<?php
-function gwvp_createGitRepo($name)
+$CALL_ME_FUNCTIONS["gitcontrol"] = "gwvp_gitControlCallMe";
+
+//$MENU_ITEMS["20repos"]["text"] = "Repo Admin";
+//$MENU_ITEMS["20repos"]["link"] = "$BASE_URL/admin/repos";
+$HOME_PAGE_PROVIDERS["gitlog"] = "gwvp_GitLogProvider";
+
+function gwvp_gitControlCallMe()
{
- global $repo_base;
+ if(isset($_REQUEST["q"])) {
+ $query = $_REQUEST["q"];
+ $qspl = explode("/", $query);
+ if(isset($qspl[0])) {
+ if($qspl[0] == "git") {
+ return "gwvp_gitBackendInterface";
+ }
+ }
+ else return false;
+ }
- error_log("would create $repo_base/$name.git");
+ return false;
+}
+
+function gwvp_GitLogProvider()
+{
+ echo "<br>gitload provider loaded on homepage<br>";
+}
+
+function gwvp_repoPermissionCheck($repo, $user)
+{
return true;
}
+
+function gwvp_gitBackendInterface()
+{
+ // and this is where i re-code the git backend interface from scratch
+ global $BASE_URL;
+
+ $repo_base = gwvp_getConfigVal("repodir");
+
+ // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo"
+
+ $repo = "";
+ $repoid = -1;
+ $newloc = "/";
+ if(isset($_REQUEST["q"])) {
+ $query = $_REQUEST["q"];
+ $qspl = explode("/", $query);
+ $repo = $qspl[1];
+ $repoid = gwvp_resolvRepoPerms($repo);
+ for($i=2; $i < count($qspl); $i++) {
+ $newloc .= "/".$qspl[$i];
+ }
+ }
+
+ if($repoid == -1) {
+ gwvp_fourZeroFour();
+ return;
+ }
+
+ // so now we have the repo
+ // next we determine if this is a read or a write
+ $write = false;
+ if(isset($_REQUEST["service"])) {
+ if($_REQUEST["service"] == "git-receive-pack") {
+ $write = true;
+ }
+ }
+ if($_SERVER["REQUEST_METHOD"] == "POST") {
+ $write = true;
+ }
+
+ // if its a write, we push for authentication
+ if($write) {
+ $person = gwvp_checkBasicAuthLogin();
+ if($person == false) {
+ gwvp_AskForBasicAuth();
+ return;
+ } else {
+ $perms = gwvp_resolvRepoPerms($person["id"], $repoid);
+ if($perms < 3) {
+ gwvp_fourZeroThree();
+ return;
+ } else {
+ // here we pass to the git backend
+ gwvp_callGitBackend($person["username"], $repo);
+ }
+ }
+ return;
+ }
+
+ // if not we figure out the anon permissions for a repo
+ $perms = gwvp_resolvRepoPerms(-1, $repoid);
+
+ // if they're less then read, we need to then check the user auth permissions
+ if($perms < 2) {
+ // we ask for auth
+ $person = gwvp_checkBasicAuthLogin();
+ if($person == false) {
+ gwvp_AskForBasicAuth();
+ return;
+ } else {
+ $perms = gwvp_resolvRepoPerms($person["id"], $repoid);
+ if($perms < 3) {
+ gwvp_fourZeroThree();
+ return;
+ }
+ }
+ }
+
+ // if we made it this far, we a read and we have permissions to do so, just search the file from the repo
+ if(file_exists("$repo_base/$repo/$newloc")) {
+ error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc");
+ $fh = fopen("$repo_base/$repo/$newloc", "rb");
+
+ error_log("pushing file");
+ while(!feof($fh)) {
+ echo fread($fh, 8192);
+ }
+ } else {
+ //echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
+ gwvp_fourZeroFour();
+ return;
+ }
+
+}
+
+
+function gwvp_gitBackendInterface_old()
+{
+ global $BASE_URL;
+
+ $repo_base = gwvp_getConfigVal("repodir");
+
+ $repo = "";
+ $newloc = "/";
+ if(isset($_REQUEST["q"])) {
+ $query = $_REQUEST["q"];
+ $qspl = explode("/", $query);
+ $repo = $qspl[1];
+ for($i=2; $i < count($qspl); $i++) {
+ $newloc .= "/".$qspl[$i];
+ }
+ }
+
+ $actual_repo_name = preg_replace("/\.git$/", "", $repo);
+
+ $user = gwvp_checkBasicAuthLogin();
+
+ if(!$user) {
+ error_log("User is set to false, so its anonymouse");
