3 $CALL_ME_FUNCTIONS["gitcontrol"] = "gwvp_gitControlCallMe";
5 //$MENU_ITEMS["20repos"]["text"] = "Repo Admin";
6 //$MENU_ITEMS["20repos"]["link"] = "$BASE_URL/admin/repos";
7 $HOME_PAGE_PROVIDERS["gitlog"] = "gwvp_GitLogProvider";
9 // TODO: we could actually change backend interface such that is
10 // will respond to any url's that contain "repo.git" rather then
11 // having to be $BASE_URL/git/repo.git
12 function gwvp_gitControlCallMe()
14 if(isset($_REQUEST["q"])) {
15 $query = $_REQUEST["q"];
16 $qspl = explode("/", $query);
18 if($qspl[0] == "git") {
19 return "gwvp_gitBackendInterface";
29 function gwvp_GitLogProvider()
32 * The home page provider will:
33 * 1) show the last 10 commits for every repository - though, excluding private repos
34 * 2) if loged in, show the last commit on any repo's the user owns
36 * So i need a table thats going to list "writes" by user - as in POST writes but only
37 * put that info into the stats (doesnt exist) db if the repo is publically readable
39 * Or... should we instead just list every repo?
43 function gwvp_repoPermissionCheck($repo, $user)
48 function gwvp_gitBackendInterface()
50 // and this is where i re-code the git backend interface from scratch
53 $repo_base = gwvp_getConfigVal("repodir");
55 // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo"
58 /* bizare git problem that ignores 403's or continues on with a push despite them
59 error_log("FLAP for ".$_SERVER["REQUEST_URI"]);
60 if(isset($_REQUEST)) {
61 $dump = print_r($_REQUEST, true);
62 error_log("FLAP, $dump");
64 if(isset($_SERVER["PHP_AUTH_USER"])) {
65 error_log("FLAP: donut hole");
74 if(isset($_REQUEST["q"])) {
75 $query = $_REQUEST["q"];
76 $qspl = explode("/", $query);
78 $repo = preg_replace("/\.git$/", "", $qspl[1]);
79 $repoid = gwvp_GetRepoId($repo);
80 for($i=2; $i < count($qspl); $i++) {
81 $newloc .= "/".$qspl[$i];
85 if($repoid == false) {
90 // we do an update server cause its weird and i cant figure out when it actually needs to happen
91 chdir("$repo_base/$repo.git");
92 exec("/usr/bin/git update-server-info");
95 // so now we have the repo
96 // next we determine if this is a read or a write
98 if(isset($_REQUEST["service"])) {
99 if($_REQUEST["service"] == "git-receive-pack") {
100 error_log("got write as receivepack in post");
104 if($_SERVER["REQUEST_METHOD"] == "POST") {
107 // THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth
108 // no, this isnt a solution cause auth'd read attempts will come up as writes...
109 //if(isset($_SERVER["PHP_AUTH_USER"])) {
113 // if its a write, we push for authentication
115 error_log("is write attempt, ask for login");
116 $person = gwvp_checkBasicAuthLogin();
117 if($person == false) {
118 gwvp_AskForBasicAuth();
121 error_log("checking perms for $person against $repoid for repo $repo");
122 $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid);
124 error_log("perms are $perms and im not allowed");
125 gwvp_fourZeroThree();
128 // here we pass to the git backend
129 error_log("perms are $perms and im allowed");
130 gwvp_callGitBackend($person["username"], $repo);
136 // if not we figure out the anon permissions for a repo
137 $perms = gwvp_resolvRepoPerms(-1, $repoid);
139 // if they're less then read, we need to then check the user auth permissions
142 $person = gwvp_checkBasicAuthLogin();
143 if($person == false) {
144 gwvp_AskForBasicAuth();
147 $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid);
149 $dump = print_r($person, true);
150 error_log("in basic read, called 403 for $perms $dump");
151 gwvp_fourZeroThree();
157 // if we made it this far, we a read and we have permissions to do so, just search the file from the repo
158 if(file_exists("$repo_base/$repo.git/$newloc")) {
159 error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc");
160 $fh = fopen("$repo_base/$repo.git/$newloc", "rb");
162 error_log("pushing file");
164 echo fread($fh, 8192);
167 //echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
175 function gwvp_gitBackendInterface_old()
179 $repo_base = gwvp_getConfigVal("repodir");
183 if(isset($_REQUEST["q"])) {
184 $query = $_REQUEST["q"];
185 $qspl = explode("/", $query);
187 for($i=2; $i < count($qspl); $i++) {
188 $newloc .= "/".$qspl[$i];
192 $actual_repo_name = preg_replace("/\.git$/", "", $repo);
194 $user = gwvp_checkBasicAuthLogin();
197 error_log("User is set to false, so its anonymouse");
199 error_log("user is $user");
202 // must remember that $user of false is anonymous when we code gwvp_repoPerm'sCheck()
203 if(!gwvp_repoPermissionCheck($actual_repo_name, $user)) {
204 error_log("perms check fails - start auth");
205 if(isset($_SERVER["PHP_AUTH_USER"])) {
206 error_log("have auth - push 403");
207 gwvp_fourZeroThree();
209 error_log("push auth");
210 gwvp_AskForBasicAuth();
215 // we need to quite a bit of parsing in here. The "repo" will always be /git/repo.git
216 // but if we get here from a browser, we need to forward back to a normal repo viewer
217 // the only way i can think of doing this is to check the useragent for the word "git"
221 * 1) figure out the repo its acessing
222 * 2) figure out the perms on the repo
223 * 3) determine if its a pull or a push
224 * - if its a pull, we just serve straight from the fs
225 * - if its a push, we go thru git-http-backend
226 * 4) if it requiers auth, we push to auth
229 $agent = "git-unknown";
232 // tested the user agent bit with jgit from eclipse and normal git... seems to work
233 if(isset($_SERVER["HTTP_USER_AGENT"])) {
234 $agent = $_SERVER["HTTP_USER_AGENT"];
235 error_log("in git backend with user agent $agent");
236 if(stristr($agent, "git")!==false) {
243 /* dont need this code right now
244 if($isgitagent) echo "GIT: i am a git backened interface for a repo $repo, agent $agent";
245 else echo "NOT GIT: i am a git backened interface for a repo $repo, agent $agent";
248 // now we need to rebuild the actual request or do we?
