// and this is where i re-code the git backend interface from scratch
global $BASE_URL;
+ header_remove("Pragma");\r
+ header_remove("Cache-Control");\r
+ header_remove("Set-Cookie");\r
+ header_remove("Expires");\r
+ header_remove("X-Powered-By");\r
+ header_remove("Vary");\r
+
+
$repo_base = gwvpmini_getConfigVal("repodir");
// TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo"
$write = true;
}
}
- if($_SERVER["REQUEST_METHOD"] == "POST") {
- $write = true;
- }
+
+ //$write = true;
// THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth
// no, this isnt a solution cause auth'd read attempts will come up as writes...
//if(isset($_SERVER["PHP_AUTH_USER"])) {
//$write = true;
//}
- $perms = 5;
- // if its a write, we push for authentication
- if($write) {
- error_log("is write attempt, ask for login");
- $person = gwvpmini_checkBasicAuthLogin();
- if($person == false) {
+ $person = gwvpmini_checkBasicAuthLogin();
+ //$write = true;
+ // next, figure out permissions for repo
+ $rid = gwvpmini_GetRepoId($repo);
+ $uid = -1;
+ error_log("AT THIS POINT WE HAVE $uid, $rid, $repo $person");
+
+ if(!$person) {
+ if($write) {
+ error_log("ASK FOR BASIC AUTH");
gwvpmini_AskForBasicAuth();
return;
} else {
- error_log("checking perms for $person against $repoid for repo $repo");
- // here we pass to the git backend
- error_log("perms are $perms and im allowed");
- gwvpmini_callGitBackend($person["username"], $repo);
+ $perm = gwvpmini_GetRepoPerm($rid, "a");
+ if($perm < 1) {
+ error_log("ASK FOR BASIC AUTH 2");
+ gwvpmini_AskForBasicAuth();
+ return;
+ }
}
- return;
- }
-
-
- // if they're less then read, we need to then check the user auth permissions
- if($perms < 2) {
- // we ask for auth
- $person = gwvpmini_checkBasicAuthLogin();
- if($person == false) {
- gwvpmini_AskForBasicAuth();
- return;
+ } else {
+ $uid = gwvpmini_GetUserId($person);
+ $perm = gwvpmini_GetRepoPerm($rid, $uid);
+ if($write) {
+ if($perm < 2) {
+ error_log("SEND FOFF");
+ gwvpmini_fourZeroThree();
+ return;
+ }
} else {
+ if($perm < 1) {
+ gwvpmini_fourZeroThree();
+ return;
+ }
}
}
+ // if its a write, we push for authentication
+
+ //if($write) {
+ if(!$person) {
+ $person = "anonymous";
+ }
+ gwvpmini_callGitBackend($person, $repo);
+ return;
+ //}
+
// if we made it this far, we a read and we have permissions to do so, just search the file from the repo
- if(file_exists("$repo_base/$repo.git/$newloc")) {
+ /*if(file_exists("$repo_base/$repo.git/$newloc")) {
error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc");
$fh = fopen("$repo_base/$repo.git/$newloc", "rb");
echo fread($fh, 8192);
}
} else {
- //echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
+ error_log("would ask $repo for $repo/$newloc from $repo_base/$repo/$newloc, NE");
gwvpmini_fourZeroFour();
return;
- }
-
-}
-
-
-function gwvpmini_gitBackendInterface_old()
-{
- global $BASE_URL;
-
- $repo_base = gwvpmini_getConfigVal("repodir");
-
- $repo = "";
- $newloc = "/";
- if(isset($_REQUEST["q"])) {
- $query = $_REQUEST["q"];
- $qspl = explode("/", $query);
- $repo = $qspl[1];
- for($i=2; $i < count($qspl); $i++) {
- $newloc .= "/".$qspl[$i];
- }
- }
-
- $actual_repo_name = preg_replace("/\.git$/", "", $repo);
-
- $user = gwvpmini_checkBasicAuthLogin();
-
- if(!$user) {
- error_log("User is set to false, so its anonymouse");
- } else {
- error_log("user is $user");
- }
-
- // must remember that $user of false is anonymous when we code gwvpmini_repoPerm'sCheck()
- if(!gwvpmini_repoPermissionCheck($actual_repo_name, $user)) {
- error_log("perms check fails - start auth");
- if(isset($_SERVER["PHP_AUTH_USER"])) {
- error_log("have auth - push 403");
- gwvpmini_fourZeroThree();
- } else {
- error_log("push auth");
- gwvpmini_AskForBasicAuth();
- return;
- }
- }
-
- // we need to quite a bit of parsing in here. The "repo" will always be /git/repo.git
- // but if we get here from a browser, we need to forward back to a normal repo viewer
- // the only way i can think of doing this is to check the useragent for the word "git"
-
- /*
- * here we need to
- * 1) figure out the repo its acessing
- * 2) figure out the perms on the repo
- * 3) determine if its a pull or a push
- * - if its a pull, we just serve straight from the fs
- * - if its a push, we go thru git-http-backend
- * 4) if it requiers auth, we push to auth
- *
- */
- $agent = "git-unknown";
- $isgitagent = false;
-
- // tested the user agent bit with jgit from eclipse and normal git... seems to work
- if(isset($_SERVER["HTTP_USER_AGENT"])) {
- $agent = $_SERVER["HTTP_USER_AGENT"];
- error_log("in git backend with user agent $agent");
- if(stristr($agent, "git")!==false) {
- $isgitagent = true;
- }
- }
-
-
-
- /* dont need this code right now
- if($isgitagent) echo "GIT: i am a git backened interface for a repo $repo, agent $agent";
- else echo "NOT GIT: i am a git backened interface for a repo $repo, agent $agent";
- */
-
- // now we need to rebuild the actual request or do we?
- //$basegit = "$BASE_URL/git/something.git";
- //$newloc = preg_replace("/^$basegit/", "", $_SERVER["REQUEST_URI"]);
- chdir("$repo_base/$repo");
- exec("/usr/bin/git update-server-info");
-
- if($_SERVER["REQUEST_METHOD"] == "POST") {
- gwvpmini_AskForBasicAuth();
- gwvpmini_callGitBackend($repo);
- return;
- }
-
- if(isset($_REQUEST["service"])) {
- if($_REQUEST["service"] == "git-receive-pack") {
- // we are a write call - we need auth and we're going to the backend proper
- gwvpmini_AskForBasicAuth();
- gwvpmini_callGitBackend($repo);
- return;
- }
- }
-
+ }*/
- if(file_exists("$repo_base/$repo/$newloc")) {
- error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc");
- $fh = fopen("$repo_base/$repo/$newloc", "rb");
-
- error_log("pushing file");
- while(!feof($fh)) {
- echo fread($fh, 8192);
- }
- } else {
- echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
- header('HTTP/1.0 404 No Such Thing');
- return;
- }
}
function gwvpmini_canManageRepo($userid, $repoid)
error_log("cant set pipe1 non-blocking");
}
+
+ $fp = fopen("/tmp/gitup.".rand(0,4000000), "w");
// i was going to use stream_select, but i feel this works better like this
while($continue) {
// do client
if(!feof($fh)) {
$from_client_data = fread($fh,8192);
- if($from_client_data !== false) fwrite($pipes[0], $from_client_data);
+ if($from_client_data !== false) {
+ fwrite($pipes[0], $from_client_data);
+ fwrite($fp, $from_client_data);
+ }
fflush($pipes[0]);
//fwrite($fl, $from_client_data);
$client_len = strlen($from_client_data);