X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=blobdiff_plain;f=gwvplib%2Fgwvpgitcontrol.php;h=7c34d9b07bfaca1dd2dd98f21b0a9ceeaa726b6a;hp=7093812d595cb49d809a0db564d84bb71e0a964d;hb=942b821d861aba1da43ef6c999141853e9f8b3a8;hpb=c968cf55b0f366830676c8555cf61e9765277e44 diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php index 7093812..7c34d9b 100644 --- a/gwvplib/gwvpgitcontrol.php +++ b/gwvplib/gwvpgitcontrol.php @@ -6,6 +6,9 @@ $CALL_ME_FUNCTIONS["gitcontrol"] = "gwvp_gitControlCallMe"; //$MENU_ITEMS["20repos"]["link"] = "$BASE_URL/admin/repos"; $HOME_PAGE_PROVIDERS["gitlog"] = "gwvp_GitLogProvider"; +// TODO: we could actually change backend interface such that is +// will respond to any url's that contain "repo.git" rather then +// having to be $BASE_URL/git/repo.git function gwvp_gitControlCallMe() { if(isset($_REQUEST["q"])) { @@ -33,29 +36,134 @@ function gwvp_repoPermissionCheck($repo, $user) return true; } -function gwvp_gitBackendInterface_new() +function gwvp_gitBackendInterface() { // and this is where i re-code the git backend interface from scratch global $BASE_URL; $repo_base = gwvp_getConfigVal("repodir"); + // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo" + + + /* bizare git problem that ignores 403's or continues on with a push despite them + error_log("FLAP for ".$_SERVER["REQUEST_URI"]); + if(isset($_REQUEST)) { + $dump = print_r($_REQUEST, true); + error_log("FLAP, $dump"); + } + if(isset($_SERVER["PHP_AUTH_USER"])) { + error_log("FLAP: donut hole"); + }*/ + + + + $repo = ""; + $repoid = false; $newloc = "/"; if(isset($_REQUEST["q"])) { $query = $_REQUEST["q"]; $qspl = explode("/", $query); - $repo = $qspl[1]; + // TODO do this with + $repo = preg_replace("/\.git$/", "", $qspl[1]); + $repoid = gwvp_GetRepoId($repo); for($i=2; $i < count($qspl); $i++) { $newloc .= "/".$qspl[$i]; } } + if($repoid == false) { + gwvp_fourZeroFour(); + return; + } + + // we do an update server cause its weird and i cant figure out when it actually needs to happen + chdir("$repo_base/$repo.git"); + exec("/usr/bin/git update-server-info"); + + + // so now we have the repo + // next we determine if this is a read or a write + $write = false; + if(isset($_REQUEST["service"])) { + if($_REQUEST["service"] == "git-receive-pack") { + error_log("got write as receivepack in post"); + $write = true; + } + } + if($_SERVER["REQUEST_METHOD"] == "POST") { + $write = true; + } + // THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth + // no, this isnt a solution cause auth'd read attempts will come up as writes... + //if(isset($_SERVER["PHP_AUTH_USER"])) { + //$write = true; + //} + + // if its a write, we push for authentication + if($write) { + error_log("is write attempt, ask for login"); + $person = gwvp_checkBasicAuthLogin(); + if($person == false) { + gwvp_AskForBasicAuth(); + return; + } else { + error_log("checking perms for $person against $repoid for repo $repo"); + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); + if($perms < 3) { + error_log("perms are $perms and im not allowed"); + gwvp_fourZeroThree(); + exit(0); + } else { + // here we pass to the git backend + error_log("perms are $perms and im allowed"); + gwvp_callGitBackend($person["username"], $repo); + } + } + return; + } + + // if not we figure out the anon permissions for a repo + $perms = gwvp_resolvRepoPerms(-1, $repoid); + + // if they're less then read, we need to then check the user auth permissions + if($perms < 2) { + // we ask for auth + $person = gwvp_checkBasicAuthLogin(); + if($person == false) { + gwvp_AskForBasicAuth(); + return; + } else { + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); + if($perms < 3) { + $dump = print_r($person, true); + error_log("in basic read, called 403 for $perms $dump"); + gwvp_fourZeroThree(); + return; + } + } + } + + // if we made it this far, we a read and we have permissions to do so, just search the file from the repo + if(file_exists("$repo_base/$repo.git/$newloc")) { + error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc"); + $fh = fopen("$repo_base/$repo.git/$newloc", "rb"); + + error_log("pushing file"); + while(!feof($fh)) { + echo fread($fh, 8192); + } + } else { + //echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE"; + gwvp_fourZeroFour(); + return; + } } -function gwvp_gitBackendInterface() +function gwvp_gitBackendInterface_old() { global $BASE_URL; @@ -175,13 +283,13 @@ function gwvp_canManageRepo($userid, $repoid) return false; } -function gwvp_callGitBackend($repo) +function gwvp_callGitBackend($username, $repo) { // this is where things become a nightmare $fh = fopen('php://input', "r"); $ruri = $_SERVER["REQUEST_URI"]; - $strrem = "git/$repo"; + $strrem = "git/$repo.git"; $euri = str_replace($strrem, "", $_REQUEST["q"]); //$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]); @@ -211,12 +319,12 @@ function gwvp_callGitBackend($repo) // setup env if(isset($procenv)) unset($procenv); $procenv["GATEWAY_INTERFACE"] = "CGI/1.1"; - $procenv["PATH_TRANSLATED"] = "/tmp/$repo/$euri"; + $procenv["PATH_TRANSLATED"] = "/tmp/$repo.git/$euri"; $procenv["REQUEST_METHOD"] = "$rmeth"; $procenv["GIT_HTTP_EXPORT_ALL"] = "1"; $procenv["QUERY_STRING"] = "$qs"; $procenv["HTTP_USER_AGENT"] = "git/1.7.1"; - $procenv["REMOTE_USER"] = "user"; + $procenv["REMOTE_USER"] = "$username"; $procenv["REMOTE_ADDR"] = "1.2.3.4"; $procenv["AUTH_TYPE"] = "Basic"; @@ -229,7 +337,7 @@ function gwvp_callGitBackend($repo) $procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"]; } - error_log("path trans'd is /tmp/$repo/$euri from $ruri with ".$_REQUEST["q"]." $strrem"); + error_log("path trans'd is /tmp/$repo.git/$euri from $ruri with ".$_REQUEST["q"]." $strrem"); @@ -380,14 +488,17 @@ function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms= // 1 - visible // 2 - read // 3 - write +// 4 - owner/administrator function gwvp_resolvRepoPerms($userid, $repoid) { $ownerid = gwvp_getRepoOwner($repoid); $isadmin = gwvp_IsUserAdmin(null, null, $userid); - if($isadmin) return 3; + error_log("USerid is $userid, ownerid $ownerid"); + + if($isadmin) return 4; - if($userid == $ownerid) return 3; + if($userid == $ownerid) return 4; // now we load the perms table and pray $repoperms = gwvp_getRepoPermissions($repoid);