249 //$basegit = "$BASE_URL/git/something.git";
250 //$newloc = preg_replace("/^$basegit/", "", $_SERVER["REQUEST_URI"]);
251 chdir("$repo_base/$repo");
252 exec("/usr/bin/git update-server-info");
254 if($_SERVER["REQUEST_METHOD"] == "POST") {
255 gwvp_AskForBasicAuth();
256 gwvp_callGitBackend($repo);
260 if(isset($_REQUEST["service"])) {
261 if($_REQUEST["service"] == "git-receive-pack") {
262 // we are a write call - we need auth and we're going to the backend proper
263 gwvp_AskForBasicAuth();
264 gwvp_callGitBackend($repo);
270 if(file_exists("$repo_base/$repo/$newloc")) {
271 error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc");
272 $fh = fopen("$repo_base/$repo/$newloc", "rb");
274 error_log("pushing file");
276 echo fread($fh, 8192);
279 echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
280 header('HTTP/1.0 404 No Such Thing');
285 function gwvp_canManageRepo($userid, $repoid)
287 // only the owner or an admin can do these tasks
288 error_log("Checking repoid, $repoid against userid $userid");
290 if(gwvp_IsUserAdmin(null, null, $userid)) return true;
291 if(gwvp_IsRepoOwner($userid, $repoid)) return true;
295 function gwvp_callGitBackend($username, $repo)
297 // this is where things become a nightmare
298 $fh = fopen('php://input', "r");
300 $ruri = $_SERVER["REQUEST_URI"];
301 $strrem = "git/$repo.git";
302 $euri = str_replace($strrem, "", $_REQUEST["q"]);
303 //$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]);
307 $rmeth = $_SERVER["REQUEST_METHOD"];
310 foreach($_REQUEST as $key => $var) {
312 //error_log("adding, $var from $key");
313 if($qs == "") $qs.="$key=$var";
314 else $qs.="&$key=$var";
322 // this is where the fun, it ends.
329 if(isset($procenv)) unset($procenv);
330 $procenv["GATEWAY_INTERFACE"] = "CGI/1.1";
331 $procenv["PATH_TRANSLATED"] = "/tmp/$repo.git/$euri";
332 $procenv["REQUEST_METHOD"] = "$rmeth";
333 $procenv["GIT_HTTP_EXPORT_ALL"] = "1";
334 $procenv["QUERY_STRING"] = "$qs";
335 $procenv["HTTP_USER_AGENT"] = "git/1.7.1";
336 $procenv["REMOTE_USER"] = "$username";
337 $procenv["REMOTE_ADDR"] = $_SERVER["REMOTE_ADDR"];
338 $procenv["AUTH_TYPE"] = "Basic";
340 if(isset($_SERVER["CONTENT_TYPE"])) {
341 $procenv["CONTENT_TYPE"] = $_SERVER["CONTENT_TYPE"];
343 //$procenv["CONTENT_TYPE"] = "";
345 if(isset($_SERVER["CONTENT_LENGTH"])) {
346 $procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"];
349 error_log("path trans'd is /tmp/$repo.git/$euri from $ruri with ".$_REQUEST["q"]." $strrem");
356 $proc = proc_open("/usr/lib/git-core/git-http-backend", array(array("pipe","rb"),array("pipe","wb"),array("file","/tmp/err", "a")), $pipes, $pwd, $procenv);
359 while(!$untilblank&&!feof($pipes[1])) {
360 $lines_t = fgets($pipes[1]);
361 $lines = trim($lines_t);
362 error_log("got line: $lines");
363 if($lines_t == "\r\n") {
365 error_log("now blank");
366 } else header($lines);
367 if($lines === false) {
368 error_log("got an unexpexted exit...");
378 if(!stream_set_blocking($fh,0)) {
379 error_log("cant set input non-blocking");
382 if(!stream_set_blocking($pipes[1],0)) {
383 error_log("cant set pipe1 non-blocking");
386 // i was going to use stream_select, but i feel this works better like this
390 $from_client_data = fread($fh,8192);
391 if($from_client_data !== false) fwrite($pipes[0], $from_client_data);
393 //fwrite($fl, $from_client_data);
394 $client_len = strlen($from_client_data);
396 error_log("client end");
401 // sometimes, we get a \r\n from the cgi, i do not know why she swallowed the fly,
402 // but i do know that the fgets for the headers above should have comsued that
403 if(!feof($pipes[1])) {
404 $from_cgi_data_t = fread($pipes[1],8192);
405 $from_cgi_data = $from_cgi_data_t;
407 // i dont know if this will solve it... it coudl cause some serious issues elsewhere
408 // TODO: this is a hack, i need to know why the fgets above doesn consume the \r\n even tho it reads it
409 // i.e. why the pointer doesnt increment over it, cause the freads above then get them again.