+ } else {
+ error_log("user is $user");
+ }
+
+ // must remember that $user of false is anonymous when we code gwvp_repoPerm'sCheck()
+ if(!gwvp_repoPermissionCheck($actual_repo_name, $user)) {
+ error_log("perms check fails - start auth");
+ if(isset($_SERVER["PHP_AUTH_USER"])) {
+ error_log("have auth - push 403");
+ gwvp_fourZeroThree();
+ } else {
+ error_log("push auth");
+ gwvp_AskForBasicAuth();
+ return;
+ }
+ }
+
+ // we need to quite a bit of parsing in here. The "repo" will always be /git/repo.git
+ // but if we get here from a browser, we need to forward back to a normal repo viewer
+ // the only way i can think of doing this is to check the useragent for the word "git"
+
+ /*
+ * here we need to
+ * 1) figure out the repo its acessing
+ * 2) figure out the perms on the repo
+ * 3) determine if its a pull or a push
+ * - if its a pull, we just serve straight from the fs
+ * - if its a push, we go thru git-http-backend
+ * 4) if it requiers auth, we push to auth
+ *
+ */
+ $agent = "git-unknown";
+ $isgitagent = false;
+
+ // tested the user agent bit with jgit from eclipse and normal git... seems to work
+ if(isset($_SERVER["HTTP_USER_AGENT"])) {
+ $agent = $_SERVER["HTTP_USER_AGENT"];
+ error_log("in git backend with user agent $agent");
+ if(stristr($agent, "git")!==false) {
+ $isgitagent = true;
+ }
+ }
+
+
+
+ /* dont need this code right now
+ if($isgitagent) echo "GIT: i am a git backened interface for a repo $repo, agent $agent";
+ else echo "NOT GIT: i am a git backened interface for a repo $repo, agent $agent";
+ */
+
+ // now we need to rebuild the actual request or do we?
+ //$basegit = "$BASE_URL/git/something.git";
+ //$newloc = preg_replace("/^$basegit/", "", $_SERVER["REQUEST_URI"]);
+ chdir("$repo_base/$repo");
+ exec("/usr/bin/git update-server-info");
+
+ if($_SERVER["REQUEST_METHOD"] == "POST") {
+ gwvp_AskForBasicAuth();
+ gwvp_callGitBackend($repo);
+ return;
+ }
+
+ if(isset($_REQUEST["service"])) {
+ if($_REQUEST["service"] == "git-receive-pack") {
+ // we are a write call - we need auth and we're going to the backend proper
+ gwvp_AskForBasicAuth();
+ gwvp_callGitBackend($repo);
+ return;
+ }
+ }
+
+
+ if(file_exists("$repo_base/$repo/$newloc")) {
+ error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc");
+ $fh = fopen("$repo_base/$repo/$newloc", "rb");
+
+ error_log("pushing file");
+ while(!feof($fh)) {
+ echo fread($fh, 8192);
+ }
+ } else {
+ echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
+ header('HTTP/1.0 404 No Such Thing');
+ return;
+ }
+}
+
+function gwvp_canManageRepo($userid, $repoid)
+{
+ // only the owner or an admin can do these tasks
+ error_log("Checking repoid, $repoid against userid $userid");
+
+ if(gwvp_IsUserAdmin(null, null, $userid)) return true;
+ if(gwvp_IsRepoOwner($userid, $repoid)) return true;
+ return false;
+}
+
+function gwvp_callGitBackend($username, $reponame)
+{
+ // this is where things become a nightmare
+ $fh = fopen('php://input', "r");
+
+ $ruri = $_SERVER["REQUEST_URI"];
+ $strrem = "git/$repo";
+ $euri = str_replace($strrem, "", $_REQUEST["q"]);
+ //$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]);
+
+
+
+ $rmeth = $_SERVER["REQUEST_METHOD"];
+
+ $qs = "";
+ foreach($_REQUEST as $key => $var) {
+ if($key != "q") {
+ //error_log("adding, $var from $key");
+ if($qs == "") $qs.="$key=$var";
+ else $qs.="&$key=$var";
+ }
+ }
+
+ //sleep(2);
+
+
+
+ // this is where the fun, it ends.
