "no basic auth and digit auth", nil) return } } else { ctx.Handle(401, "no basic auth and digit auth", nil) return } } } } config := Config{base.RepoRootPath, "git", true, true, func(rpc string, input []byte) { if rpc == "receive-pack" { firstLine := bytes.IndexRune(input, '\000') if firstLine > -1 { fields := strings.Fields(string(input[:firstLine])) if len(fields) == 3 { oldCommitId := fields[0][4:] newCommitId := fields[1] refName := fields[2] models.Update(refName, oldCommitId, newCommitId, authUsername, username, reponame, authUser.Id) } } } }} handler := HttpBackend(&config) handler(ctx.ResponseWriter, ctx.Req) /* Webdav dir := models.RepoPath(username, reponame) prefix := path.Join("/", username, params["reponame"]) server := webdav.NewServer( dir, prefix, true) server.ServeHTTP(ctx.ResponseWriter, ctx.Req) */ }
func RepoAssignment(redirect bool, args ...bool) macaron.Handler { return func(ctx *Context) { var ( validBranch bool // To valid brach name. displayBare bool // To display bare page if it is a bare repo. ) if len(args) >= 1 { validBranch = args[0] } if len(args) >= 2 { displayBare = args[1] } var ( u *models.User err error ) userName := ctx.Params(":username") repoName := ctx.Params(":reponame") refName := ctx.Params(":branchname") if len(refName) == 0 { refName = ctx.Params(":path") } // Collaborators who have write access can be seen as owners. if ctx.IsSigned { ctx.Repo.IsOwner, err = models.HasAccess(ctx.User.Name, userName+"/"+repoName, models.WRITABLE) if err != nil { ctx.Handle(500, "HasAccess", err) return } ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName) } if !ctx.Repo.IsTrueOwner { u, err = models.GetUserByName(userName) if err != nil { if err == models.ErrUserNotExist { ctx.Handle(404, "GetUserByName", err) } else if redirect { log.Error(4, "GetUserByName", err) ctx.Redirect("/") } else { ctx.Handle(500, "GetUserByName", err) } return } } else { u = ctx.User } if u == nil { if redirect { ctx.Redirect("/") return } ctx.Handle(404, "RepoAssignment", errors.New("invliad user account for single repository")) return } ctx.Repo.Owner = u // Organization owner team members are true owners as well. if ctx.IsSigned && ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgOwner(ctx.User.Id) { ctx.Repo.IsTrueOwner = true } // Get repository. repo, err := models.GetRepositoryByName(u.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { ctx.Handle(404, "GetRepositoryByName", err) return } else if redirect { ctx.Redirect("/") return } ctx.Handle(500, "GetRepositoryByName", err) return } else if err = repo.GetOwner(); err != nil { ctx.Handle(500, "GetOwner", err) return } // Check if the mirror repository owner(mirror repository doesn't have access). if ctx.IsSigned && !ctx.Repo.IsOwner { if repo.OwnerId == ctx.User.Id { ctx.Repo.IsOwner = true } // Check if current user has admin permission to repository. if u.IsOrganization() { auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, 0, repo.Id) if err != nil { ctx.Handle(500, "GetHighestAuthorize", err) return } if auth == models.ORG_ADMIN { ctx.Repo.IsOwner = true ctx.Repo.IsAdmin = true } } } // Check access. if repo.IsPrivate && !ctx.Repo.IsOwner { if ctx.User == nil { ctx.Handle(404, "HasAccess", nil) return } hasAccess, err := models.HasAccess(ctx.User.Name, ctx.Repo.Owner.Name+"/"+repo.Name, models.READABLE) if err != nil { ctx.Handle(500, "HasAccess", err) return } else if !hasAccess { ctx.Handle(404, "HasAccess", nil) return } } ctx.Repo.HasAccess = true ctx.Data["HasAccess"] = true if repo.IsMirror { ctx.Repo.Mirror, err = models.GetMirror(repo.Id) if err != nil { ctx.Handle(500, "GetMirror", err) return } ctx.Data["MirrorInterval"] = ctx.Repo.Mirror.Interval } repo.NumOpenIssues = repo.NumIssues - repo.NumClosedIssues repo.NumOpenMilestones = repo.NumMilestones - repo.NumClosedMilestones ctx.Repo.Repository = repo ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare gitRepo, err := git.OpenRepository(models.RepoPath(userName, repoName)) if err != nil { ctx.Handle(500, "RepoAssignment Invalid repo "+models.RepoPath(userName, repoName), err) return } ctx.Repo.GitRepo = gitRepo ctx.Repo.RepoLink = "/" + u.Name + "/" + repo.Name ctx.Data["RepoLink"] = ctx.Repo.RepoLink tags, err := ctx.Repo.GitRepo.GetTags() if err != nil { ctx.Handle(500, "GetTags", err) return } ctx.Repo.Repository.NumTags = len(tags) ctx.Data["Title"] = u.Name + "/" + repo.Name ctx.Data["Repository"] = repo ctx.Data["Owner"] = ctx.Repo.Repository.Owner ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner ctx.Data["IsRepositoryTrueOwner"] = ctx.Repo.IsTrueOwner if setting.SshPort != 22 { ctx.Repo.CloneLink.SSH = fmt.Sprintf("ssh://%s@%s:%d/%s/%s.git", setting.RunUser, setting.Domain, setting.SshPort, u.LowerName, repo.LowerName) } else { ctx.Repo.CloneLink.SSH = fmt.Sprintf("%s@%s:%s/%s.git", setting.RunUser, setting.Domain, u.LowerName, repo.LowerName) } ctx.Repo.CloneLink.HTTPS = fmt.Sprintf("%s%s/%s.git", setting.AppUrl, u.LowerName, repo.LowerName) ctx.Data["CloneLink"] = ctx.Repo.CloneLink if ctx.Repo.Repository.IsGoget { ctx.Data["GoGetLink"] = fmt.Sprintf("%s%s/%s", setting.AppUrl, u.LowerName, repo.LowerName) ctx.Data["GoGetImport"] = fmt.Sprintf("%s/%s/%s", setting.Domain, u.LowerName, repo.LowerName) } // when repo is bare, not valid branch if !ctx.Repo.Repository.IsBare && validBranch { detect: if len(refName) > 0 { if gitRepo.IsBranchExist(refName) { ctx.Repo.IsBranch = true ctx.Repo.BranchName = refName ctx.Repo.Commit, err = gitRepo.GetCommitOfBranch(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid branch", nil) return } ctx.Repo.CommitId = ctx.Repo.Commit.Id.String() } else if gitRepo.IsTagExist(refName) { ctx.Repo.IsTag = true ctx.Repo.BranchName = refName ctx.Repo.Tag, err = gitRepo.GetTag(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid tag", nil) return } ctx.Repo.Commit, _ = ctx.Repo.Tag.Commit() ctx.Repo.CommitId = ctx.Repo.Commit.Id.String() } else if len(refName) == 40 { ctx.Repo.IsCommit = true ctx.Repo.CommitId = refName ctx.Repo.BranchName = refName ctx.Repo.Commit, err = gitRepo.GetCommit(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid commit", nil) return } } else { ctx.Handle(404, "RepoAssignment invalid repo", errors.New("branch or tag not exist")) return } } else { if len(refName) == 0 { if gitRepo.IsBranchExist(ctx.Repo.Repository.DefaultBranch) { refName = ctx.Repo.Repository.DefaultBranch } else { brs, err := gitRepo.GetBranches() if err != nil { ctx.Handle(500, "GetBranches", err) return } refName = brs[0] } } goto detect } ctx.Data["IsBranch"] = ctx.Repo.IsBranch ctx.Data["IsCommit"] = ctx.Repo.IsCommit ctx.Repo.CommitsCount, err = ctx.Repo.Commit.CommitsCount() if err != nil { ctx.Handle(500, "CommitsCount", err) return } ctx.Data["CommitsCount"] = ctx.Repo.CommitsCount } // repo is bare and display enable if ctx.Repo.Repository.IsBare { log.Debug("Bare repository: %s", ctx.Repo.RepoLink) if displayBare { ctx.HTML(200, "repo/bare") } return } if ctx.IsSigned { ctx.Data["IsWatchingRepo"] = models.IsWatching(ctx.User.Id, repo.Id) ctx.Data["IsStaringRepo"] = models.IsStaring(ctx.User.Id, repo.Id) } ctx.Data["TagName"] = ctx.Repo.TagName brs, err := ctx.Repo.GitRepo.GetBranches() if err != nil { log.Error(4, "GetBranches: %v", err) } ctx.Data["Branches"] = brs ctx.Data["BrancheCount"] = len(brs) // If not branch selected, try default one. // If default branch doesn't exists, fall back to some other branch. if ctx.Repo.BranchName == "" { if ctx.Repo.Repository.DefaultBranch != "" && gitRepo.IsBranchExist(ctx.Repo.Repository.DefaultBranch) { ctx.Repo.BranchName = ctx.Repo.Repository.DefaultBranch } else if len(brs) > 0 { ctx.Repo.BranchName = brs[0] } } ctx.Data["BranchName"] = ctx.Repo.BranchName ctx.Data["CommitId"] = ctx.Repo.CommitId } }