411 if(strlen($from_cgi_data_t)>0) {
412 // i dont get why this happens, and its very frustrating.. im not sure if its a bug in php
413 // or something the git-http-backend thing is doing..
414 // TODO: find out why this happens
415 $from_cgi_data = preg_replace("/^\r\n/", "", $from_cgi_data_t);
416 if(strlen($from_cgi_data)!=strlen($from_cgi_data_t)) {
417 error_log("MOOOKS - we did trunc");
419 error_log("MOOOKS - we did not trunc");
425 if($from_cgi_data !== false) {
429 $cgi_len = strlen($from_cgi_data);
431 error_log("cgi end");
435 if(feof($pipes[1])) $continue = false;
437 if($client_len == 0 && $cgi_len == 0) {
439 error_log("sleep tick");
441 error_log("sizes: $client_len, $cgi_len");
443 error_log("from cgi: \"$from_cgi_data\"");
459 function gwvp_repoExists($name)
461 $repo_base = gwvp_getConfigVal("repodir");
463 if(file_exists("$repo_base/$name.git")) return true;
468 // 0 - anyone can clone/read, only owner can write
469 // 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo
470 // 2 - only owner can see anything
471 function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0)
473 $repo_base = gwvp_getConfigVal("repodir");
475 // phew, this works, but i tell you this - bundles arent quite as nice as they should be
476 if($bundle == null) {
477 error_log("would create $repo_base/$name.git");
478 exec("/usr/bin/git init $repo_base/$name.git --bare > /tmp/gitlog 2>&1");
479 chdir("$repo_base/$name.git");
480 exec("/usr/bin/git update-server-info");
482 error_log("create via mirror on $repo_base/$name.git");
483 exec("/usr/bin/git clone --mirror $bundle $repo_base/$name.git > /tmp/gitlog 2>&1");
484 chdir("$repo_base/$name.git");
485 exec("/usr/bin/git update-server-info");
488 // gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0)
489 gwvp_AddRepo($name, $desc, $ownerid, $defaultperms);
494 // this funciton returns one of three things, read, visible, write, none
500 // 4 - owner/administrator
501 function gwvp_resolvRepoPerms($userid, $repoid)
503 $ownerid = gwvp_getRepoOwner($repoid);
504 $isadmin = gwvp_IsUserAdmin(null, null, $userid);
506 error_log("USerid is $userid, ownerid $ownerid");
508 if($isadmin) return 4;
510 if($userid == $ownerid) return 4;
512 // now we load the perms table and pray
513 $repoperms = gwvp_getRepoPermissions($repoid);
514 $usergroups = gwvp_getGroupsForUser(null, $userid);
517 if($repoperms != false) foreach($repoperms as $perm) {
518 // need to go thru each perm, then check it agains the user we're trying to figure
520 switch($perm["type"]) {
534 // we only var if permval is greater then current
535 if($permval > $maxperm) {
536 //error_log("going into check for $maxperm/$permval, ".$perm["ref"]);
537 if($perm["ref"] == "anon") {
539 } else if($perm["ref"] == "authed") {
543 $spl = explode(":", $perm["ref"]);
546 if($idtype == "group") {
547 // function gwvp_IsGroupMember($email, $groupname)
548 if(gwvp_IsGroupMemberById($userid, $idval)) $maxperm = $permval;
549 } else if ($idtype == "user") {
550 //error_log("checking $userid, $idval");
551 if($userid == $idval) $maxperm = $permval;
557 // thats TOTALLY going to work... -_0 we should really write a unit test for this, but thats a bit
558 // hard given the db req's so for now, we'll leave it as is