+ $myoutput = "";
+ unset($myoutput);
+
+ // this be nasty!
+
+ // setup env
+ if(isset($procenv)) unset($procenv);
+ $procenv["GATEWAY_INTERFACE"] = "CGI/1.1";
+ $procenv["PATH_TRANSLATED"] = "/tmp/$repo/$euri";
+ $procenv["REQUEST_METHOD"] = "$rmeth";
+ $procenv["GIT_HTTP_EXPORT_ALL"] = "1";
+ $procenv["QUERY_STRING"] = "$qs";
+ $procenv["HTTP_USER_AGENT"] = "git/1.7.1";
+ $procenv["REMOTE_USER"] = "$username";
+ $procenv["REMOTE_ADDR"] = "1.2.3.4";
+ $procenv["AUTH_TYPE"] = "Basic";
+
+ if(isset($_SERVER["CONTENT_TYPE"])) {
+ $procenv["CONTENT_TYPE"] = $_SERVER["CONTENT_TYPE"];
+ } else {
+ //$procenv["CONTENT_TYPE"] = "";
+ }
+ if(isset($_SERVER["CONTENT_LENGTH"])) {
+ $procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"];
+ }
+
+ error_log("path trans'd is /tmp/$repo/$euri from $ruri with ".$_REQUEST["q"]." $strrem");
+
+
+
+
+ $pwd = "/tmp/";
+
+ $proc = proc_open("/usr/lib/git-core/git-http-backend", array(array("pipe","rb"),array("pipe","wb"),array("file","/tmp/err", "a")), $pipes, $pwd, $procenv);
+
+ $untilblank = false;
+ while(!$untilblank&&!feof($pipes[1])) {
+ $lines_t = fgets($pipes[1]);
+ $lines = trim($lines_t);
+ error_log("got line: $lines");
+ if($lines_t == "\r\n") {
+ $untilblank = true;
+ error_log("now blank");
+ } else header($lines);
+ if($lines === false) {
+ error_log("got an unexpexted exit...");
+ exit(0);
+ }
+
+ }
+
+
+ $firstline = true;
+ $continue = true;
+
+ if(!stream_set_blocking($fh,0)) {
+ error_log("cant set input non-blocking");
+ }
+
+ if(!stream_set_blocking($pipes[1],0)) {
+ error_log("cant set pipe1 non-blocking");
+ }
+
+ // i was going to use stream_select, but i feel this works better like this
+ while($continue) {
+ // do client
+ if(!feof($fh)) {
+ $from_client_data = fread($fh,8192);
+ if($from_client_data !== false) fwrite($pipes[0], $from_client_data);
+ fflush($pipes[0]);
+ //fwrite($fl, $from_client_data);
+ $client_len = strlen($from_client_data);
+ } else {
+ error_log("client end");
+ $client_len = 0;
+ }
+
+ // do cgi
+ // sometimes, we get a \r\n from the cgi, i do not know why she swallowed the fly,
+ // but i do know that the fgets for the headers above should have comsued that
+ if(!feof($pipes[1])) {
+ $from_cgi_data_t = fread($pipes[1],8192);
+ $from_cgi_data = $from_cgi_data_t;
+
+ // i dont know if this will solve it... it coudl cause some serious issues elsewhere
+ // TODO: this is a hack, i need to know why the fgets above doesn consume the \r\n even tho it reads it
+ // i.e. why the pointer doesnt increment over it, cause the freads above then get them again.
+ if($firstline) {
+ if(strlen($from_cgi_data_t)>0) {
+ // i dont get why this happens, and its very frustrating.. im not sure if its a bug in php
+ // or something the git-http-backend thing is doing..
+ // TODO: find out why this happens
+ $from_cgi_data = preg_replace("/^\r\n/", "", $from_cgi_data_t);
+ if(strlen($from_cgi_data)!=strlen($from_cgi_data_t)) {
+ error_log("MOOOKS - we did trunc");
+ } else {
+ error_log("MOOOKS - we did not trunc");
+ }
+ $firstline = false;
+ }
+ }
+
+ if($from_cgi_data !== false) {
+ echo $from_cgi_data;
+ flush();
+ }
+ $cgi_len = strlen($from_cgi_data);
+ } else {
+ error_log("cgi end");
+ $cgi_len = 0;
+ }
+
+ if(feof($pipes[1])) $continue = false;
+ else {
+ if($client_len == 0 && $cgi_len == 0) {
+ usleep(200000);
+ error_log("sleep tick");
+ } else {
+ error_log("sizes: $client_len, $cgi_len");
+ if($cgi_len > 0) {
+ error_log("from cgi: \"$from_cgi_data\"");
+ }
+ }
+ }
+
+ }
+
+
+ //fclose($fl);
+ fclose($fh);
+ fclose($pipes[1]);
+ fclose($pipes[0]);
+}
+
+
+
+function gwvp_repoExists($name)
+{
+ $repo_base = gwvp_getConfigVal("repodir");
+
+ if(file_exists("$repo_base/$name.git")) return true;
+ else return false;
+}
+
+// default perms:
+// 0 - anyone can clone/read, only owner can write
+// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo
+// 2 - only owner can see anything
+function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0)
+{
+ $repo_base = gwvp_getConfigVal("repodir");
+
+ // phew, this works, but i tell you this - bundles arent quite as nice as they should be
+ if($bundle == null) {
+ error_log("would create $repo_base/$name.git");
+ exec("/usr/bin/git init $repo_base/$name.git --bare > /tmp/gitlog 2>&1");
+ chdir("$repo_base/$name.git");
+ exec("/usr/bin/git update-server-info");
+ } else {
+ error_log("create via mirror on $repo_base/$name.git");
+ exec("/usr/bin/git clone --mirror $bundle $repo_base/$name.git > /tmp/gitlog 2>&1");
+ chdir("$repo_base/$name.git");
+ exec("/usr/bin/git update-server-info");
+ }
+
+ // gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0)
+ gwvp_AddRepo($name, $desc, $ownerid, $defaultperms);
+
+ return true;
+}
+
+// this funciton returns one of three things, read, visible, write, none
+// as
+// 0 - none
+// 1 - visible
+// 2 - read
+// 3 - write
+function gwvp_resolvRepoPerms($userid, $repoid)
+{
+ $ownerid = gwvp_getRepoOwner($repoid);
+ $isadmin = gwvp_IsUserAdmin(null, null, $userid);
+
+ if($isadmin) return 3;
+
+ if($userid == $ownerid) return 3;
+
+ // now we load the perms table and pray
+ $repoperms = gwvp_getRepoPermissions($repoid);
+ $usergroups = gwvp_getGroupsForUser(null, $userid);
+
+ $maxperm = 0;
+ if($repoperms != false) foreach($repoperms as $perm) {
+ // need to go thru each perm, then check it agains the user we're trying to figure
+ // the perms on
+ switch($perm["type"]) {
+ case "read":
+ $permval = 2;
+ break;
+ case "visible":
+ $permval = 1;
+ break;
+ case "write":
+ $permval = 3;
+ break;
+ default:
+ $permval = 0;
+ }
+
+ // we only var if permval is greater then current
+ if($permval > $maxperm) {
+ //error_log("going into check for $maxperm/$permval, ".$perm["ref"]);
+ if($perm["ref"] == "anon") {
+ $maxperm = $permval;
+ } else if($perm["ref"] == "authed") {
+ $maxperm = $permval;
+ } else {
+ // now we do splits
+ $spl = explode(":", $perm["ref"]);
+ $idtype = $spl[0];
+ $idval = $spl[1];
+ if($idtype == "group") {
+ // function gwvp_IsGroupMember($email, $groupname)
+ if(gwvp_IsGroupMemberById($userid, $idval)) $maxperm = $permval;
+ } else if ($idtype == "user") {
+ //error_log("checking $userid, $idval");
+ if($userid == $idval) $maxperm = $permval;
+ }
+ }
+ }
+ }
+
+ // thats TOTALLY going to work... -_0 we should really write a unit test for this, but thats a bit
+ // hard given the db req's so for now, we'll leave it as is
+ return $maxperm;
+}
+
?>
\ No newline at end of file
projects / gwvp.git / blobdiff